Practice Exam Questions 2020 Flashcards

Question 1

Q

When using EC2 instances with Dedicated Hosting, which of the following modes are you able to transition between by stopping the instance and starting it again?

Answer

A

Dedicated & Host

The tenancy of an instance can only be change between variants of ‘dedicated’ tenancy hosting. It cannot be changed from or to default tenancy hosting.

Question 2

Q

What is the maximum number of running instances a spread placement group can have per AZ?

Question 3

Q

Security Groups are {{staless/stareful}} and updates are applied {{immediately/ within an hour}}

Answer

A

Security Groups are stateful and updates are applied immediately.

Question 4

Q

What is the maximum VisibilityTimeout of an SQS message in a FIFO queue?

Question 5

Q

A single m4.medium NAT instance inside a VPC supports a company of 100 people. This NAT instance allows individual EC2 instances in private subnets to communicate out to the internet without being directly accessible via the internet. As the company has grown over the last year, they are finding that the additional traffic through the NAT instance is causing serious performance degradation. What might you do to solve this problem?

Answer

A

Increase the class size of the NAT instance from an m4.medium to an m4.xLarge.

Question 6

Q

Your company provides an online image recognition service and uses SQS to decouple system components. Your EC2 instances poll the image queue as often as possible to keep end-to-end throughput as high as possible, but you realize that all this polling is resulting in both a large number of CPU cycles and skyrocketing costs. How can you reduce cost without compromising service?

Answer

A

Enable long polling by setting the ReceiveMessageWaitTimeSeconds to a number > 0.

Question 7

Q

You are a consultant planning to deploy DynamoDB across three AZs. Your lead DBA is concerned about data consistency. What do you advise the lead DBA to do?

Answer

A

To ask the development team to code for strongly consistent reads. As the consultant, you will advise the CTO of the increased cost.

Question 8

Q

You have provisioned a custom VPC with a subnet that has a CIDR block of 10.0.3.0/28 address range. Inside this subnet, you have 2 web servers, 2 application servers, 2 database servers, and a NAT. You have configured an Autoscaling group on the two web servers to automatically scale when the CPU utilization goes above 90%. Several days later you notice that autoscaling is no longer deploying new instances into the subnet, despite the CPU utilization of all web servers being at 100%. What may offer an explanation?

Answer

A

AWS reserves both the first four and the last IP address in each subnet’s CIDR block.

Your Autoscaling Group (ASG) has provisioned too many EC2 instances and has exhausted the number of internal IP addresses available in the subnet.

**A /28 subnet will only have 16 addresses available. AWS reserve both the first four and last IP addresses in each subnet’s CIDR block. It is likely that your autoscaling group has provisioned too many EC2 instances and you have run out of internal private IP addresses.

Question 9

Q

You successfully configure VPC Peering between VPC-A and VPC-B. You then establish an IGW and a Direct-Connect connection in VPC-B. Can instances in VPC-A connect to your corporate office via the Direct-Connect service, and connect to the Internet via the IGW?

Answer

A

VPC peering only routes traffic between source and destination VPCs. VPC peering does not support edge to edge routing.

Question 10

Q

You run a meme creation website that stores the original images in S3 and each meme’s metadata in DynamoDB. You need to decide upon a low-cost storage option for the memes, themselves. If a meme object is unavailable or lost, a Lambda function will automatically recreate it but at a $10 licensing cost per creation. There is a very large number of files, and they require rapid access when needed. Which storage solution should you use to store the memes in a cost effective way that guards against the possibility of high license fees?

Answer

A

S3 - IA

**The storage savings between IA and OneZone-IA are about $0.0025 this is small compared to the $10 for licensing if many files are lost. The durability of S3 - IA and S3 - OneZone-IA is the same: 99.999999999%., but there is far more of a risk of high costs if it is in one zone. S3 - IA guards against that possibility.

Question 11

Q

You have been engaged as a consultant by a company that generates utility bills and publishes them online. PDF images are generated, then stored on a high-performance RDS instance. Customarily, invoices are viewed by customers once per month. Recently, the number of customers has increased threefold, and the wait-time necessary to view invoices has increased unacceptably. The CTO is unwilling to alter the codebase more than necessary this quarter, but needs to return performance to an acceptable level before the end-of-the-month print run. What solutions would you feel comfortable proposing to the CTO and GM?

Answer

A

Evaluate the risks and benefits associated with an RDS instance type upgrade.

**One way of scaling is vertical scaling. The decision must make sure the new instance size is the best solution.

Create RDS Read-Replicas and additional Web/App instances across all the available AZs.

