Aws Flashcards
An EC2 instance retrieves a message from an SQS queue, begins processing the message, then crashes. What happens to the message?
When the message visibility timeout expires, the message becomes available for processing by other EC2 instances
) You recently purchased and deployed four reserved EC2 instances in the US-East-1 region's Availability Zone 1 for a new project. Your supervisor just informed you that this project only requires two EC2 instances. Rather than selling the reserved instances, she asked you to terminate the extra instances and convert two of the on-demand instances already running in Availability Zone 1 to reserved instances. Can this be done
Yes, you can terminate the reserved instances and AWS will automatically begin billing the two on-demand instances as reserved instances
Given the following region design, what is the bare minimum for configuring high availability and why? Two availability zones within a region, az-a and az-b.
Create an ELB that serves traffic to two instances, one instance in each availability zone, and enable cross-zone load balancing on the ELB, then create an Auto Scaling Group, because this applies high availability if a single availability zone is no longer available
) You are designing a global application that takes advantage of multiple regions. As part of your application, the need to synchronize from one region to another is required to ensure your application is serving the same data when employing latency-based Route 53 DNS records. To ensure this happens, you have determined that using the AWS CLI to sync files from the primary storage servers to S3 is the best method. How might you implement AWS CLI authentication against the S3 service?
Create an EC2 IAM role and assign it to each EC2 instance that utilizes the AWS CLI to sync the data
Which of the following best describes what "bastion hosts
Bastion hosts are instances that sit within your public subnet and are typically accessed using SSH or RDP. Once remote connectivity has been established with a bastion host, it then acts as a 'jump' server, allowing you to use SSH or RDP to log into other instances (within private subnets) deeper within your network.
Which statements are true about Amazon S3
Provides %99.999999999 durability to S3 objects, Provides %99.99 availability to S3 objects
You manage an application that uses EC2 instances and SQS to process requests from end users. Your application is working great, but your supervisor is concerned about the cost of the AWS resources it uses. Which of the following would not help address that concern
Increase the visibility timeout for messages in the SQS queue
You are testing an application that uses EC2 instances to poll an SQS queue. At this stage of testing, you have verified that the EC2 instances can retrieve messages from the queue, but your coworkers are complaining about not being able to manually retrieve any messages from the queue from their on-premises workstations. What is the most likely source of this problem
Your coworkers may not have permission to the SQS queueShort polling may fail to retrieve messages sometimes, but if no messages can be retrieved after multiple attempts, permissions are the more likely cause
You create an SQS queue with the default settings for a new application your company is deploying. While new messages are added to the queue throughout the week, management has indicated that the application which retrieves the messages should only be run during your company's weekly Sunday evening maintenance window. It is quickly noticed on Monday morning that several messages were not processed the previous evening and the messages are no longer in the queue. What is a likely cause for this issue
The messages surpassed the retention period for the queue
) When designing an application architecture utilizing EC2 instances and the ELB, to determine the instance size required for your application what questions might be important
Determining the minimum memory requirements for an application, Determine the required I/O operations
You have 8 instances running on your VPC and all 10 of your users (5 production and 5 development) currently have access to all the instances. However, you have been told that because 4 of the instances are used for production and 4 are used for development you will need to set up access so that the 5 production people can only access the production server and the 5 development people can only access the development server. Using policies, which of the following would be the best way to accomplish this
Define the tags on the test and production servers and add a condition to the IAM policy which allows access to specific tags
You recently purchased hardware to run a decoupled application in your on-premises datacenter. The application is working great, but has seen an increased workload in recent weeks that makes you concerned that your hardware cannot handle the load. Your supervisor asks you to analyze the possibility of expanding the application using cloud resources. You cannot completely migrate the application to AWS because of the investment you have already made in on-premises hardware. What items will most likely be included in your analysis
You can leverage SQS to utilize both on-premises servers and EC2 instances for your decoupled application, You can leverage SWF to utilize both on-premises servers and EC2 instances for your decoupled application
Your supervisor is upset that a client's purchase from your website was processed twice. You find out that the order process involves EC2 instances processing messages from an SQS queue. What action would you recommend to ensure this does not happen again
Modify the order process to use SWF
For basic monitoring on AWS, which metrics are not included as part of the basic monitoring package
Free memory, Free swap
You are building a system to distribute confidential training videos to employees. Using CloudFront, what method would be used to serve content that is stored in S3, but not publicly accessible from S3 directly
Create an Origin Access Identify (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI
Your AWS environment contains several reserved EC2 instances dedicated to a project that has just been cancelled. Your supervisor wants to stop incurring charges for these reserved instances immediately and recuperate as much of the reserved instance cost as possible. What can you do to avoid being charged for them?
