377 terms

AWS

STUDY
PLAY
Which AWS service is used as a CDN to distribute content around the world?

a) CloudStream
b) CloudFormation
c) CloudFront
d) CloudPush
c) CloudFront
Which AWS service would be the best choice for long term data archival?

a) S3
b) CloudFront
c) EFS
d) Glacier
d) Glacier
What service connects an on-premise software appliance (or virtual machine) with cloud based storage?

a) S3
b) Storage Gateway
c) Snowball
d) Glacier
b) Storage Gateway
What is an AWS region?

a) A region is an independent data center, located in different countries around the globe
b) A region is a geographical area that consists of different availability zones. Each region consists of 2 (or more) Availability Zones.
c) A region is a collection of Edge Locations available in specific countries.
d) A region consists of a number of different subset of AWS technologies. For example the compute region consists of EC2, ECS, Lambda etc.
b) A region is a geographical area that consists of different availability zones. Each region consists of 2 (or more) Availability Zones.
An AWS VPC is a component of which AWS service?

a) Global Infrastructure
b) Databases Service
c) Networking Service
d) Compute Service
c) Networking Service
Which of the following is a petabyte scale data transfer solution?

a) SQS
b) Avalanche
c) Snowball
d) SWF
c) Snowball
What service is Amazon's No-SQL database service?

a) RDS
b) Elasticache
c) DynamoDB
d) Redshift
c) DynamoDB
Your company is interested in implementing a VDI solution to replace their local desktop environment. Which AWS service should you consider?

a) IoT
b) WorkSpaces
c) WorkDocs
d) WorkMail
b) WorkSpaces
Where would be a durable place to store flat files on the AWS platform?

a) Kinesis
b) CloudFront Edge Locations
c) SQS
d) S3
d) S3 (Simple Storage Service)
You need to monitor the performance of your EC2 virtual servers (including metrics such as CPU Utilization, Disk IO etc.). What service would best suit this requirement?

a) CloudTrail
b) CloudWatch
c) CloudMonitor
d) CloudAudit
b) CloudWatch
You are a digital media agency and you need to convert your media files in to different formats to suit different devices. Which AWS service should you consider using to meet these needs?

a) Appstream
b) SQS
c) SWF
d) Elastic Transcoder
d) Elastic Transcoder
Which AWS compute service is specifically designed to assist you in processing large data sets?

a) Big Data Processing
b) Elasticache
c) EC2
d) Elastic Map Reduce
d) Elastic Map Reduce
What AWS service would you use primarily for data warehousing?

a) Redshift
b) RDS
c) DynamoDB
d) DMS
a) Redshift
Which AWS service allows you to run code without having to worry about provisioning any underlying resources (such as virtual machines, databases etc.)?

a) EC2
b) EC2 Container Service
c) DynamoDB
d) Lambda
d) Lambda
You need to enable a way so that your system administrators can receive notifications for events that happen on your AWS environment (such as alarms etc.), what service should you use?

a) Cognito
b) Device Farm
c) Mobile Hub
d) SNS
d) SNS (Simple Notification Service)
You need a service to aggregate your data from multiple data sources (such as S3, DynamoDB, RDS etc.) and then provide some business intelligence based on this data. What AWS service would best fit?

a) Spice
b) Quick Sight
c) CloudOracle
d) CloudViewer
b) Quick Sight
What database would you use to migrate databases from Oracle to MySQL?

a) RDS
b) DMS
c) Redshift
d) Elasticache
b) DMS (Database Migration Service)
What AWS service is effectively a NAS in the cloud, allowing you to connect it to multiple EC2 instances at once?

a) EBS
b) EFS
c) SQS
d) SNS
b) EFS (Elastic File System)
What does an AWS Region consist of?

