What would be the S3 URL of the static website?
- This URL returns a default index document that you configured for the website.
- This URL requests the photo.jpg object, which is stored at the root level in the bucket.
Which of the following is NOT a valid SNS subscribers?
What function of an AWS VPC is stateless?
Network Access Control Lists
Which of the following services allows you root access (ie you can login using SSH)?
Elastic Map Reduce
When trying to grant an amazon account access to S3 using access control lists what method of identification should you use to identify that account with?
- email address of account
- canonical user id
Which of the following is not supported by AWS Import/Export?
Export to Amazon Glacier
Which of the following is not a service of the security category of the AWS trusted advisor service?
Vulnerability scans of existing VPC
What are the different types of virtualization available on EC2?
- Para virtual (PV)
- Hardware Virtual Machine (HVM)
What method should they use to import this data on to S3 in the fastest manner possible?
AWS Import / Export
AWS Import/Export allows for the importation of large data sets, using external hard disks which are sent directly to amazon, therefore bypassing the internet.
Amazon RDS does not currently support increasing storage on a ____ Db instance
Can I move a reserved instance from one region to another?
In RDS what is the maximum size for a Microsoft SQL Server DB Instance with SQL Server Express edition?
10GB per database
When using a custom VPC and placing an EC2 instance in to a public subnet, it will be automatically internet accessible (ie you do not need to apply an elastic IP address or ELB to the instance).
What is the maximum response time for a Business Level Premium Support Case?
- Basic = No response
- Developer = 12 hours
- Business = 1 hour
- Enterpries = 1 hour (critical system down 15 minutes)
What are the four levels of AWS premium support?
Placement Groups can be created across 2 or more Availability Zones.
It is possible to transfer a reserved instance from one Availability Zone to another.
You can select a specific Availability Zone in which to place your DynamoDB Table
When creating an RDS instance you can select which availability zone in which to deploy your instance.
Amazon's Redshift uses which block size for its columnar storage?
1024 / 1MB
You have been asked to create VPC for your company. The VPC must support both Internet-facing web applications (ie they need to be publicly accessible) and internal private applications (i.e. they are not publicly accessible and can be accessed only over VPN). The internal private applications must be inside a private subnet. Both the internet-facing and private applications must be able to leverage at least three Availability Zones for high availability. At a minimum, how many subnets must you create within your VPC to achieve this?
Redundancy for DB
You work for a cosmetic company which has their production website on AWS. The site itself is in a two-tier configuration with web servers in the front end and database servers at the back end. The site uses using Elastic Load Balancing and Auto Scaling. The databases maintain consistency by replicating changes to each other as and when they occur. This requires the databases to have extremely low latency. Your website needs to be highly redundant and must be designed so that if one availability zone goes offline and Auto Scaling cannot launch new instances in the remaining Availability Zones the site will not go offline. How can the current architecture be enhanced to ensure this?
Deploy your site to three different AZ's within the same region, configure auto scaling minimum to handle 50 percent of peak load per zone
You work for a toy company that has a busy online store. As you are approaching Christmas, you find that your store is getting more and more traffic. Your web tier is behind an Auto Scaling group, but you notice that is is frequently scaling, sometimes multiple times in an hour, only to scale back down after peak usage. You need to keep Auto Scaling from scaling up and down so rapidly. Which of the following options would help you to achieve this?
Change your Auto Scaling sot that it only scales at scheduled times
You work in the genomics industry and you process large amounts of genomic data using a nightly Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR job runs on 3 on-demand core nodes and four on-demand task nodes. The EMR job is now taking longer than anticipated and you have been asked to advise how to reduced the completion time?
You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once
You have been asked to identify a service on AWS that is a durable key value store. Which of the services below meets this definition?
They have a new web application that needs to be built and this application must be stateless. Supporting services?
RDS, DynamoDB, Elasticache
New AWS Account, soft limit for EC2 instances?
Can be increased
What do you need to do to establish the VPN connection?
Assign a public IP address to your Amazon VPC Gateway
How many instances?
You have developed a new web application in us-west-2 that requires six Amazon Elastic Compute Cloud (EC2) instances running at all times. You have three availability zones available in that region (us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance if any single Availability Zone in us-west-2 becomes unavailable. How would you do this, each answer has 2 answers, select the answer with BOTH correct answers.
- Just need enough in each region to make it work
You need to add a route to your routing table in order to allow connections to the internet from your subnet. What route should you add?
