Aws Certified Solutions Architect Associate Flashcards
You are consulting for a finance company that has specific backup and archiving policies. Financial documents for the past six months may need to be accessed frequently. You need to configure a setup that automatically sends any documents that are older than six months to a lower-cost, but highly durable, environment for archiving. Given that the company is using a Storage Gateway in File Gateway configuration, which of the following would be the best setup to reach the objectives?
Enable S3 versioning with a lifecycle policy that sends objects older than six months to Amazon Glacier
You business operates in a very security sensitive industry. You are looking at how to secure a small VPC. Your environment consists of a single S3 bucket, and an EC2 instance running in a internet connected VPC. What is the best way to lock down the environment, allowing access to S3 but keeping the environment as secure as possible?
Create an S3 VPC endpoint. Apply a policy restricting access to the S3 bucket from the VPC endpoint, and remove the internet gateway. Setup a VPN Endpoint and client to securely SSH into the EC2 instance when needed.
Which of the following AWS storage services are able to be natively mounted as mount points on a Linux system.
- Instance Store- EBS- EFS
Which of the following are AWS managed services that can allow host access to instances running on the respective services? (Choose all that apply)
- Amazon EC2- Amazon EMR
You have inherited a VPC which has a CIDR of 10.0.0.0/16. You need to design a subnet layout which allows for four availability zones to be used. Which option below is valid for this criteria? Pick the one which uses the least number of subnets to decrease management overhead.
Create four subnets: 10.0.0.0/24, 10.0.1.0/24, 10.0.2.0/24 and 10.0.3.0/24, and put each one in its own availability zone.
You are designing a VPC to host a small application. The VPC will be connected back to your on-premises network using a VPN. An EC2 instance runs the application, and will only need to connect to the internet for software updates. You have a list of the software update DNS names. How can you restrict this within the AWS VPC?
Add an internet gateway to the VPC, and a proxy service running on a EC2 instance in a public subnet with an elastic IP.
You will have an application running on an EC2 instance. The instance will be in a private subnet. Outside of NACL's and Security groups being in place, what else is needed to provide Internet access for the EC2 instance?
VPC, Subnets, Route Table(s), Nat Gateway, and Internet Gateway.
Which of the following EC2 metrics will NOT be automatically collected by CloudWatch?
- The number of running processes on the instance- Average Memory Utilization
Your business has two EC2 instances, one is located in us-east, the other in us-west. You want to allow both machines to communicate with each other. Instances in either VPC need to be able to communicate with each other as if they are within the same network. What solution would you recommend?
Configure an inter-region VPC peer between the VPCs and allow communications using the private IP addresses of the instances.
Currently, you're helping to design and architect a highly-available application. After building the initial environment, you've found that part of your application does not work correctly until port 443 is added to the security group. After adding port 443 to the appropriate security group, how much time will it take before the changes are applied and the application begins working correctly?
Changes apply instantly to the security group, and the application should be able to immediately respond to 443 requests.
Your businesses risk team has asked you to add additional resiliency to a critical business application. The application uses RDS and the MySQL engine and is based in us-east-1. The risk team would like to protect the application against an AZ failure and region issues, and wants to do it in a way which is as cost effective as possible. What two options could you suggest?
- Enable Multi-AZ mode in two AZs to protect against an AZ failure within the us-east-1 region.- Add one or more read replicas in other regions.
You have been asked to design an upgrade to a legacy environment running in an AWS VPC. There will be an EC2 instance in each AZ's private subnet. The region the environment is in has four AZs. The VPC has eight subnets, four private (one in each AZ) and four public (one in each AZ). You have been asked to ensure the solution uses NAT gateways and that if any AZ fails, an instance in the other AZs can ALWAYS access the internet. What is the minimum number of NAT Gateways required?
4 - Each is located in a single , but different public subnet. Each private subnet is set to use the NAT gateway in the same AZ.
You have a single EC2 instance, which is automatically built from a Cloud Formation template, that runs some business-critical scripts on an hourly basis. The EC2 instance currently operates in a single AZ in us-east-1 and the business has asked that you add resilience to the instance, They would like to be able to cope with one or two AZ failures, and maintain its functionality. Which option below would you present as a possible solution?
Adjust the CloudFormation template. Add an LC and ASG, and add bootstrapping. Set the min/max/desired to 1/1/1. Define the subnets in 3 AZs you would potentially want to be able to use in the configuration. Optionally, add app specific health checking.
