Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
105 Cards in this Set
- Front
- Back
You notice that several of your AWS environment’s CloudWatch metrics consistently have a value of zero. Which of these are you most likely to be concerned about and take action on? Choose the correct answer: ElastiCache Swap Usage ElastiCache Evictions Elastic Load Balancer Spillover Count RDS Database Connections |
RDS Database Connections
Explanation: Zero connections to a database for a long period of time may mean you are paying for database is not in use. If you cannot find anyone with a legitimate use case for the database, you may want to consider taking a snapshot of it and terminating it. Zero is an ideal value for the other metrics listed. |
|
Which of the following services have automated backups? Choose the 3 correct answers: ElastiCache RDS EC2 Redshift |
RDS, Redshift, ElastiCache |
|
Multi-AZ RDS replications of data are asynchronous. Choose the correct answer: True False |
False |
|
You have been tasked with identifying an appropriate storage solution for a NoSQL database that requires random I/O reads of greater than 10,000 4kB IOPS. Which EC2 option will meet this requirement? Choose the correct answer: High Storage instance configured in RAID 10 SSD instance store EBS optimized instances EBS provisioned IOPS |
EBS optimized instances Explanation: EBS volumes only allow you to provision up to 4,000k IOPS per volume. EBS optimized instances have greater IOPs and can go up to 16K. |
|
Read replicas can have Multi Availability Zones enabled. Choose the correct answer: True False |
False |
|
You manage EC2 instances in two different VPCs and you would like instances in both VPCs to be able to easily communicate with each other. You are considering using VPC peering. Will this work? (Choose Two) Choose the 2 correct answers: Yes, as long as the VPC’s are in the same region. Yes, as long as all EC2 instances have a public IP. Yes, as long as the VPCs are in the same account. Yes, as long as the VPCs’ CIDR blocks don’t overlap. |
Yes, as long as the VPC’s are in the same region., Yes, as long as the VPCs’ CIDR blocks don’t overlap. |
|
You have an Amazon VPC that has a private subnet and a public subnet, in which you have a NAT instance server. You have created a group of EC2 instances that configure themselves at startup via downloading a bootstrapping script from S3 that deploys an application via GIT.Which one of the following setups would give us the highest level of security? Choose the correct answer: EC2 instances in our private subnet, no EIPs, route outgoing traffic via the NAT EC2 instances in our public subnet, no EIPs, route outgoing traffic via the IGW EC2 instances in our public subnet, assigned EIPs, and route outgoing traffic via the NAT EC2 instance in our private subnet, assigned EIPs, and route our outgoing traffic via our IGW |
EC2 instances in our private subnet, no EIPs, route outgoing traffic via the NAT |
|
What is the result of the following bucket policy?{"Statement": [{ "Sid": "Sid1", "Action": "s3:*", "Effect": "Allow", "Resource": "arn:aws:s3:::mybucket/*.","Principal": { {"AWS": ["arn:aws:iam::5555555555:user/jeff"]}}},{ "Sid": "Sid2", "Action": "s3:*", "Effect": "Deny", "Resource": "arn:aws:s3:::mybucket/*","Principal": { "AWS": ["*"] }}]} Choose the correct answer: It will deny all all access to the bucket mybucket It will allow the user jeff from AWS account number 5555555555 all access to the bucket but deny everyone else all access to the bucket None of these It will allow all access to the bucket mybucket |
It will deny all all access to the bucket mybucket |
|
You manage a technology blog website on EC2 instances in an Auto Scaling group behind an Elastic Load Balancer. Traffic volume to the site is consistently low, except during several weeks of the year when major technology conferences are occurring, when traffic increases 300 percent. What is the least advisable way to manage this environment? Choose the correct answer: Pre-warm the Elastic Load Balancer prior to technology conference weeks. Upgrade the reserved instances that handle the typical load for the website to larger reserved instances during technology conference weeks. Increase the desired number of instances in the Auto-Scaling group during technology conference weeks. Use on-demand instances to handle the increased load during the technology conference weeks. |
Upgrade the reserved instances that handle the typical load for the website to larger reserved instances during technology conference weeks. Explanation: Upgrading the size of reserved instances means you incur a cost to reserve resources for the entire period of the reservation, which at a minimum of one year, is much more commitment than is needed for a few week-long conferences. It's better to keep the reserved instances sized properly to handle the typical load and use on-demand instances to handle the spikes. |
|
Which of the following will cause a noticeable performance impact on an RDS Multi-AZ deployment? Choose the correct answer: Snapshot creation Read replica creation Automated backups None of these |
None of these |
|
You have created an application that utilizes Auto Scaling behind an Elastic Load Balancer. You notice that users are not evenly distributing sessions on the newly spun up instances. What could be a reason that your users' web sessions are stuck on one instance and not using others? Choose the correct answer: You have not enabled the correct security rules to allow new instances Your ELB is sending all the sessions to the old instance and not evenly sending sessions to all new instances that are spun up during Auto Scaling DNS isn’t updating to the new instances Users are using a firewall that is keeping them form initiating connections to the new instance |
Your ELB is sending all the sessions to the old instance and not evenly sending sessions to all new instances that are spun up during Auto Scaling Explanation: If stuck sessions are enabled on the Elastic Load Balancer then the load balancer will "remember" what instance that request was sent to and will continue to send that request to the same instance. |
|
In the shared responsibility model at AWS, what two options are you responsible for instead of Amazon within an audit? Choose the 2 correct answers: Physical security to AWS data centers The operating systems' administrators group An application that you have running within AWS EC2 The global infrastructure that hosts the virtualization hypervisors |
The operating systems' administrators group An application that you have running within AWS EC2 |
|
You maintain an application on AWS to provide development and test platforms for your developers. Currently, both environments consist of an m1.small EC2 instance. Your developers notice performance degradation as they increase network load in the test environment. How would you mitigate these performance issues in the test environment? Choose the correct answer: Add an additional ENU to the test instance Use the EBS optimized option to offload EBS traffic Configure Amazon CloudWatch to provision more network bandwidth when network utilization exceeds 80% Upgrade the m1.small to a larger instance type |
Upgrade the m1.small to a larger instance type |
|
AWS is solely responsible for the security on the guest operating system. Choose the correct answer: True False |
False |
|
We have a web application that is using Auto Scaling and an ELB. We would like to monitor the application to make sure that it maintains a good quality of service for our customers, defined by the application’s page load time.What metic within CloudWatch can we use for this? Choose the correct answer: The ELB RequestCount The latency that is reported by the ELB Networking for the web tier CPU utilization for our web application tier |
The latency that is reported by the ELB |
|
Your RDS instance is consistently maxed out on its resource utilization. What are multiple ways to solve this issue? Choose the 3 correct answers: Increase RDS instance size. Provision more RDS instance IOPS. Offload read-only activity if it exist in your environment to a read replica. Fire up an ElastiCache cluster in front of your RDS instance. |
Fire up an ElastiCache cluster in front of your RDS instance. Increase RDS instance size. Offload read-only activity if it exist in your environment to a read replica. |
|
What sort of host might you set up in your AWS environment that can be used as a way to “hop” into your environment to gain access to secure servers within a private subnet? Choose the correct answer: Sneaker-net Bastion This is not possible VPN |
Bastion |
|
You are running a legacy application that has a hard coded IP address in your application. How might you apply high availability to the instance running that application? Choose the correct answer: You can’t do this Assign an elastic IP address to the EC2 instance, have a backup instance running. In the event of failure, move Elastic IP from the primary instance to the backup instance. Re-hard code the IP address in your application None of these |