**Read Replicas are often a great way to help read queries on your database.

Question 12

Q

At the monthly product meeting, one of the Product Owners proposes an idea to address an immediate shortcoming of the product system: storing a copy of the customer price schedule in the customer record in the database. You know that you can store large text or binary objects in DynamoDB. You give a tentative OK to do a Minimal Viable Product test, but stipulate that it must comply with the size limitation on the Attribute Name & Value. Which is the correct limitation?

Answer

A

DynamoDB allows for the storage of large text and binary objects, but the combined Value and Name combined must not exceed 400 KB.

Question 13

Q

The Customer Experience manager comes to see you about some odd behaviors with the ticketing system: messages presented to the support team are not arriving in the order in which they were generated. You know that this is due to the way that the underlying SQS standard queue service is being used to manage messages. What are some correct explanations?

Answer

A

If an agent abandons a message or takes a break before finishing with a message, it will be offered in the queue again. In order to ensure that no message is lost, a message will persist in the SQS queue until it is processed successfully.

**When a consumer receives and processes a message from a queue, the message remains in the queue. Amazon SQS doesn’t automatically delete the message. To prevent other consumers from processing the message again, Amazon SQS sets a visibility timeout, a period of time during which Amazon SQS prevents other consumers from receiving and processing the message. The visibility timeout begins when Amazon SQS returns a message. During this time, the consumer processes and deletes the message. However, if the consumer fails before deleting the message and your system doesn’t call the DeleteMessage action for that message before the visibility timeout expires, the message becomes visible to other consumers and the message is received again. If a message must be received only once, your consumer should delete it within the duration of the visibility timeout.

SQS uses multiple hosts, and each host holds only a portion of all the messages. When a staff member calls for their next message, the consumer process does not see all the hosts or all the messages. As such, messages are not necessarily delivered in the order in which they were generated.

**Standard queues support at-least-once message delivery. However, occasionally (because of the highly distributed architecture that allows nearly unlimited throughput), more than one copy of a message might be delivered out of order.

Question 14

Q

When editing Amazon S3 bucket permissions (policies and ACLs), to whom does the concept of the “resource owner” refer?

Answer

A

The “resource owner” refers to the AWS account that creates Amazon S3 buckets and objects.

Question 15

Q

Your company has a policy of encrypting all data at rest. You host your production environment on EC2 in a bespoke VPC. Attached to your EC2 instances are multiple EBS volumes, and you must ensure this data is encrypted. Which options will allow you to do this?

Answer

A

Encrypt your data inside your application, before storing it on EBS.

Encrypt the data using native encryption tools available in the operating system (such as Windows BitLocker).

Use third party volume encryption tools.

Question 16

Q

A client is concerned that someone other than approved administrators is trying to gain access to the Linux web app instances in their VPC. She asks what sort of network access logging can be added. What might you recommend?

Answer

A

Flow logs can be set up for a VPC, subnet, or individual network interface. The data can be published to CloudWatch Logs or Amazon S3.

Set up a Flow Log for the group of instances and forward them to CloudWatch.

Set up a Flow Log for the group of instances and forward them to S3.

Question 17

Q

What strategies does AWS use to deliver the promised levels of DynamoDB performance?

Answer

A

Data is stored on Solid State Drives (SSDs).

The Database is partitioned across a number of nodes.

**DynamoDB makes use of parallel processing to achieve predictable performance. You visualise each partition as an independent DB server of fixed size. Each responsible for a defined block of data. In SQL terminology it is called sharding.

Question 18

Q

What Amazon S3 Storage Classes offer 99.999999999% (11 x 9s) durability?

Answer

A

Standard, Standard-Infrequent Access, One Zone-Infrequent Access

Question 19

Q

You’re building out a single-region application in us-west-2. However, disaster recovery is a strong consideration, and you need to build the application so that if us-west-2 becomes unavailable, you can fail-over to us-west-1. Your application relies exclusively on pre-built AMI’s, and has specific launch permissions, custom tags, and security group rules. In order to run your application leveraging those AMI’s in your backup region, what process would you follow?

Answer

A

Copy the AMI from us-west-2 to us-west-1. After the copy operation is complete, apply launch permissions, user-defined tags, and security group configurations.

Question 20

Q

What data formats are used to create CloudFormation templates?

Answer

A

JSON and YAML

Question 21

Q

You are reviewing Change Control requests, and you note that there is a change designed to reduce wasted CPU cycles by increasing the value of “VisibilityTimeout” attribute. What does this mean?

Answer

A

When a consumer instance retrieves a message, that message will be hidden from other consumer instances for a fixed period.

Question 22

Q

You’ve been commissioned to develop a high-availability application with a stateless web tier. Identify the most cost-effective means of reaching this end.

Answer

A

Use an Elastic Load Balancer, a multi-AZ deployment of an Auto-Scaling group of EC2 Spot instances (primary) running in tandem with an Auto-Scaling group of EC2 On-demand instances (secondary), DynamoDB.