a) A console that gives you a quick, global picture of your cloud computing environment.
b) A collection of databases that can only be accessed from a specific geographic region.
c) A collection of data centers that is spread evenly around a specific continent.
d) A distinct location within a geographic area designed to provide high availability to a specific geography.
d) A distinct location within a geographic area designed to provide high availability to a specific geography.
Which AWS service if specifically designed for developers to upload their code to and then it will automatically handle the provisioning of those resources that are required to host that code?

a) Elastic Beanstalk
b) CloudFormation
c) CloudTrail
d) CloudFormer
a) Elastic Beanstalk
You need to supply auditors with logs as to who provisions which resources on your AWS platform. Which service would best suit this?

a) CloudWatch
b) CloudFormation
c) CloudTrail
d) Opsworks
c) CloudTrail
What AWS service is used for collating large amounts of data streamed from multiple sources?

a) Kinesis
b) SQS
c) CloudFront
d) CloudCapture
a) Kinesis
What is a VPC?

a) Virtual Public Compute
b) Virtual Private Cloud
c) Virtual Public Cloud
d) Virtual Private Compute
b) Virtual Private Cloud
Amazon's highly scalable DNS service is known as...


a) CloudTrail
b) Directory Service
c) Elastic Map Reduce
d) Route 53
d) Route 53
What AWS service consists of the following database services: SQL, MySQL, MariaDB, PostgreSQL, Aurora, Oracle?

a) Redshift
b) DynamoDB
c) RDS
d) Kinesis
c) RDS (Relational Database Service)
You need a configuration management service to allow your system administrators to configure and operate your web applications using Chef. Which AWS service would best suit your needs?

a) Opsworks
b) CloudTrail
c) Trusted Advisor
d) CloudWatch
a) Opsworks
You need to implement an automated service that will scan your AWS environment and tell you ways that you can improve your security as well as how to save costs. Which service should you use?

a) CloudTrail
b) Trusted Advisor
c) Service Catalog
d) Config Rules
b) Trusted Advisor
You need to create new users to access AWS console and to set password rotation policies for these new users. Which AWS service would best fir your requirements?

a) Directory Services
b) IAM
c) Inspector
d) Key Management Service
b) IAM (Identity Access Management)
What is the difference between Elastic Beanstalk and CloudFormation?

a) Elastic Beanstalk is a monitoring tool to view the performance of your AWS resources, where as CloudFormation is an automated provisioning engine designed to deploy entire cloud environments via a JSON script.
b) Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring based on the code you upload to it, where as CloudFormation is a security service designed to harden your cloud against an attack such as a DDoS
c) Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring based on the code you upload to it, where as CloudFormation is an automated provisioning engine designed to deploy entire cloud environments via a JSON script.
d) There is no difference between the two. Elastic Beanstalk was simply the code name used internally for CloudFormation, prior to the product being released.
c) Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring based on the code you upload to it, where as CloudFormation is an automated provisioning engine designed to deploy entire cloud environments via a JSON script.
Which statement best describes an Availability Zone?

a) Content distribution network which is used to distribute content to users.
b) A restricted area designed specifically for creating virtual private clouds.
c) Two zones containing compute resources that are designed to automatically maintain synchronized copies of data with each other.
d) Distinct locations from within an AWS region that are engineered to be isolated from failures.
d) Distinct locations from within an AWS region that are engineered to be isolated from failures.
You are a solutions architect working for a large engineering company who are moving their existing legacy hardware to AWS. You have configured their first AWS account and you have set up IAM. Your company will be primarily based in Andorra, however they will have a small subsidiary operating out of South Korea and you will need an AWS environment configured there as well. Which of the following statements is true:

a) You will need to configure users and policy documents for each region respectively.
b) You will need to configure users and policy documents only once, as these are applied globally.
c) You will need to configure your users regionally, however your policy documents are global.
d) You will need to configure your policy documents regionally, however your users are global.
b) You will need to configure users and policy documents only once, as these are applied globally.
Power User Access allows...

