AWS Training

Question 1

You would like to expose a fixed static IPto your end-users for compliance purposes, so they can write firewall rules that will be stable and approved by regulators.Which Load Balancer should you use?

Answer 1

Network Load Balancers (NLB) expose a public static IP, whereas an Application or Classic Load Balancer exposes a static DNS (URL)

Question 2

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, the scaling of the Auto Scaling Group is done manually and you would like to define a scaling policy that will ensure the average number of connections to your EC2 instances is averaging at around 1000. Which scaling policy should you use?

Answer 2

Target Tracking

Question 3

Your application is using an Application Load Balancer. It turns out your application only sees traffic coming from private IPwhich are in fact your load balancer’s. What should you do to find the true IPof the clients connected to your website?

Answer 3

look into the x-forwared-for header in the backend

Question 4

You quickly created an ELB and it turns out your users are complaining about the fact that sometimes, the servers just don’t work. You realise that indeed, your servers do crash from time to time. How to protect your users from seeing these crashes?

Answer 4

Health checks ensure your ELB won’t send traffic to unhealthy (crashed) instances

Question 5

You are designing a high performance application that will require millions of connections to be handled, as well as low latency. The best Load Balancer for this is

Answer 5

NLB provide the highest performance if your application needs it

Question 6

Application Load Balancers (ALB) handle all these protocols except

Answer 6

HTTP, HTTPS, Websocket.

NLB (Network Load Balancer) support TCP instead

Question 7

The application load balancer can route to different target groups based on all these except…

Answer 7

Hostname, request Path, Source IP

Except Geography

Question 8

You are running at desired capacity of 3 and the maximum capacity of 3. You have alarms set at 60%CPUto scale out your application.Your application is now running at 80%capacity. What will happen?

Answer 8

The capacity of your ASG cannot go over the maximum capacity you have allocated during scale out events

Question 9

I have an ASGand an ALB, and I setup my ASG to get health status of instances thanks to my ALB. One instance has just been reported unhealthy. What will happen?

Answer 9

Because the ASG has been configured to leverage the ALB health checks, unhealthy instances will be terminated

Question 10

Your boss wants to scale your ASG based on the number of requests per minute your application makes to your database.

Answer 10

create a CloudWatch custom metrix and build an alarm to scale your ASG

Question 11

You would like to expose a fixed static IPto your end-users for compliance purposes, so they can write firewall rules that will be stable and approved by regulators.Which Load Balancer should you use?

Answer 11

Network Load Balancers expose a public static IP, whereas an Application or Classic Load Balancer exposes a static DNS (URL)

Question 12

A web application hosted in EC2 is managed by an ASG. You are exposing this application through an Application Load Balancer. The ALBis deployed on the VPCwith the following CIDR: 192.168.0.0/18. How do you configure the EC2 instance security group to ensure only the ALBcan access the port 80?

Answer 12

Open up the EC2 security on port 80 to ALB security Group

This is the most secure way of ensuring only the ALB can access the EC2 instances.

Question 13

Your application load balancer is hosting 3 target groups with hostnames being users.example.com, api.external.example.com and checkout.example.com. You would like to expose HTTPS traffic for each of these hostnames. How do you configure your ALBSSL certificates to make this work?

Answer 13

SNI (Server Name Indication) is a feature allowing you to expose multiple SSL certs if the client supports it.

Read more here: https://aws.amazon.com/blogs/aws/new-application-load-balancer-sni/

Question 14

An ASGspawns across 2 availability zones. AZ-Ahas 3 EC2 instances and AZ-Bhas 4 EC2 instances. The ASGis about to go into a scale-in event. What will happen?

Answer 14

AZ-B will termnate the oldest Launch configuration

Make sure you remember the Default Termination Policy for ASG. It tries to balance across AZ first, and then delete based on the age of the launch configuration.

Question 15

The Application Load Balancers target groups can be all of these EXCEPT…

Answer 15

EC2, IP ADDR, Lambda Function

Except NLB

Question 16

You are running an application in 3 AZ, with an Auto Scaling Group and a ClassicLoad Balancer. It seems that the traffic is not evenly distributed amongst all the backend EC2 instances, with some AZ being overloaded. Which feature should help distribute the traffic across all the available EC2 instances?

Answer 16

Cross Zone Load Balancing

Question 17

YourApplication Load Balancer (ALB)currently is routing to two target groups, each of them is routed to based on hostname rules. You have been tasked with enabling HTTPStraffic for each hostname and have loaded the certificates onto the ALB. Which ALBfeature will help it choose the right certificate for your clients?

Answer 17

Server Name Indication (SNI)

Question 18

An application is deployed with an Application Load Balancer and an Auto Scaling Group. Currently, the scaling of the Auto Scaling Group is done manually and you would like to define a scaling policy that will ensure the average number of connections to your EC2 instances is averaging at around 1000. Which scaling policy should you use?

