AWS Concepts

Question 1

What is an EC2 Burstable Instance?

Answer 1

It means that the instance has an okay characteristic, but can ramp up the capabilities very fast if needed

Question 2

You plan on running an open source MongoDB database year-round on EC2. Which instance launch mode should you choose?

Answer 2

Reserved Instances

Question 3

You would like to deploy a DB and the vendor license bills you based on the physical cores and underlying socket visibility. Which EC2 launch modes allow you to get visibility into them?

Answer 3

Dedicated hosts

Question 4

You are running a critical workload of three hours per week, on Monday. Which EC2 Instance Launch Type should you choose to maximize the cost savings while ensuring the application stability?

Answer 4

Scheduled Reserved Instances

Question 5

What is load balancing?

Answer 5

Load balancers are servers that forward internet traffic to multiple servers (EC2 instances) downstream

Question 6

What are some reasons to use a load balancer?

Answer 6

Expose a single point of access (DNS) to your application;
Handle failures of downstream instances;
Provide SSL termination (HTTPS) for your websites;
Enforce Stickiness with cookies;
High availability across zone (can forward to instances in different AZs)
Separate public traffic from private traffic;

Question 7

What is an EC2 reserved instance?

Answer 7

A reserved instance is the same as the On-Demand, however, because you have reserved it for a set period of time, it is heavily discounted

Question 8

What is Load Balancer stickiness?

Answer 8

It is when the same client is always redirected to the same instance behind a load balancer;
There is a cookie that has an expiration date you control

Question 9

What can you do to make sure a user doesn’t lose their session data on their server?

Answer 9

Use Load Balancer stickiness

Question 10

What is Cross-Zone Load Balancing?

Answer 10

Each load balancer instance distributes evenly across all registered instances in all AZ;
otherwise, each load balancer node distributes requests evenly across the registered instances in its AZ

Question 11

True or False: cross-zone load balancing is always on for Application Load Balancer and Classical Load Balancer?

Answer 11

False; Cross-Zone Load Balancing is always on for ALB (can’t be disabled) but not for CLB

Question 12

What is SSL/TLS?

Answer 12

An SSL (Secure Socket Layer) Certificate allows traffic between your clients and your load balancer to be encrypted in transit (in-flight encryption);
TLS (Transport Layer Security) is the newer version

Question 13

What is SNI?

Answer 13

Server Name Indication; it solves the problem of loading multiple SSL certificates onto one web server (to serve multiple websites);
Only works for ALB and NLB

Question 14

How does SNI work?

Answer 14

It requires the client to indicate the hostname of the target server in the initial SSL handshake

Question 15

What does a de-registration delay in load balancing help with?

Answer 15

A de-registration delay is set so that when an instance is being re-registered (or unhealthy), the load balancer can still have time to send “in-flight” requests to the target;
however new requests are not sent to the instance

Question 16

When you specify an average performance of a characteristic of an ASG (ex. ASG CPU to stay around 40%), what scaling policy is this?

Answer 16

Target Tracking Scaling

Question 17

Example: When a CloudWatch alarm is triggered (CPU > 70%), then add 2 units.
What Scaling Policy is this an example of?

Answer 17

Simple / Step Scaling

Question 18

You can anticipate usage patterns for ASG instances; what scaling policy should you use?

Answer 18

Scheduled Actions Scaling Policy

Question 19

What is the purpose of a Scaling Cooldown?

Answer 19

The cooldown period helps to ensure that your Auto Scaling group doesn’t launch or terminate additional instances before the previous scaling activity takes effect

Question 20

Your application is using an Application Load Balancer. It turns out your application only sees traffic coming from private IP which are in fact your load balancer’s. What should you do to find the true IP of the clients connected to your website?

Answer 20

Look into the X-Forwarded-For header in the backend

Question 21

Your boss wants to scale your ASG based on the number of requests per minute your application makes to your database. What do you do?

Answer 21

You create a CloudWatch custom metric and build an alarm on this to scale your ASG

Question 22

A web application hosted in EC2 is managed by an ASG. You are exposing this application through an Application Load Balancer. The ALB is deployed on the VPC with the following CIDR: 192.168.0.0/18. How do you configure the EC2 instance security group to ensure only the ALB can access the port 80?

