MyCloudGuru Flashcards

Question

A __ is an object in AWS stored as a JSON document that provides a formal statement of one or more permissions. A) User B) Role C) Group D) Policy

Answer 1

D) Policy A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. Most policies are stored in AWS as JSON documents.

Answer 2

A) Organizational Units Correct. Organization Units, or 'OUs' are a feature of AWS Organizations.

Answer 3

C) Create individual user accounts with minimum necessary rights and tell the staff to log in to the console using the credentials provided. D) Create a customized sign-in link such as "yourcompany.signin.aws.amazon.com/console" for your new users to use to sign in with. Read the AWS Security Best Practice white paper. Also note that the IAM account signin URL is different from the Root account signin URL

Answer 4

A) Setting up a cross account IAM Role Setting up a cross account IAM role is currently the only method that will allow IAM users to access cross account S3 buckets both programmatically and via the AWS console.

Answer 5

C) Set up an account using their company email address. This email address is a key part of linking the AWS account to your company. Using a private email address may make it harder to establish ownership if your need help from AWS.

Answer 6

B) Grant her Administrator access by adding her to an Administrators' group. By default new user accounts come with no permission to interact with services. These must be explicitly assigned by adding a Policy or adding them to a Group. The admin user should have also been configured with MFA as best practice, but MFA would not be related to the permission issue itself.

Answer 7

D) http://169.254.169.254 This IP Address is specific to AWS, where you can use it on any instance to acquire information about that instance. It is a specific type of address called a 'link-local address', and is only accessible from that particular instance. You can also disable the metadata service to prevent it's misuse

Answer 8

D) Tags Tagging is a key part of managing an environment. Even in a lab, it is easy to lose track of the purpose of resources, and tricky determine why it was created and if it is still needed. This can rapidly translate into lost time and lost money.

Answer 9

B) aws ec2 create-snapshot When looking at the AWS CLI, remember the verbs, like 'create', which are used as part of commands. This helps you build the necessary command in your head, without referring to the documentation. For example, we might create a new image along with this snapshot. From this, we could understand that the command would likely be 'aws ec2 create-image'.

Answer 10

A) Yes, although it may take some time. Since the additional disk does not contain the operating system, you can detach it in the EC2 Console while the instance is running. However, any data on that drive would become inaccessible, and possibly cause problems for the EC2 instance.

Answer 11

FALSE There are slight differences between a normal 'new' Security Group and a 'default' security group in the default VPC. For a 'new' security group nothing is allowed in by default.

Answer 12

C) Incrementally EBS snapshots use incremental backups and are stored in S3. Restores can be done from any of the snapshots. The original full snapshot can be safely deleted without impacting the ability to use the other related incremental backups.

Answer 13

B) Yes. Spread Placement Groups can be deployed across availability zones since they spread the instances further apart. Cluster Placement Groups can only exist in one Availability Zone since they are focused on keeping instances together, which you cannot do across Availability Zones.

Answer 14

A) Yes, it possible to perform API actions on an existing Amazon EBS Snapshots. It possible to perform API actions on an existing Amazon EBS Snapshot through the AWS APIs, CLI, and AWS Console. You can use AWS APIs, CLI or the AWS Console to copy snapshots, share snapshots, and create volumes from snapshots.

Answer 15

B) Retrieve the instance Metadata from http://169.254.169.254/latest/meta-data/local-ipv4 and http://169.254.169.254/latest/meta-data/public-ipv4. Instance Metadata and User Data can be retrieved from within the instance via a special URL. Similar information can be extracted by using the API via the CLI or an SDK. The ipconfig and ifconfig tools don't have the ability to see the Public IP Address directly, since it's attached dynamically inside the AWS Software Defined Network which has to be queried by the API.

Answer 16

C) Block-based EBS uses Block-based storage, where the data is stored on a virtual disk managed by the Operating System. EFS uses File-based storage, where the underlying filesystem is managed by AWS. S3 uses Object-based storage, where files are kept in a flat structure.

Answer 17

D) Your fleet of EC2 instances requires high network throughput and low latency within a single availability zone. Cluster Placement Groups are primarily about keeping you compute resources within one network hop of each other on high speed rack switches. This is only helpful when you have compute loads with network loads that are either very high or very sensitive to latency.

Answer 18

FALSE Standard Reserved Instances cannot be moved between regions. You can choose if a Reserved Instance applies to either a specific Availability Zone, or an Entire Region, but you cannot change the region.