Assign an elastic IP address to the EC2 instance, have a backup instance running. In the event of failure, move Elastic IP from the primary instance to the backup instance. |
|
You support a website with a large user base concentrated on the east coast, but very few users outside of that region. Traffic load is much heavier on the site during business hours so you are planning to implement Auto Scaling to optimize the number of running EC2 instances to meet the traffic load throughout the day. You are also looking for a solution to distribute traffic evenly among those instances. Which of the following solutions will distribute traffic most evenly among the EC2 instances hosting this website in the US-East-1 region? Choose the correct answer: Place the instances behind an Elastic Load Balancer and enable Load Balancer Generated Cookie Stickiness. Place the instances behind an Elastic Load Balancer with stickiness disabled. Place the instances behind an Elastic Load Balancer and enable Application Generated Cookie Stickiness. Setup latency-based routing in Route 53 to distribute the traffic between the EC2 instances. |
Place the instances behind an Elastic Load Balancer with stickiness disabled. Explanation: Elastic Load Balancers with sticky sessions configured may not distribute traffic equally between EC2 instances. Latency-based routing won’t evenly distribute the load among all instances, since the users are not evenly distributed and all the instances are in the same region. |
|
In a Network ACL an explicit Deny always overrides an explicit Allow. Choose the correct answer: True False |
False |
|
What is the result of the following bucket policy? {"Statement": [{"Sid": "Sid2","Action": "s3:*","Effect": "Allow","Resource": "arn:aws:s3:::mybucket/*.","Condition": {"ArnEquals": {"s3:prefix": "finance_"}},"Principal": {"AWS": ["*"]}}]} Choose the correct answer: It will deny all actions if the object prefix is finance_ It will allow all actions if the object is in the finance subdirectory of mybucket It will allow all actions only against objects with the prefix finance_ It allow all access objects in the finance_ bucket name space |
It will allow all actions only against objects with the prefix finance_ |
|
You have enabled a CloudWatch metric on your Redis ElastiCache cluster. Your alarm is triggered due to an increased amount of evictions. How might you go about solving the increased eviction errors from the ElastiCache cluster? Choose the correct answer: Add a node to the cluster Increase the size of your node Reboot your node If you exceed your chosen threshold, scale your cache cluster out and add read replicas |
Increase the size of your node |
|
Assuming you have kept the default settings and are using the automated backup services provided by AWS, which of the following will retain automated backups? Choose the correct answer: An EBS root volume when the EC2 instance is terminated An RDS database when the RDS instance is terminated An instance store root volume when the EC2 instance is terminated None of these |
None of these Explanation: Automated backups of RDS databases are deleted when an RDS instance is terminated. Only manual snapshots of an RDS database remain after the RDS instance is terminated. AWS does not offer an automated backup solution for volumes attached to EC2 instances. |
|
Assuming you have kept the default settings and have taken manual snapshots, which of the following manual snapshots will be retained? Choose the 2 correct answers: A snapshot of an EBS root volume when the EC2 instance is terminated A snapshot of an RDS database when the RDS instance is terminated A snapshot of instance store root volume when the EC2 instance is stopped A snapshot of an instance store root volume when the EC2 instance is terminated |
A snapshot of an EBS root volume when the EC2 instance is terminated A snapshot of an RDS database when the RDS instance is terminated Explanation: Manual snapshots of RDS databases and EBS volumes persist after instance termination. You cannot snapshot an EC2 instance store volume. |
|
By using NACLs at the subnet level, you can create security entries to ensure that other applications such as development applications do not accidentally have any malicious effects against your primary application. Choose the correct answer: True False |
True Explanation: NACLs allow you to block/allow traffic at the subnet level. NACLs can be used to prevent any "accidental" traffic from affecting other AWS apps in your environment. |
|
Your supervisor sends you a list of several processes in your AWS environment that she would like you to automate via scripts. Which of the following list items should you set as the highest priority? Choose the correct answer: Identify and replace unhealthy EC2 instances Implement CloudWatch alerts for EC2 instances’ memory usage Implement CloudWatch alerts for RDS instances’ free storage space Identify and failover unhealthy RDS databases to a secondary copy in a different Availability Zone |
Implement CloudWatch alerts for EC2 instances’ memory usage |
|
You notice that several of your AWS environment’s CloudWatch metrics are hovering near a value of 100. Which of these are you least concerned about? Choose the correct answer: EBS VolumeThroughputPercentage RDS CPUUtilization ElastiCache CurrConnections Elastic Load Balancer SpilloverCount |
ElastiCache CurrConnections Explanation: A high number of connections is not necessarily a bad thing, if there are adequate resources to service those connections. 100% usage of resources, as in options A and C, typically means they are strained under a heavy load. A high SpilloverCount for an Elastic Load Balancer is also bad, as you do not want requests to be rejected. |
|
What is the result of the following bucket policy?{"Statement": [{"Sid": "SID1","Effect": "Allow","Principal": {"AWS": "*"},"Action": "s3:*","Resource": "arn:aws:s3:::mybucket/*","Condition": {"IpAddress": {"aws:SourceIp": "50.97.0.0/32"}}}]} Choose the correct answer: It will deny all access to the S3 mybucket bucket except for requests coming from the IP 50.97.0.0 It will deny all access to the S3 mybucket bucket except for requests coming from the IP range 50.97.0.* It will deny all access all incoming S3 action requests It will allow access to all requests and actions to the mybucket bucket except for requests coming from the IP 50.97.0.0/32 |
It will deny all access to the S3 mybucket bucket except for requests coming from the IP 50.97.0.0 |
|
Which of the following could be a procedure to disaster recovery as it relates to RDS? Choose the correct answer: Configure the read replica to a different region in the event of a fail-over, promote the read replica as the primary and change the DNS for your application to point to the new primary. Configure the read replica to a different region. In the event of failover, promote the read replica as the primary. Configure a read replica to a different region. In the event of a failover, promote the read replica as the primary and change the DNS for your application to point to the new primary and then enable Multi AZ. Enable multi regions for Multi Availability Zones |
Configure a read replica to a different region. In the event of a failover, promote the read replica as the primary and change the DNS for your application to point to the new primary and then enable Multi AZ. |
|
In order for reserved instances to reduce the cost of running instances, those instances must match the exact specifications of the reserved instance including: Region, Availability Zone, and instance type. Choose the correct answer: True False |
True |
|
What would be a reason you would upgrade to Direct Connect instead of a traditional VPN connection? Choose the correct answer: Direct Connect is free You gain higher bandwidth and consistent network connectivity Using Direct Connect is easier than setting up a VPN connection Direct Connect gives you a greater connection speed |
You gain higher bandwidth and consistent network connectivity |
|
Read replicas can be a read replica of another read replica. Choose the correct answer: True False |
True |
|
You are running an application on an EC2 instance that needs access to stored images on Amazon S3. What would be the best practice for allowing API access from the EC2 instance to Amazon S3? Choose the correct answer: Pass the AWS credentials using User Data fields when the instances is launched IAM groups that restrict access to AWS API that is assigned at launch Launch the EC2 instances using AWS identity and IAM roles that restrict API access for the instance IAM users that restrict access to AWS API that is assigned at launch |
Launch the EC2 instances using AWS identity and IAM roles that restrict API access for the instance Explanation: When available, it is best practice to use IAM roles for communicating with the AWS API. You should never store API credentials on an AMI. If roles are unavailable, your next best option would be to pass the API credentials to the instance at runtime. |
|
