Practice Test 5

Question 1

What is redshift Spectrum?

Answer 1

query and retrieve structured and semi structured data from files in amazon S3, without loading into RS tables

Spectrum is a separate compute layer to RS . spectrum queries use less of the cluster processing policy than other queries

Select count(*) from S3.ext_table group by ….

Question 2

What does WAF get deployed with / on?

Answer 2

Cloudfront,
App Load Balancer
API Gateway

protects from SQL injection, cross site script, filtering of patterns and ip addresses.

Question 3

How do you change the launch config of an ASG

Answer 3

Create a new launch config with correct instance type, ami, key pair, security groups, block device.
Modify ASG with new launch config
Delete the old launch config

Question 4

dup

Answer 4

dup

Question 5

company needs to analyse customer service calls for sentiment analysis via SQL queries. What services should be used, options:

Answer 5

Correct: use Transcribe to convert audio files to text, then Athena to understand customer sentiment. The diagram shown in the answer includes SQS and Lam to convert the files into CSV, pretty cheeky not to mention that, because the raw files would not be SQL compatable?

Incorrect: Transcribe and Quicksight to analyse. (my selection) problem is that QS is for dashboards and visuals, graphs, does not do data analyis.

Question 6

dup

Answer 6

dup

Question 6

Aurora My SQL dbe cluster. team wants access to test databases re created from prod data, with least effort, and quickly.

Answer 6

Correct: database cloning to create multiple clones of production, each clone becomes a testdb.
* very fast to use cloning because it uses (points to) the same storage file blocks as the production db so it is faster than a snapshot
* clone uses the copy on write protocol, data copied when it changes, it creates new pages in the source or target clone to move toa new state.
* cannot clone across regions.
* limit of 15 clones based on a copy.

Incorcect. take a backup of auora mysql using mysqldump, create new dbs, restore from backup.

Question 7

Manual failover process with ALB and Route53, to point to a secondary ALB in a different AZ. How to improve

Answer 7

Enable route 53 health check, for individual ELB nodes in each AZ. automatically routes traffic away from unhealthy ALB and AZ.

Question 8

dup

Answer 8

dup

Question 9

web app for ambulance management. workload can be managed on 2 EC2 instances and can peak to 6 with traffic. There are 3 AZ , be careful. Which option is best fit.

Answer 9

incorrect: Min capacity of 2 with 1 instance in each AZ, max 6 (my selection)
* problem with this is that if an AZ goes down, there is only 1 instance.
* question is misleading to have 3 zones in the first place. be careful. with HA planning, you can lose a zone and still need the min spec in one zone

correct: Min capacity 4 with 2 instances in each AZ, max 6

Question 10

mobile apps that capture and send data to kinesis data streams, getting an exception ProvisionedThroughputExceededException, messages sent one by one at a high rate. Keep costs at a minimum. Options to fix:

Answer 10

incorrect: increase the number of shards. “short term fix but increased cost”

correct: use batch messages - to increase throughput and reduce overhead, batching can use parallel http requests, at no extra cost.

Question 11

Healthcare HIPAA compliant in memory database that supports caching the results of SQL queries. options

Answer 11

correct: ElastiCache for Redis/memcached
* Redis only - HIPAA compliant and PCI compliant
* no mention of SQL queries but read the question carefully, the cache is often used with SQL dbs to cache results.

Question 12

company has mircoservices with 4 example urls and some subdomains. wantss to use one LB to route requests

Answer 12

correct: application LB can route based on
* host based routing domains, wildcards, subdomains
* path based routing
* http header
* http method
* query string param
* source ip address or cidr range

Question 13

dup

Answer 13

dup

Question 14

company wants to use Web app filewall WAF to protect EC2 data. How to use WAF

Answer 14

incorrect: WAF can be directly configured only on an ALB or API gateway, then from there to EC2
* the problem is the word only, trick question. @$#%

correct: Cloudfront in front of EC2 Deploy, WAF on Cloudfront
* WAf is tightly integrated with CF and ALB, and api gateway. the problem was with the wording of the question for ALB and api gw.

Question 15

health records on S3, archival solution based on glacier to enforce reg and compliance controls on data access. options

Answer 15

Correct: S3 Glacier Vault to store the sensitive archived data, then vault lock policy to enforce compliance
* a vault is a glacier concept separate to vault lock. it seems to be like a bucket
* vault lock is specifically for compliance controls.
* vault lock policy
* write once read many

incorrect: Glacier to store … data ten use an S3 access control list to enforce compliance.
* controls access to buckets and objects, cannot be used to enforce compliance !! not sure i agree.