Terminate the instances as soon as possible, Sell the reserved instances on the AWS Reserved Instance Marketplace
) Your supervisor asks you to create a decoupled application using EC2 instances polling an SQS queue. Which of the following is not necessary to accomplish this goal
An Elastic Load Balancer to distribute traffic from EC2 instances to the SQS queueWhile an Elastic Load Balancer is often used to handle incoming web traffic requests in a highly available web application solution, it is not required for a decoupled application's EC2 instances to poll SQS. A decoupled application requires that one component of the application can fail without the entire environment failing. Using multiple EC2 instances that have been launched with a role granting SQS queue permissions and using code to poll an SQS queue allows an EC2 instance to fail, even if it has already begun processing a job because another instance is able to process the job when the message is returned to the queue.
Your AWS environment contains several reserved EC2 instances dedicated to a project that has just been cancelled. Your supervisor would like to recuperate cost for these reserved instances, but also does not want to lose the data just yet in case the project is revived next fiscal year. What can you do to minimize charges for these instances
Take snapshots of the EBS volumes and terminate the instances, Sell the instances on the AWS Reserved Instance Marketplace
) Elasticity is a fundamental property of the cloud. What best describes elasticity
Power to scale computing resources up and down easily with minimal friction
A user needs access to Elastic Load Balancing. This is the first and possibly only time that they will require this access. Which of the following choices would be the best way to allow this access
Delegate access to the ELB using an IAM role
Which of the following is an invalid VPC peering configuration
You have a VPC peering connection between VPC A and VPC B. VPC A also has a VPN connection to a corporate network. You use VPC A to extend the peering relationship to exist between VPC B and the corporate network so that traffic from the corporate network can directly access VPC B by using the VPN connection to VPC A
You are asked to review a plan that your company has made to create a new application that makes use of SQS, EC2, Auto Scaling and CloudWatch. Which of the following action items should you advise your company not to implement
Utilize short polling with a wait time of 20 seconds to reduce the number of empty responses from the SQS queueExplanationPolling executed with a wait time of greater than 0 seconds is called long polling
You are consulting for a company with a limited budget for on-premise hardware. However, they need to store large amounts of data that is easily accessible through a network share with on-premise employees. Which AWS solution would you implement for this company
Configure storage gateway with Gateway-Cached Volumes
Your EC2 instances are configured to run behind an Amazon VPC. You have assigned two web serves instances to an Elastic Load Balancer. However, the instances and the ELB are not reachable via URL to the elastic load balancer serving the web app data from the EC2 instances. How might you resolve the issue so that your instances are serving the web app data to the public Internet
Attach an Internet gateway to the VPC and route it to the subn
After deciding that, due to to strict contractual requirements, the latest AWS VPC that you deploy will need to incorporate AWS CloudHSM as an encryption solution, where within your AWS infrastructure would be the best place to physically locate the HSM appliances and why
Locating HSM appliances near your EC2 instances decreases network latency, which can improve application performance
You and a colleague create an SQS queue and create several messages in it. You both test your ability to manually poll the queue by using the command-line API calls. After testing, you find that your colleague's polling attempt retrieved messages 1, 3, and 5. Your polling attempt retrieved messages 4, 6, and 8. Nether of your attempts retrieved messages 2 or 7. What is a possible cause for this behavior
You and your colleague did not see the same messages because of the visibility timeout, You and your colleague used short polling
How do you secure company critical data on S3
You can use IAM Policies b. You can use Bucket policiesc. You can use Access Control Lists (ACLs)d. You can use the Server Side Encryption
You have a photo selling website where you have a library of photos on S3. You noticed that there are some websites that are showing the link to your S3 photos. How do you restrict sites like these using your S3 photos link
Restrict access to those websites in the bucket policy
What services are required for Auto Scaling
CloudWatch ELb
What are the benefits of using Elasticache for you web applicatio
It reduces the load on your databaseGives you faster access to your cache data
. You have a business critical application that requires it to be highly available with 6 instances always running. What should you do to achieve this
Auto Scaling rule for 6 instances always runningd. Auto scaling rule for 3 instance always running in each zonee. Auto Scaling Replace the lost capacity in case of zone failure in the other zone
How to secure data on rest in ebs
EBS automatically encrypts data on it for more security
An instance is connected to an ENI (Elastic Network Interface) in one subnet. What happens when you attach an ENI of a different subnet to this instance
The instance follows the rules of both the subnets
To maintain compliance with HIPPA laws, all data being backed up or stored on Amazon S3 needs to be encrypted at rest. What is the best method for encryption for your data, assuming S3 is being used for storing the healthcare-related data
Enable SSE on an S3 bucket to make use of AES-256 encryption , Encrypt the data locally using your own encryption keys, then copy the data to Amazon S3 over HTTPS endpoints
You manage a web application on EC2 instances. Incoming requests are saved as messages in an SQS queue with the maximum message retention period. You return from a week and a half vacation to find that the part of the application which processes received requests is hung and the queue has grown to 1,000 messages. While you are working on resolving the application issue, you need to post an update to end users. What information should that update include
An apology for the delay in processing requests, assurance that the application will be operational shortly, and a note that all received requests will be processed at that time.ExplanationUse of an SQS queue to decouple the application means that a virtually unlimited number of received requests can be stored in the SQS queue for a maximum of 14 days and can be processed when the portion of the application that is responsible for processing received requests becomes operational again.