You can configure an internal elastic load balancer to load balance internal traffic. Choose the correct answer: True False |
True |
|
You have multiple AWS users with access to an Amazon S3 bucket. These users have permission to add and delete objects. If you wanted to prevent accidental deletions, what might you do to prevent these users from performing accidental deletions of an object? Choose the correct answer: Enable versioning on the bucket Remove the ability for the user to delete Creating a bucket policy that prevents accidental deletions You can use Amazon MFA for verification for deleting an object |
You can use Amazon MFA for verification for deleting an object |
|
Your company's compliance department mandates that within your multi-national organization, all data for customers in the UK must never leave UK servers and networks. Similarly, US data must never leave US servers and networks without explicit authorization first. What do we have to do to comply with this requirement in our web-based applications running on AWS in EC2? The user has already set up a user profile that states their geographic location. Choose the correct answer: We can run EC2 instances in multiple regions and leverage Route 53’s latency-based routing capabilities to route traffic to the appropriate region based on a user’s profile. We can run our EC2 instances within multiple AWS Availability Zones in a single region, and use Elastic Load Balancers with session stickiness to route our traffic to the appropriate zone based on the user’s profile. We can run EC2 instances in multiple regions, leveraging Elastic Load Balancers with session stickiness to route traffic to the appropriate region based on a user’s profile. We can run EC2 instances in multiple regions, and leverage a third-party data provider to determine whether a user should be redirected to the appropriate region based on that user’s profiles. |
We can run EC2 instances in multiple regions, and leverage a third-party data provider to determine whether a user should be redirected to the appropriate region based on that user’s profiles. |
|
We have developed a mobile application that gets downloaded several hundred times a week. What authentication method should we enable for the mobile clients to access images that are stored in an AWS S3 bucket that provides us with the highest flexibility and rotates the credentials? Choose the correct answer: Identity Federation based on AWS STS using an AWS IAM policy for the respective S3 bucket IAM user per ever registered client with an IAM policy that grants S3 access to the respective bucket Use ACLs to restrict the access to the selects AWS accounts Set up S3 bucket policies with a conditional statement restricting IP address |
Identity Federation based on AWS STS using an AWS IAM policy for the respective S3 bucket |
|
RDS Read Replicas are Synchronous in their replications. Choose the correct answer: True False |
False |
|
You run a stateless web application with the following components: an Elastic Load Balancer, three Web/Application servers on EC2, and a MySQL RDS database with 5000 Provisioned IOPS. Average response time for users is increasing. Looking at CloudWatch, you observe 95% CPU usage on the Web/Application servers and 20% CPU usage on the database. The average number of database disk operations varies between 2000 and 2500. How would you improve performance? (Choose Two) Choose the 2 correct answers: Choose a different EC2 instance type for the Web/Application servers with a more appropriate CPU/Memory ratio Increase the number of open TCP connections allowed per web/application EC2 instance Use Scaling to add additional Web/Application servers based on a memory usage threshold Use Auto Scaling to add additional Web/Application servers based on CPU load threshold |
Choose a different EC2 instance type for the Web/Application servers with a more appropriate CPU/Memory ratio Use Auto Scaling to add additional Web/Application servers based on CPU load threshold |
|
Your Infrastructure does not have an Internet gateway attached to any of the subnets. What might you do in order to SSH into your EC2 instances? All other configuration is correct. Choose the correct answer: Bastion host Open up port 22 on your subnets Open up port 22 on your security groups Create a VPN connection |
Create a VPN connection |
|
For which of the following reasons would you not contact AWS? Choose the correct answer: Request consolidated billing for multiple AWS accounts owned by your company Ask for an increase to the maximum number of DynamoDB tables for your account Inform them you would like to port scan instances in your VPC Ask them to provide compliance documentation for AWS's physical network to the firm conducting a security audit of your environment |
Request consolidated billing for multiple AWS accounts owned by your company |
|
If we want to be able to monitor billing and cost metrics, what AWS services do we need to enable and use together? Choose the correct answer: Account Preferences Billing Alerts CloudWatch CloudFormation CloudFront |
Account Preferences Billing Alerts |
|
Your website is hosted on 10 EC2 instances in five regions around the globe, with two instances per region. How could you configure your site to maintain availability with minimum downtime if one of the five regions was to lose network connectivity for an extended period? Choose the correct answer: Create a Elastic Load Balancer to place in front of the EC2 instances. Set an appropriate health check on each ELB. Create a Route 53 Latency Based Routing Record Set that resolves to an Elastic Load Balancer in each region. Set an appropriate health check on each ELB. Create a Route 53 Latency Based Routing Record Set that resolves to an Elastic Load Balancer in each region and has the Evaluate Target Health flag set to true. Establish VPN connections between the instances in each region. Rely on BGP to failover in the case of region-wide connectivity failure for an extended period. |
Create a Route 53 Latency Based Routing Record Set that resolves to an Elastic Load Balancer in each region and has the Evaluate Target Health flag set to true. |
|
If Multi-AZ is enabled and automated backups occur on your instance, your application will experience performance issues due to the increased I/O of the automated backup. Choose the correct answer: True False |
False |
|
How might you assign permissions to an EC2 instance so that the EC2 custom CloudWatch metric scripts can send the required data to Amazon CloudWatch? Choose the correct answer: You do not need to assign special permissions, just install the scripts Assign an IAM role to the EC2 instance at creation time with permissions to write to CloudWatch None of these Assign an IAM role to the EC2 instance at the boot time with permissions to write to CloudWatch |
Assign an IAM role to the EC2 instance at creation time with permissions to write to CloudWatch |
|
What AWS services allow you access to the underlying operating system? Choose the 3 correct answers: Hadoop RDS EC2 Elastic BeanStalk |
EC2 Hadoop Elastic BeanStalk |
|
Which of the following CloudWatch metrics require a custom monitoring script to populate the metric? Choose the 2 correct answers: Swap Usage Available Disk Space CPU CPU Utilization |
Swap Usage Available Disk Space |
|
Your company has decided to deploy a “Pilot Light” AWS environment to keep minimal resources in AWS with the intention of rapidly expanding the environment in the event of a disaster in your on-premises Datacenter. Which of the following services will you likely not make use of? Choose the correct answer: CloudFormation for automating the large-scale deployment of AWS resources in the event of an on-premises disaster EC2 for storing updated AMI copies of on-premises VMs RDS for replicating mission-critical databases to AWS A Gateway-Cached implementation of Storage Gateway for storing snapshot copies of on-premises data |
CloudFormation for automating the large-scale deployment of AWS resources in the event of an on-premises disaster Explanation: A Gateway-Cached implementation of Storage Gateway stores all of your data in AWS and caches your frequently-accessed data on premises. Keeping all data in AWS is not a minimal AWS implementation. A Gateway-Stored implementation of Storage Gateway would be preferred for a “Pilot Light” AWS environment, as it would allow you retain your data on-premises but take snapshot copies of the data to AWS, so it could be accessed in the event of an on-premises disaster. With that being said, here is why CloudFormation is the correct answer to this question: "pilot light" requires the replication of data in order to easily "scale out." For RDS this means you already have a running instance that is receiving replicated data. If you use CloudFormation to "increase the instance size" it will actually terminate the instance and launch a new one. In the event of a disaster, it's better to just increase the size of the instance which you can't do with a CloudFormation template. |
|