a) Full access to all AWS services and resources.
b) Read Only access to all AWS services and resources.
c) Access to all AWS services except for management of groups and users within IAM.
d) Users to inspect the source code of the AWS platform.
c) Access to all AWS services except for management of groups and users within IAM.
What is an additional way to secure IAM for both the root login and new users alike?

a) Implement MFA for all accounts.
b) Store the access key id and secret access key of all users in a publicly accessible plain text document on S3 of which only you and members of your organization know the address to.
c) Configure the AWS console so that you can only log in to it from a specific IP address range.
d) Configure the AWS console so that you can only log in to it from your internal network IP address range.
a) Implement MFA for all accounts.
In what language are policy documents written in?

a) Node.js
b) Java
c) JSON
d) Python
c) JSON
Which is NOT a feature of IAM?

a) Centralized control of your AWS account
b) Integrates with existing active directory account allowing single sign on
c) Fine-grained access to control to AWS resources
d) Allows you to setup biometric authentication, so that no passwords are required
d) Allows you to setup biometric authentication, so that no passwords are required
You have a client who is considering moving to AWS services and do not yet have an account. What is the first thing the company should do to set up an AWS account?

a) Set up an account using Cloud Search.
b) Set up an account using their company email address.
c) Set up an account via SQS.
d) Set up an account via SNS.
b) Set up an account using their company email address.
You are a developer at a fast growing start up. Traditionally you have been using the root account to log in to the AWS console but as you have taken on more staff, to prevent dangerous mistakes you will now need to stop sharing the root account. What should you do so that everyone can access the AWS resources? (select 2)

a) Create an additional AWS root account for each new user.
b) Create individual user accounts with minimum necessary rights and tell the staff to log in to the console using the credentials provided.
c) Create a customized sign in link such as yourcompany.signin.aws.amazon.com/console for your new users to use to sign in with.
d) Give your users the root account credentials so that they can also sign in.
b) Create individual user accounts with minimum necessary rights and tell the staff to log in to the console using the credentials provided.

c) Create a customized sign in link such as yourcompany.signin.aws.amazon.com/console for your new users to use to sign in with.
Which statement best describes IAM?

a) IAM allows you to manage users, groups and roles and their corresponding level of access to the AWS platform.
b) IAM allows you to manage users passwords only. AWS staff must create new users for your organization. This is done by raising a ticket.
c) IAM allows you to manage permissions for AWS resources only.
d) IAM stands for Improvised Application Management and it allows you to deploy and manage applications in the AWS cloud.
a) IAM allows you to manage users, groups and roles and their corresponding level of access to the AWS platform.
A new user has started at your work and it is your job to give them administrator access to the AWS console. You have set them up with a user name, access key ID, secret access key and you have generated a password for them. They are able to log in to the AWS console, but they cannot do anything. What should you do next?

a) Add them to the Administrators group, where your other administrator users belong.
b) Set up MFA for them.
c) Ensure they are logging in to the AWS console from your corporate network and not the normal internet.
d) Tell them to log out and try logging back in again.
a) Add them to the Administrators group, where your other administrator users belong.
When you create a new user, that user:

a) Will be able to log in to the console anywhere in the world, using their access key ID and secret access key.
b) Will be able to interact with AWS using their access key ID and secret access key, using the API, CLI or AWS SDK's.
c) Will only be able to log in to the console in the region in which that user was created.
d) Will be able to log in to the console only after MFA is enabled on their account.
b) Will be able to interact with AWS using their access key ID and secret access key, using the API, CLI or AWS SDK's.
Which of the following is NOT a component of IAM?

a) Roles
b) Users
c) Groups
d) Organizational Units
d) Organizational Units
You have created a new AWS account for your company and you have also configured multi-factor authentication on the root account. You are about to create your new users. What strategy should you consider in order to ensure that there is good security on this account.