You've been tasked with building out a duplicate environment in another region for disaster recovery purposes. Part of your environment relies on EC2 instances with preconfigured software. What step(s) would you take to configure the instances in another region?
Create a custom AMI of the EC2 instance and copy the AMI to the desired region.
Your company is concerned with EBS volume backups on Amazon EC2, and wants to ensure they have proper backups so that the data is durable. What solutions could you implement (choose two)?
- Using CloudWatch Events, schedule a rule that calls the EC2 CreateSnapshot API.- Use a lifecycle policy for EBS Snapshots.
Which of the following services or service features are natively highly available in a region and can cope with a AZ failure without itself failing?
- Internet Gateway- Virtual Private Gateway- Dynamic Hardware VPC VPN- EBS Snapshot- VPC
Which EC2 features can help mask the failure of an instance? (Choose all that apply)
- EC2 Autorecovery- Elastic IP
You have designed a small VPC deployment for a highly-available web application. The VPC is in a Three Availability Zone region, and you have created nine subnets. Three are private (one per AZ), three are public (one per AZ), and three are database subnets (one per AZ). You have provisioned the three web servers in the public subnets, three application servers in the private subnets, and a three-node Aurora cluster. How many load balancers do you need to create, and in what subnets should they be placed, to ensure each tier is highly available?
2 - One placed in the public subnets, the other in the private
Why does stopping and starting an instance usually fix a System Status Check error?
Stopping and starting an instance causes the instance to be provisioned on different AWS hardware.
You are about to create an AWS Lambda function, and need to give it the permissions to access Amazon S3. How do you best perform this (pick the best approach)
Create an IAM role, assign a policy to the role, and set the Lambda function to use the role
To maintain compliance with HIPAA laws, all data being backed up or stored on Amazon S3 needs to be encrypted at rest. What two things should you do for storing the actively accessed healthcare-related (PHI) data?
- Connections to S3 that have protected health information must use endpoints that use HTTPS.- Enable SSE on an S3 bucket to make use of AES-256 encryption.
One of the projects you have designed and implemented has a new requirement. The product uses an Amazon RDS database, and is located within a VPC isolated from your corporate network. The RDS instance is not itself accessible publicly, but certain subnets of the VPC are. You need to give members of your business IT team the ability to perform operations on the RDS instance. But not everyone in the business should have this access, just certain people. What is the least expensive way to accomplish this?
Create an EC2 instance in the public subnet. Configure federation on this instance so that certain corporate users can log in with their AD credentials. Then install RDS DB management tools on this bastion host.
Your company has just employed ten student for one week, and it is your task to provide them with access to AWS through IAM. Your supervisor has come to you and said that he wants to be able to track these students as a group, rather than individually. Because of this, he has requested for them to all have the same login ID but completely different passwords. Which of the following is the best way to achieve this?
It isn't possible to have the same login ID for multiple IAM users of the same account.
A team of developers within your business has developed a mobile application, and it needs to access a DynamoDB table. The mobile application will be used by somewhere near 1,000,000 users. Which security access method would you suggest the developers use in order to minimize costs and admin overhead, while maximizing security.
Configure web identity federation in the mobile app. Use AWS Cognito, and set up an IAM role with permissions to connect to DynamoDB.
Your CRM application running on EC2 needs to store and retrieve contract documents in an S3 bucket. How can your application get these permissions?
Create an IAM role with a suitable permissions policy, and a trust policy specifying the EC2 service.
You have been asked how to provide another organization with access to an S3 bucket in your company's account. Your company owns the bucket, and must own all files within it. There will be about 10,000 users from the other organization accessing the bucket. What solution matches these requirements?
Create an IAM role within your AWS account that has access rights to the bucket. Using a trust policy, trust the account number of the remote organizations AWS account.
Your information security officer has asked for modifications to an application running on an EC2 instance, to ensure that it uses regular key rotation for its interaction with AWS. What is the key point to let her know?
The application is running on an EC2 instance and uses an instance role. Key rotation is automatic and handled by IAM/STS.
You operate a commercial stock images website with millions of images. Watermarked preview images are available via an EC2 instance application. Full resolution versions are stored on an EBS volume. The EBS volume is attached to the EC2 instance and delivered by the application. You have been asked to find a cheaper solution that can scale. Which option is the most suitable.