Destination: 0.0.0.0/0 --> Target: Internet Gateway
With which AWS orchestration service can you implement Chef recipes?
You work for a automotive company which is migrating their production environment in to AWS. The company has 4 separate segments, Dev, Test, UAT & Production. They require each segment to be logically isolated from each other. What VPC configuration should you recommend?
A seperate VPC for each segment, then create VPN tunnels from HQ to each VPC so that the correct team can speak to their dedicated VPC
Default VPC limit on an account?
Which of the following is true when writing to S3?
- All regions provide read after write consistency for PUTS of new objects in your S3 bucket
- And eventual consistency for overwrite PUTS and Deletes
You need to architect this EC2 instance to maximize your disk IO. Which of the following would give you the best disk performance?
Add 2x additional PIOPS SSD volumes, create a RAID 0. Install MySQL to this RAID 0 partition
Which of the following services do you get OS level access to?
EC2 & Elastic Map Reduce (EMR)
AWS Security Token Service
You are designing an AWS solution for a new customer and they want to use their active directory credentials in order to sign in to the AWS management console. What kind of authentication response is required in order for users to authenticate with the AWS security token service (STS).
You are creating a new VPC with 3 subnets in 3 separate availability zones. You require instances in each subnet to be able to communicate to each other by default. What additional steps should you take in order to achieve this objective.
No action, by default all subnets can communicate with each other using the main route table
SQS Queue Priority
You run a website which hosts videos and you have two types of members, premium fee paying members and free members. All videos uploaded by both your premium members and free members are processed by a fleet of EC2 instances which will poll SQS as videos are uploaded. However you need to ensure that your premium fee paying members videos have a higher priority than your free members. How should you design your application.
Create two SQS queues, program EC2 fleet to poll the premium queue first, and if empty then poll your free members SQS queue
You are putting together a wordpress site for a local charity and you are using a combination of Route53, Elastic Load Balancers, EC2 & RDS. You launch your EC2 instance, download wordpress and setup the configuration files connection string so that it can communicate to RDS. When you browse to your URL however, nothing happens. Which of the following could NOT be the cause of this.
- You must open port 80/443 on your security group in which the EC2 instance is deployed
- You must correctly configure the Elastic Load Balancer to check on an existing webpage hosted on the EC2 instance
- You must configure ALIAS records for your A Record to point at your elastic load balancer
You have created a custom VPC with 3 subnets, 2 private, 1 public. You deploy 3 EC2 instances in to your public subnet and attach Elastic IP addresses to these instances. You then deploy an EC2 instance in to your private subnet and then attempt to apply security patches to this instance, however it has no internet connectivity. What can you do to give this instance internet access?
Deploy NAT to the public subnet, and then update the main routing table to send traffic via the NAT to the private subnet
Secure Access to Databases
You are a Solutions Architect working for a major European oil company. You are designing a new web application which will need to access data stored in DynamoDB. You need to do this as securely as possible, without storing any credentials on a long term basis. How would you achieve this?
Use IAM roles for the EC2 instance that needs to make API call
Placement Groups can be created across 2 or more Availability Zones.
AZ Naming Details
You have three AWS accounts (A, B & C) which share data. In an attempt to maximize performance between the accounts, you deploy the instances owned by these three accounts in "eu-west-1b". During testing, you find inconsistent results in transfer latency between the instances. Transfer between accounts A and B is excellent, but transfers between accounts B and C, and C and A, are slower. What could be the problem ?
The names of the AZs are randomly applied, so the same name may not mean the same physical location
Detailed Pricing Question
Your company has hired a young and enthusiastic accountant. After reviewing the AWS documentation and usage graphs, he announces that you are wasting vast amounts of money running servers for a full hour instead of spinning them up only when they are needed and down again as soon as they are idle for 1 minute. He cites the AWS claim that you only pay for what you use, and that as a senior engineer, you should be more conscious of wasting company money. How do you respond ?
- Instances are billed by the full hour
- Partial hours billed as such
- Storage charges are incurred even if the DB instance sits idle
- Taking into account productivity loses, stopping and restarting DB instances may result in additional costs
You have been monitoring a sensitive autoscaling group, and you expect it to scale-in as you enter a period of holiday downtime. The auto scaling group is distributed over three AZs ( AZ - A & -B have two instances each, and AZ -C has three instances). All instances have different CPU and Memory utilization, and all instances have been running for a different number of days. All instances come from different versions of a root AMI, and all instances have different numbers of sessions connected. Which instance will be the 1st to shut down?