Answer 19

C) No - Unless 'Delete on Termination' is unchecked for the root volume You can control whether an EBS root volume is deleted when its associated instance is terminated. The default delete-on-termination behavior depends on whether the volume is a root volume, or an additional volume. By default, the DeleteOnTermination attribute for root volumes is set to 'true.' However, this attribute may be changed at launch by using either the AWS Console or the command line. For an instance that is already running, the DeleteOnTermination attribute must be changed using the CLI.

Answer 20

D) Configure encryption when creating the EBS volume The use of encryption at rest is default requirement for many industry compliance certifications. Using AWS managed keys to provide EBS encryption at rest is a relatively painless and reliable way to protect assets and demonstrate your professionalism in any commercial situation.

Answer 21

C) Nothing - It will take effect almost immediately Changes to IAM Policies take effect almost immediately (with maybe a few seconds delay). No substantial waiting time is required, nor changes to the system. This is because the IAM Policy exists in the AWS API, rather than on the instance itself. As a way to remember it in a scenario, if you think about a compromised system, you would need to revoke the access immediately, without waiting for changes to take effect.

Answer 22

C) To attach an IAM role to an instance that has no role, the instance can be in the stopped or running state. To replace the IAM role on an instance that already has an attached IAM role, the instance must be in the running state. IAM Roles can be attached to instances in the stopped or running state, or replaced for instances in the running state. Prior to early 2017, you would only be able to attach an IAM role at launch, and if you wanted to attach a role, you would have to terminate and re-launch the instance.

Answer 23

A) In Availability Zones When you're setting up an EC2 instance, you select which subnet you'd like to place your EC2 instance in. Each subnet is tied to a specific availability zone. You cannot move an instance between Availability Zones, without setting up a copied version of the instance. Whilst they exist in Regions, they are not portable across the whole region, nor across the whole globe.

Answer 24

TRUE Spread Placement Groups can be deployed across availability zones since they spread the instances further apart. Cluster Placement Groups can only exist in one Availability Zone since they are focused on keeping instances together, which you cannot do across Availability Zones.

Answer 25

C) FSx for Windows Amazon FSx for Windows File Server provides a fully managed native Microsoft Windows file system so you can easily move your Windows-based applications that require shared file storage to AWS. EBS Multi Attach allows you to attach a volume to up to 16 instances, but would have issues across multiple availability zones, and could not use NTFS natively. EFS uses the NFS protocol, and is explicitly not supported on Windows. S3 is object-based storage, and would not be suitable as the backend for a file server.

Answer 26

A) Cold (sc1) B) Throughput Optimized (st1) Of all the EBS types, both current and of the previous generation, HDD based volumes will always be less expensive than SSD types. Therefore, of the options available in the question, the Cold (sc1) and Throughout Optimized (st1) types are HDD based and will be the least expensive options.

Answer 27

B) No. If the original snapshot was deleted, then the AMI would not be able to use it as the basis to create new instances. For this reason, AWS protects you from accidentally deleting the EBS Snapshot, since it could be critical to your systems. To delete an EBS Snapshot attached to a registered AMI, first remove the AMI, then the snapshot can be deleted.

Answer 28

C) Enhanced networking Enhanced networking uses single root I/O virtualization (SR-IOV) to provide high-performance networking capabilities on supported instance types. SR-IOV is a method of device virtualization that provides higher I/O performance and lower CPU utilization when compared to traditional virtualized network interfaces. Enhanced networking provides higher bandwidth, higher packet per second (PPS) performance, and consistently lower inter-instance latencies.

Answer 29

B) Xen E) Nitro AWS originally used a modified version of the Xen Hypervisor to host EC2. In 2017, AWS began rolling out their own Hypervisor called Nitro.

Answer 30

TRUE When you create a DB instance, you can choose an Availability Zone or have AWS choose one for you. An Availability Zone is represented by an AWS Region code followed by a letter identifier (for example, us-east-1a).

Answer 31

C) There is no charge associated with this action. Data transferred between Availability Zones for replication of Multi-AZ deployments is free.

Answer 32

D) 35 Days

Answer 33

A) Amazon Aurora, MySQL, MariaDB, Oracle, SQL Server, and PostgreSQL Amazon RDS supports Amazon Aurora, MySQL, MariaDB, Oracle, SQL Server, and PostgreSQL database engines.

Answer 34

A) 16TB You can create Amazon RDS for SQL Server database instances with up to 16TB of storage. The 16TB storage limit is available when using the Provisioned IOPS and General Purpose (SSD) storage types.