a) Enact a strong password policy, so that your users have to change their passwords every 45 days and must use a combination of capital and lower case letters, numbers and special symbols for all passwords.
b) Require users to only be able to log in using biometric authentication.
c) Restrict login to the corporate network only.
d) Give all users the same password so that if they forget their passwords they can just ask their co-workers.
a) Enact a strong password policy, so that your users have to change their passwords every 45 days and must use a combination of capital and lower case letters, numbers and special symbols for all passwords.
What level of access does the "root" account have?

a) Read Only access
b) Power User access
c) Administrator Access
d) No Access
c) Administrator Access
You are a security administrator working for a hotel chain. You have a new member of staff who has started as a systems administrator and they will need full access to the AWS console. You have created the user account and generated the access key id and the secret access key. You have moved this user into the group where the other administrators are and you have provided the new user with their secret access key and their access key id. However when they go to log in to the AWS console, they cannot sign in. What could be the cause of this?

a) You have not applied the "log in from console" policy document to the user. You must apply this first so that they can log in.
b) Your user is trying to log in from the AWS console from outside the corporate network. This is not possible.
c) You have not yet activated MFA for the user, so by default they will not be able to log in.
d) You cannot log in to the AWS console using the Access Key ID and Secret Access Key, instead you must generate a password for the user and supply the user with this password, as well as the unique link to sign in to the AWS console.
d) You cannot log in to the AWS console using the Access Key ID and Secret Access Key, instead you must generate a password for the user and supply the user with this password, as well as the unique link to sign in to the AWS console.
By default when you create a new user in the IAM console, what level of access do they have?

a) Read Only access to all AWS services.
b) No access to all AWS services.
c) Administrator access to all AWS services.
d) Power User access to all AWS services.
b) No access to all AWS services.
What is the minimum file size that I can store on S3?

a) 1 KB
b) 1 MB
c) 1 GB
d) 0 bytes
d) 0 bytes
What is AWS Storage Gateway?

a) It's an on-premise virtual appliance that can be used to cache S3 locally at a customers site.
b) It allows large scale import/exports in to the AWS cloud without the use of an internet connection.
c) It allows a direct MPLS connection in to AWS.
d) None of the above.
a) It's an on-premise virtual appliance that can be used to cache S3 locally at a customers site.
You work for a health insurance company who collects large amounts of documents regarding patients health records. This data will be used usually only once when assessing a customer and will then need to be securely stored for a period of 7 years. In some rare cases you may need to retrieve this data within 24 hours of a claim being lodged. Which storage solution would best suit this scenario? You need to keep your costs as low as possible.

a) S3
b) S3 - IA (Infrequently Accessed Storage)
c) S3 - RRS (Reduced Redundancy Storage)
d) Glacier
d) Glacier
What is Amazon Glacier?

a) A tool that allows to "freeze" an EBS volume.
b) An AWS service designed for long term data archival.
c) A highly secure firewall designed to keep everything out.
d) It is a tool used to resurrect deleted EC2 snapshots.
b) An AWS service designed for long term data archival.
What does RRS stand for when talking about S3?

a) Relational Reaction Storage
b) Reduced Redundancy Storage
c) Regional Rights Storage
d) Redundancy Reduced System
b) Reduced Redundancy Storage
You are a solutions architect who works with a large digital media company. The company has decided that they want to operate within the Japanese region and they need a bucket called "testbucket" set up immediately to test their web application on. You log in to the AWS console and try to create this bucket in the Japanese region however you are told that the bucket name is already taken. What should you do to resolve this?

a) Change your region to Korea and then create the bucket "testbucket".
b) Raise a ticket with AWS and ask them to release the name "testbucket" to you.
c) Bucket names are global, not regional. This is a popular bucket name and is already taken. You should choose another bucket name.
d) Run a WHO IS request on the bucket name and get the registered owners email address. Contact the owner and ask if you can purchase the rights to the bucket.
c) Bucket names are global, not regional. This is a popular bucket name and is already taken. You should choose another bucket name.
You have been asked by your company to create an S3 bucket with the name "acloudguru1234" in the EU West region. What would be the URL for this bucket?

