Things To Know

Question 1

You have heavy load on your RDS database which is now the maximum available size possible. Which two of the following AWS technologies should you use to further ease the load?

Answer 1

RDS Read Replica, ElastiCache - You could use RDS Read Replica or ElastiCache to further offset load.

Question 2

You have a very heavily-trafficked Wordpress blog that has approximately 95% read traffic and 5% write traffic. You notice that the blog is getting slower and slower. You discover that the bottleneck is in your RDS instance. Which two of the following answers can improve your Wordpress blog’s performance?

Answer 2

Create a number of read replicas and update tge connection strings on ec2, elasticache

Question 3

True or False: You should expect the same latency and throughput performance as Amazon S3 Standard when using Standard - IA.

Answer 3

True - S3 Standard - IA offers the high durability, throughput, and low latency of Amazon S3 Standard, with a low per GB storage price and per GB retrieval fee.

Question 4

True or False: An Amazon Cluster Placement Group can be stretched across multiple availability zones?”

Answer 4

False - Because of the low latency required for a cluster placement group, a cluster placement group can only exist within 1 availability zone.

Question 5

You have built an online dating application that allows users to send and receive photos as they court each other. You need to secure this data and you need to implement server-side encryption to protect this data. You decide that you want server-side encryption provided by Amazon. You will also need to have an audit trail so you can see who used your key to access which object and when, as well as view failed attempts to access data from users without permission to decrypt the data. What out of the box Amazon solution would enable you to achieve this?

Answer 5

AWS SSE-KMS provides an audit trail so you can see who used your key to access which object and when, as well as view failed attempts to access data from users without permission to decrypt the data.

Question 6

You need to restore an object from Glacier. What 2 ways can you accomplish this?

Answer 6

Using the S3 API, Using the AWS Console
Because Amazon S3 maintains the mapping between your user-defined object name and Amazon Glacier’s system-defined identifier, Amazon S3 objects that are stored using the Amazon Glacier option are only accessible through the Amazon S3 APIs or the Amazon S3 Management Console.

Question 7

What is the minimum object size for S3 - IA?

Answer 7

Standard - IA is designed for larger objects and has a minimum object size of 128KB. Objects smaller than 128KB in size will incur storage charges as if the object were 128KB.

Question 8

You need to implement a new web application which allows users to store family photos online in such a way that only invited guests will be able to view the images. Which type of S3 encryption should you choose to maintain full end-to-end control of the encryption/decryption of objects and assure that only encrypted objects are transmitted over the Internet to Amazon S3.

Answer 8

Amazon s3 Encryption Client.
Using an encryption client library, such as the Amazon S3 Encryption Client, you retain control of the keys and complete the encryption and decryption of objects client-side using an encryption library of your choice. Some customers prefer full end-to-end control of the encryption and decryption of objects; that way, only encrypted objects are transmitted over the Internet to Amazon S3.

Question 9

How can you securely upload or download your data to/from the S3 service?

Answer 9

You can securely upload/download your data to/from Amazon S3 via SSL or HTTP endpoints using HTTPS.

Question 10

What is the availability of S3 - IA

Answer 10

99.90% - S3 - IA is 99.9% available. Do not confuse availability with durability.

Question 11

You run a security company which stores highly sensitive PDF’s on S3 with versioning enabled. To ensure MAXIMUM protection of your objects to protect against accidental deletion, what further security measure should you consider using?

Answer 11

Enable Versioning with MFA Delete on your S3 Bucket.
If you enable Versioning with MFA Delete on your Amazon S3 bucket, two forms of authentication are required to permanently delete a version of an object: your AWS account credentials and a valid six-digit code and serial number from an authentication device in your physical possession.

Question 12

True or False: You can use your existing Microsoft Windows Server licenses with an Amazon EC2 shared tenancy instance.

Answer 12

FALSE. A Dedicated Host is required if you’d like to use your existing Windows Server licenses.

Question 13

You have an application that stores data in S3, and you need to design an integrated solution providing encryption at rest. You want Amazon to handle key management and protection using multiple layers of security. Which S3 encryption option should you use?

Answer 13

SSE-S3 uses managed keys and one of the strongest block ciphers available, AES-256, to secure your data at rest.

Question 14

Which of the following protocols is not supported with an Elastic Load Balancer

Answer 14

RDS,SSH are not supported.