Answer 35

TRUE Reserved DB instance benefits apply for both Multi-AZ and Single-AZ configurations.

Answer 36

D) Amazon DynamoDB supports MongoDB workloads. This is not a feature supported by DynamoDB. Amazon DocumentDB (with MongoDB compatibility) is a fast, scalable, highly available, and fully managed document database service that supports MongoDB workloads.

Answer 37

B) Amazon RDS with Provisioned IOPS (SSD) Storage Amazon RDS with provisioned IOPS (SSD) storage allows you to implement a SQL-based relational database solution for your high-performance OLTP workloads.

Answer 38

A) Amazon DynamoDB Amazon DynamoDB is a non-relational database that delivers reliable performance at any scale. It's a fully managed, multi-region, multi-master database that provides consistent single-digit millisecond latency, and offers built-in security, backup and restore, and in-memory caching.

Answer 39

C) If you need to run an I/O-intensive relational database for a mission-critical application in production. Provisioned IOPS becomes important when you are running production environments requiring rapid responses, such as those which run e-commerce websites. Without high performant responses from an RDS instance page loads of the website could suffer resulting in loss of business. If your workloads are not latency sensitive or you are running a test environment the additional cost of provisioned IOPS will not be cost beneficial to your project.

Answer 40

FALSE Amazon RDS provides a managed database offering, so you can't SSH and have control over the underlying operating system configurations where your Amazon RDS MySQL instance is running. You can only have such control when you deploy and manage your databases on EC2 instances.

Answer 41

B) During the next scheduled maintenance window or immediately When applying changes to the backup window, you can choose either to have the changes done during the next scheduled maintenance window or immediately. The schedule itself is modified right away.

Answer 42

D) 6 Amazon Aurora automatically maintains 6 copies of your data across 3 Availability Zones.

Answer 43

A) Add 2 additional EBS SSD volumes and create a RAID 0 volume to host the database. RAID 0 provides performance improvements compared with a single volume as data can be read and written to multiple disks simultaneously. 2 disks, each with a bandwidth of 4,000 IOPS will provide a combined bandwidth of 8,000 IOPS.

Answer 44

A) Redshift

Answer 45

A) I/O may be briefly suspended while the backup process initializes (typically under a few seconds), and you may experience a brief period of elevated latency.

Answer 46

A) Redis & Memcached

Answer 47

B) Redshift Redshift is the most suitable AWS database for OLAP (Online Analytical Processing).

Answer 48

A) Apache Parquet B) JSON D) Apache ORC Amazon Athena is an interactive query service that makes it easy to analyse data in Amazon S3, using standard SQL commands. It will work with a number of data formats including "JSON", "Apache Parquet", "Apache ORC" amongst others, but "XML" is not a format that is supported.

Answer 49

C) EBS Elastic Block Storage (EBS) is recommended block level storage for EC2 instances if you were running a database on an EC2 instance. If the question didn't focus on the solution being on the instance, RDS would be the preferred choice.

Answer 50

FALSE You don't need to specify a destination port number when you create DB security group rules. The port number defined for the DB instance is used as the destination port number for all rules defined for the DB security group.

Answer 51

C) Read and Write Capacity D) Storage of Data There will always be a charge for provisioning read and write capacity and the storage of data within DynamoDB, therefore these two answers are correct. There is no charge for the transfer of data into DynamoDB, providing you stay within a single region (if you cross regions, you will be charged at both ends of the transfer). There is no charge for local secondary indexes.

Answer 52

B) Error Typically, you want your application to check whether a request generated an error before you spend any time processing results. The easiest way to find out if an error occurred is to look for an Error node in the response from the Amazon RDS API.

Answer 53

A) DynamoDB

Answer 54

B) Geolocation routing policy Geolocation routing lets you choose the resources that serve your traffic based on the geographic location of your users, meaning the location that DNS queries originate from. For example, you might want all queries from Europe to be routed to an ELB load balancer in the Frankfurt region. D) Geoproximity routing policy Geoproximity routing lets Amazon Route 53 route traffic to your resources based on the geographic location of your users and your resources.

Answer 55

C) Multivalue Routing R53 Multivalue lets you respond to DNS queries with up to eight IP addresses of 'healthy' targets. Plus it will give a different set of 8 to different DNS resolvers. The R53 Simple policy will provide a list of multiple instances in random order, but Multivalue is the AWS preferred option for this type of service.