In your infrastructure, you are running a corporate application using a T2.Small instance. You are also using a NAT instance so that your private instances can reach out to the internet without being publicly available. What is one thing that we should do to speed up bandwidth and performance? Choose the correct answer: Loadbalance your instance with an ELB Move your infrastructure to a different region Load balance your NAT instance with dual tunnels Increase your T2.Small instance to a M3.Small or M3.Medium |
Increase your T2.Small instance to a M3.Small or M3.Medium Explanation: Instance size has a direct influence on the amount of data your instance can send and receive. If your AWS environment has many instances using NAT availability, a network bottleneck could occur. Increasing the instance size will increase the available network throughput. |
|
Which of the following would you be likely to schedule during a maintenance window (rather than during business hours) when working in a Multi-AZ RDS environment? Choose the correct answer: All of these RDS instance type upgrade RDS database upgrade Read replica promotion to the primary database |
All of these Explanation: While patches and upgrades can be performed with minimal downtime in a Multi-AZ environment, any work that requires a failover of the database or functional changes to the database or underlying OS can still impact connectivity and should be performed during a maintenance window. |
|
Which option below is part of a failover process for a Multi-AZ zone in an RDS instance? Choose the correct answer: The new DB instances we create are in the standby zone Our failed RDS database instance reboots The DNS for our primary DB instance is switched to the standby DB instance Answer not provided |
The DNS for our primary DB instance is switched to the standby DB instance |
|
Which of the following can be overridden at the EC2 instance level? Choose the 2 correct answers: The choice to not use dedicated tenancy at the VPC level. An IAM policy explicitly denying a user the right to terminate all EC2 instances. The choice to use dedicated tenancy at the VPC level. An IAM policy explicitly allowing a user the right to terminate all EC2 instances. |
The choice to not use dedicated tenancy at the VPC level. An IAM policy explicitly allowing a user the right to terminate all EC2 instances. Explanation: The default option for a VPC is to not use dedicated tenancy, but that can be overridden at the instance level. If the option to use dedicated tenancy is explicitly set at the VPC level, however, it cannot be overridden at the instance level. Explicit denies in IAM policies always trump explicit allows, so a user who is allowed to terminate all EC2 instances in an account can be denied the permission to terminate a particular instance. |
|
Your company’s website is hosted on several EC2 instances behind an Elastic Load Balancer. Every time the development team deploys a new upgrade to the web application, the support desk begins receiving calls of customers being disconnected from their sessions. Customers’ session data is very important, as it contains their shopping cart information, and this information is lost when the customers’ sessions are disconnected. Which of the following steps can be taken to prevent customers’ shopping cart data from being lost without affecting website availability? (Choose Two) Choose the 2 correct answers: Enable connection draining and remove instances from the Elastic Load Balancer prior to upgrading the application on those instances. Post a notification on your site’s homepage that the some features will be unavailable during the upgrade. Use ElastiCache to store session state. Increase the amount of time required for the Elastic Load Balancer to recognize an EC2 instance as unhealthy. |
Use ElastiCache to store session state., Enable connection draining and remove instances from the Elastic Load Balancer prior to upgrading the application on those instances. Explanation: Storing session state in ElastiCache will allow an instance to become unavailable without losing session data. Removing instances from the Elastic Load Balancer prior to upgrading them will prevent users from establishing new sessions on instances that are about to receive the application upgrade. |
|
You see an increased load on an EC2 instance that is used as a web server. You decide placing the server behind an Elastic Load Balancer and deploying an additional instance should help meet this increased demand on system resources. You deploy the ELB, configure it to listen for traffic on port 80, bring up a second EC2 instance, move both instances behind the load balancer, and provide customers with the ELB’s URL - https://mywebapp-1234567890.us-west-2.elb.amazonaws.com. You immediately begin receiving complaints that customers cannot connect to the web application via the ELB’s URL. Why? Choose the correct answer: You specified https:// in the ELB’s URL, but the ELB is not configured to listen on port 443. You specified https:// in the ELB’s URL, but the EC2 instances are not configured to listen on port 443. The ELB’s URL is not publicly accessible. You need to create an Alias record in Route 53 for the ELB. You specified https:// in the ELB’s URL, but the EC2 instances are not configured to listen on port 80. |
You specified https:// in the ELB’s URL, but the ELB is not configured to listen on port 443. Explanation: Specifying https:// directs web traffic to port 443. If you only configured a listener for port 80 on the ELB, traffic on port 443 will not be accepted. |
|
We have a customer that has a web application that uses cookie-based sessions to see if users are logged in. This uses AWS Elastic Load Balancing and Auto Scaling. When our load on the application increases, then Auto Scaling launches new instances for us, so load on the other instances does not decrease; therefore, all our existing users still experience slow response time.What could be the cause of this? Choose the correct answer: Our ELB is continuing to send the request to the web app with the previously established connections in the same backend instances rather than spreading them to the new auto scaled instances. The new instances are not being added to the ELB in the process of the Auto Scale cooldown period. Our TTL is set too high on our ELB DNS. Our web app is using dynamic content features in Amazon CloudFront which is keeping our connections alive on the ELB. |
Our ELB is continuing to send the request to the web app with the previously established connections in the same backend instances rather than spreading them to the new auto scaled instances. |
|
Instance A and instance B are running in two different subnets, A and B, of a VPC. Instance A is not able to ping instance B. What are two possible reasons for this? Choose the 2 correct answers: The routing table of subnet A has no target route to subnet B The security group attached to instance B does not allow inbound ICMP traffic The NACL on subnet B does not allow outbound ICMP traffic The policy linked to the IAM role instance A is not configured correctly |
The security group attached to instance B does not allow inbound ICMP traffic The NACL on subnet B does not allow outbound ICMP traffic |
|
Which three options would we choose to speed up performance? Choose the 3 correct answers: We can shard the database and distribute the load between shards We can use Amazon CloudFront to cache database queries We can cache our database queries with ElastiCache We can create an RDS read-replica and redirect half of the database read requests to it |
We can shard the database and distribute the load between shards We can create an RDS read-replica and redirect half of the database read requests to it We can cache our database queries with ElastiCache |
|
Your EC2 instance has a system static check error with an error message of loss of network connectivity. What is the best way to attempt to resolve the EC2 instance status check error? Choose the 2 correct answers: Restart the instance Attempt to change the physical host that the instance is on by stopping and starting the instance Terminate the instance and build a new one Increase the size of your instance |
Attempt to change the physical host that the instance is on by stopping and starting the instance Terminate the instance and build a new one |
|
Your AWS application is set up to use Auto Scaling with an ELB. To be sure that your application is performing its best and the page loads quickly what, precisely, could you monitor in CloudWatch? Choose the correct answer: Monitor your ELB latency using CloudWatch metrics Monitor the Hard Drive IOPS Monitor the CPU utilization Set up a third-party monitoring solution |
Monitor your ELB latency using CloudWatch metrics Explanation: CloudWatch provides latency metrics which monitor the time it takes for the request to go from the Elastic Load Balancer to the instance and back. Latency is a good metric to determine if our Elastic Load Balancer is healthy. |
|
Which features can be used to restrict access to data in S3? Choose the 3 correct answers: Enable IAM Identity Federation Set an S3 ACL on the bucket or the object Set an S3 bucket policy Create a CloudFront distribution for the bucket |