Amazon’s ELB supports the following protocols - “HTTP, HTTPS, TCP, SSL”

Question 15

CRR replicates every object-level upload that you make directly to your source bucket. Which of the following also forms a part of that replication?

Answer 15

CRR replicates every object-level upload that you directly make to your source bucket. The metadata and ACLs associated with the object are also part of the replication.

Question 16

Your application requires highly-available object storage, and must comply with EU privacy laws. As such, no data may be stored outside the EU. Which two of the following options should you consider?

Answer 16

You should use an object based storage solution (such as S3) in European regions.

Question 17

You back the files that exist on an in-house SAN to S3. You need to minimize cost, however company policy states that objects must be instantly accessible. What S3 storage class should you use?

Answer 17

The best solutions for instant access, but lowest cost would be S3 - Infrequently Accessed storage.

Question 18

You work for a security company that stores highly sensitive documents on S3. One of your customers has had a security breach and, as a precaution, they have asked you to remove a sensitive PDF from their S3 bucket. You log in to the AWS console using your account and attempt to delete the object. You notice that versioning is turned on, and when you dig a little deeper you discover that you cannot delete the object. What may be the cause of this?

Answer 18

Only the owner of an Amazon S3 bucket can permanently delete a version.

Question 19

You have developed a file-sharing website for a large corporate entity. They require that the site has regional redundancy. Which S3 service should you use to achieve this?

Answer 19

S3 with Cross-Region Replication (CRR) automatically replicates data across AWS regions. With CRR, every object uploaded to an S3 bucket is automatically replicated to a destination bucket in a different AWS region that you choose.

Question 20

CRR replicates every object-level upload that you make directly to your source bucket. Which of the following also forms a part of that replication?

Answer 20

CRR replicates every object-level upload that you directly make to your source bucket. The metadata and ACLs associated with the object are also part of the replication.

Question 21

Which of the following AWS services store data as key-value pairs?

Answer 21

Both DynamoDB and S3 use key-value pairs.

Question 22

Which of the following services allows you to have root level access to the underlying operating system

Answer 22

You can use SSH to access the underlying operating systems of EMR and EC2.

Question 23

You’ve been tasked with the implementation of an offsite backup/DR solution. You’ll only be responsible only for flat files and server backup. Which of the following would you include in your proposed solution (select all that apply.)?

Answer 23

EC2 is a compute service not applicable to this scenario. All others could be part of a comprehensive backup/DR solution.

Question 24

You are auditing your RDS estate and you discover an RDS production database that is not encrypted at rest. This violates company policy and you need to rectify this immediately. What should you do to encrypt the database as quickly and as easy as possible.

Answer 24

At the present time, encrypting an existing DB Instance is not supported. To use Amazon RDS encryption for an existing database, create a new DB Instance with encryption enabled and migrate your data into it.

Question 25

Your on-premise servers are running low on disk storage space, but your company is not yet ready for a complete move to the public cloud. You’ve been tasked with finding an interim storage solution that also offers backup and archiving capabilities. Which AWS service would you recommend to meet this immediate need?

Answer 25

Storage Gateway with Gateway-Cached Volumes would store your most frequently-accessed data on-premise, and would write your other data to S3.

Question 26

Your AWS environment contains several reserved EC2 instances dedicated to a project that has just been cancelled. You need to recoup the cost of these reserved instances, and you need to preserve the data for future use. What can you do to minimize charges for these instances?

Answer 26

You should retain the data by taking snapshots of the EBS volumes backing your instances and sell the instances on the Reserved Instance Marketplace.

Question 27

Which of the following are true about Amazon S3-RRS?

Answer 27

Reduced Redundancy Storage (RRS) enables customers to reduce their costs by storing non-critical, reproducible data at lower levels of redundancy than Amazon S3’s standard storage.

Question 28

The customer service organization at your company just told you that a client’s purchase from your website was processed twice. Your order process involves EC2 instances processing messages from an SQS queue. What changes might you make to ensure this does not happen again?

Answer 28

An SWF work flow ensure that actions are executed only once.

Question 29

True or False: By default, Amazon RDS enables automated backups of your DB instance with a 1-day retention period.

Answer 29

TRUE, By default and at no additional charge, Amazon RDS enables automated backups of your DB Instance with a 1 day retention period.