Answer 56

C) True and False. With Route 53, there is a default limit of 20 domain names. However, this limit can be increased by contacting AWS support. The limit is 20 for new customers as of March 2021. If you have an existing account and your default limit is 50 now, it will remain at 50.

Answer 57

A) Route 53 - Geolocation routing policy E) Route 53 - Geoproximity routing policy The instruction from the CTO is clear that that the division is based on geography. Latency based routing will approximate geographic balance only when all routes and traffic evenly supported which is rarely the case due to infrastructure and day night variations. You cannot combine blacklisting and whitelisting in CloudFront. Weighted routing is randomized and will not respect Geo boundaries. Geolocation is based on national boundaries and will meet the needs well. Geoproximity is based on Latitude & Longitude and will also provide a good approximation with potentially less configuration.

Answer 58

E) Route 53 allows you to create an Alias record at the top node of a DNS namespace (zone apex) F) Alias Records provide a Route 53–specific extension to DNS functionality Alias Records have special functions that are not present in other DNS servers. Their main function is to provide special functionality and integration into AWS services. Unlike CNAME records, they can also be used at the Zone Apex, where CNAME records cannot. Alias Records can also point to AWS Resources that are hosted in other accounts by manually entering the ARN

Answer 59

A) Failover Routing and Latency-based Routing Failover Routing and Latency-based Routing are the only two correct options, as they consider routing data based on whether the resource is healthy or whether one set of resources is more performant than another. Any answer containing location based routing (Geoproximity and Geolocation) cannot be correct in this case, as these types only consider where the client or resources are located before routing the data. They do not take into account whether a resource is online or slow. Simple Routing can also be discounted as it does not take into account the state of the resources.

Answer 60

B) The route part of the Route 53 name came from a reference to Route 66. The 53 part came from the fact that the port for DNS is 53.

Answer 61

TRUE Route 53 is Amazon's highly available and scalable cloud DNS web service.

Answer 62

A) CNAME B) Alias CNAME maps to the host name An alias could be created for the ELB. Alias records provide a Route 53–specific extension to DNS functionality

Answer 63

D) 5 You can have up to five Amazon VPCs per AWS account per AWS Region, but you can place a support request to increase the number.

Answer 64

B) Virtual Private Cloud VPC stand for Virtual Private Cloud. It is a logically isolated (private) section where you can place AWS resources within a virtual network.

Answer 65

D) A Private IP Address & Public IP Address In a default VPC, when you launch an EC2 instance and don't specify a subnet, it's automatically launched into a default subnet in your default VPC. The default subnet may MapPublicIPOnLaunch set to the value of true. So when it is launched, a public and private IP is available for the instance.

Answer 66

B) No 0.0.0.0/0 would allow ANYONE from ANYWHERE to connect to your instances. This is generally a bad plan. The phrase 'web-facing subnets' does not mean just web servers. It would include any instances in that subnet some of which you may not want strangers attacking. You would only allow 0.0.0.0/0 on port 80 or 443 to connect to your public-facing Web Servers, or preferably only to an ELB. Good security starts by limiting public access to only what the customer needs. Please see the AWS Security white paper for complete details.

Answer 67

B) VPC gateway endpoints ensure traffic between your VPC and the other service does not leave the Amazon network. In contrast to a NAT gateway, traffic between your VPC and the other services does not leave the Amazon network when using VPC gateway endpoints. A gateway endpoint is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service (S3 and DynamoDB).

Answer 68

A) Network Access Control List (ACL) B) Route Table C) Security Group When you create a custom VPC, a default Security Group, network access control list (ACL), and route table are created automatically. You must create your own subnets, internet gateway, and NAT gateway (if you need one).

Answer 69

FALSE You may peer a VPC to another VPC that's in your same account, or to any VPC in any other account.

Answer 70

B) Subnet Level D) Network Interface Level F) VPC Level VPC Flow Logs can be created at the VPC, subnet, and network interface levels. VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC.

Answer 71

A) Create an Elastic IP address and associate it with your EC2 instance. An Elastic IP address is a public IPv4 address, which is reachable from the internet. If your instance does not have a public IPv4 address, you can associate an Elastic IP address with your instance to enable communication with the internet. For example, this allows you to connect to your instance from your local computer.

Answer 72

D) Bastion Host A Bastion host allows you to securely administer (via SSH or RDP) an EC2 instance located in a private subnet. Don't confuse Bastions and NATs, which allow outside traffic to reach an instance in a private subnet.