Move the images to S3 and Use pre-signed URL's
You are the system administrator for your company's AWS account, and it has approximately 200 IAM users. Your company has just introduced a new policy that will change the access for 50 of the IAM users to have unlimited access to S3 buckets. How can you implement this effectively so that there is no need to apply the policy at the individual user level?
Create an IAM group, add the 50 users, and apply the policy to group
One of your environments utilizes DynamoDB as a database. You need to ensure that it can only be accessed by a select number of people using specific IP addresses. What design changes do you suggest?
Configure a group of IAM users (for each level of access) for the people who need access. Give those groups access to the DynamoDB operations they need, but add a condition to the policy so that it has to match the specific IP address.
A company has asked you to perform a security audit on their AWS environment. You log in to their AWS account with the root user credentials, and discover that they are using a VPN to connect to and manage their private EC2 instances. Upon further inspection, you find that they are not regularly patching their RDS instances. Finally, you notice that they are using IAM policies, rather than bucket policies, to manage access to their S3 buckets. What do you cite as the most critical security risk in your report?
The company allows people to log in as their AWS account's root user.
You've been asked to upgrade an old AWS environment (T series EC2 instances) which is suffering from slow internet throughput. The environment currently uses a NAT Instance. You are required to only use T series EC2 instances. Which option below represents a potential solution?
Replace the NAT instance in the VPC with a NAT Gateway.
An application that retrieves data from an external web site is running on a single M5 large instance with a private IP. During peak loads, users report very long delays and timeouts. CloudWatch reports the CPU usage never climbs above 60%. What could be causing the issue?
The instance could be sending outbound requests through a NAT instance which may be undersized.
You are running an application on an EC2 instance that is extremely sensitive to variations in network performance, specifically the variation in PING times and latency. The application also devours CPU cycles when this network jitter happens, so you need to implement a solution that removes any risk of network performance degradation. What option works in this scenario?
Ensure that the instance has enhanced networking.
You have been asked to design some scaling upgrades on a legacy web application which utilises a MySQL RDS instance. The application is suffering from increasing reports of performance issues during peak periods. The application is used for archival information storage, where data is reviewed constantly and very rarely updated. Which option provides the best possibility of performance improvements for the least cost?
Add RDS read replicas, and adjust the application to move a percentage of reads to the read replica.
Which of the following is true regarding S3 Request Rate Performance?
- Amazon S3 provides at least 5,500 requests per second to retrieve data- Amazon S3 provides at least 3,500 requests per second to add data
Your business has a image processing application. It runs on a single x1.16xl EC2 instance. The instance is extremely expensive, and operations staff have noticed that CPU and memory usage fluctuates between around 20-30% during non busy periods and 100% at other times.The application consists of two components, one allows image uploading, and one processes the images. You have been asked to rearchitect the application, aiming for reduced costs and optimized performance. What AWS products would you select?
- Cloudwatch- SQS- Launch Configuration- Auto Scaling Group
You are the solutions architect for a busy photo management website. Your business receives about 200 high resolution photo uploads per minute, and you store these in an S3 bucket. The business wants to do some analysis on all uploaded photos, then store the metadata in DynamoDB. They have asked you to suggest the cheapest option that can scale as the business grows.
Create a Lambda function that is capable of processing metadata, so that when a new object is uploaded to S3, the Lambda function will be invoked. The data from processing will then be uploaded into DynamoDB.
You have two large EC2 instances running in the same VPC, and you are concerned that you are not achieving the maximum network throughput between the instances. What two factors could explain the lower than expected performance?
- The instances are not capable of, or enabled for, enhanced networking.- The instances are not within a placement group.
Your autoscaling group launches instances that use provisioned IOPS EBS secondary data volumes. They are in a RAID 0 configuration, and serve 20TB of files. Whenever new instances are added to the group, they perform very slowly compared to the already running instances. What is the most likely problem?
The EBS volumes containing the files are created from snapshots.
You are designing infrastructure for an application which handles multiple petabytes per month of data transfer. It's utilized by customers globally, and you have been asked to develop an AWS solution that provides the lowest costs and best user experience. The data consists of static large video clips. You already have data center infrastructure that could optionally be used. Which option would you suggest, in order to meet the requirements?
Migrate the media to AWS S3, and Configure CloudFront to use that server as an origin.
One of your systems is suffering from performance problems. It's a critical system and you have been asked to design an upgrade to resolve the issues. Checking CloudWatch, you can see that the instance is historically running at 20% CPU and 99% Memory utilization. It currently runs on the 2nd smallest C type instance. What should your suggestion be, for the most economical way to resolve the performance issues?
