AWS Practice Test 1

Question 1

C.R.O.P.S. is an acronym for the 5 pillars of the AWS well-architected framework. Name the 5 pillars

Answer 1

Cost optimization, reliability, operational excellence, performance efficiency, and security

Question 2

VPC stands for what?

Answer 2

Virtual Private Cloud

Question 3

In “Detailed” monitoring data available for your EBS volumes, Provisioned IOPS volumes automatically send _________ minute metrics to Amazon CloudWatch

Answer 3

Amazon Elastic Block Store (Amazon EBS) sends data points to CloudWatch for several metrics. All Amazon EBS volume types automatically send 1-minute metrics to CloudWatch, but only when the volume is attached to an instance.

Question 4

Does Route 53 support MX Records?

Answer 4

Yes

Question 5

Is it possible to change an instance type after it has been created?

Answer 5

Type can be changed if it has an EBS store volume root device

Question 6

How can we protect accidental termination of our instances?

Answer 6

By using Enable termination protection option

Question 7

You have an Amazon Elastic Cloud Compute (EC2) security group with several running EC2 instances. You change the security group rules to allow inbound traffic on a new port and protocol, and launch several new instances in the same security group. The new rules apply

Answer 7

Immediately to all instances in the security group

Question 8

You are developing a highly available web application using stateless web servers. Which services are suitable for storing session state data? Choose 3 answers

Answer 8

Amazon DynamoDB
OR
Amazon ElasticCache
OR
Amazon Relational Database Service (RDS)

Question 9

You are configuring a new VPC for one of your client for a cloud migration project. Only a public VPN will be in place. After you created your VPC, you created a new subnet, a new internet gateway and attached your internet gateway with your VPC. As you created your first instance in to your VPC, you realized that you can not connect the instance even it is configured with elastic IP. What should be done to access the instance?

Answer 9

A route should be created as 0.0.0.0/0 and your internet gateway as target

All traffic should be routed via Internet Gateway. So, a route should be created with 0.0.0.0/0 as a source, and your Internet Gateway as your target.

Question 10

You can use _______ and ________ to help secure the instances in your VPC.

Answer 10

Security groups and network ACLs

Question 11

Can we attach an EBS volume to more than one EC2 instance at the same time?

Answer 11

No

Question 12

You have a business-critical two-tier web app currently deployed in two AZ in a single region, using Elastic Load Balancing and Auto Scaling. The app depends on synchronous replication (very low latency connectivity) at the database layer. The application needs to remain fully available even if one application AZs goes off-line, and Auto Scaling cannot launch new instances in the remaining AZs. How can the current architecture be enhanced to ensure this

Answer 12

Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone.

Question 13

Will my standby RDS instance be in the same AZ as my primary?

Answer 13

No

Question 14

The user just started an instance at 3 PM. Between 3 PM to 5 PM, he stopped and started the instance twice. During the same period, he has run the linux reboot command by ssh once and triggered reboot from AWS console once. For how many instance hours will AWS charge this user

Answer 14

4

Question 15

An IAM user is trying to perform an action on an object belonging to some other root account’s bucket. Which of the below mentioned options will AWS S3 not verify?

Answer 15

Permission provided by the parent of the IAM user on the bucket

If the IAM user is trying to perform some action on the object belonging to another AWS user’s bucket, S3 will verify whether the owner of the IAM user has given sufficient permission

Question 16

After creating a new AWS account, you use the API to request 40 on-demand Amazon Elastic Compute Cloud (EC2) instances in a single Availability Zone. After 20 successful requests, subsequent requests failed. What could be a reason for this issue, and how would you resolve it?

Answer 16

You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved

We can run any number of Amazon EC2 instances within a VPC, so long as your VPC is appropriately sized to have an IP address assigned to each instance. You are initially limited to launching 20 Amazon EC2 instances at any one time and a maximum VPC size of /16 (65,536 IPs).

Question 17

Can you create IAM security credentials for existing users?

Answer 17

Yes, existing users can have security credentials associated with their account

Question 18

About the charge of Elastic IP Address, which of the following is true?

Answer 18

You can have one Elastic IP (EIP) address associated with a running instance at no charge.

An Elastic IP address doesn’t incur charges as long as all the following conditions are true: The Elastic IP address is associated with an EC2 instance. The instance associated with the Elastic IP address is running. The instance has only one Elastic IP address attached to it.

Question 19

Select the correct set of options. These are the initial settings for the default security group

Answer 19

Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other.

Question 20

Which service alias record is not free when using with Route 53?

Answer 20

AS

Question 21

What does Amazon CloudFormation provide?