Answer 73

B) Virtual Private Gateway D) Customer Gateway A Virtual Private Gateway sits at the edge of your VPC and is a key component when using a VPN. It's responsible for site-to-site connection from on-premises to a VPC. A customer gateway is a resource that is installed on the customer side and provides a customer gateway inside a VPC.

Answer 74

FALSE Each subnet must reside entirely within one Availability Zone and cannot span across zones.

Answer 75

A) Security groups are stateful and Network Access Control Lists (NACLs) are stateless. Security groups are stateful and Network Access Control Lists are stateless. Stateful means if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules.

Answer 76

A) 1 An internet gateway is a highly available VPC component; only one is attachable to a custom VPC.

Answer 77

B) Security groups operate at the instance level and are associated with network interfaces. C) Security groups support "allow" rules only. E) Security groups evaluate all rules before deciding whether to allow traffic. Security groups control access at the instance-level (as they are associated with network interfaces), they support "allow" rules only, and they evaluate all rules before deciding whether to allow traffic into the instance(s).

Answer 78

C) Network Zone A network zone services the static IP addresses for your accelerator from a unique IP subnet. Similar to an AWS Availability Zone, a network zone is an isolated unit with its own set of physical infrastructure. When you configure an accelerator, by default, Global Accelerator allocates two IPv4 addresses for it. If one IP address from a network zone becomes unavailable due to IP address blocking by certain client networks, or network disruptions, then client applications can retry on the healthy static IP address from the other isolated network zone.

Answer 79

TRUE When setting up your ALB, for availability zone subnets, you must select at least two Availability Zone subnets from different Availability Zones. Each Availability Zone subnet for your load balancer should have a CIDR block with at least a /27 bitmask (Example, 10.0.0.0/27) and at least 8 free IP addresses per subnet.

Answer 80

C) VPC 'A' As transitive peering is not allowed, VPC 'B' can communicate directly only with VPC 'A'. (A good alternative to many peer connections is AWS Transit Gateway. AWS Transit Gateway can connect VPCs and on-premises networks via a central hub and get around the transitive problem).

Answer 81

TRUE In a custom VPC with new subnets in each AZ, there is a route within the route table that supports communication across all subnets/AZs. Additionally, it has a Default SG with an "allow" rule: all traffic, all protocols, all ports, from resource using this default security group.

Answer 82

FALSE You can only have one Internet Gateway per VPC.

Answer 83

C) /16 The /16 offers 65,536 possible addresses.

Answer 84

D) CloudFront AWS Global Accelerator and Amazon CloudFront are separate services that use the AWS global network and its edge locations around the world. CloudFront improves performance for both cacheable content (such as images and videos) and dynamic content (such as API acceleration and dynamic site delivery). Global Accelerator improves performance for a wide range of applications over TCP or UDP by proxying packets at the edge to applications running in one or more AWS Regions.

Answer 85

A) Network ACLs NACLs act on the subnet level, while security groups act on the instance level.

Answer 86

TRUE By default, a security group includes an outbound rule that allows all outbound traffic. You can remove the rule and add outbound rules that allow specific outbound traffic only. If your security group has no outbound rules, no outbound traffic originating from your instance is allowed.

Answer 87

B) Allows VPC based IPv6 traffic to communicate to the internet D) Prevents IPv6 based internet resources to initiate a connection into a VPC The purpose of an egress-only internet gateway is to allow IPv6 based traffic within a VPC to access the internet, whilst denying any internet based resources to connection back into the VPC.

Answer 88

B) Depends on the type of security assessment or penetration test and the service being assessed. Some assessments can be performed without alerting AWS, some require you to alert. AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services only. You should request authorization for other simulated events.

Answer 89

A) Improved security B) Faster performance It is likely that if you choose to run your VPN through a Direct Connect from your datacenter to the AWS network that your VPN connection will be both faster, and more secure. However data charges are still incurred whilst using Direct Connect. Additionally Transit Gateway attachments may be made to VPN regardless of if it is through DX or not.

Answer 90

A) In Amazon VPC, an instance retains its public IP when stopped and started. AWS releases your instance's public IP address when it is stopped, hibernated, or terminated. Your stopped or hibernated instance receives a new public IP address when it is started.

Answer 91

B) Reliability Each word has a specific meaning and your ability to select a correct answer may depend on understanding the difference. Reliability is closely related to Availability, however a system can be 'Available' but not be working properly. Reliability is the probability that a system will work as designed. This term is not used much in AWS, but is still worth understanding.