Power down the instance and change the instance to a memory optimised instance type.
What are the 3 storage interface options for AWS Storage Gateway?
- volume gateway- file gateway- tape gateway
As an AWS consultant, you have been tasked with finding ways to quickly lower a client's AWS monthly bill. What is the first thing you should ask them for?
Ask them to run a Trusted Advisor report and send you the results.
To reduce costs, you have been asked to revamp the design for an existing application. The system consists of four instances, all the same size, which are constantly powered on and are currently using an on-demand billing model. The CIO wants to reduce costs, but also wants to reserve the capacity that the four instances use. Reserve capacity in another AZ should be guaranteed by AWS. What suggestion should you make?
When purchasing in the console, choose "Reserved Instances", Choose "Purchase Reserved Instances," select the Only show offerings that reserve capacity box, and choose your instance.
You are a solutions architect for a software development company. You have noticed that the business is currently running a lot of small admin scripts. They're written in Python, on a C3 instance type which is running constantly and using on-demand billing. The scripts run once per hour, each one completes in around 45 seconds, and utilize around 88MB while running. You have been asked to design a way to optimize the costs of this platform. It's worth noting that the business is about to launch a new product which would mean hundreds or thousands of these C3 instances. It's essential that these scripts run when scheduled.
Ask the developers to migrate the scripts to AWS Lambda functions. Use timed events to schedule the invocation of these functions.
Your operations team is using several EC2 instances for running scheduled maintenance scripts on your infrastructure. What are two ways you could possibly reduce costs for them?
- Reserve the instance capacity.- Move the scripts to Lambda Functions.
A client has asked you to advise them on some AWS cost related questions. The client has over 1000 EC2 instances that are preconfigured and used during peak periods of the year for their application. Those are currently in a stopped state now, but they are still incurring costs in that region. What's a possible reason for this?
The instances have attached EBS volumes, and those come with monthly charges while the volumes exist.
Which of the following events can be logged using CloudTrail
- CLI Calls to the AWS Account- API Calls to the AWS Account- Operations on S3 Objects
How could you block a specific CIDR IP Block from connecting to an EC2 instance?
Attach a NACL to the subnet and add a DENY rule for the CIDR block to the NACL.
What steps are required to allow an EC2 instance to access the internet while being as secure as possible? Assume all security rules/ACL's and subnets are in place already. (Choose all that apply)
- Create a default route from the EC2 instance's subnet to the NAT Gateway.- Add a NAT gateway- Attach an internet gateway to the VPC.- Create a default route from the NAT gateway's subnet to the Internet Gateway.
You have recently worked with a development team to implement a resilient web application running on four EC2 instances behind a load balancer. Performance is great, and limited failover testing has occurred with good feedback. A number of days ago a real failover event happened where the host an EC2 instance was running on fails. Customers connected via the load balancer to alternative instances, but they had to log in to the system again. What suggestions can you make to resolve this inconvenience?
Ask the developers to migrate the session state component of the application off the individual EC2 instances to DynamoDB.
You are designing an application with three components: an app server running on EC2, a media store running on S3, and a database running on DynamoDB. You have been asked to make sure your design allows a single AZ to fail without impacting service. Which option is correct?
S3 and DynamoDB are resilient to an AZ failure by design. Provision EC2 using a Launch Configuration and an Auto Scaling group to ensure it can cope with an AZ failure and auto-heal if needed.
A team of developers within your business has developed a mobile application, and it needs to access a DynamoDB table. The mobile application will be used by somewhere near 1,000,000 users. Which security access method would you suggest the developers use in order to minimize costs and admin overhead, while maximizing security.
Configure web identity federation in the mobile app. Use AWS Cognito, and set up an IAM role with permissions to connect to DynamoDB.
Your CIO has approached you with a problem. You currently run a technical teaching business and provide online learning to students. The service is hosted on premises, and you are unable to expand capacity. A full migration into AWS is not an option. The business needs time to adjust to the idea, and you have no infrastructure configured inside your recently created AWS account.The business needs to resolve the performance issues on the media delivery server. They need it done at the lowest possible cost point, and ideally would also improve performance to international students. What should you suggest?
Ensure the media server in your on premises network has a public IP address. Provision CloudFront, and configure it to globally cache content.
