What is a proper definition of an IAM Role An IAM entity that defines a set of permissions for making requests to AWS services, and will be used by an AWS service IAM Users in multiple User Groups An IAM entity that defines a PW policy for IAM Users Permissions assgined to IAM Users to perform actions.
Which of the following is an IAM Security Tool? IAM Credentials Report IAM Root Account Manager IAM Services Report IAM Security Advisor.
Which answer is INCORRECT regarding IAM Users? IAM User can belong to multiple User Groups IAM User don`t have to belong to a user Group IAM policies can be attached directly to IAM User IAM Users access AWS services using root account credentials.
Which of the following is an IAM best practice? Create serveral IAM Users for one physical person Don`t you the root user account Share your AWS account credentials with your colleage, so (s)he can perform a task for you Do not enable MFA for easier access.
What are IAM Policies? A set of policies that defines how AWS accounts interact with each other JSON documents that defines a set of permissions fo making requests to AWS services,
and can be used by IAM Users, User Groups, & IAM Roles A set of policies that define a PW for IAM Users A set of policies defined by AWS that show how customers interact with AWS.
Which principle should you apply regarding IAM Permissions? Grant least privilege Grant most privilege Grant more permissions if your employee asks you to Restrict root account permissions.
What should you do to increase your root account security? Remove permissions from the root account only access AWS services through AWS Command Line Interface(CLI) Don`t create IAM Users, only access your AWS account using the root account Enable MFA.
IAM User Groups can contain IAM Users and other User Groups. True False.
An IAM policy consists of one or more statements. A statement in an IAM Policy consists of the following, EXCEPT: Effect Principal Version Action Resource.
Which EC2 Purchasing Option can provide you the biggest discount, but it is not suitable for critical jobs or databases? Convertible Reserved instance Dedicated Hosts Spot instance.
What should you use to control traffic in and out of EC2 instances? Network Access Control List (NACL) Security Group IAM Policies.
How long can you reserve an EC2 Reserved Instance? 1 or 3 years 2 or 4 years 6 months or 1 year Anytime between 1 & 3 years.
You would like to deploy a High-Performance Computing (HPC) application on EC2 instances.
Which EC2 instance type should you choose? Storage Optimized Compute Optimized Memory Optimized General Purpose.
Which EC2 Purchasing Option should you use for an application you plan to run on a server continuously for 1 year? Reserved Instances Spot Instances On-Demand Instances.
You are preparing to launch an application that will be hosted on a set of EC2 instances.
This application needs some software installation and some OS packages need to be updated during the first launch.
What is the best way to achieve this when you launch the EC2 instances? Connect to each EC2 instance using SSH, then install the required software and update your OS packages manually Write a bash script that installs the required software and updates to your OS,
then contact AWS Support and provide them with the script.
They will run it on your EC2 instances at launch write a bash script that installs the required software and updates to your OS,
then use this script in EC2 User Data when you launch your EC2 instances.
Which EC2 Instance Type should you choose for a critical application that uses an in-memory database? Compute optimated Storage Optimized Memory Optimized General Purpose.
You have an e-commerce application with an OLTP database hosted on-premises.
This application has popularity which results in its database has thousands of requests per second.
You want to migrate the database to an EC2 instance.
Which EC2 Instance Type should you choose to handle this high-frequency OLTP database? Compute Optimized Storage Optimized Memory Optimized General Purpose.
Security Groups can be attached to only one EC2 instance. FAILSE TRUE.
You're planning to migrate on-premises applications to AWS.
Your company has strict compliance requirements that require your applications to run on dedicated servers.
You also need to use your own server-bound software license to reduce costs.
Which EC2 Purchasing Option is suitable for you? Convertible Reserved Instances Dedicated Host Spot Instance.
You would like to deploy a database technology on an EC2 instance and the vendor license bills you based on the physical cores and underlying network socket visibility.
Which EC2 Purchasing Option allows you to get visibility into them? Spot Instances On-Demand Dedicated hosts Reserved Instances.