**With proper scripting and scaling policies, the On-demand instances behind the Spot instances will deliver the most cost-effective solution because the on-demand will only spin up if the spot instances are not available. DynamoDB is a regional service, there is no need to explicitly create a multi-AZ deployment. RDS could be used, but DynamoDB lends itself better to supporting stateless web/app installations.

Question 23

Q

Following advice from your consultant, you have configured your VPC to use Dedicated hosting tenancy. A subsequent change to your application has rendered the performance gains from dedicated tenancy superfluous, and you would now like to recoup some of these greater costs. How do you revert to Default hosting tenancy?

Answer

A

Once a VPC is set to Dedicated hosting, it can be changed back to default hosting via the CLI, SDK or API. Note that this will not change hosting settings for existing instances, only future ones. Existing instances can be changed via CLI, SDK or API but need to be in a stopped state to do so

Question 24

Q

AWS S3 has four different URLs styles that it can be used to access content in S3. The Virtual Hosted Style URL, the Path-Style Access URL, the Static web site URL, and the Legacy Global Endpoint URL.

Answer

A

Virtual style puts your bucket name 1st, s3 2nd, and the region 3rd. Path style puts s3 1st and your bucket as a sub domain. Legacy Global endpoint has no region. S3 static hosting can be your own domain or your bucket name 1st, s3-website 2nd, followed by the region. AWS are in the process of phasing out Path style, and support for Legacy Global Endpoint format is limited and discouraged. However it is still useful to be able to recognize them should they show up in logs.

Question 25

Q

You are reviewing Change Control requests and you note that there is a proposed change designed to reduce errors due to SQS Eventual Consistency by updating the “DelaySeconds” attribute. What does this mean?

Answer

A

When a new message is added to the SQS queue, it will be hidden from consumer instances for a fixed period.

**Poor timing of SQS processes can significantly impact the cost effectiveness of the solution.

Question 26

Q

You have been asked to decouple an application by utilizing SQS. The application dictates that messages on the queue can be delivered more than once, but must be delivered in the order that they have arrived, and also must allow for efficient, repeated polling of the queue. What option is most suitable?

Answer

A

Configure a FIFO SQS queue and enable long polling

*This question has two parts which need to be considered, the type of queue and the type of polling. The question states that messages, “can be delivered more than once” but, “must be delivered in the order that they have arrived”, which means that it can only be a FIFO queue as it is the only SQS type which will deliver messages in order, regardless of how many times the message is delivered. The question also states that the queue, “must allow for efficient polling” and in this case long polling is the most efficient and cost effective option in situations where the queue will be polled constantly. The correct answer is therefore to configure a FIFO SQS queue with long polling enabled.

Question 27

Q

Which native AWS service will act as a file system mounted on an S3 bucket?

Answer

A

AWS Storage Gateway

**The Storage Gateway service is primarily used for attaching infrastructure located in a Data centre or office to the AWS Storage infrastructure. The AWS documentation states that; “You can think of a file gateway as a file system mount on S3.” Amazon Elastic File System (EFS) is a mountable file storage service for EC2, but has no connection to S3 which is an object storage service. Amazon Elastic Block Store (EBS) is a block level storage service for use with Amazon EC2 and again has no connection to S3.

Question 28

Q

How long can a message be retained in an SQS Queue?

Question 29

Q

When coding a routine to upload to S3, you have the option of using either single part upload or multipart upload. Identify all the possible reasons below to use Multipart upload.

Answer

A

Multipart upload delivers quick recovery from network issues.

Multipart upload delivers improved throughput.

Multipart upload delivers the ability to begin an upload before you know the final object size.

Multipart upload delivers the ability to pause and resume object uploads.

Question 30

Q

Amazon SQS keeps track of all tasks and events in an application.

Answer

A

False

**With SQS, you must implement your own application-level tracking, especially if your application uses multiple queues. Amazon SWF does provide tracking of these types.

Question 31

Q

You have launched a NAT instance into a public subnet, and you have configured all relevant security groups, network ACLs, and routing policies to allow this NAT to function. However, EC2 instances in the private subnet still cannot communicate out to the internet. What troubleshooting steps should you take to resolve this issue?

Answer

A

Disable the Source/Destination Check on your NAT instance.

Question 32

Q

You have created a VPC that contains two EC2 instances in different availability zones. Both are running web servers, hosting the same content. These web servers will be accessible via the internet. Which of the following DNS configurations could you consider?

Answer

A

Assign each EC2 instance with an Elastic IP Address. Configure a Route 53 “A” multi-value record with both EIP’s and health checks.

Set up an Application Load Balancer and place your instances behind this ELB. Configure a Route 53 Alias record to point to the resource of the Application Load Balancer.