You are designing the storage needs for a movie processing application. Large videos are uploaded to your website and stored on S3. AWS Elastic Transcoder processes these master copies out into multiple formats and stores them on S3. The master copies can be used directly up to a year, sometimes less. There are over 20 size and bitrate variations for each master movie file. 90% of users of your website use only two of these size variants. Storage costs are increasing rapidly, and you have been asked to optimize the running costs.
Store the master video files on S3 Standard-IA, and migrate them to Glacier after 12 months. Store the popular resized versions on S3 Standard, and the less popular resized versions on S3 One Zone-IA.
Your business stores high-resolution media imaging in one of its S3 buckets accessible internally to its applications. The number of objects increases daily, and approximately 100,000 objects are added daily. After discussing the situation with your medical consultants, you have learned a few things. First, images are used extensively for seven days â after that, those images may or may not need to be accessed extensively for up to 60 days after arrival. Beyond that point, images are only accessed for scheduled consultations. What is the most economical solution to these mounting costs?
Transition images from Standard to Standard_IA after 30 days. After another 30 days, transition them from Standard_IA to Glacier. Glacier objects can be accessed from the S3 console if necessary.
How could you block a specific CIDR IP Block from connecting to an EC2 instance?
Attach a NACL to the subnet and add a DENY rule for the CIDR block to the NACL.
A custom CloudWatch metric has determined that your web application is returning a high number of 404 errors. How could you automatically create a message in your online Help Desk system for your webmaster? (Choose all that apply)
- Set an alarm for the metric that sends a notification to an SNS topic.- Create an SNS topic and subscribe the Create Ticket url for your Help Desk to the topic.
You are consulting for a company with a limited budget for on-premises hardware. Their tape-based backup system has reached end-of-life and needs an immediate upgrade. What AWS solution could replace their tape system with minimal or no configuration changes?
Storage Gateway in Tape Gateway configuration
Your business has two EC2 instances, one is located in us-east, the other in us-west. You want to allow both machines to communicate with each other. Instances in either VPC need to be able to communicate with each other as if they are within the same network. What solution would you recommend?
Configure an inter-region VPC peer between the VPCs and allow communications using the private IP addresses of the instances.
You've been tasked with building out a duplicate environment in another region for disaster recovery purposes. Part of your environment relies on EC2 instances with preconfigured software. What step(s) would you take to configure the instances in another region?
Create a custom AMI of the EC2 instance and copy the AMI to the desired region.
Your company is moving a legacy application from an on-premises data center to the cloud. The legacy application requires a static IP address hard-coded onto a backend service that uses a single instance. What options do you have to maximize the availability of this application?
- Associate an Elastic IP with a Network Load Balancer and target multiple instances in the AZ running the application.- Associate an Elastic IP address to an instance running the application, then enable EC2 Auto-recovery.
What happens if you reboot an instance store-backed EC2 instance with a Public IP?
The instance remains in the running state.
A medical company concerned about security compliance has asked you, a consultant, to perform an audit of their AWS environment. The company administrator provides you with the root login to the AWS account. After beginning the audit, you discover that the nurses who work for the company are all using a shared single login account called nurse_user1 to upload and download daily shift change reports from S3. After further investigation, you discover that the nurse_user1 account has full administrator privileges to EC2 and S3. When you document your findings, what security issues would you note in the report and what suggestion would you make to resolve the problem?
- There are three security issues: (1) you were given access to the root account, (2) the nurses are sharing an account, and (3) the nurses have full administrator privileges to EC2 and S3.- To resolve the security issues you would recommend the following: (1) create individual accounts for the nurses and put all of the nurse accounts into a group, (2) grant read/write permissions for the newly created group to the appropriate S3 bucket, and (3) recommend as a best practice that temporary accounts be created for consultants.
A company has asked you to perform a security audit on their AWS environment. You log in to their AWS account with the root user credentials, and discover that they are using a VPN to connect to and manage their private EC2 instances. Upon further inspection, you find that they are not regularly patching their RDS instances. Finally, you notice that they are using IAM policies, rather than bucket policies, to manage access to their S3 buckets. What do you cite as the most critical security risk in your report?
The company allows people to log in as their AWS account's root user.
You just created a VPC. For security purposes you are using NACLs and Security Groups. You launched an EC2 into a subnet, where you have set an Inbound Rule for SSH (22) in the SG, and both inbound and outbound rules for Port 22 on the subnet NACL. However, you are not able to SSH to the instance. What is the most likely issue?
The NACL needs an outbound rule for the high ephemeral port range (1024-65535).