Spot Fleet is a set of Spot Instances and optionally ............... Reserved Instances On-Demand Instances Dedicated Hosts Dedicated Instances.
You have launched an EC2 instance that will host a NodeJS application.
After installing all the required software and configured your application, you noted down the EC2 instance public IPv4 so you can access it.
Then, you stopped and then started your EC2 instance to complete the application configuration.
After restart, you can't access the EC2 instance, and you found that the EC2 instance public IPv4 has been changed.
What should you do to assign a fixed public IPv4 to your EC2 instance? allocate an Elastic IP and assign it to your EC2 instance From inside your EC2 instance OS, change network configuration from DHCP to static and assign it a public IPv4 Contact AWS Support and request a fixed public IPv4 to your EC2 instance This can't be done, you can only assign a fix private IPv4 to your EC2 instance.
You have an application performing big data analysis hosted on a fleet of EC2 instances.
You want to ensure your EC2 instances have the highest networking performance while communicating with each other. Which EC2 Placement Group should you choose? Spread Placement Group Cluster Placement Group Partition Placement Group.
You have a critical application hosted on a fleet of EC2 instances in which you want to achieve maximum availability when there's an AZ failure.
Which EC2 Placement Group should you choose? Partition Placement Group Cluster Placement Group Spread Placement Group.
Elastic Network Interface (ENI) can be attached to EC2 instances in another AZ. True False.
The following are true regarding EC2 Hibernate, EXCEPT: EC2 Instance RAM must be less than 150 GB EC2 Instance Root Volume type must be an EBS volume Supports On-Demand and Reserved Instances EC2 Instance Root Volume must be an instance Store volume.
You have just terminated an EC2 instance in us-east-1a, and its attached EBS volume is now available.
Your teammate tries to attach it to an EC2 instance in us-east-1b but he can't.
What is a possible cause for this? He 's missing IAM permissions EBS volomes are locked to an AWS Region EBS volumes are locked to an Availability Zone.
You have launched an EC2 instance with two EBS volumes,
Root volume type and the other EBS volume type to store the data.
A month later you are planning to terminate the EC2 instance.
What's the default behavior that will happen to each EBS volume? Both the root volume type and the EBS volume type will be detected The Root volumn type will be deleted and the EBS volume type will not be deleted The root volume type will not be deleted and the EBS volume type be deleted Both the root volume type and EBS volume type will not be deleted.
You can use an AMI in N.Virginia Region us-east-1 to launch an EC2 instance in any AWS Region. True False.
Which of the following EBS volume types can be used as boot volumes when you create EC2 instances? gp2, gp3, st1, sc1 gp2, gp3, io1, io2 io1, io2, gp2, gp3.
What is EBS Multi-Attach? Attach the same EBS volume to multiple EC2 instances in multiple AZs Attach the same EBS volume to the same AZ to the same EC2 instance Attach the same EBS volume to multiple EC2 instances in the same AZ Attach the same EBS volume to multiple AZs to the EC2 instance.
You would like to encrypt an unencrypted EBS volume attached to your EC2 instance.
What should you do? Create an EBS snapshot of your EBS volumn.
Copy the snapshot and tick the option to encrypt the copied snapshot.
then, use the encrypted snapshot to create a new EBS volume. Select your EBS volumn, choose edit attributes, then click the encrypt using KMS option Create a new encrypted EBS volume, then copy data from your unencrypted EBS volume to the new EBS volume. Submit a request to AWS Support to encrypt your EBS volumn.
You have a fleet of EC2 instances distributes across AZs that process a large data set.
What do you recommend to make the same data to be accessible as an NFS drive to all of your EC2 instances?
Use EBS Use EFS Use an Instance Store.
You would like to have a high-performance local cache for your application hosted on an EC2 instance.
You don't mind losing the cache upon the termination of your EC2 instance.
Which storage mechanism do you recommend as a Solutions Architect? EBS EFS Instance Store.