Question 33

Q

With EBS, I can ____.

Answer

A

Create an encrypted snapshot from an unencrypted snapshot by creating an encrypted copy of the unencrypted snapshot.

Create an encrypted volume from a snapshot of another encrypted volume.

Question 34

Q

Amazon ElastiCache can fulfill a number of roles. Choose the operations from the following list which can be implemented using ElastiCache for Redis.

In-Memory Data Store
Pub/Sub
Sorted Sets
Relational Data Store

Answer

A

In-Memory Data Store
Pub/Sub
Sorted Sets

**Amazon ElastiCache offers a fully managed Memcached and Redis service. Although the name only suggests caching functionality, the Redis service in particular can offer a number of operations such as Pub/Sub, Sorted Sets and an In-Memory Data Store. However, ElastiCache is only a key-value store and cannot therefore store relational data.

Question 35

Q

Your team has provisioned multiple Auto Scaling Groups in a single Availability Zone. The Auto Scaling Groups at max capacity would total 40 EC2 instances between them. However, you notice that the Auto Scaling Groups will only scale out to a total of 20 instances at any one time. What could be the problem?

Answer

A

There is a vCPU-based on-demand instance limit per region.

**. Your AWS account has default quotas, formerly referred to as limits, for each AWS service. Unless otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other quotas cannot be increased. Service Quotas is an AWS service that helps you manage your quotas for over 100 AWS services from one location. Along with looking up the quota values, you can also request a quota increase from the Service Quotas console.

Question 36

Q

You have taken over management of several instances in the company AWS environment. You want to quickly retrieve data about the instances such as instance ID, public keys, and public IP address. A URL command can be used to do this. What can you append to the URL http://169.254.169.254/latest/ to retrieve this data?

Answer

A

meta-data/

Question 37

Q

You are working for a large financial institution and preparing for disaster recovery and upcoming DR drills. A key component in the DR plan will be the database instances and their data. An aggressive Recovery Time Objective (RTO) dictates that the database needs to be synchronously replicated. Which configuration can meet this requirement?

Answer

A

RDS Multi-AZ

**Amazon RDS Multi-AZ deployments provide enhanced availability and durability for RDS database (DB) instances, making them a natural fit for production database workloads. When you provision a Multi-AZ DB Instance, Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ). Each AZ runs on its own physically distinct, independent infrastructure, and is engineered to be highly reliable. In case of an infrastructure failure, Amazon RDS performs an automatic failover to the standby (or to a read replica in the case of Amazon Aurora), so that you can resume database operations as soon as the failover is complete. Since the endpoint for your DB Instance remains the same after a failover, your application can resume database operation without the need for manual administrative intervention.

Question 38

Q

n online media company has created an application which provides analytical data to its clients. The application is hosted on EC2 instances in an Auto Scaling Group. You have been brought on as a consultant and add an Application Load Balancer to front the Auto Scaling Group and distribute the load between the instances. The VPC which houses this architecture is running IPv4 and IPv6. The last thing you need to do to complete the configuration is point the domain name to the Application Load Balancer. Using Route 53, which record type at the zone apex will you use to point the DNS name of the Application Load Balancer?

Answer

A

Alias with an A type record set.

Alias with an AAAA type record set.

Question 39

Q

Several instances you are creating have a specific data requirement. The requirement states that the data on the root device needs to persist independently from the lifetime of the instance. After considering AWS storage options, which is the simplest way to meet these requirements?

Answer

A

Store your root device data on Amazon EBS.

Question 40

Q

You are working as a Solutions Architect in a large healthcare organization. You have many Auto Scaling Groups that utilize launch configurations. Many of these launch configurations are similar yet have subtle differences. You’d like to use multiple versions of these launch configurations. An ideal approach would be to have a default launch configuration and then have additional versions that add additional features. Which option best meets these requirements?

Answer

A

Use launch templates instead.

Question 41

Q

Your company is using a hybrid configuration because there are some legacy applications which are not easily converted and migrated to AWS. And with this configuration comes a typical scenario where the legacy apps must maintain the same private IP address and MAC address. You are attempting to convert the application to the cloud and have configured an EC2 instance to house the application. What you are currently testing is removing the ENI from the legacy instance and attaching it to the EC2 instance. You want to attempt a cold attach. What does this mean?

Answer

A

Attach ENI when the instance is being launched.

Question 42

Q

You have configured an Auto Scaling Group of EC2 instances. You have begun testing the scaling of the Auto Scaling Group using a stress tool to force the CPU utilization metric being used to force scale out actions. The stress tool is also being manipulated by removing stress to force a scale in. But you notice that these actions are only taking place in five-minute intervals. What is happening?