You have an EC2 instance located in a private subnet. The instance is using an private IP Version 4 address in the 10.0.0.0/24 range and has no public IP or elastic IP attached. NACLs and Security Groups are configured to allow the needed traffic. How can you provide this instance with access to the internet for updates.
Attach an internet gateway to the VPC, provision a NAT gateway, then update routes.
You have been asked to advise a junior colleague how to explicitly deny traffic from an EC2 instance to a specific remote internet FQDN. What advice would you give?
Implement a proxy service in the VPC, adjust route tables, and use the proxy server to deny access to the remote hostname.
What are two ways you could reduce the execution time of a Lambda Function?
- Increase the RAM allocated to it.- Optimize your code.
What can help boost performance of an HPC application that relies heavily on inter-node communication?
- Making sure all instances are using Enhanced Networking- Putting all instances in a Cluster Placement Group
Someone has informed you of performance problems on one of your DB instances. The normal performance demands are met by the SSD storage allocated to the instance, but at periods of heavy demand there seems to be a large variance in the time taken for DB operations. Some take significantly longer than others.Your product uses RDS and the MySQL engine. What is the best suggestion you can make without having any further information?
Check the memory utilization of the DB instance. If commonly accessed data is larger than the memory allocated to the instance, consider increasing memory.
You've been asked to design a solution for a high volume website, and it needs to be highly available. In your proof of concept environment, you chose to use RDS using the MySQL engine. In your failover testing, you have noticed that when a failover occurs, there is sometimes data loss. It's as though the DB instance which takes over is behind the primary instance. What options do you have to resolve this?
Migrate to Aurora, which uses a higher performing shared storage architecture.
Your development team runs a web application which provides dynamic content using query strings. They have requested a solution to provide better performance globally for the application, at the lowest running and maintenance costs. What should you suggest?
Configure CloudFront to cache dynamic content with query strings. Run the EC2 instance in the most appropriate region to be accessed by the dev team.
You've been asked to review the architecture of an application within a client's AWS environment. It runs as a web app, with a DynamoDB backend. DynamoDB stores hundreds of millions of items of information, and each one is about 350KB in size. Most of every item is a satellite image of a plot of land, and could be anywhere on the earth's surface. The information is generated from a satellite image, and can't be regenerated. The data is read constantly, and is costing the business a fortune. On top of this, it's impacting read performance. What would you suggest as a quick potential way to reduce costs?
Adjust the DynamoDB table. Copy the satellite image data to an S3 bucket with static hosting enabled and use the STANDARD storage class, then replace the original copy with an S3 URL. Drop the RCU on the table.
To reduce costs, you have been asked to revamp the design for an existing application. The system consists of four instances, all the same size, which are constantly powered on and are currently using an on-demand billing model. The CIO wants to reduce costs, but also wants to reserve the capacity that the four instances use. Reserve capacity in another AZ should be guaranteed by AWS. What suggestion should you make?
When purchasing in the console, choose "Reserved Instances", Choose "Purchase Reserved Instances," select the Only show offerings that reserve capacity box, and choose your instance.
You have millions of objects in an S3 bucket. You are storing irreplaceable data that requires real-time access on rare occasions. Which of the following is the cheapest suitable storage class to use?
Amazon S3 Standard-Infrequent Access
As an AWS consultant, you have been tasked with finding ways to quickly lower a client's AWS monthly bill. What is the first thing you should ask them for?
Ask them to run a Trusted Advisor report and send you the results.
A client has asked you to advise them on some AWS cost related questions. The client has over 1000 preconfigured EC2 instances that are used during peak periods of the year for their application. The client has decided to perform an upgrade of their application before the next peak period, and so has terminated all 1000 EC2 instances. They report still being charged a fee on an ongoing basis. Which option below is a possible reason?
When terminating an EC2 instance, you can either terminate attached volumes or not. EBS is a potential cause of the charges. They may not have been deleted.
You have an environment which consists of ten classic load balancers, each serving HTTPS requests to two EC2 instances each. Multiple hostnames are in use. You have been asked to reduce costs while maintaining high availability. What would you suggest?
Merge the ten classic load balancers into two Application Load Balancers.
Multiple directors in your company have opened AWS accounts. The Chief Security Officer has expressed a concern that accounts may be using unapproved AWS services and wants your advice. What action would you take?
Create a root account as the Master in AWS Organizations, and have each account join your organization. Then apply Service Control Policies to the child accounts.