You are running a high-performance database that requires an IOPS of 310,000 for its underlying storage.
What do you recommend? Use an EBS gp2 Use an EBS io1 drive Use an EC2 Instance Store Use an EBS io2 Block Express drive.
Amazon RDS supports the following databases, EXCEPT: MongoDB MySQL MariaDB Microsoft SQL Server.
You're planning for a new solution that requires a MySQL database that must be available even in case of a disaster in one of the Availability Zones.
What should you use? Create Read Replicas Enable Encryption Enable Multi-AZ.
We have an RDS database that struggles to keep up with the demand of requests from our website.
Our million users mostly read news, and we don't post news very often.
Which solution is NOT adapted to this problem? An ElastiCache-Cluster RDS Multi-AZ RDS Read Replicas.
You have set up read replicas on your RDS database,
but users are complaining that upon updating their social media posts,
they do not see their updated posts right away.
What is a possible cause for this? There must be bug in your application Read Replication have Asynchronous Replication,
there it 's likely your users will only read Eventual Consistency You should have set up Multi- AZ instead.
Which RDS (NOT Aurora) feature when used does not require you to change the SQL connection string? Multi-AZ Read Replicas.
Your application running on a fleet of EC2 instances managed by an Auto Scaling Group behind an Application Load Balancer.
Users have to constantly log back in and you don't want to enable Sticky Sessions on your ALB as you fear it will overload some EC2 instances.
What should you do? Use your own custom Load Balancer on EC2 instances instead of using ALB Store session data in RDS Store session data in ElastiCache Store session data in a shares EBS volume.
Scaling an EC2 instance from r4.large to r4.4xlarge is called ..................... Horizontal Scalability Vertical scalability.
Running an application on an Auto Scaling Group that scales the number of EC2 instances in and out is called ..................... Horizontal scalability Vertical Scalability.
Elastic Load Balancers provide a ....................... static DNS name we can use in our application static IPv4 we can use in our application static IPv6 we can use in our application.
You are running a website on 10 EC2 instances fronted by an Elastic Load Balancer.
Your users are complaining about the fact that the website always asks them to re-authenticate when they are moving between website pages.
You are puzzled because it's working just fine on your machine and in the Dev environment with 1 EC2 instance.
What could be the reason? your website must have an issue when hosted on multiple EC2 instances The EC2 instances log out users as they can't see their IP addresses, instead, they recieve ELB IP addresses Elastic Load Balancer dose not have Sticky sections enabled.
You are using an Application Load Balancer to distribute traffic to your website hosted on EC2 instances.
It turns out that your website only sees traffic coming from private IPv4 addresses which are in fact your Application Load Balancer's IP addresses.
What should you do to get the IP address of clients connected to your website? Modify your website's frontend so that users send their IP in every request Modify your website's backend to get the client IP address from the X-Forwarded-For header Modify your website 's backend to get the client IP addresses from the X-Forwarded-Port header Modify your website 's backend to get the client IP addresses from the X-Forwarded-Proto header.
You hosted an application on a set of EC2 instances fronted by an Elastic Load Balancer.
A week later, users begin complaining that sometimes the application just doesn't work.
You investigate the issue and found that some EC2 instances crash from time to time.
What should you do to protect users from connecting to the EC2 instances that are crashing? Enable ELB Health Checks Enable ELB Stickiness Enable SSL Termination Enable Cross-Zone Load Balacing.
You are working as a Solutions Architect for a company
and you are required to design an architecture for a high-performance,
low-latency application that will receive millions of requests per second.
Which type of Elastic Load Balancer should you choose? Application Load Balance Classic Load Balancer Network Load Balancer.
Application Load Balancers support the following protocols, EXCEPT: HTTP HTTPS TCP WebSocket.
Application Load Balancers can route traffic to different Target Groups based on the following, EXCEPT: Clients's Location(Geography) Hostname Request url Path Source IP Address.