Answer

A

The Auto Scaling Group is following the default cooldown procedure.

**The cooldown period helps you prevent your Auto Scaling group from launching or terminating additional instances before the effects of previous activities are visible. You can configure the length of time based on your instance startup time or other application needs. When you use simple scaling, after the Auto Scaling group scales using a simple scaling policy, it waits for a cooldown period to complete before any further scaling activities due to simple scaling policies can start. An adequate cooldown period helps to prevent the initiation of an additional scaling activity based on stale metrics. By default, all simple scaling policies use the default cooldown period associated with your Auto Scaling Group, but you can configure a different cooldown period for certain policies, as described in the following sections. Note that Amazon EC2 Auto Scaling honors cooldown periods when using simple scaling policies, but not when using other scaling policies or scheduled scaling. A default cooldown period automatically applies to any scaling activities for simple scaling policies, and you can optionally request to have it apply to your manual scaling activities. When you use the AWS Management Console to update an Auto Scaling Group, or when you use the AWS CLI or an AWS SDK to create or update an Auto Scaling Group, you can set the optional default cooldown parameter. If a value for the default cooldown period is not provided, its default value is 300 seconds.

Question 43

Q

Your team has provisioned multiple Auto Scaling Groups in a single Availability Zone. The Auto Scaling Groups at max capacity would total 40 EC2 instances between them. However, you notice that the Auto Scaling Groups will only scale out to a total of 20 instances at any one time. What could be the problem?

Answer

A

There is a vCPU-based on-demand instance limit per region.

**Correct. Your AWS account has default quotas, formerly referred to as limits, for each AWS service. Unless otherwise noted, each quota is Region-specific. You can request increases for some quotas, and other quotas cannot be increased. Service Quotas is an AWS service that helps you manage your quotas for over 100 AWS services from one location. Along with looking up the quota values, you can also request a quota increase from the Service Quotas console.

Question 44

Q

You work for an oil and gas company as a lead in data analytics. The company is using IoT devices to better understand their assets in the field (for example, pumps, generators, valve assemblies, and so on). Your task is to monitor the IoT devices in real-time to provide valuable insight that can help you maintain the reliability, availability, and performance of your IoT devices. What tool can you use to process streaming data in real time with standard SQL without having to learn new programming languages or processing frameworks?

Answer

A

Kinesis Data Analytics

Question 45

Q

You have multiple EC2 instances housing applications in a VPC in a single Availability Zone. The applications need to communicate at extremely high throughputs to avoid latency for end users. The average throughput needs to be 6 Gbps. What’s the best measure you can do to ensure this throughput?

Answer

A

Put the instances in a placement group

**Amazon Web Services’ (AWS) solution to reducing latency between instances involves the use of placement groups. As the name implies, a placement group is just that – a group. AWS instances that exist within a common availability zone can be grouped into a placement group. Group members are able to communicate with one another in a way that provides low latency and high throughput. A cluster placement group is a logical grouping of instances within a single Availability Zone. A cluster placement group can span peered VPCs in the same Region. Instances in the same cluster placement group enjoy a higher per-flow throughput limit of up to 10 Gbps for TCP/IP traffic and are placed in the same high-bisection bandwidth segment of the network.

Question 46

Q

Your company is slowly migrating to the cloud and is currently in a hybrid environment. The server team has been using Puppet for deployment automations. The decision has been made to continue using Puppet in the AWS environment if possible. If possible, which AWS service provides integration with Puppet?

Answer

A

AWS OpsWorks

Question 47

Q

You have been tasked to review your company disaster recovery plan due to some new requirements. The driving factor is that the Recovery Time Objective has become very aggressive. Because of this, it has been decided to configure Multi-AZ deployments for the RDS MySQL databases. Unrelated to DR, it has been determined that some read traffic needs to be offloaded from the master database. What step can be taken to meet this requirement?

Answer

A

Add read replicas to offload some read traffic.

**Amazon RDS Read Replicas for MySQL and MariaDB now support Multi-AZ deployments. Combining Read Replicas with Multi-AZ enables you to build a resilient disaster recovery strategy and simplify your database engine upgrade process. Amazon RDS Read Replicas enable you to create one or more read-only copies of your database instance within the same AWS Region or in a different AWS Region. Updates made to the source database are then asynchronously copied to your Read Replicas. In addition to providing scalability for read-heavy workloads, Read Replicas can be promoted to become a standalone database instance when needed.

Question 48

Q

Your company has gotten back results from an audit. One of the mandates from the audit is that your application, which is hosted on EC2, must encrypt the data before writing this data to storage. Which service could you use to meet this requirement?

Question 49

Q

How many security groups can be attached to an EC2 instance?