Create a CloudFront distribution for the bucket Set an S3 bucket policy Set an S3 ACL on the bucket or the object |
|
Your RDS database is experiencing high levels of read requests during the business day and performance is slowing down. You have already verified that the source of the congestion is not backups taking place during the business day, as automatic backups are not enabled. Which of the following is the first step you can take toward resolving the issue? Choose the correct answer: Pre-warm the database before gradual increases in read requests occur. Create a snapshot of the database and offload some of the read requests to the snapshot. Enable automated backups of the database. Create a read replica of the database and offload some of the read requests to the read replica. |
Enable automated backups of the database. Explanation: A read replica of the database cannot be created until automated backups are enabled. Your first step should be to enable automated backups. Once automated backups are enabled, you can proceed with creating a read replica of the database and offloading some client read requests to . |
|
Which of the following is a security best practice for an AWS environment? Choose the correct answer: Use the default VPC provided by AWS for deploying your EC2 and RDS instances. Only store IAM user credentials on private AMIs. Enable MFA for all IAM user accounts that are used to execute automated scheduled tasks from EC2 instances. Enable MFA on the root user for your AWS account and use IAM users rather than the root user for administrative tasks. |
Enable MFA on the root user for your AWS account and use IAM users rather than the root user for administrative tasks. Explanation: IAM user accounts should not be used for executing automated scheduled tasks on EC2 instances, and automated tasks do not use MFA. The default VPC is built for ease of use, not security. IAM user credentials should not be stored on AMIs; EC2 instances that need permission to perform actions on AWS resources should use IAM roles. |
|
You have decided to extend your on-site data center to Amazon Web Servers by creating a VPC. You already have multiple DNS servers on the premises. You are using these DNS servers to host DNS records for your internal applications. You have a corporate security network policy that says that a DNS name for an internal application can only be resolved internally and never publicly over the internet. Your existing on-premises data center is already connected to your VPC using IPSec VPN.You are deploying new applications within your AWS service that need to resolve these new applications by name. How might you set up the scalable DNS architecture? Choose the correct answer: Using Route 53 hosted zones, you can use all internal domain names' A record sets. Created a new Route 53 hosted zone and forward your internal DNS queries out to the internet. Create a DNS option set that includes both the DHCP options with domain-name-servers=AmazonProvidedDNS and your internal DNS servers Create secondary DNS servers on a Linux server and replicate from primary DNS servers on your on-premises |
Create a DNS option set that includes both the DHCP options with domain-name-servers=AmazonProvidedDNS and your internal DNS servers |
|
You patch the operating system on an EC2 instance and issue a reboot command from inside the instance’s OS. After disconnecting from the instance and waiting several minutes, you notice that you still cannot successfully ping the instance’s public IP address. What is the most likely reason for this? Choose the correct answer: You were using EC2 Classic. The Instance’s EIP address was released at reboot. You were using an EC2 instance with an instance store root volume so the instance was terminated upon reboot. There were pending security group rule changes that deny ICMP that could only take effect after the instance was rebooted. Changes made during OS patching caused a problem with the instance’s NIC driver. |
Changes made during OS patching caused a problem with the instance’s NIC driver. |
|
We have terminated an instance in which we have an EBS attached volume. What do we do now if we need to access the important data that was on this volume if we created this instance with the default storage options? Choose the correct answer: We can restore the data from a snapshot Create multiple EBS volumes and replicate the data between them AWS has high availability so our data is still available If we did not first take a snapshot of the EBS volume we will not be able to access the data after an instance termination |
If we did not first take a snapshot of the EBS volume we will not be able to access the data after an instance termination Explanation: By default, the EBS volumes are selected to terminate upon instance termination; however, when creating an EC2 instance we have the option to un-select the data deletion option. We must also create snapshots of the EBS volume which we can restore the data from. |
|
When working with Amazon RDS, by default, AWS is responsible for implementing which two management-related activities? Choose the 2 correct answers: Installing and periodically patching the database software Creating and maintaining automated database backups in compliance with regulatory long-term retention requirements If automated backups are enabled, creating and maintaining automated database backups with a point-in-time recovery of up to five minutes Importing data and optimizing queries |
Installing and periodically patching the database software If automated backups are enabled, creating and maintaining automated database backups with a point-in-time recovery of up to five minutes |
|
You are uploading 3 gigabytes of data every night to S3 from your on-premises data center. It takes 3 hours to upload and you are uploading it to Amazon S3. You are only using half of your available bandwidth through your internet provider. How might you decrease the amount of time to back up that 3GB of data from your on-premises data center to S3? Choose the 2 correct answers: You could establish a Direct Connect connection between your on-premises data center and AWS VPC Increase your instance size You can use multipart upload to speed up the upload process Increase your provisioned IOPS |
You can use multipart upload to speed up the upload process You could establish a Direct Connect connection between your on-premises data center and AWS VPC |
|
Best practice is to pre-warm: Choose the correct answer: Elastic load balancers that recently experienced a large increase in traffic. EBS volumes that were created from scratch. Pre-warm using the read and then write back method. Newly created EBS volumes. Pre-warm using the read and then write back method. Elastic load balancers that you are expecting will experience a large increase in traffic. Pre-warm using the read and write back method. |
Newly created EBS volumes. Pre-warm using the read and then write back method. Explanation: The read and write back method is used to pre-warm EBS volumes created from a snapshot. Fresh EBS volumes do require read or write back during pre-warming. Elastic load balancers should be pre-warmed prior to an anticipated large spike in traffic, but this is done by contacting AWS to provision additional back-end resources, not by a read and write back command. |
|
When taking a snapshot of an EBS volume there is a performance issue: It decreases the performance due to the increased I/O. Choose the correct answer: True False |
True |
|
You have enabled a CloudWatch metric on your MemCached ElastiCache cluster. Your alarm is triggered due to an increased amount of evictions. How might you go about solving the increased eviction errors from the ElastiCache cluster? (Choose Two) Choose the 2 correct answers: Increase the node size Add a node to the cluster Increase the provisioned IOPS on the ElastiCache Node Reboot your MemCache cluster |
Increase the node size Add a node to the cluster |
|
What are some steps you can take to optimize cost on AWS? Choose the 3 correct answers: AWS is already optimized in cost Detatch under utilized EBS volumes and take a snapshot of the EBS volume and then delete the EBS volume Purchasing reserved instances For RDS DB instances that have consistent 0 connections, take a snapshot of the instance and terminate the instance |
Purchasing reserved instances Detatch under utilized EBS volumes and take a snapshot of the EBS volume and then delete the EBS volume For RDS DB instances that have consistent 0 connections, take a snapshot of the instance and terminate the instance |
|
Your applications in AWS need to authenticate against LDAP credentials that are in your on-premises data center. You need low latency between the AWS app authenticating between AWS and your on- premises network. How can you achieve this? Choose the correct answer: If you don’t already have a secure tunnel, create a VPN between your on-premises data center and AWS. Once you have a VPN tunnel established between the data centers then you can spin up a secondary LDAP server that replicates from on premises LDAP server. Create a new LDAP server and authenticate to it. Create a Direct Connect tunnel and you can authenticate faster. You don’t have to use LDAP to authenticate to your apps. |