Registered targets in a Target Groups for an Application Load Balancer can be one of the following, EXCEPT: EC2 Instances Network Load Balance Private IP Address Lambda Functions.
For compliance purposes, you would like to expose a fixed static IP address to your end-users so that they can write firewall rules that will be stable and approved by regulators.
What type of Elastic Load Balancer would you choose? Application Load Balancer with an Elastic IP attached to it Network Load Balancer Classic Load Balancer.
You want to create a custom application-based cookie in your Application Load Balancer.
Which of the following you can use as a cookie name? AWSALBAPP APPUSERC AWSALBBTG AWSALB.
You have a Network Load Balancer that distributes traffic across a set of EC2 instances in us-east-1.
You have 2 EC2 instances in us-east-1b AZ and 5 EC2 instances in us-east-1e AZ.
You have noticed that the CPU utilization is higher in the EC2 instances in us-east-1b AZ.
After more investigation, you noticed that the traffic is equally distributed across the two AZs.
How would you solve this problem? Enable Cross-Zone Load Balancing Enable Sticky Sessions Enable ELB Health Check Enable SSL Termination.
Which feature in both Application Load Balancers and Network Load Balancers allows you to load multiple SSL certificates on one listener? TLS Termination Server Name Indication(SNI) SSL Security Polices Host Headers.
You have an Application Load Balancer that is configured to redirect traffic to 3 Target Groups based on the following hostnames:
users.example.com, api.external.example.com, and checkout.example.com. You would like to configure HTTPS for each of these hostnames.
How do you configure the ALB to make this work? use an HTTP to HTTPS redirect rule Use a security group SSL certificate Use Server Name Indication (SNI).
You have an application hosted on a set of EC2 instances managed by an Auto Scaling Group that you configured both desired and maximum capacity to 3.
Also, you have created a CloudWatch Alarm that is configured to scale out your ASG when CPU Utilization reaches 60%.
Your application suddenly received huge traffic and is now running at 80% CPU Utilization.
What will happen? Nothing The disired capacity will go up to 4 and the maximum capacity will stay at 3 The desired capacity will go up to 4 and the the maximum capacity will stay at 4.
You have an Auto Scaling Group fronted by an Application Load Balancer.
You have configured the ASG to use ALB Health Checks, then one EC2 instance has just been reported unhealthy.
What will happen to the EC2 instance? The ASG will keep the instance running and re-start the application The ASG will detach the EC2 instance and leave it running The ASG will terminate the EC2 instance.
Your boss asked you to scale your Auto Scaling Group based on the number of requests per minute your application makes to your database.
What should you do? Create a CloudWatch custom metric then create a CloudWatch Alarm on this metric to scale your ASG Your politely tell him it's impossible Enable Detailed Monitoring then create a CloudWatch Alarm to scale your ASG.
An application is deployed with an Application Load Balancer and an Auto Scaling Group.
Currently, you manually scale the ASG and you would like to define a Scaling Policy that will ensure the average number of connections to your EC2 instances is around 1000.
Which Scaling Policy should you use? Simple Scaling Policy Step Scaling Policy Target Tracking Policy Scheduled Scaling Policy.
You have an ASG and a Network Load Balancer.
The application on your ASG supports the HTTP protocol and is integrated with the Load Balancer health checks.
You are currently using the TCP health checks.
You would like to migrate to using HTTP health checks, what do you do? Migrate to an Application Load Balance Migrate the health check to HTTP.
You have a website hosted in EC2 instances in an Auto Scaling Group fronted by an Application Load Balancer.
Currently, the website is served over HTTP, and you have been tasked to configure it to use HTTPS.
You have created a certificate in ACM and attached it to the Application Load Balancer.
What you can do to force users to access the website using HTTPS instead of HTTP? Send an email to all customers to use HTTPS instead of HTTP Configure the Application Load Balancer to redirect HTTP to HTTPS Configure the DNS record to redirect HTTP to HTTPS.
|