Question 50

Q

You work for a Defense contracting company. The company develops software applications which perform intensive calculations in the area of Mechanical Engineering related to metals for ship building. You have a 3-year contract and decide to purchase reserved EC2 instances for a 3-year duration. You are informed that the particular program has been cancelled abruptly and negotiations have brought the contract to an amicable conclusion one year early. What can you do to stop incurring charges and save money on the EC2 instances?

Answer

A

Sell the reserved instances on the Reserved Instance Marketplace.

Question 51

Q

After an IT Steering Committee meeting, you have been put in charge of configuring a hybrid environment for the company’s compute resources. You weigh the pros and cons of various technologies, such as VPN and Direct Connect, and based on the requirements you have decided to configure a VPN connection. What features and advantages can a VPN connection provide?

Answer

A

It provides a connection between an on-premises network and a VPC, using a secure and private connection with IPsec and TLS.

Question 52

Q

You have joined a newly formed software company as a Solutions Architect. It is a small company, and you are the only employee with AWS experience. The owner has asked for your recommendations to ensure that the AWS resources are deployed to proactively remain within budget. Which AWS service can you use to help ensure you don’t have cost overruns for your AWS resources?

Answer

A

AWS Budgets

**AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. And remember the keyword, proactively. With AWS Budgets, we can be proactive about attending to cost overruns before they become a major budget issue at the end of the month or quarter. Budgets can be tracked at the monthly, quarterly, or yearly level, and you can customize the start and end dates. You can further refine your budget to track costs associated with multiple dimensions, such as AWS service, linked account, tag, and others. Budget alerts can be sent via email and/or Amazon Simple Notification Service (SNS) topic. You can also use AWS Budgets to set a custom reservation utilization target and receive alerts when your utilization drops below the threshold you define. RI utilization alerts support Amazon EC2, Amazon RDS, Amazon Redshift, and Amazon ElastiCache reservations. Budgets can be created and tracked from the AWS Budgets dashboard, or via the Budgets API.

Question 53

Q

Which of these RDS database engines does not use Amazon’s failover technology?

Answer

A

SQL Server

Question 54

Q

Your company is slowly migrating to the cloud and is currently in a hybrid environment. The server team has been provisioning servers to their exact specifications using Chef recipes. These recipes can be reused in AWS. Which AWS services are designed to work with existing Chef recipes?

Answer

A

AWS OpsWorks Stacks supports multiple versions of Chef. You select the version when you create the stack. AWS OpsWorks Stacks then installs that version of Chef on all of the stack’s instances along with a set of built-in recipes that are compatible with that version. If you install any custom recipes, they must be compatible with the stack’s Chef version. AWS OpsWorks Stacks currently supports Chef versions 12, 11.10, 11.4, and 0.9 for Linux stacks and Chef 12.2 (currently Chef 12.22) for Windows stacks. For convenience, they are usually referred to by just their major and minor version numbers. For Linux stacks, you can use the Configuration Manager to specify which Chef version to use when you create a stack. Windows stacks must use Chef 12.2. For more information, including guidelines for migrating stacks to more recent Chef versions, see Chef Versions.

Question 55

Q

Your organization uses AWS CodeDeploy for deployments. Now you are starting a project on the AWS Lambda platform. For your deployments, you’ve been given a requirement of performing blue-green deployments. When you perform deployments, you want to split traffic, sending a small percentage of the traffic to the new version of your application. Which deployment configuration will allow this splitting of traffic?

Answer

A

Canary

With canary, traffic is shifted in two increments. You can choose from predefined canary options that specify the percentage of traffic shifted to your updated Lambda function version in the first increment and the interval, in minutes, before the remaining traffic is shifted in the second increment.

Question 56

Q

You have taken over management of several instances in the company AWS environment. You want to quickly review scripts used to bootstrap the instances at runtime. A URL command can be used to do this. What can you append to the URL http://169.254.169.254/latest/ to retrieve this data?

Answer

A

user-data/

Question 57

Q

You are working for a large financial institution and preparing for disaster recovery and upcoming DR drills. A key component in the DR plan will be the database instances and their data. The Recovery Time Objective (RTO) is such that read replicas can be used to offload read traffic from the master database. What are key features of read replicas?

Answer

A

You can have up to five read replicas per master, each with its own DNS endpoint.

Read replica can be manually promoted as a standalone database instance.

You can create read replicas within AZ, cross-AZ, or cross-Region.

Question 58

Q

Your company has recently converted to a hybrid cloud environment and will slowly be migrating to a fully AWS cloud environment. The AWS side is in need of some steps to prepare for disaster recovery. A disaster recovery plan needs drawn up and disaster recovery drills need to be performed for compliance reasons. The company wants to establish Recovery Time and Recovery Point Objectives. The RTO and RPO can be pretty relaxed. The main point is to have a plan in place, with as much cost savings as possible. Which AWS disaster recovery pattern will best meet these requirements?