- The instance in AZ-C that has the oldest launch configuration will terminate first
- select the Availability Zone with the instances that use the oldest launch configuration
Auto Scaling is a tool used to create fault-tolerant and cost-effective architectures.
What is the maximum VisibilityTimeout of an SQS message in a FIFO queue?
The default visibility timeout for a message is 30 seconds. The maximum is 12 hours.
Logging - Instance Attacks
A client who is using EC2 believes that someone other than approved administrators is trying to gain access to her Linux web app instances, and she asks what sort of network access logging can be added to the system. Which of the following might you recommend?
Make use of an OS level logging tool such as IPTables and log events to CloudWatch or S3
NAT - Connectivity Problems
You have a MySQl database running on an EC2 instance in a private subnet. You can connect via SSH, but you are unable to apply updates to the database server via the NAT instance. What might you do to remedy this problem?
Ensure that "Source / Destination Checks" is disabled on the NAT instance
IAM (Policies / ACLs)
When editing permissions (policies and ACLs), to whom does the concept of the "Owner" refer?
The "owner" refers to the identity and email address used to create the AWS account
SQS Polling Issues
Your company provides an online image recognition service and uses SQS to decouple system components. Your EC2 instances poll the image queue as often as possible to keep end-to-end throughput as high as possible, but you realize that all this polling is resulting in both a large number of CPU cycles and skyrocketing costs. How can you reduce cost without compromising service?
Enable long polling by setting the RecieveMessageWaitTimeSecons to a number > 0
Timing EC2 scaling
Although your application customarily runs at 30% usage, you have identified a recurring usage spike (>90%) between 8pm and midnight daily. What is the most cost effective way to scale your application to meet this increased need?
Use proactive cyclic scaling to boost your capacity at a fixed interval
Improving DB Performance
You work for a popular media outlet about to release a story that is expected to go viral. During load testing on the website, you discover that there is read contention on the database tier of your application. Your RDS instance consists of a MySQL database on an extra large instance. Which two of the following approaches would be best to further scale this instance to meet the anticipated increase in traffic your viral story will generate?
You already have an extra large RDS instance so scaling up is not possible. You should consider using Elasticache.
VPC Hosting Issues
Following advice from your consultant, you have configured your VPC to use Dedicated hosting tenancy. A subsequent change to your application has rendered the performance gains from dedicated tenancy superfluous, and you would now like to recoup some of these greater costs. How do you revert to Default hosting tenancy?
Once a VPC is set to Dedicated hosting, it is not possible to change the VPC or the instances to Default hosting. You must re-create the VPC.
S3 Bucket Naming Standards
Which URL format does S3 support in pointing to bucket "mynewbucket"?
Resource Groups & Tagging
You are developing a web application, and you are maintaining separate sets of resources for your alpha, beta, and release environments. Each version runs on Amazon EC2 with an EBS volume. You use Elastic Load Balancing to manage traffic and Amazon Route 53 to manage your domain. What's the best way to check the health and status of all three groups of services simultaneously?
Create a resource group containing each set of resources and view all three environments from a single, group dashboard
Route 53 Issues
Your company has just purchased another company. As part of the merger, your team has been instructed to cross connect the corporate networks. You run all your confidential corporate services and Internal DNS in a VPC. The merged company has all their confidential corporate services and Internal DNS on-premises. After establishing a Direct-Connect service between your VPC and their on-premise network, and confirming all the routing, firewalls, and authentication, you find that while you can resolve names against their DNS, the other company services is unable to resolve names against your DNS servers. Why might this be?
By design, AWS DNS does not respond to requests originating from outside the VPC
Route53 has a security feature that prevents internal DNS from being read by external sources. The work around is to create a EC2 hosted DNS instance that does zone transfers from the internal DNS, and allows itself to be queried by external servers.
RDP Public IP Question
How is the Public IP address managed in an instance session via the instance GUI/RDP or Terminal/SSH session?
The public IP address is not managed on the instance, it is instead an alias applied as network address translation of the private ip address
Traffic Routing Question Under Load
You have been engaged by a company to design and lead a migration to an AWS environment. The team is concerned about the capabilities of the new environment, especially when it comes to avoiding bottlenecks. The design calls for about 20 instances (C3.2xLarge) pulling jobs/messages from SQS. Network traffic per instance is estimated to be around 500 Mbps at the beginning and end of each job. Which network configuration should you plan on deploying?