If you don’t already have a secure tunnel, create a VPN between your on-premises data center and AWS. Once you have a VPN tunnel established between the data centers then you can spin up a secondary LDAP server that replicates from on premises LDAP server. |
|
You manage a popular blog website on EC2 instances in an Auto Scaling group. You notice that between 8:00 am and 8:00 pm, you see a 50% increase in traffic to your website. In addition, there are occasional random 1- to 2-hour spikes in traffic and some users are seeing timeouts when trying to load the index page during those spikes. What is the least cost-effective way to manage this Auto Scaling group? Choose the correct answer: Use reserved instances for the instances needed to handle the load during traffic spikes Use reserved instances for the instances needed to handle the typical load during the night hours Increase the maximum number of instances in the AutoScaling group Use reserved instances for the instances needed to handle the load during the daytime hours |
Use reserved instances for the instances needed to handle the load during traffic spikes Explanation: Reserved instances become cost-effective when they are in use for greater than 30% of the time. Using reserved instances to handle the brief spikes in traffic would not be cost effective. |
|
You are managing a large magazine application inside Amazon Web Services. Your company posts an article that gets picked up internationally, causing millions of visitors to hit your application. Such a large increase in traffic causes strain on your DB server which is dynamically servicing the blog content. How might you quickly resolve this issue and make the blog post infinitely scaleable? Choose the correct answer: Enable ElastiCache caching to helps serve the Dynamic content. Enable Auto Scaling on the EC2 instances. Create a static HTML page using S3 and use Route 53 to point DNS to the static S3 bucket. Increase the RDS instance size and enable Multi-AZ failover |
Create a static HTML page using S3 and use Route 53 to point DNS to the static S3 bucket. |
|
We are preparing for our regular scheduled security assessment. What two configuration management practices should our organization have implemented? Choose the 2 correct answers: We will make sure that unnecessary users and services have been identified on all published AMIs Make sure that S3 bucket policies and ACLs correctly implement our security policies Determine our remote administrative access is performed securely Be sure that our AWS Trusted Advisor has identified and disabled unnecessary users and services on your EC2 instances |
Determine our remote administrative access is performed securely Make sure that S3 bucket policies and ACLs correctly implement our security policies |
|
How would you restore an EBS snapshot to an EC2 instance? Choose the correct answer: Clone the snapshot Create a new volume from the snapshot, attach the volume to the EC2 instance, pre-warm the volume and mount it to the device Attach the volume to the EC2 instance, create a snapshot and clone the data Mount the device, create a volume from the snapshot, and mount the volume |
Create a new volume from the snapshot, attach the volume to the EC2 instance, pre-warm the volume and mount it to the device |
|
Rule 100 in a NACL associated with subnets A and B denies HTTP traffic from 0.0.0.0/0. Rule 105 in the same NACL allows HTTP traffic from 0.0.0.0/0. EC2 Instances in subnet A are associated with a security group that allows HTTP traffic from 192.168.0.0/24. EC2 Instances in subnet B are associated with a security group that denies HTTP traffic from 128.168.0.0/24. Which of the following statements are true? Choose the correct answer: HTTP traffic from the internet will be allowed to EC2 instances in Subnet B. HTTP traffic from the internet will be denied to EC2 instances in both subnets due to the NACL rules. HTTP traffic from 192.168.0.0/24 will be denied to EC2 instances in Subnet A because of the NACL rules. HTTP traffic from 192.168.0.0/24 will be allowed to EC2 instances in Subnet A. |
HTTP traffic from the internet will be denied to EC2 instances in both subnets due to the NACL rules. Explanation: Rule 105 is the higher number rule and will not be evaluated. NACL rules are evaluated in order from lowest to highest so HTTP traffic from the internet will be denied to instances in subnet B. |
|
A colleague noticed that CloudWatch was reporting that there had not been any connections to one of your MySQL databases for several months. You decided to terminate the database. Two months after the database was terminated, you get a phone call from a very upset user who needs information from that database to run end-of-year reports. What can you do? Choose the correct answer: You can restore the database from the most recent automated backup of the database. Nothing, since the 35-day maximum retention period for snapshots has expired. If you took a manual snapshot of the database, you can restore the database from that snapshot. Nothing, since the 35-day maximum retention period for automated backups has expired. |
If you took a manual snapshot of the database, you can restore the database from that snapshot. Explanation: Manual snapshots persist even after a database is terminated. There is not an expiration period for manual snapshots. While automated backups do have a maximum retention period of 35 days, they are deleted at the time a database is terminated. |
|
Your supervisor is concerned about losing read access to your RDS database in the unlikely event of an AWS regional failure. You design a plan to create a read replica of the database in another region, but your supervisor sees a problem with this plan. What problem does he see? Choose the correct answer: AWS does not support RDS read replicas in different regions from the source database. Synchronous replication between the two regions will suffer from high latency. Replication requires VPC peering between the regions, and you have overlapping CIDR blocks in the two VPCs. Your database is using PostgreSQL, which does not support cross-region replication. |
Your database is using PostgreSQL, which does not support cross-region replication. Explanation: PostgreSQL on RDS now supports cross-region read replicas since June 2016, but please keep in mind that the exam probably won't be updated for a while. Read replicas are supported in different regions than the source RDS database, but only when using MySQL 5.6. You cannot synchronous replication between the two regions because, while latency is an important metric, read replicas use asynchronous replication, not synchronous replication. You cannot VPC peer between VPCs in different regions and because replication does not require VPC peering. |
|
When managing our VPC in an AWS region, we want to give other teams access to create their own instances and modify the security groups inside subnets dedicated to their teams. We have to make sure the development team can NOT do anything in their subnets that could allow their instances to impact production instances in the production subnets.What can we do to separate out our VPC so that instances that the dev team can access can never interfere or interact with the ones within our production? Choose the correct answer: We can create NACLs that restrict which subnets that can talk to each other We can create two subnets in CIDR blocks that are not close together We can make sure that the dev team’s subnet are in one AZ and the production is in another We can make sure that the subnets are only allowing routing via our IGW and not the local router |
We can create NACLs that restrict which subnets that can talk to each other |
|
You want to run a web application in which application servers on an instance of EC2 are in an Auto Scaling group spread across two Availability Zones. Monitoring over the last six months, we notice that only one of our web servers is needed to handle our minimum load. During our core utilization hours (8-8 M-F), mostly five to six web servers are needed to handle the minimum load. Four to five days a year, the number of web servers required can go up to 18 servers.What choice would mostly reduce our costs providing full availability? Choose the correct answer: Three Reserved Instances (heavy utilization), five on-demand instances, the rest covered by Spot Instances Three Reserved Instances (heavy utilization), four Reserved instances (medium utilization), the most covered by on-demand instances Five Reserved Instances (heavy utilization), the rest covered by Spot instances Five Reserved Instances (heavy utilization), the rest covered by on-demand instances |
Five Reserved Instances (heavy utilization), the rest covered by on-demand instances |