Answer

A

Backup and restore

Question 59

Q

You have two EC2 instances running in the same VPC, but in different subnets. You are removing the secondary ENI from an EC2 instance and attaching it to another EC2 instance. You want this to be fast and with limited disruption. So you want to attach the ENI to the EC2 instance when it’s running. What is this called?

Answer

A

hot attach

** Here are some best practices for configuring network interfaces. You can attach a network interface to an instance when it’s running (hot attach), when it’s stopped (warm attach), or when the instance is being launched (cold attach). You can detach secondary network interfaces when the instance is running or stopped. However, you can’t detach the primary network interface. You can move a network interface from one instance to another if the instances are in the same Availability Zone and VPC but in different subnets. When launching an instance using the CLI, API, or an SDK, you can specify the primary network interface and additional network interfaces. Launching an Amazon Linux or Windows Server instance with multiple network interfaces automatically configures interfaces, private IPv4 addresses, and route tables on the operating system of the instance. A warm or hot attach of an additional network interface may require you to manually bring up the second interface, configure the private IPv4 address, and modify the route table accordingly. Instances running Amazon Linux or Windows Server automatically recognize the warm or hot attach and configure themselves. Attaching another network interface to an instance (for example, a NIC teaming configuration) cannot be used as a method to increase or double the network bandwidth to or from the dual-homed instance. If you attach two or more network interfaces from the same subnet to an instance, you may encounter networking issues such as asymmetric routing. If possible, use a secondary private IPv4 address on the primary network interface instead. For more information, see Assigning a secondary private IPv4 address.

Question 60

Q

You have configured an Auto Scaling Group of EC2 instances fronted by an Application Load Balancer and backed by an RDS database. You want to begin monitoring the EC2 instances using CloudWatch metrics. Which metric is not readily available out of the box?

Answer

A

Memory utilization
Disk swap utilization
Disk space utilization
Page file utilization
Log collection

Question 61

Q

A software company is developing an online “learn a new language” application. The application will be designed to teach up to 20 different languages for native English and Spanish speakers. It is ideal that the application have fast response times and can deliver both text and voice to the end user. The application will also need to store user progress data. This application has 24,000 read units per second and 3,300 write units per second. Which type of storage would meet these requirements?

Question 62

Q

A small startup company has begun using AWS for all of its IT infrastructure. The company has one AWS Solutions Architect and the demands for his time are overwhelming. The software team has been given permission to deploy their Python and PHP applications on their own. They would like to deploy these applications without having to worry about the underlying infrastructure. Which AWS service would they use for deployments?

Answer

A

With Elastic Beanstalk, you can quickly deploy and manage applications in the AWS Cloud without having to learn about the infrastructure that runs those applications. Elastic Beanstalk reduces management complexity without restricting choice or control. You simply upload your application, and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, and application health monitoring. Elastic Beanstalk supports applications developed in Go, Java, .NET, Node.js, PHP, Python, and Ruby. When you deploy your application, Elastic Beanstalk builds the selected supported platform version and provisions one or more AWS resources, such as Amazon EC2 instances, to run your application.

Question 63

Q

A professional baseball league has chosen to use AWS for storage, processing, and data delivery. Many of the data requirements involve high-speed processing of data such as a Doppler radar system which samples the position of the baseball 2000 times per second. Which AWS data storage can meet these high speed requirements?

Question 64

Q

An Application Load Balancer is fronting an Auto Scaling Group of EC2 instances, and the instances are backed by an RDS database. The Auto Scaling Group has been configured to use the Default Termination Policy. You are testing the Auto Scaling Group and have triggered a scale-in. Which instance will be terminated first?

Answer

A

The instance launched from the oldest launch configuration.

**What do we know? The ASG is using the Default Termination Policy. The default termination policy is designed to help ensure that your instances span Availability Zones evenly for high availability. The default policy is kept generic and flexible to cover a range of scenarios. The default termination policy behavior is as follows: Determine which Availability Zones have the most instances, and at least one instance that is not protected from scale in. Determine which instances to terminate so as to align the remaining instances to the allocation strategy for the on-demand or spot instance that is terminating. This only applies to an Auto Scaling Group that specifies allocation strategies. For example, after your instances launch, you change the priority order of your preferred instance types. When a scale-in event occurs, Amazon EC2 Auto Scaling tries to gradually shift the on-demand instances away from instance types that are lower priority. Determine whether any of the instances use the oldest launch template or configuration: [For Auto Scaling Groups that use a launch template] Determine whether any of the instances use the oldest launch template unless there are instances that use a launch configuration. Amazon EC2 Auto Scaling terminates instances that use a launch configuration before instances that use a launch template. [For Auto Scaling Groups that use a launch configuration] Determine whether any of the instances use the oldest launch configuration. After applying all of the above criteria, if there are multiple unprotected instances to terminate, determine which instances are closest to the next billing hour. If there are multiple unprotected instances closest to the next billing hour, terminate one of these instances at random.