Answer 92

A) Use multiple autoscaling groups and boundaries for a staged or 'canary' deployment process. The purpose of a canary deployment is to reduce the risk of deploying a new version that impacts the workload. B) Use Route 53 with health checks to distribute load across multiple ELBs. Using Route 53 in combination with ELBs is a good pattern to distribute regionally as well as across AZs. E) Use a Classic Load Balancer to spread the load over several availability zones. Cross-zone load balancing reduces the need to maintain equivalent numbers of instances in each enabled Availability Zone, and improves your application's ability to handle the loss of one or more instances. F) Use several Target groups or Auto Scaling groups under each Load Balancer. Although the methods vary, you can place multiple autoscaling or target groups behind ELBs.

Answer 93

A) No. You can't use the standby (secondary database) to offload reads from an application. The standby instance is only there for failover. If you want an independent read node, you need to create a special type of DB instance called a read replica, from a source DB instance.

Answer 94

B) Application Load Balancers (ALB) The ALB has functionality to distinguish traffic for different targets (mysite.co/accounts vs. mysite.co/sales vs. mysite.co/support) and distribute traffic based on rules for: target group, condition, and priority.

Answer 95

A) Consider replacing it with Aurora before go live. B) Convert the RDS instance to a multi-AZ implementation. There are two issues to be addressed in this question. Minimizing outages, whether due to required maintenance or unplanned failures. Plus the possibility of needing to scale up or down. Read-replicas can help you with high read loads, but are not intended to be a solution to system outages. Multi-AZ implementations will increase availability because in the event of a instance outage one of the instances in another AZs will pick up the load with minimal delay. Aurora provided the same capability with potentially higher availability and faster response.

Answer 96

B) A spread placement group supports a maximum of seven running instances per Availability Zone. A spread placement group supports a maximum of seven running instances per Availability Zone. For example, in a Region with three Availability Zones, you can run a total of 21 instances in the group (seven per zone). If you try to start an eighth instance in the same Availability Zone and in the same spread placement group, the instance will not launch. If you need to have more than seven instances in an Availability Zone, then the recommendation is to use multiple spread placement groups. Using multiple spread placement groups does not provide guarantees about the spread of instances between groups, but it does ensure the spread for each group, thus limiting impact from certain classes of failures.

Answer 97

A) Scaling Up Scaling out is where you have more of the same resource separately working in parallel (visualize services sitting side by side). Scaling Up is where you make it bigger and bigger like an ugly tower with more floors being added after the initial design was finished.

Answer 98

C) AWS Autoscaling EC2 Autoscaling works in conjunction with the AWS Autoscaling service to provide a predictive ability to your autoscaling groups.

Answer 99

B) 99.999999999 percent S3 Standard, S3 Intelligent-Tiering, S3 Standard-IA, S3 One Zone-IA, S3 Glacier, and S3 Glacier Deep Archive Amazon S3 storage classes, objects are designed for 99.999999999% (11 9’s) durability.

Answer 100

D) Resiliency Resiliency is the ability of a workload to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions, such as misconfigurations or transient network issues.

Answer 101

C) S3 Standard-IA The key drivers here are availability and cost, so an awareness of cost is necessary to answer this. Glacier cannot be considered as it is not intended for direct access. S3 has an availability of 99.99%, S3 Standard-IA has an availability of 99.9% while S3-1Zone-IA only has 99.5%

Answer 102

D) Scheduled Scaling Target tracking could work but you need to invest time in determining the correct metric to track (e.g. CPU, Memory, Load Balancer Requests). Also Manual Scaling requires that someone changes configuration to scale up and scale down every day. Finally over provisioning in order to cope with peak demand defeats the purpose of elastic scaling of your compute. For situations where your traffic is very predictable, the easiest way to scale with demand is to create scheduled scaling actions.

Answer 103

A) S3 Standard From the question, we can identify that: - the data is non-replaceable (All S3 classes are at 11 9s of Durability now except for RRS) - the data is frequently updated (Classes outside of S3 Standard & S3 Intelligent-Tiering have extra charges for frequently accessed data). - cost-effective (S3 is more cost effective than S3 Intelligent-Tiering if the data is updated frequently) - version control must be an available feature (S3 has versioning as a feature) All of these items combined make S3 the best option for the available information.

Answer 104

B) Availability Each word has a specific meaning and your ability to select the correct answer may depend on understanding the difference. Availability can be described as the % of a time period when the service will be able to respond to your request in some fashion.