Answer 18

Target Tracking

Question 19

Your instance in us-east-1a just got terminated, and the attached EBSvolume is now available. Your colleague tells you he can’t seem to attach it to your instance in us-east-1b.

Answer 19

EBS volumes are AZ locked

EBS Volumes are created for a specific AZ. It is possible to migrate them between different AZ through backup and restore

Question 20

You have provisioned an 8TB gp2 EBSvolume and you are running out of IOPS. What is NOTa way to increase performance?

Answer 20

Increase the EBS VOLUME SIZE.

EBS IOPS peaks at 16,000 IOPS. or equivalent 5334 GB.

Question 21

You would like to have a high-performance cache for your application that mustn’t be shared. You don’t mind losing the cache upon termination of your instance. Which storage mechanism do you recommend as a SolutionArchitect?

Answer 21

Instance Store provide the best disk performance

Question 22

You are running a high-performance database that requires an IOPSof 210,000 for its underlying filesystem. What do you recommend?

Answer 22

Use an EC2 Instance Store

Question 23

My company would like to have a MySQL database internally that is going to be available even in case of a disaster in the AWSCloud.I should setup

Answer 23

In this question, we consider a disaster to be an entire Availability Zone going down. In which case Multi-AZ will help.

Question 24

Our RDSdatabase struggles to keep up with the demand of the users from our website. Our million users mostly read news, and we don’t post news very often. Which solution isNOTadapted to this problem?

Answer 24

RDS Multi AZ
The question is asking which solution is NOT adapted to this problem. ElastiCache and RDS Read Replicas do indeed help with scaling reads.

Question 25

We have setup read replicas on our RDSdatabase, but our users are complaining that upon updating their social media posts, they do not see the update right away

Answer 25

Read Replicas have asynchronous replication and therefor it’s likely our user will only observe eventual consistency

Question 26

Which RDSClassic (not Aurora)feature does not require us to change our SQLconnection string?

Answer 26

Multi AZ keeps the same connection string regardless of which database is up.

Question 27

Your application functions on an ASG behind an ALB. Users have to constantly log back in and you’d rather not enable stickiness on your ALBas you fear it will overload some servers. What should you do?

Answer 27

Storing Session Data in ElastiCache is a common pattern to ensuring different instances can retrieve your user’s state if needed.

Question 28

One analytics application is currently performing its queries against your main production database.These queries slow down the database which impacts the main user experience. What should you do to improve the situation?

Answer 28

Read Replicas will help as our analytics application can now perform queries against it, and these queries won’t impact the main production database.

Question 29

You have a requirement to use TDE(Transparent Data Encryption) on top of KMS. Which database technology does NOT support TDEon RDS?

Answer 29

PostgreSQL

Question 30

Which RDSdatabase technology does NOTsupport IAMauthentication?

Answer 30

Oracle

Question 31

You would like to ensure you have a database available in another region if a disaster happens to your main region. Which database do you recommend?

Answer 31

Global Databases allow you to have cross region replication

Question 32

How can you enhance the security of your Redis cache to force users to enter a password?

Answer 32

Use Redis AUTH

Question 33

Your company has a production Node.js application that is using RDSMySQL5.6 as its data backend. Anew application programmed in Java will perform some heavy analytics workload to create a dashboard, on a regular hourly basis. You want to the final solution to minimize costs and have minimal disruption on the production application, what should you do?

Answer 33

Create Read Replica in the same AZ and run the analytics workload on the replica database

this will minimize cost because the data won’t have to move across AZ

Question 34

You would like to create a disaster recovery strategy for your RDSPostgreSQLdatabase so that in case of a regional outage, a database can be quickly made available for Read and Write workload in another region. The DR database must be highly available. What do you recommend?

Answer 34

Create Read Replica in a different region and enable muti-AZ on the main database.

Question 35

You are managing a PostgreSQLdatabase and for security reasons, you would like to ensure users are authenticated using short-lived credentials. What do you suggest doing?

Answer 35

In this case, IAM is leveraged to obtain the RDS service token, so this is the IAM authentication use case.

Question 36

An application is running in production, using an Aurora database as its backend. Your development team would like to run a version of the application in a scaled-down application, but still, be able to perform some heavy workload on a need-basis. Most of the time, the application will be unused. Your CIO has tasked you with helping the team while minimizing costs. What do you suggest?

Answer 36

Use Aurora Serverless

Question 37

RDS Database ports

Answer 37

RDS Databases ports:

PostgreSQL: 5432

MySQL: 3306

Oracle RDS: 1521

MSSQL Server: 1433

MariaDB: 3306 (same as MySQL)

Aurora: 5432 (if PostgreSQL compatible) or 3306 (if MySQL compatible)