Answer 22

Open up the EC2 security on port 80 to the ALB’s security group

Question 23

You are running an application in 3 AZ, with an Auto Scaling Group and a Classic Load Balancer. It seems that the traffic is not evenly distributed amongst all the backend EC2 instances, with some AZ being overloaded. Which feature should help distribute the traffic across all the available EC2 instances?

Answer 23

Cross Zone Load Balancing

Question 24

True or False: An EBS volume is locked to an AZ

Answer 24

True

Question 25

What is the GP2 (SSD) EBS Volume

Answer 25

General purpose SSD volume that balances price and performance for a wide variety of workloads

Question 26

What is the IO1 (SSD) EBS Volume

Answer 26

Highest-performance SSD volume for mission-critical low-latency or high-throughput workloads which is I/O intensive; Good for large DB workloads such as MongoDB, PostgreSQL, etc.;

Question 27

What is the ST1 (HDD) EBS Volume

Answer 27

Low cost HDD volume designed for frequently accessed, throughput-intensive workloads

Question 28

What is the SC1 (HHD) EBS Volume

Answer 28

Lowest cost HDD volume designed for less frequently accessed workloads

Question 29

What is a main difference of EBS vs Instance Store

Answer 29

Instance store is physically attached to the machines (EBS is a network drive); Data stored on the Instance Store is not persistent through instance stops, terminations or hardware failures. We can also encrypt data in the EBS

Question 30

If you need high IOPS would you use ESB or EC2 Instance Store?

Answer 30

EC2 Instance Store. It has much higher IOPS because it is a physical drive

Question 31

Between EBS and EFS, which service can be mounted accross AZs?

Answer 31

EFS

Question 32

What are the 6 relational databases that AWS RDS supports?

Answer 32

Postgres, MySQL, MariaDB, Oracle, Microsoft SQL Server and Aurora

Question 33

How many read replicas can you have for RDS?

Answer 33

Up to 5. They can be Within AZ, Cross AZ or Cross Region. Up to 15 with Aurora.

Question 34

Business users want analytics on data from an RDS database. What architecture change can we make?

Answer 34

Make a replica of the RDS DB instance so that the reporting application that draws analytics does not disrupt or overflow traffic to the RDS DB instance; instead it reads from the replica

Question 35

Read replicas can be encrypted without master encryption.

Answer 35

False. The master must be encrypted for the read replicas to be encrypted and vice-versa.

Question 36

How do we encrypt the master and read replicas at rest?

Answer 36

AWS KMS. Encryption is defined at launch time.

Question 37

How do we encrypt the RDS in-flight?

Answer 37

SSL Certificates. Provide SSL options with trust certificate when connecting to the database

Question 38

You need to encrypt an un-encrypted RDS backup. How would you do it?

Answer 38

You can copy an unencrypted snapshot into an encrypted one.

Question 39

How would we encrypt an un-encrypted RDS database?

Answer 39

Create a snapshot. Copy the snapshot and enable encryption for the snapshot. Restore the database from the encrypted snapshot. Migrate applications to the new database and delete the old database

Question 40

What are IAM policies used for with AWS RDS?

Answer 40

It is used to decide who can manage the RDS; | Can be used to authenticate API calls to RDS;

Question 41

Which two DBs do IAM authentication work with?

Answer 41

MySQL and PostgreSQL

Question 42

What are the three benefits of IAM Authentication for RDS? What two databases support it?

Answer 42

Network in/out must be encrypted using SSL; IAM to centrally manage users instead of managing access individually on each DB instance; For applications running on Amazon EC2, you can use profile credentials specific to your EC2 instance to access your database instead of a password, for greater security; MySQL and PostgreSQL;

Question 43

What are four responsibilities that fall on the user for RDS security?

Answer 43

Check the ports / IP / security group inbound rules in DB's SG; In-database user creation and permissions or manage through IAM; Creating a database with or without public access; Ensure parameter groups or DB is configured to only allow SSL connections;

Question 44

When faced with infrequent, intermittent or unpredictable workloads when it comes to AWS Databases, what should you use?