Answer 105

A) Copy the files from the NAS to an S3 bucket with the Standard-IA class. S3 Standard-IA provides rapid access to files and is resilient against events that impact an entire Availability Zone, while offering the same 11 9's of durability as all other storage classes. The trade-off is in the availability. It is designed for 99.9% availability over a given year, as opposed to 99.99% that S3 Standard offers. However in this brief as cost is more important than availability, S3 Standard-IA is the logical choice.

Answer 106

A) Yes. In the event of a planned or unplanned outage of your DB instance, Amazon RDS automatically switches to a standby replica in another Availability Zone if you have enabled Multi-AZ. You can force a failover manually when you reboot a DB instance.

Answer 107

B) cfn-init cfn-init is not a component of the EC2 Autoscaling service. Instead it is a feature which allows commands to be run, and software installed/configured on EC2 instances when they launch.

Answer 108

E) Network Load Balancers (NLB) The Network Load Balancer is specifically designed for high performance traffic that is not conventional Web traffic. The Classic LB might also do the job, but would not offer the same performance.

Answer 109

C) Durability Each word has a specific meaning and your ability to select a correct answer may depend on understanding the difference. Durability refers to the on-going existence of the object or resource. Note that it does not mean you can access it, only that it continues to exist.

Answer 110

C) SQS In IT the term 'message' can be used in the common sense, or to describe a piece of data of Task in an asynchronous queueing system such as MQseries, RabbitMQ or SQS.

Answer 111

D) Enable caching and set throttling limits. If a cache is configured, then Amazon API Gateway will return a cached response for duplicate requests for a customizable time, but only if under configured throttling limits. This balance between the backend and client ensures optimal performance of the APIs for the applications that it supports.

Answer 112

D) A service on AWS that ingests and stores data streams for processing. Amazon Kinesis Data Streams (KDS) is a massively scalable and durable real-time data streaming service. KDS can continuously capture gigabytes of data per second from hundreds of thousands of sources such as website clickstreams, database event streams, financial transactions, social media feeds, IT logs, and location-tracking events. The data collected is available in milliseconds to enable real-time analytics use cases such as real-time dashboards, real-time anomaly detection, dynamic pricing, and more.

Answer 113

FALSE The Standard SQS message queue does not preserve message order nor guarantee messages are delivered only once - these are features of a FIFO message queue. Since Standard SQS message queues are designed to be massively scalable using a highly distributed architecture, receiving messages in the exact order they are sent is not guaranteed. Standard queues provide at-least-once delivery, and in some circumstances, duplicates can occur.

Answer 114

FALSE While there are a limited range of SDKs available for SWF, AWS provides an HTTP based API which allows you to interact using any language as long as you phrase the interactions in HTTP requests.

Answer 115

A) Loading streaming data into data lakes, data stores, and analytics tools. C) Capturing, transforming and loading streaming data into Amazon S3 Amazon Kinesis Data Firehose is the easiest way to load streaming data into data stores and analytics tools. It can capture, transform, and load streaming data into Amazon S3, Amazon Redshift, Amazon Elasticsearch Service, and Splunk, enabling near real-time analytics with existing business intelligence tools and dashboards you’re already using today.

Answer 116

B) SNS is a push notification service, whereas SQS is message system that requires worker nodes to poll a queue. SNS is a Notification service for sending text based communication of different types to different destinations. SQS is a Queue system for asynchronously manages tasks (called messages)

Answer 117

FALSE If you have an existing application that uses standard queues and you want to take advantage of the ordering or exactly-once processing features of FIFO queues, you need to configure the queue and your application correctly. You can't convert an existing standard queue into a FIFO queue. To make the move, you must either create a new FIFO queue for your application or delete your existing standard queue and recreate it as a FIFO queue.

Answer 118

C) Increase the visibility timeout of your queue, so that messages do not become visible once obtained by a consumer. Duplicate messages occur when a consumer does not complete its message processing and the visibility timeout of the message expires, making it visible for another consumer to obtain. Increasing the visibility timeout to enable the consumer processing to complete, will prevent duplicate messages.

Answer 119

C) An Amazon Resource Name is created. When a topic is created, Amazon SNS will assign a unique ARN (Amazon Resource Name) to the topic, which will include the service name (SNS), region, AWS ID of the user and the topic name. The ARN will be returned as part of the API call to create the topic. Whenever a publisher or subscriber needs to perform any action on the topic, they should reference the unique topic ARN.