Spread the instances over multiple AZs to minimize the traffic concentration and maximize the fault tolerance
When considering network traffic, you need to understand the difference between storage traffic and general network traffic, and the ways to address each. The 10Gbps is a red-herring, in that the 500Mbps only occurs for short intervals, and therefore your sustained throughput is not 10Gpbs. Whereever possible, use simple solutions such as spreading the load out rather than expensive high tech solutions.
You are a consultant planning to deploy DynamoDB across three AZs. Your lead DBA is concerned about data consistency. Which of the following do you advise the lead DBA to do?
Ask the development team to code for strongly consistent reads. Advise of the increased costs.
There is a change designed to reduce wasted CPU cycles by increasing the value of VisibilityTimeout attribute
Increases how long a message is hidden from other consumers
You use Auto Scaling to deploy additional resources to handle the load during spikes, but the new instances don't spin-up fast enough to prevent the existing application servers from freezing. Which of the following will provide the most cost-effective solution in preventing the loss of recently submitted requests?
Use SQS to decouple
Neither increasing the size of your EC2 instances nor maintaining additional EC2 instances is cost-effective, and pre-warming an ELB signifies that these spikes in traffic are predictable. The cost-effective solution to the unpredictable spike in traffic is to use SQS to decouple the application components
Sharing AMIs between Region
In order to share those AMI's with the region you're using as a backup, which process would you follow?
Copy AMi between regions then apply settings
AWS does not copy launch permissions, user-defined tags, or Amazon S3 bucket permissions from the source AMI to the new AMI.
size limitation on the Attribute Name & Value. Which is the correct limitation?
Combined Attribute Name & Value must not exceed the 400 KB limit
DynamoDB allows for the storage of large text and binary objects, but there is a limit of 400 KB.
Loose data after shutting down EC2 instance
The most likely answer is that the EC2 instance was backed by an instance store volume. Instance store volumes are ephemeral, meaning that they exist ONLY in conjunction with their accompanying EC2 instance.
Is it possible to transfer Reserved Instance between AZs?
Can be created across 2 or more AZs?
Are they available for multi-AZ deployments?
Can they be moved between Regions?
Can you add an EC2 instance to a role, after the instance has been created and powered up?
Are ideal for?
EC2 instances that require high network throughput and low latency across a single AZ
EC2 instance limitations for accounts
For all new accounts there is a soft limit of 20 EC2 instances per region
You should submit the limit increase form and retry after limit increased
New Web Application needs stateless services?
RDS, DynamoDB, & Elasticache
Where should you store API credentials while maintaining maximum security?
Don't save them, instead create a role in IAM and assign the role to an EC2 instance when you first create it
Storage medium for EC2 instance that needs to retain data that was calculated
EBS configured with RAID 1
How to maximize IOPS for EC2?
Add multiple additional volumes with provisioned IOPS and then create RAID 0 strip across them
Minimize latency between EC2 instances
Create placement group inside AZ, add EC2 instances to it
Can you change permissions to a role, after it is assigned to an existing EC2 instance?
Can a role be added to a live, functioning EC2 instance?
Placement groups across multiple AZ?
Do EBS volumes persist independently of an EC2 instance?
Only if instructed to when created
Advantages of 3 tier architecture?
- Increased redundancy
- Simple maintenance
Decreased cost is not one of the advantages
3 Tier architecture model
- Presentation tier
- Business logic tier
- Database tier
2 tier architecture - what does web tier represent?
- User interface
- Business Intelligence (BI)
Applications can be broken down into three logic functions. They are:
- User interface
- Business Intelligence
Best description of N-Tier architecture?
- N-Tier architecture is where you split your application across multiple tiers depending on the function of the application.
- User Interface
- Business Intelligence
- User Interface
- Business Intelligence
S3 consistency model - overwrites PUTS / DELETES
S3 consistency model - new PUTS
Read After Write Consistency
Max S3 buckets per account by default?
Is an on premise virtual appliance that can be used to cache S3 locally at a customer site
Scaling storage type?
Understand the total number of requests to the cloud service during peak usage
Web Site - access URL
Bucket - access URL
Stored files accessed by multiple EC2 instances