Question 30

You have a custom VPC for your organization. You discover that one of your developers has created an RDS instance in the default VPC and this is in violation of company policy. You need to create this RDS instance inside your custom VPC with as little effort as possible. What should you do?

Answer 30

The easiest way would be to take a snapshot of your DB Instance outside VPC and restore it to VPC by specifying the DB Subnet Group you want to use.

Question 31

You are working for a real estate company and you need to be able to record configuration changes to Amazon RDS DB Instances, DB Subnet Groups, DB Snapshots, DB Security Groups, and Event Subscriptions. What AWS service should you use to achieve this?

Answer 31

You can use AWS Config to continuously record configurations changes to Amazon RDS DB Instances, DB Subnet Groups, DB Snapshots, DB Security Groups, and Event Subscriptions and receive notification of changes through Amazon Simple Notification Service (SNS).

Question 32

You have a production application that is on the largest RDS instance possible, and you are still approaching CPU utilization bottlenecks. You have implemented read replicas, ElastiCache and even CloudFront and S3 to cache static assets, but you are still bottlenecking. What should be your next step?

Answer 32

You should implement database partitioning and spread your data across multiple DB Instances.

Question 33

Which three of the following statements are not true?

Answer 33

The only true statement is, “EBS Volumes cannot be attached to an EC2 instance in another AZ.” The rest are false.

Question 34

The only true statement is, “EBS Volumes cannot be attached to an EC2 instance in another AZ.” The rest are false.

Answer 34

The events would cause Amazon RDS to initiate a failover to the standby replica would be; Loss of availability in primary Availability Zone, Loss of network connectivity to primary, Compute unit failure on primary, Storage failure on primary

Question 35

You are auditing your company’s RDS estate, and you discover a database that is in a single Availability Zone – a violation of company policy. You decide to convert this to a multi-AZ deployment. Which three of the following things will happen?

Answer 35

For the RDS MySQL, MariaDB, PostgreSQL and Oracle database engines, when you elect to convert your RDS instance from Single-AZ to Multi-AZ, the following happens: A snapshot of your primary instance is taken, A new standby instance is created in a different Availability Zone, from the snapshot, synchronous replication is configured between primary and standby instances.

Question 36

True or False: It’s possible to have a Multi-AZ copy of your read replica?

Answer 36

FALSE - At this time, you cannot have a multi-AZ copy of your read replica.

Question 37

Your data warehousing company has a number of different RDS instances. You have a medium size instance with automated backups switched on and a retention period of 1 week. One of your staff carelessly deletes this database. Which two of the following apply.

Answer 37

Under normal circumstances, all automatic backups of an RDS instance are deleted upon termination. However, it is possible to can create a final DB Snapshot upon deletion.If you do, you can use this DB Snapshot to restore the deleted DB Instance at a later date. Amazon RDS retains this final user-created DB Snapshot along with all other manually created DB Snapshots after the DB Instance is deleted.

Question 38

You’ve been tasked with replicating your production VPC in another region for disaster recovery purposes. Part of your environment relies on EC2 instances with preconfigured software. What steps would you take to configure the instances in another region?

Answer 38

The AMIs will need to be copied to the new Region prior to deployment.

Question 39

What is the maximum retention period for RDS automated backups?

Answer 39

Amazon RDS retains backups of a DB Instance for a limited, user-specified period of time called the retention period, which by default is one day but can be set to up to thirty five days.

Question 40

Which two of the following characterize a scalable and reliable solution on AWS?

Answer 40

The AWS Well-Architected framework has been developed to help cloud architects build the most secure, high-performing, resilient, and efficient infrastructure possible for their applications. This framework provides a consistent approach to application and solution architecture that will scale with your needs over time.

Question 41

What type of replication is supported by Multi-AZ RDS instances?

Answer 41

Multi-AZ deployments utilize synchronous replication, making database writes concurrently on both the primary and standby so that the standby will be up-to-date in the event a failover occurs.

Question 42

True or False: For a successful cross-region replication of your S3 bucket, versioning must be enabled on both the source and target buckets.

Answer 42

Versioning must be enabled on both the source and target buckets.

Question 43

Contractual requirements mandate the use of AWS CloudHSM as an encryption solution. Application performance is a secondary, but important, concern. Where within your AWS infrastructure should you place the HSM appliances?

Answer 43

To decrease latency (and improve application performance), it’s best to place your HSMs as close to your EC2 instances as possible.