Answer 58

A

The request will be allowed.

**Rules are evaluated starting with the lowest numbered rule. As soon as a rule matches traffic, it’s applied immediately regardless of any higher-numbered rule that may contradict it. The following are the basic things that you need to know about network ACLs: Your VPC automatically comes with a modifiable default network ACL. By default, it allows all inbound and outbound IPv4 traffic and, if applicable, IPv6 traffic. You can create a custom network ACL and associate it with a subnet. By default, each custom network ACL denies all inbound and outbound traffic until you add rules. Each subnet in your VPC must be associated with a network ACL. If you don’t explicitly associate a subnet with a network ACL, the subnet is automatically associated with the default network ACL. You can associate a network ACL with multiple subnets. However, a subnet can be associated with only one network ACL at a time. When you associate a network ACL with a subnet, the previous association is removed. A network ACL contains a numbered list of rules. We evaluate the rules in order, starting with the lowest-numbered rule, to determine whether traffic is allowed in or out of any subnet associated with the network ACL. The highest number that you can use for a rule is 32766. We recommend that you start by creating rules in increments (for example, increments of 10 or 100) so that you can insert new rules where you need to later on. A network ACL has separate inbound and outbound rules, and each rule can either allow or deny traffic. Network ACLs are stateless, which means that responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa).

Answer 59

A

Create the bastion host (EC2 instance). For the instance security group, add ingress on port 22, and specify the address range of the personnel in the data center. Use a private key to connect to the bastion host. Add an internet gateway, a route table, and a route to the IGW in the route table.

Answer 60

A

AWS STS

**AWS Security Token Service (AWS STS) is the service that you can use to create and provide trusted users with temporary security credentials that can control access to your AWS resources. Temporary security credentials work almost identically to the long-term access key credentials that your IAM users can use. You can use the AWS Security Token Service (AWS STS) to create and provide trusted users with temporary security credentials that can control access to your AWS resources. Temporary security credentials work almost identically to the long-term access key credentials that your IAM users can use, with the following differences: Temporary security credentials are short-term, as the name implies. They can be configured to last for anywhere from a few minutes to several hours. After the credentials expire, AWS no longer recognizes them or allows any kind of access from API requests made with them. Temporary security credentials are not stored with the user but are generated dynamically and provided to the user when requested. When (or even before) the temporary security credentials expire, the user can request new credentials, as long as the user requesting them still has permissions to do so.

Answer 61

A

A private, dedicated network connection between on-premises network and the VPC

Answer 62

A

Use a launch template with your Auto Scaling Group.

**In addition to the features of Amazon EC2 Auto Scaling that you can configure by using launch templates, launch templates provide more advanced Amazon EC2 configuration options. For example, you must use launch templates to use Amazon EC2 Dedicated Hosts. Dedicated Hosts are physical servers with EC2 instance capacity that are dedicated to your use. While Amazon EC2 Dedicated Instances also run on dedicated hardware, the advantage of using Dedicated Hosts over Dedicated Instances is that you can bring eligible software licenses from external vendors and use them on EC2 instances. If you currently use launch configurations, you can specify a launch template when you update an Auto Scaling group that was created using a launch configuration. To create a launch template to use with an Auto Scaling Group, create the template from scratch, create a new version of an existing template, or copy the parameters from a launch configuration, running instance, or other template.

Answer 63

A

No, but you can change the rules

Answer 64

A

Configure S3 notifications for restore operations from Glacier.

Answer 65

A

Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone.

**Amazon RDS provides high availability and failover support for DB instances using Multi-AZ deployments. Amazon RDS uses several different technologies to provide failover support. Multi-AZ deployments for MariaDB, MySQL, Oracle, and PostgreSQL DB instances use Amazon’s failover technology. SQL Server DB instances use SQL Server Database Mirroring (DBM) or Always On Availability Groups (AGs). In a Multi-AZ deployment, Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone. The primary DB instance is synchronously replicated across Availability Zones to a standby replica to provide data redundancy, eliminate I/O freezes, and minimize latency spikes during system backups. Running a DB instance with high availability can enhance availability during planned system maintenance, and help protect your databases against DB instance failure and Availability Zone disruption.

Answer 66

A

The CNAME is switched from the primary db instance to the secondary.

Brainscape's Knowledge GenomeTM

Practice Exam Questions 2020 Flashcards

Brainscape's Knowledge Genome^TM