|
Which of the following statements is true? Choose the 2 correct answers: You can customize your AWS deployments using JSON templates in OpsWorks. You can customize your AWS deployments using the Ruby programming language in CloudFormation. You can customize your AWS deployments using JSON templates in CloudFormation. You can customize your AWS deployments using the Ruby programming language in OpsWorks. |
You can customize your AWS deployments using JSON templates in CloudFormation. You can customize your AWS deployments using JSON templates in OpsWorks. |
|
You are running an EC2 instance serving a website with an SSL certificate. Your CPU utilization is constantly high. How might you resolve this issue? Choose the correct answer: Switch from Apache web server to Nginx for better SSL performance Increase the instance size Offload the SSL cert to AWS ElastiCache Offload the SSL cert form the EC2 instance and configure on the Elastic Load Balancer |
Offload the SSL cert form the EC2 instance and configure on the Elastic Load Balancer |
|
Your company is being audited by a third party IT auditing service; they have asked you for details about the physical network and virtualization infrastructure. What to you tell them? Choose the correct answer: The audit does not apply to our us since we do not have control over AWS You print off details about the AWS infrastructure provided by the AWS infrastructure website You direct the auditing service to an AWS representative You go to your AWS rep with the control in question and AWS will give the provided information to the third party in charge of doing your audit |
You go to your AWS rep with the control in question and AWS will give the provided information to the third party in charge of doing your audit |
|
What might be the cause of an EC2 instance not launching in an auto-scaling group? Choose the 3 correct answers: Key pair associated with EC2 instance does not exist Invalid EBS device mapping Security group placement Availability zone is no longer supported |
Availability zone is no longer supported Invalid EBS device mapping Key pair associated with EC2 instance does not exist |
|
A colleague noticed that CloudWatch was reporting that there had not been any connections to one of your MySQL databases for several months. You decided to terminate the database. Two months after the database was terminated, you get a phone call from a very upset user who needs information from that database to run end-of-year reports. You are hopeful that you can restore the database to full functionality from snapshot, but your database administrator is not quite as confident. Why? Choose the correct answer: The snapshot was taken while the database was running. The MySQL database was not using a transactional database engine such as InnoDB and may not restore properly. The 35-day maximum retention period for snapshots has expired. MySQL databases do not support snapshots. |
The MySQL database was not using a transactional database engine such as InnoDB and may not restore properly. |
|
You manage a social media website on EC2 instances in an Auto Scaling group. You have configured your Auto Scaling group to deploy one new EC2 instance when CPU utilization is greater than 90% for 3 consecutive periods of 10 minutes. You notice that between 6:00 pm and 10:00 pm every night, you see a gradual increase in traffic to your website. Although Auto Scaling launches several new instances every night, some users complain they are seeing timeouts when trying to load the index page during those hours. What is the least cost-effective way to resolve this problem? Choose the correct answer: Decrease the collection period to five minutes Decrease the threshold CPU utilization percentage at which to deploy a new instance Decrease the consecutive number of collection periods that must elapse before a new instance is deployed Increase the minimum number of instances in the AutoScaling group |
Increase the minimum number of instances in the AutoScaling group Explanation: Increasing the minimum number of instances in the AutoScaling group will keep more instances running around the clock, thus making it a very inefficient way to manage cost. The other options all increase the AutoScaling group's sensitivity to an increase in load and enable it to respond quicker to increased load by spinning up instances as soon as they become necessary. |
|
What item, when attached to a subnet, will allow the internal subnet to communicate to external networks? Choose the 2 correct answers: NAT instance IGW Internet Gateway Customer Gateway Virtual Private Gateway |
IGW Internet Gateway Virtual Private Gateway |
|
You have been asked to maintain a small AWS environment consisting of five on-demand EC2 web server instances. Traffic from the Internet is distributed to these servers via an Elastic Load Balancer. Your supervisor is not pleased with a recent AWS bill. Assuming a consistent, moderately high load on the web servers, what option should you recommend to reduce the cost for this environment without negatively affecting availability? Choose the correct answer: Use reserved EC2 instances rather than on-demand instances. Use spot instances rather than on-demand instances. Create an Auto Scaling group to ensure that you are not paying for instances that are not needed. Remove the Elastic Load Balancer since the instances already have public IP addresses |
Use reserved EC2 instances rather than on-demand instances. Explanation: Auto Scaling can often save money in environments with variable load, but would likely not help reduce costs in an environment with a consistent high load spread across all servers. Reserved instances are recommended for instances with a consistently high load. Removing the ELB or using spot instances would save money, but could decrease availability. |
|
We need to run a business intelligence application against our production database. This application requires near real time data from the database. How might we configure our RDS setup so that our application does not increase I/O load against our production database? Choose the correct answer: Point the application to the Multi-AZ failover instance In order to receive real time information the application must query the primary database Copy the production instance and create a cron that dumps the RDS data into the secondary instance Create a read replica from the production instance and point the application to the read replica |
Create a read replica from the production instance and point the application to the read replica |
|
Select all that apply: Per the AWS Acceptable Use Policy, penetration testing of EC2 instances: Choose the correct answer: can be freely performed without authorization may be performed by the customer against their own instances with prior authorization from AWS may be performed by AWS, and is periodically performed by AWS are expressly prohibited under all circumstances |
may be performed by the customer against their own instances with prior authorization from AWS |
|
If you configure a VPC with an Internet gateway that has a private and a public subnet, is each in its own Availability Zone and is using a dual-tunnel VPN between the Virtual Private Gateway and the router in the private data center. You want to make sure that you do not have a potential single point of failure in this design. Which option would you get rid of to make sure we achieve this above environment? Choose the correct answer: You set up a secondary router in your private data center to establish another dual-tunnel VPN concoction with a Virtual Private Gateway. You create another Internet Gateway to provide redundant Internet connectivity. You create and then attach a second Virtual Private Gateway, providing redundant VPN connectivity. There is not a single point of failure with this architecture |
There is not a single point of failure with this architecture |
|
What happens during a failover process in a Multi-AZ with AWS RDS instance? Choose the correct answer: RDS automatically creates new RDS instances for you in a failover The DNS record of the DB instance changes from the primary to the standby DB instance You lose data on the primary RDS instance RDS data gets backed up offsite |
The DNS record of the DB instance changes from the primary to the standby DB instance Explanation: The Multi-AZ failover process does not require any action from the SysOps admin. The DNS on the backend of AWS will change from primary to the secondary instance. This occurs during time periods such as DB failure and DB updates by AWS. |
|
A successful systems administrator probably does not need to know how to use a script for:
Choose the correct answer: Creating OS-level metrics in CloudWatch Downloading software and updates from a repository to an EC2 instance Automating backups of EBS volumes Automating backups of RDS databases |
Automating backups of RDS databases
Explanation: AWS offers automated backups of RDS, thus it is not a requirement to script this task. |
|
A deny overrides an allow in which circumstances?