Answer 21

A template resource creation for Amazon Web Services.

CloudFormation supports creating VPCs, subnets, gateways, route tables and network ACLs as well as creating resources such as elastic IPs, Amazon EC2 Instances, EC2 security groups, auto scaling groups, elastic load balancers, Amazon RDS database instances and Amazon RDS security groups in a VPC.

Question 22

You are deploying an application an Amazon Elastic Cloud Compute (EC2) that must call AWS APIs. What method of securely passing credentials to the application should you use?

Answer 22

Use AWS Identity and Access Management roles for EC2 instances.

Question 23

Which DNS name can only be resolved within Amazon EC2?

Answer 23

Internal DNS name

Question 24

What about below is false for AWS SLA?

Answer 24

S3 availability is guarantee to 99.95%.

Question 25

Which of the following requires a custom CloudWatch metric to monitor

Answer 25

Memory use

Question 26

Placement Groups: enables applications to participate in a low-latency, 10 Gbps network. Which of below statements is false.

Answer 26

You can move an existing instance into a placement group by specify parameter of placement group.

Question 27

In reviewing the Auto Scaling events for your application you notice that your application is scaling up and down multiple times in the same hour. What design choice could you make to optimize for cost while preserving elasticity? Choose 2 answers

Answer 27

Modify the Auto Scaling group cool-down timers. OR Modify the Amazon CloudWatch alarm period that triggers your Auto Scaling scale down policy.

Question 28

You are setting up a VPC and you need to set up a public subnet within that VPC. What following requirement must be met for this subnet to be considered a public subnet?

Answer 28

Subnet's traffic is routed to an Internet gateway

Question 29

Which record type queries are free when using Route 53?

Answer 29

Alias

Question 30

What does the “Server Side Encryption” option an Amazon S3 provide?

Answer 30

It encrypts the files that you send to Amazon S3, on the server side. Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates. Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.

Question 31

You have assigned one Elastic IP to your EC2 instance. Now we need to restart the VM without EIP changed. Which of below you should not do?

Answer 31

Reboot and stop/start both works.

Question 32

If any change is made to a security group rule, when are these changes effective?

Answer 32

Changes are automatically applied after a short period We can add and remove rules at any time. Your changes are automatically applied to the instances that are associated with the security group. The effect of some rule changes can depend on how the traffic is tracked.

Question 33

A new instance is launched in public VPC subnet. There is an internet gateway and a route entry as 0.0.0.0/0 but instance can not reach internet. Other instances in this subnet have no issue. How can this problem be solved?

Answer 33

Instance should have either public IP or elastic IP

Question 34

Which of the following is a durable key-value store?

Answer 34

Amazon Simple Storage Service http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingObjects.html

Question 35

What is the Reduced Redundancy option in Amazon S3?

Answer 35

Reproducible data at Less redundancy for a lower cost

Question 36

When you run a DB Instance as a Multi-AZ deployment, the “______” serves database writes and reads

Answer 36

Primary

Question 37

How can you change the instance type used in Auto Scaling Group?

Answer 37

AS Group should be deleted and recreated Amazon Elastic Block Store (Amazon EBS) sends data points to CloudWatch for several metrics. All Amazon EBS volume types automatically send 1-minute metrics to CloudWatch, but only when the volume is attached to an instance. OR A new launch configuration with a new instance type should be created and attached to AS group

Question 38

You have an Amazon Virtual Private Cloud (VPC) with a public subnet. Three Amazon Elastic Compute Cloud (EC2) instances currently running inside the subnet can successfully communicate with other hosts on the Internet. You launch a fourth instance in the same subnet, using the same Amazon Machine Image (AMI) and security group configuration you used for the others, but find that this instance cannot be accessed from the Internet. What should you do to enable Internet access?

Answer 38

Assign an elastic IP address to the fourth instance

Question 39

Is it possible to create an AMI while an instance is running?

Answer 39

Yes, if only "no reboot" option is checked Amazon EC2 shuts down the instance, takes snapshots of any attached volumes, creates and registers the AMI, and then reboots the instance. You can choose the option "No reboot" if you don't want your instance to be shut down. However, please note that If you choose No reboot, AWS can't guarantee the file system integrity of the created image

Question 40

What action is required to establish an Amazon Virtual Private Cloud (VPC) VPN connection between an on-premises data center and an Amazon VPC virtual private gateway?

Answer 40

Assign a static Internet-routable IP address to an Amazon VPC customer gateway.

Question 41

Which type of volume is suited for use as boot volume?