Question 44

True or False: You can attach more than one EC2 instance to an AWS Elastic Block Store volume.

Answer 44

FALSE - An EBS volume cannot back more than one instance. If you need multiple instance to access a file system, use Elastic File system (EFS) instead.

Question 45

Which of the following statements is FALSE regarding the role of a bastion host?

Answer 45

A bastion host sits in a public subnet, and serves as a secure gateway through which one SSHes into instances in a private subnet.

Question 46

True or False: you can use IAM policies to deny the Root account access to EC2 instances.

Answer 46

FALSE - The Root account has total access to all services.

Question 47

You are trying to establish a VPC peering connection with another VPC, and you discover that there seem to be a lot of limitations and rules when it comes to VPC peering. Which of the following is not a VPC pairing limitation or rule?

Answer 47

A placement group may not span paired VPCs or multiple Regions. Placement Groups are limited to a single AZ.

Question 48

What determines the cost of using CloudFormation templates?

Answer 48

There is no additional charge for AWS CloudFormation. You pay for AWS resources (such as Amazon EC2 instances, Elastic Load Balancing load balancers, etc.) created using AWS CloudFormation in the same manner as if you created them manually.

Question 49

To maintain compliance with HIPPA, all healthcare-related data being stored on Amazon S3 needs to be encrypted at rest. Assuming S3 is being used for storing the data, which two of the following are the preferred methods of encryption?

Answer 49

You should encrypt locally or let S3-SSE handle encryption for you.

Question 50

When selecting an EC2 instance type for your application, it’s important to know which two of the following?

Answer 50

The EC2 instance you choose will be determined by the number of I/O operations needed, as well as the anticipated amount of memory required.

Question 51

You are testing an application that uses EC2 instances to poll an SQS queue. At this stage of testing, you have verified that the EC2 instances can retrieve messages from the queue, but your coworkers are complaining about not being able to manually retrieve any messages from the queue from their on-premises workstations. What is the most likely source of this problem?

Answer 51

Short polling may fail to retrieve messages sometimes, but if no messages can be retrieved after multiple attempts, permissions are the more likely cause.

Question 52

You’ve been tasked with migrating an on-premise application architecture to AWS. During the design process, you give consideration to current on-premise security and identify the security attributes you are responsible for on AWS. Which of the following does AWS provide for you as part of the shared responsibility model?

Answer 52

While AWS manages security of the cloud, security in the cloud is the responsibility of the customer. Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site datacenter.

Question 53

Which of the following will transpire when an EC2 instance with an associated Elastic IP is stopped and started?

Answer 53

When such an instance is stopped and restarted, the instance will restart on a different physical host, and all instance-store data will be lost.

Question 54

As CloudWatch monitors RDS, it provides which of the following metrics by default?

Answer 54

By default, Database-visible metrics such as the number of users is available.

Question 55

You manage an application that uses EC2 instances and SQS to process requests from end users. There are no known issues with your application, but your supervisor is concerned about the cost of the AWS resources it uses. Which of the following would not help address that concern?

Answer 55

Increasing the visibility timeout will not decrease cost over time.

Question 56

True or False: There is no cost associated with removing cached objects from a CDN Edge Location.

Answer 56

FALSE - While the first 1000 invalidation paths per month are free, additional invalidation paths are $0.005 per request.

Question 57

An EC2 instance retrieves a message from an SQS queue, begins processing the message, then crashes. What happens to the message?

Answer 57

When the message visibility timeout expires, the message becomes available for processing by other EC2 instances.

Question 58

After migrating an application architecture from on-premise to AWS, you will not be responsible for the ongoing maintenance of which two of the following services.

Answer 58

DynamoDB and Amazon RDS are managed services. As such, AWS handles the ongoing maintenance.

Question 59

Your company wants to begin automated backups of the EBS volumes that back their EC2 instances. The durability of the backed-up data is key. Which of the following solutions would you implement and why?

Answer 59

The data from an EBS volume snapshot is durable because EBS snapshots are stored on the Amazon S3-Standard.

Question 60

Which of the following services allows you to access the service’s underlying operating system?

Answer 60

Access to the underlying operating system is granted for Elastic Map Reduce and Elastic Beanstalk. The others are managed services.

Question 61

Which of the following statements are true?

Answer 61

S3-Standard provides 99.99% availability and eleven-nines durability. S3-RRS provides 99.99% durability