Answer 120

C) Coordinate synchronous and asynchronous tasks Similar to SQS SWF manages queues of work, however unlike SQS it can have out-of-band parallel and sequential task to be completed by humans and non AWS services

Answer 121

TRUE Standard queues provide at-least-once delivery, which means that each message is delivered at least once.

Answer 122

TRUE Amazon API Gateway is a fully managed service that makes it easy for developers to publish, maintain, monitor, and secure APIs at any scale. With a few clicks in the AWS Management Console, you can create an API that acts as a “front door” for applications to access data, business logic, or functionality from your AWS origin back-end services. Using API Gateway, you can create RESTful APIs and WebSocket APIs that enable real-time two-way communication applications. API Gateway supports containerized and serverless workloads, as well as web applications.

Answer 123

TRUE One time only completion is a key feature of SWF. At one time this was a key distinction from SQS, however with SQS FIFO queues, this is no longer a distinguishing feature.

Answer 124

C) A collection of related workflows Domains provide a way of scoping Amazon SWF resources within your AWS account. All the components of a workflow, such as the workflow type and activity types, must be specified to be in a domain. It is possible to have more than one workflow in a domain; however, workflows in different domains can't interact with each other.

Answer 125

D) Delivery streams, records of data and destinations. Key components of Kinesis Data Firehose are: delivery streams, records of data and destinations. Producers, shards and consumers are components of Kinesis Data Streams.

Answer 126

A) A native Cloud Architecture that allows customers to shift more operational responsibility to AWS. B) The ability to run applications and services without thinking about servers or capacity provisioning. 'Serverless' computing is not about eliminating servers, but shifting most of the responsibility for infrastructure and operation of the infrastructure to a vendor so that you can focus more on the business services, not how to manage the infrastructure that they run on. Billing does tend to be based on simple units, but the choice of services, intended usage pattern (RIs), and amount of capacity needed also influences the pricing.

Answer 127

A) EC2, ECS, & Lambda. The exact ratio of cores to memory has varied over time for Lambda instances, however Lambda like EC2 and ECS supports hyper-threading on one or more virtual CPUs (if your code supports hyper-threading).

Answer 128

B) Kinesis Data Firehose C) API Gateway D) Amazon Lex ALB, Cognito, Lex, Alexa, API Gateway, CloudFront, and Kinesis Data Firehose are all valid direct (synchronous) triggers for Lambda functions. S3 is one of the valid asynchronous triggers.

Answer 129

B) Your lambda function does not have sufficient Identity Access Management (IAM) permissions to write to DynamoDB. Like any services in AWS, Lambda needs to have a Role associated with it that provide credentials with rights to other services. This is exactly the same as needing a Role on an EC2 instance to access S3 or DDB.

Answer 130

A) Multiple instances of the Lambda function will be triggered, one for each image Each time a Lambda function is triggered, an isolated instance of that function is invoked. Multiple triggers result in multiple concurrent invocations, one for each time it is triggered

Answer 131

B) AWS X-Ray AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices & serverless architectures. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.

Answer 132

C) Create a duplicate sign up page that stores registration details in DynamoDB for asynchronous processing using SQS & Lambda. Use NoSQL database to collect customer registration for asynchronous processing, and SQS backed by scalable compute to keep up with the requests. E) Work with your web design team to refactor some web pages with embedded JavaScript for your 5 most popular information web pages and sign up web pages. Host those pages on S3 with static web hosting. An AWS solution for this situation might include S3 static web pages with client side scripting (JavaScript) to meet high demand of information pages.

Answer 133

C) Out Lambda scales out automatically - each time your function is triggered, a new, separate instance of that function is started. There are limits, but these can be adjusted on request.

Answer 134

B) Duration of each request (in ms). As of December 2020, the Lambda compute duration is billed in 1ms increments instead of being rounded up to the nearest 100 ms increment per invoke. For example, a function that runs in 30ms on average used to be billed for 100ms. Now, it will be billed for 30ms resulting in a 70% drop in its duration spend. C) The number of requests for each time the lambda executes in response to an event notification, or invoke call. The number of requests for each time the lambda executes in response to an event notification, or invoke call is one of the factors involved in Lambda pricing. D) The amount of memory assigned. Lambda billing is based on both The MB of RAM reserved and the execution duration in 100ms units. You don't choose the amount of CPU when setting up a Lambda Function. You can however choose between x86 or Arm/Graviton2 processors which does impact the price. (Note: the CPU choice came into general feature availability on 29 SEP 2021. AWS generally waits 6 months before new feature information is potentially introduced to exams).

MyCloudGuru Flashcards

(160 cards)