Answer 44

Aurora Serverless

Question 45

How is Aurora Global Database distributed?

Answer 45

There is 1 primary region (read/write) and up to five secondary regions (read only) and up to 16 read replicas per secondary region

Question 46

Explain User Session Store with ElastiCache

Answer 46

A user logs into any application instance. The application writes the session data to ElastiCache. The user hits another instance of the application and the instance can retrieve the data and the user does not have to re-authenticate.

Question 47

True or False: MemcacheD is non persistent and has no backup and restore

Answer 47

True

Question 48

True or False: Redis does not have backup and restore features

Answer 48

False

Question 49

What type of data is caching effective for?

Answer 49

Data that changes slow and few keys are frequently needed

Question 50

What is Lazy Loading / Cache-Aside / Lazy Population for ElastiCache?

Answer 50

It is when data is not stored in cache (a cache hit) it will read from the DB and then the application will write to the cache

Question 51

What are two cons for Lazy Loading Cache data?

Answer 51

Cache miss penalty that results in 3 round trips (noticeable delay for that request); Stale data: data can be updated in the database and outdated in the cache

Question 52

What is a write through for ElastiCache?

Answer 52

When data is written to the Amazon RDS, it is also written to ElastiCache

Question 53

How can you mitigate missing data in Cache on a Write Through?

Answer 53

You can implement Lazy Loading strategy. That way, if you don't find the data, it will go to the database.

Question 54

Cache eviction can occur in what three ways?

Answer 54

Delete the item explicitly; Item is evicted because memory is full and it's not recently been used; You set an item time-to-live;

Question 55

Is data asynchronously or synchronously copied when Multi-AZ is enabled in RDS?

Answer 55

Synchronous (except for Aurora). RDS creates a primary DB Instance and synchronously replicates the data to the standby instance in a different AZ.

Question 56

Is data asynchronously or synchronously copied when a read replica is created?

Answer 56

Asynchronously

Question 57

What is a negative in doing Read Replicas in multi-AZ?

Answer 57

There is a network cost in going from one AZ to another

Question 58

What is the major differences between Multi-AZ for availability and Read Replicas

Answer 58

Multi-AZ for availability hosts a stand by instance that can not be read/write other than from the Master RDS instance. It is not used for scaling. Read replicas are used for scaling. They are async when written to. They can be used as backups, but are primarily there for easing burden on a master DB. Read Replicas with Multi-AZ is now available. Your read replicas in another AZ can be used as a standby.

Question 59

Which Elesticache service is multi-threaded, Redis or Memcached?

Answer 59

Memcached. It is the only feature that Redis does not have

Question 60

For AWS Route 53, what are the most common records?

Answer 60

A (host name to IPv4), AAAA (host name to IPv6), CNAME (host name to host name) and Alias (host name to AWS resource)

Question 61

What is a DNS Records TTL?

Answer 61

Time to Live. It is a duration that is specified back to the client to be cached. Helps the load on the DNS. It is mandatory.

Question 62

A CNAME and Alias can point to a root hostname true or false?

Answer 62

False; an Alias can point to root and non-root but a CNAME must point to a non-root domain

Question 63

An alias must point a hostname to an AWS Resource true or false

Answer 63

True

Question 64

Multiple values are returned to the client using a simple routing policy. Which route is chosen?

Answer 64

It is chosen by random by the client

Question 65

You can attach health checks to a simple routing policy, true or false?

Answer 65

True

Question 66

What is a weighted routing policy?

Answer 66

It controls the percentage of the requests that go to a specific endpoint

Question 67

What is latency routing policy?

Answer 67

Redirect to the server that has the least latency close to us

Question 68

What three things can you monitor in a route53 health check?

Answer 68

Endpoint, status of other health checks, or state of a CloudWatch alarm

Question 69

What is a Failover Routing Policy?

Answer 69

Route 53 will perform a health check on a primary resource, and if unhealthy, will route to the secondary, disaster-recovery resource.

Question 70

What is Geo Location Routing Policy?

Answer 70

Routes the user based on location

Question 71

What is the difference between Geo Location Routing Policy and Latency Routing Policy?