Your supervisor is upset that a client's purchase from your website was processed twice. You find out that the order process involves EC2 instances processing messages from an SQS queue. What action would you recommend to ensure this does not happen again?
Modify the order process to use SWFExplanationThe only way to ensure that a duplicate will not occur in a process is to use Amazon SWF instead of SQS. The other options can decrease the chances of duplicates in SQS, but will not eliminate them entirely.
Your company is concerned with EBS volume backup on Amazon EC2 and wants to ensure they have proper backups and that the data is durable. What solution would you implement and why
Write a cronjob that uses the AWS CLI to take a snapshot of production EBS volumes. The data is durable because EBS stapshots are stored on the Amazon S3 standard storage class
You manage a web application on EC2 instances. Incoming requests are saved as messages in an SQS queue with the maximum message retention period. You return from a week and a half vacation to find that the part of the application which processes received requests is hung and the queue has grown to 1,000 messages. While you are working on resolving the application issue, you need to post an update to end users. What information should that update include
Correct answerAn apology for the delay in processing requests, assurance that the application will be operational shortly, and a note that all received requests will be processed at that time.ExplanationUse of an SQS queue to decouple the application means that a virtually unlimited number of received requests can be stored in the SQS queue for a maximum of 14 days and can be processed when the portion of the application that is responsible for processing received requests becomes operational again.
You are asked to evaluate a company's AWS environment to find ways to reduce cost. You discover they are running three production web server reserved EC2 instances with EBS-backed root volumes. These instances have a consistent CPU load of 80%. Traffic is being distributed to these instances by an Elastic Load Balancer. They also have production and development Multi-AZ RDS MySQL databases. What recommendation would you make to reduce cost in this environment without affecting availability of mission-critical systems
Correct answerConsider not using a Multi-AZ RDS deployment for the development databaseExplanationMulti-AZ RDS databases minimize downtime, provide high availability, and reduce performance impact during backups, so they are highly recommended for production systems. Development systems may be able to get by with a standard RDS deployment, since uptime and performance requirements may be lower in a development environment.
You have created a Direct Connect Link from your on premise data center to your Amazon VPC. The link is now active and routes are being advertised from the on premise data center. You can connect to EC2 instances from your data center, however you cannot connect to your on premise servers from your EC2 instances. Which two steps below should you do to remedy this solution (choose 2)
Enable route propagation on your Virtual Private Gateway (VPG)Correct AnswerEdit the VPC subnet route table and add a route back to the on premise data center.There is no route connecting your VPC back to the on premise data center. You need to add this route to the route table and then enable propagation on the Virtual Private Gateway.
You are a solutions architect who has moved to a manufacturing company who has very legacy applications. One of these applications needs to communicate with services which are currently hosted on premise. The people who wrote this application have left the company and there is nothing to document how the application works. You need to ensure that this application can be hosted in a bespoke VPC but still be able to communicate to the back end services which are hosted on premise. Which of the three answers below will allow the application to communicate back to the on premise equipment without the need to reprogram the application
You should configure the VPC subnet in which the application is sitting so that it does not have a conflicting IP address range as the on premise VLAN in which the back end services sit.CorrectYou should ensure the VPC has an internet gateway attached to it so that you can establish a site to site VPN with the on premise environment.You should configure an AWS Direct Connect link between the VPC and the site with the on premise solution.You need to ensure that your application in your custom VPC can communicate back to the on-premise data center. You can do this by either using a site to site VPN or Direct Connect. It will be using an internal IP address range, so you must make sure that your internal IP addresses do not overlap.
With SAML-enabled single sign-on
The portal first verifies the user's identity in your organization, then generates a SAML authentication responseAfter the client browser posts the SAML assertion, AWS sends the sign-in URL as a redirect, and the client browser is redirected to the Console.