Question 16

Amazon S3 read after write consistency

Answer 16

after successful write of a new object, or change of existing object, a subsequent read gets the latest version.
* strong consistency for list operations
* all ops are strongly consistent get put list, object tags, acls, metatada.

Question 17

dup

Answer 17

dup

Question 18

Dynamo DB table encryption

Answer 18

aws encrypts all dynamo tables, not negotiable
* uses aws owned CMK (customer master key)
* these don’t write to cloudtrail logs, cannot view track or autid them.
* managed by aws, no input required.

Question 19

dup

Answer 19

dup

Question 20

company has video streaming using ALB. routing to EC2, ALB removes an instance from the pool of healthy instances, if it detects an unhealthy instance, but the ASG fails to provision teh replacement instance. how do you explain this?

Answer 20

Correct: ASG is using the EC2 based health check and the ALB is using the ALB based health check.
* ALB hase a built in health check, it is possible for the
* ALB to fail beacuse it pings an instance and get’s no response
* ASG can still be successful because it can get a response.
* in this case ALB will remove the instance but ASG won’t provision a new one.
* bloody confusing, memorise don’t try to fully understand.

incorrect: ASG is using the ALB health check, and the ALB is using the EC2 health check.
* ALB cannot use EC2 based health checks

Question 21

Cross zone LB for ALB vs NLB

Answer 21

by default cross zone LB is
* disabled for NLB
* enabled for ALB

Question 22

dup

Answer 22

dup

Question 23

Direct connect encryption true false?

Answer 23

Fales. DC does not encrypt. it is a private connection.
it can be done with “transit encryption” not supported by DC.

Question 24

company wants to caching with geospatial support, to cache a relational database. options

Answer 24

Correct - Elasticache for Redis. Redis has richer features than Memcached, and geospatial is a feature in Redis. * purpose built commands for working with real time geospatial data at scale. * find the distance between 2 elements, or all elements in a radius. More redis features not in memcached * snaps * replication * transactions * pub/sub * health data compliant HI...A Memcachd has multithread architecture that redis does not.

Question 24

dup

Answer 24

dup

Question 25

optimise resources across countries and regions, best practices, cost optimise, perf, security

Answer 25

Correct : Trusted advisor * cost optim * perf, sec, fault tol, service limits incorrect: Systems manager, aws config

Question 26

trying to attach an EBS volume in a different AZ, whats the problem

Answer 26

correct: EBS volumes are locked to one AZ.

Question 27

Spread placement group of 15 x EC2 instances, how many AZ are required?

Answer 27

max 7 running instances per AZ per spread placement group, so 15 / 7 = 2 remainder 1. or 3 AZ.

Question 28

what is the url format for an S3 bucket

Answer 28

bucket-name.s3-website.Region.amazonaws.com or replace with ...website-Region...

Question 29

What can the AdministratorAccess policy do / not do

Answer 29

can do delete s3 bucket from prod change password of own iam account delete iam user of manager cannot close the companies iam account (needs root) configure a s3 bucket to enable MFA delete (needs root)

Question 30

dup

Answer 30

dup

Question 31

encryption of object metadata in S3, is it possible?

Answer 31

False - encrypt object metadata using server side encryption

Question 32

encryption facts about EBS

Answer 32

I think this assumes that the volume is encrypted in the first place, then: data at rest is encrypted snapshots are encrypted data in transit between volume and instance is encr.

Question 33

near real time solution to share hundreds of thousands of fin trans with **multiple internal applications**. should remove sensitive details from transactions, store clensed transactions in a document db for low latency retrieval.. How

Answer 33

Incorrect * stream txn to Data Firehose * use Lam to remove sensitive data * store in dynamo db * **internal apps can consume raw txn off firehose** (this is incorrect, firehose can only have one consumer.) * firehose has a limited range of consumers S3, elasticsearch, redshift. Correct * stream txn into kinesis data streams * use Lamdba integration to remove sensitive data, * store cleansde trans action in dynamo * internal apps can consume raw txn off kinesis data stream. can have multiple consumers of many kinds including Spark and KCL

Question 34

What is the url to get the public ip of an instance?

Answer 34

/latest/meta-data/public-ipv4

Question 35

Is SQS allowed as an S3 event notification destination?

Answer 35

SQS standard is allowed SQS Fifo is not allowed other supported event consumer destinations SNS Lamdba Event bridge for specific events. object created / deleted, and related, metadata changed. event bridge gets all the events if configured.

Question 36

dup

Answer 36

dup