Answer 71

Geo location does not care about latency. Users in latency can be sent to resources not in their nearest geo-location.

Question 72

Whats a reason you would choose Multi-Value routing policy over simple routing policy in Route53?

Answer 72

In Multi-Value, you can associate your routing records with a Route53 health check.

Question 73

What is a NAT Gateway?

Answer 73

It enables instances in a private subnet to initiate communication to the internet, but doesn't allow the internet to initiate communication to the private subnet.

Question 74

You want only the load balancer to talk to your EC2 instances. How do we set this up?

Answer 74

You allow all traffic to flow through your load balancer. It is redirected to your target group. Change the security group of the EC2 (or Target Group?) to accept traffic from ELB in the Source field.

Question 75

What is a Target Group in EC2?

Answer 75

A Target Group tells the load balancer where to direct to a group of instances based on path, hostname or query string and headers

Question 76

What is the purpose of Network Load Balancers?

Answer 76

To forward TCP & UDP traffic to your instances

Question 77

How many static IPs per AZ do Network Load Balancers have?

Answer 77

One

Question 78

Load Balancers provide a static IPv4 address, true or false?

Answer 78

False. They provide a static DNS.

Question 79

You are running a website with a load balancer and 10 EC2 instances. Your users are complaining about the fact that your website always asks them to re-authenticate when they switch pages. You are puzzled, because it's working just fine on your machine and in the dev environment with 1 server. What could be the reason?

Answer 79

The Load Balancer does not have stickiness enabled

Question 80

Your application is using an Application Load Balancer. It turns out your application only sees traffic coming from private IP which are in fact your load balancer's. What should you do to find the true IP of the clients connected to your website?

Answer 80

Look into the X-Forwarded-For header in the backend

Question 81

Application Load Balancers handle TCP, true or false?

Answer 81

False

Question 82

I have an ASG and an ALB, and I setup my ASG to get health status of instances thanks to my ALB. One instance has just been reported unhealthy. What will happen?

Answer 82

The ASG will terminate the EC2 Instance. Remember, the ELB is not in charge of scaling instances.

Question 83

Scaling an instance from an r4.large to an r4.4xlarge is called

Answer 83

Vertical Scaling

Question 84

You would like to expose a fixed static IP to your end-users for compliance purposes, so they can write firewall rules that will be stable and approved by regulators. Which Load Balancer should you use?

Answer 84

Network Load Balancer. The Network Load Balancer exposes a static IP, whereas an Application or Classic Load Balancer expose a static DNS (URL)

Question 85

Your application load balancer is hosting 3 target groups with hostnames being users.example.com, api.external.example.com, and checkout.example.com. You would like to expose HTTPS traffic for each of these hostnames. How do you configure your ALB SSL certificates to make this work?

Answer 85

Use SNI. Server Name Indication is a feature allowing you to expose multiple SSL certs if the client supports it

Question 86

Your Application Load Balancer (ALB) currently is routing to two target groups, each of them is routed to based on hostname rules. You have been tasked with enabling HTTPS traffic for each hostname and have loaded the certificates onto the ALB. Which ALB feature will help it choose the right certificate for your clients?

Answer 86

Server Name Indication (SNI)

Question 87

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, the scaling of the Auto Scaling Group is done manually and you would like to define a scaling policy that will ensure the average number of connections to your EC2 instances is averaging at around 1000. Which scaling policy should you use?

Answer 87

Target Tracking

Question 88

What does a listener do in an ALB? What do the rules do?

Answer 88

It checks for connection requests from clients, using the protocol and port that you configure. The rules that you define for the listener determine how the load balancer routes requests to its registered targets.

Question 89

For EBS, when would you use HDD and when would you use SSD?

Answer 89

Use HHD when you want to optimize for large streaming workloads where the dominant performance attribute is throughput; Use SSD when you want to optimize for transactional workloads involving frequent read/write operations with small I/O size, where the dominant performance attribute is IOPS;

Question 90

How do we enforce SSL encryption with PostgreSQL and MySQL?

Answer 90

Postgres in aws RDS console: rds.force_ssl=1 | MySQL within db: GRANT USAGE ON *.* 'mysqluser'@'%' REQUIRE SSL;