How the Public IP address managed in an instance session via the instance GUI/RDP or Terminal/SSH session
The Public IP address is not managed on the instance, but is an alias applied as a NAT of the Private IP address at the VPC boundary equipment managed by AWS
When coding a routine to upload to S3 you have the option of single part upload or multipart upload. For what reason might you choose to use Multipart upload
Improved throughputQuick recovery from network issuesPause and resume object uploadsBegin an upload before you know the final object size
To add an object to an S3 bucket the PUT operation is used. As part of crafting a PUT the programmer can add instructions call Request Headers. Which of the following are valid S3 Request Headers
Content-LengthCorrectContent-MD5x-amz-storage-clasx-amz-meta-
Which two URL formats does S3 support to accessing bucket 'mynewbucket'
http://mynewbucket.s3-aws-region.amazonaws.comhttp://s3-aws-region.amazonaws.com/mynewbucket
You work for a genomics company that is developing a cure for motor neuron disease by using advanced gene therapies. As a part of their research they take extremely large data sets (usually in the terabytes) and analyse these data sets using Elastic Map Reduce. In order to keep costs low, they run the analysis for only a few hours in the early hours of the morning, using spot instances for the on demand task nodes. The core nodes use on demand instances. Lately however the EMR jobs have been failing. This is due to spot instances being unexpectedly terminated. How could you resolve this issue, while still keeping costs low
Change the task nodes to on demand instances.increase the bid price for the task nodes so that you have a greater threshold before the task nodes are terminated.You should consider either increasing the bid price for the task nodes so that your nodes are not terminated or even converting the task nodes to on demand instances so as to ensure they are not prematurely terminated.START OVER
when copying an AMI, which of the following types of information must be manually copied to the new instance
Launch permissionsS3 bucket permissionUser-defined tagsLaunch permissions, S3 bucket permissions, and user-defined tags must be copied manually to an instance based on an AMI. User data is part of the AMI, itself, and does not need to be copied manually.
The risk with spot instances is that you are not guaranteed use of the resource as long as you might want. Choose 4 possible scenarios for AWS forced shutdown
AWS sends a notification of termination and you receive it 120 seconds before the intended forced shutdown.AWS sends a notification of termination but you do not receive it within the 120 seconds and the instance is shutdown.AWS sends a notification of termination and you receive it 120 seconds before the intended forced shutdown, but AWS do not action the shutdown.AWS sends a notification of termination and you receive it 120 seconds before the forced shutdown, but the normal lease expired before the forced shutdown.
When making use of ec2 instances on Dedicated Hosting , which of the following modes are you able to transition between by stopping the instance and starting again
host & dedicated.dedicated & host.
To establish a successful site-to-site VPN connection from your on-premise network to an AWS Virtual Private Cloud, which of the following must be configured
An on-premise Customer GatewayCorrectA Virtual Private GatewayA VPC with Hardware VPN Access
Your company likes the idea of storing files on AWS. However low-latency service of the majority of files is important to customer service. Which Storage Gateway configuration would you use to achieve both of these ends
Gateway-StoredGateway-Stored volumes store your primary data locally, while asynchronously backing up that data to AWS.
You have created a Direct Connect Link from your on premise data center to your Amazon VPC. The link is now active and routes are being advertised from the on premise data center. You can connect to EC2 instances from your data center, however you cannot connect to your on premise servers from your EC2 instances. Which two steps below should you do to remedy this solution (
Enable route propagation on your Virtual Private Gateway (VPG)Correct AnswerEdit the VPC subnet route table and add a route back to the on premise data center.There is no route connecting your VPC back to the on premise data center. You need to add this route to the route table and then enable propagation on the Virtual Private Gateway.
How the Public IP address managed in an instance session via the instance GUI/RDP or Terminal/SSH session
The Public IP address is not managed on the instance, but is an alias applied as a NAT of the Private IP address at the VPC boundary equipment managed by AWSA private IP address is an IP address that's not reachable over the Internet. You can use private IP addresses for communication between instances in the same network (EC2-Classic or a VPC). For more information about the standards and specifications of private IP addresses
You are planning on creating an EC2 instance that will create S3 objects and modify CloudWatch alarms. What is the best way to deploy this instance?
Assign an S3 policy and a CloudWatch policy to a single IAM role. Assign the IAM role to the instance at deployment timeExplanationEC2 instances should use IAM roles, rather than IAM user credentials, to perform actions on AWS resources. An EC2 instance can only be assigned one role
After building an application that makes use of an Elastic Load Balancer over port 80, you notice that your instances, even though they are healthy as part of the health check, are not serving traffic when you go to the ELB DNS cname. What might be the cause of this issue?