Choose the correct answer: A NACL associated with subnet A defines two rules. Rule #100 explicitly denies TCP traffic on port 21 from 0.0.0.0/0 and rule #105 explicitly allows TCP traffic on port 21 from 0.0.0.0/0. A NACL associated with subnet B defines two rules. Rule #105 explicitly denies TCP traffic on port 21 from 0.0.0.0/0 and rule #100 explicitly allows TCP traffic on port 21 from 0.0.0.0/0. S3 bucket access is implicitly denied for all users and an explicit allow is set on an S3 bucket via an S3 bucket policy. An explicit allow is set in an IAM policy governing S3 access and an explicit deny is set on an S3 bucket via an S3 bucket policy. |
An explicit allow is set in an IAM policy governing S3 access and an explicit deny is set on an S3 bucket via an S3 bucket policy.
|
|
By default, there is no route between the subnets in a VPC.
Choose the correct answer: True False |
False
|
|
You need to establish a secure backup and archiving solution for your company, using AWS. Documents should be immediately accessible for three months and available for five years for compliance reasons. Which AWS service fulfills these requirements in the most cost-effective way?
Choose the correct answer: Upload the data on EBS, use lifecycle policies to move EBS snapshots into S3 and later into Glacier for long-term archiving. Use StorageGateway to store data to S3 and use lifecycle policies to move the data into Redshift for long-term archiving. Use Direct Connect to upload data to S3 and use IAM policies to move the data into Glacier for long-term archiving. Upload data to S3 and use lifecycle policies to move the data into Glacier for long-term archiving. |
Upload data to S3 and use lifecycle policies to move the data into Glacier for long-term archiving.
|
|
Which one of the below setups would need a custom CloudWatch metric in which to monitor?
Choose the correct answer: Our disk usage activity of an ELB volume attached to our EC2 instance The disk full percentage of our ELB volume Our CPU utilization of an EC2 instance Disk full percentage of an Elastic Block Store volume |
Disk full percentage of an Elastic Block Store volume
|
|
Given the following IAM policy:
{"Version": "2014-19-17","Statement": [{"Effect": "Allow","Action": ["s3:Get*", "s3:List*"],"Resource": "*"},{"Effect": "Allow","Action": "s3:PutObject","Resource": "arn:aws:s3:::corporate_bucket/*"}]} What does the IAM policy allow? Choose the 2 correct answers: The user is allowed to read objects from the bucket named ‘corporate_bucket’ The user is allowed to read objects in the bucket named ‘corporate_bucket’ but not allowed to list the objects in the bucket The user is allowed to write objects into the bucket named ‘corporate_bucket’ The user is allowed to change access rights for the bucket named ‘corporate_bucket’ |
The user is allowed to read objects from the bucket named ‘corporate_bucket’ The user is allowed to write objects into the bucket named ‘corporate_bucket’ |
|
You have been tasked by your manager to build a tiered storage setup for database backups and their logs. These backups must be archived to a durable solution. After 10 days, the backups can then be archived to a lower priced storage tier. The data, however, must be retained for compliance policies. Which tiered storage solution would help you save cost, and still meet this compliance policy? Choose the correct answer: Set up an independent EBS volume where we can store daily backups and then copy these files over to S3, where we configure a bucket that has a lifecycle policy to archive files older than 10 days to AWS Glacier Create EC2 instances with attached EBS volumes that replicate files daily to multiple EBS volumes on other instances, then clean up files older than 10 days on the primary EBS volume. Backup your data every day, off-site from AWS, to your on-premise data center’s storage solution and manage the data backups with your existing backup solution. Using AWS is already elastic and highly available. Therefore, the need to setup lifecycle policies is already low cost and plenty of room for growth for your organization. |
Set up an independent EBS volume where we can store daily backups and then copy these files over to S3, where we configure a bucket that has a lifecycle policy to archive files older than 10 days to AWS Glacier |
|
What would we need to attach to a Bastion host or NAT host to a primary host for high availability in the event that the primary host went down and that traffic coming in would establish to a backup Bastion host? Choose the correct answer: Secondary Network Interface Direct Connect connection Secondary route table Elastic IP Address |
Elastic IP Address |
|
In your LAMP application, you have some developers that say they would like access to your logs. However, since you are using an AWS Auto Scaling group, your instances are constantly being re-created. What would you do to make sure that these developers can access these log files? Choose the correct answer: Set up a central logging server that you can use to archive your logs; archive these logs to an S3 bucket for developer-access. Give read-only access to your developers to the Apache servers. Give root access to your Apache servers to the developers. Give only the necessary access to the Apache servers so that the developers can gain access to the log files. |
Set up a central logging server that you can use to archive your logs; archive these logs to an S3 bucket for developer-access.
|
|
Your company is setting up an application that is used to share files. Because these files are important for the sales team, the application must be highly available. Which AWS-specific storage option would you set up for low cost, reliability, and scaling? Choose the correct answer: Spin up EC2 on ephemeral type storage to keep the cost down. Create a DropBox account to share your files. Attach an EBS volume to each of the EC2 servers where the files could be uploaded. Use AWS (S3) that can be access via end users with signed URLs. |
Use AWS (S3) that can be access via end users with signed URLs. |
|
What is the most likely reason you are being charged for an instance you launched from a free-tier eligible AMI? Choose the correct answer: You used an EBS-backed root volume You launched the instance from a cloud formation template Your account has passed the one-year trial period Your instance has a public IP address assigned to it |
Your account has passed the one-year trial period |
|
You have an Elastic Load Balancer with an Auto Scaling group for your application. You also have 4 running instances with Auto Scaling. All of these instances are running in the same Availability Zone. Some instances within the zone are not highly available. What could be the cause? (Choose Two) Choose the 2 correct answers: The ELB isn’t configured for that Availability Zone The VPC is not configured for auto scaling in to multiple subnets The auto scaling group is not configured for more that one Availability Zone The auto scaling scaling policy is not configured for multiple Availability Zones |
The ELB isn’t configured for that Availability Zone The auto scaling group is not configured for more that one Availability Zone |