Answer 41

Standard volume A Standard volume is best suited for boot volumes and provides roughly 100 IOPS (Input/Output Per Second) on average

Question 42

You receive a Spot Instance at a bid of $0.05/hr. After 30 minutes, the Spot Price increases to $0.06/hr and your Spot Instance is terminated by AWS. What was the total EC2 compute cost of running your Spot Instance?

Answer 42

$0.00

Question 43

A startup company hired you to help them build a mobile application, that will ultimately store billions of images and videos in Amazon Simple Storage Service (S3). The company is lean on funding, and wants to minimize operational costs, however, they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business, they are expecting sudden and large increases in the traffic to and from S3, and need to ensure that it can handle the performance needs of their application. What other information must you gather from this customer in order to determine whether S3 is the right option?

Question 44

You receive a Spot Instance at a bid of $0.05/hr. After 30 minutes, the Spot Price increases to $0.06/hr and your Spot Instance is terminated by AWS. What was the total EC2 compute cost of running your Spot Instance?

Answer 44

$0.00

Question 45

A startup company hired you to help them build a mobile application, that will ultimately store billions of images and videos in Amazon Simple Storage Service (S3). The company is lean on funding, and wants to minimize operational costs, however, they have an aggressive marketing plan, and expect to double their current installation base every six months. Due to the nature of their business, they are expecting sudden and large increases in the traffic to and from S3, and need to ensure that it can handle the performance needs of their application. What other information must you gather from this customer in order to determine whether S3 is the right option?

Answer 45

You must find out the total number of requests per second at peak usage.

Question 46

An Organization is planning to build an online chat application for their enterprise level collaboration for their employees across the world. They are looking for a single digit latency fully managed database to store and retrieve conversations. What would AWS Database service you recommend?

Answer 46

AWS DynamoDB

Question 47

Which protocol is not supported when using with Route 53 health check?

Answer 47

UDP

Question 48

You have been tasked with creating a VPC network topology for your company. The VPC network must support both Internet-facing applications and internally-facing applications accessed only over VPN. Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for high availability. At a minimum, how many subnets must you create within your VPC to accommodate these requirements?

Answer 48

6

Question 49

We run a database on a m1.small instance and customers have performance issues. After investigation, database administrators asks you to improve iops performance. Which options can be used to improve iops?

Answer 49

Using a EBS optimized instance OR Using Provisioned IOPS

Question 50

You host a static website in an S3 bucket and there are global clients from multiple regions. You want to use an AWS service to store cache for frequently accessed content so that the latency is reduced and the data transfer rate is increased. Which of the following options would you choose?

Answer 50

Configure CloudFront to deliver the content in the S3 bucket. CloudFront is able to store the frequently accessed content as a cache and the performance is optimized. Your Answer

Question 51

Which route must be added to your routing table in order to allow connections to the Internet from your subnet?

Answer 51

Destination: 0.0.0.0/0 --> Target: your Internet gateway

Question 52

Which of the below mentioned steps will not be performed while creating the AMI of instance stored-backend?

Answer 52

Define the AMI launch permissions.

Question 53

A VPC public subnet is one that:

Answer 53

Has at least one route in its associated routing table that uses an Internet Gateway (IGW).

Question 54

You want to implement a HPC ( High performance computing ) system with low-latency network performance. In order to establish this, which AWS feature can be used?

Answer 54

Placement groups

Question 55

What about is EC2 Role is true?

Answer 55

Launch an instance with an AWS Identity and Aceess Management (IAM) role to restrict AWS API access for the instance.

Question 56

How can software determine the public and private IP addresses of the Amazon Elastic Cloud Compute instance that it is running on?

Answer 56

Query the local instance metadata.

Question 57

An instance is launched in private VPC subnet. All security, NACL and routing definition configured as expected. A custom NAT instance is launched. Which of the following answer is right for configuring custom NAT instance?

Answer 57

Source/Destination check should be disabled on NAT Instance Each instance performs source/destination checks by default. This means that the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/ destination checks on the NAT instance.

Question 58

How can an instance be copied to another region?

Answer 58

By creating an AMI and copy it to another region

Question 59

What happens to data on ephemeral volume of an EBS-backed instance if instance is stopped and started?

Answer 59

Data will be deleted and will no longer be accessible

Question 60

An instance running a webserver is launched in a VPC subnet. A security group and a NACL are configured to allow inbound port 80. What should be done to make web server accessible by everyone?

Answer 60

Outbound Ports 49152-65535 should be enabled on NACL

Question 61

How can we attach our instance store volume to another instance?

Answer 61

We can stop the instance. Detach the volume. And attach to other instance

Question 62

_____ is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS

Answer 62

AWS Shield