The ELB security group does not have port 80 open, The EC2 instances do not have port 80 open
A user needs access to Elastic Load Balancing. This is the first and possibly only time that they will require this access. Which of the following choices would be the best way to allow this access
Delegate access to the ELB using an IAM role
our EC2 instances are configured to run behind an Amazon VPC. You have assigned two web serves instances to an Elastic Load Balancer. However, the instances and the ELB are not reachable via URL to the elastic load balancer serving the web app data from the EC2 instances. How might you resolve the issue so that your instances are serving the web app data to the public Internet?
Attach an Internet gateway to the VPC and route it to the subnet
Which of the following is not a benefit of a decoupled architecture using EC2, Auto Scaling, and SQS
Correct answerAn application does not become unavailable due to the deletion of a single SQS queueExplanationDeletion of an SQS queue used in an application will cause the application to fail.
You manage a web application on EC2 instances. Incoming requests are saved as messages in an SQS queue with the maximum message retention period. You return from a week and a half vacation to find that the part of the application which processes received requests is hung and the queue has grown to 1,000 messages. While you are working on resolving the application issue, you need to post an update to end users. What information should that update include
orrect answerAn apology for the delay in processing requests, assurance that the application will be operational shortly, and a note that all received requests will be processed at that time.ExplanationUse of an SQS queue to decouple the application means that a virtually unlimited number of received requests can be stored in the SQS queue for a maximum of 14 days and can be processed when the portion of the application that is responsible for processing received requests becomes operational again.
Which is an operational process performed by AWS for data security?
Decommissioning of storage devices using industry-standard practices
Company B provides an online image recognition service and utilizes SQS to decouple system components for scaleability. The SQS consumer's readers poll the image queue as often as possible to keep end-to-end throughput as high as possible. However, Company B is realizing that polling in tight loops is burning CPU cycles and increasing costs with empty responses. How can company B reduce the number of empty responses
Enable long polling by setting the ReceiveMessageWaitTimeSeconds to a number > 0
You create an SQS queue and decide to test it out by creating a simple application which looks for messages in the queue. When a message is retrieved, the application is supposed to delete the message. You create three test messages in your SQS queue and discover that messages 1 and 3 are quickly deleted but message 2 remains in the queue. What is a possible cause for this behavior
Correct answerThe order that messages are received in is not guaranteed in SQS, Your application is using short pollingExplanationShort polling does not query all the servers that the SQS messages can reside on, so multiple queries of the queue may be needed to retrieve all messages in the queue.
You create an SQS queue and decide to test it out by creating a simple application which looks for messages in the queue. When a message is retrieved, the application is supposed to delete the message. You create three test messages in your SQS queue and discover that messages 1 and 3 are quickly deleted but message 2 remains in the queue. What is a possible cause for this behavior?
Correct answerThe order that messages are received in is not guaranteed in SQS, Your application is using short pollingExplanationShort polling does not query all the servers that the SQS messages can reside on, so multiple queries of the queue may be needed to retrieve all messages in the queue.
Which statements are true about Amazon S3
Provides %99.999999999 durability to S3 objects, Provides %99.99 availability to S3 objects
hich of the following will occur when an EC2 instance in a VPC with an associated Elastic IP is stopped and started?Incorrect
All data on instance-store devices will be lost, The underlying host for the instance can be changed
After deciding that, due to to strict contractual requirements, the latest AWS VPC that you deploy will need to incorporate AWS CloudHSM as an encryption solution, where within your AWS infrastructure would be the best place to physically locate the HSM appliances and why
Locating HSM appliances near your EC2 instances decreases network latency, which can improve application performance
You recently purchased four reserved EC2 instances in the US-East-1 region's Availability Zone 1. Your supervisor just informed you that she would like the instances distributed equally across US-East-1 region Availability Zones 1 and 2. Can you use the reserved instances you just purchased to deploy EC2 instances in Availability Zone 2
Correct answerYes, you can migrate the reserved instances to Availability Zone 2ExplanationAfter recent AWS updates you can now migrate reserved instances without having to sell and repurchase.
Your company has moved a legacy application from an on-premise data center to the cloud. The legacy application requires a static IP address hard-coded into the backend, which prevents you from deploying the application with high availability and fault tolerance using the ELB. Which steps would you take to apply high availability and fault tolerance to this application?
Correct answerEnsure that the instance it's using has an elastic IP address assigned to it, Write a custom script that pings the health of the instance, and, if the instance stops responding, switches the elastic IP address to a standby instance