a) https://s3-eu-west-1.amazonaws.com/acloudguru1234
b) https://s3-us-east-1.amazonaws.com/acloudguru1234
c) https://s3.acloudguru1234.amazonaws.com/eu-west-1
d) https://s3-acloudguru1234.amazonaws.com/
a) https://s3-eu-west-1.amazonaws.com/acloudguru1234
You run a popular photo sharing website that is based off S3. You generate revenue from your website via paid for adverts, however you have discovered that other websites are linking directly to the images on your site, and not to the HTML pages that serve the content. This means that people are not seeing your adverts and every time a request is made to S3 to serve an image it is costing your business money. How could you resolve this issue?

a) Use CloudFront to serve the static content.
b) Remove the ability for images to be served publicly to the site and then use signed URL's with expiry dates.
c) Use security groups to blacklist the IP addresses of the sites that do this.
d) Use EBS rather than S3 to store the content.
b) Remove the ability for images to be served publicly to the site and then use signed URL's with expiry dates.
What is the availability on S3?

a) 99.99%
b) 99%
c) 100%
d) 99.90%
a) 99.99%
S3 has eventual consistency for which HTTP Methods?

a) PUTS of new objects and DELETES
b) Overwrite PUTS and DELETES
c) PUTS of new objects and UPDATES
d) UPDATES and DELETES
b) Overwrite PUTS and DELETES
You work for a major news network in Europe. They have just released a new app which allows users to report on events as and when they happen using their mobile phone. Users are able to upload pictures from the app and then other users will be able to view these pics. Your organization expects this app to grow very quickly, essentially doubling it's user base every month. The app uses S3 to store the media and you are expecting sudden and large increases in traffic to S3 when a major news event takes place (as people will be uploading content in huge numbers). You need to keep your storage costs to a minimum however and it does not matter if some objects are lost. Which storage media should you use to keep costs as low as possible?

a) S3
b) S3 - IA (Infrequently Accessed Storage)
c) S3 - RRS (Reduced Redundancy Storage)
d) Glacier
c) S3 - RRS (Reduced Redundancy Storage)
You work for a busy digital marketing company who currently store their data on premise. They are looking to migrate to AWS S3 and to store their data in buckets. Each bucket will be named after their individual customers, followed by a random series of letters and numbers. Once written to S3 the data is rarely changed, as it has already been sent to the end customer for them to use as they see fit. However on some occasions, customers may need certain files updated quickly, and this may be for work that has been done months or even years ago. You would need to be able to access this data immediately to make changes in that case, but you must also keep your storage costs extremely low. The data is not easily reproducible if lost. Which S3 storage class should you choose to minimize costs and to maximize retrieval times?

a) S3
b) S3 - IA (Infrequently Accessed Storage)
c) S3 - RRS (Reduced Redundancy Storage)
d) Glacier
b) S3 - IA (Infrequently Accessed Storage)
How many S3 buckets can I have per account by default?

a) 10
b) 20
c) 50
d) 100
d) 100
You run a meme creation website that frequently generates meme images. The original images are stored in S3 and the meta data about the memes are stored in DynamoDB. You need to store the memes themselves in a low cost storage solution. If an object is lost, you have created a Lambda function that will automatically recreate this meme using the original file in S3 and the metadata in DynamoDB. Which storage solution should you consider to store this non-critical, easily reproducible data on in the most cost effective solution as possible?

a) S3
b) S3 - IA (Infrequently Accessed Storage)
c) S3 - RRS (Reduced Redundancy Storage)
d) Glacier
c) S3 - RRS (Reduced Redundancy Storage)
What does S3 stand for?

a) Simple SQL Service
b) Simple Serial Sequence
c) Simple Storage Service
d) Straight Storage Service
c) Simple Storage Service
What is the durability on RRS?

a) 99.90%
b) 99%
c) 99.99%
d) 100%
c) 99.99%
You need to use an object based storage solution to store your critical, non replaceable data in a cost effective way. This data will be frequently updated and will need some form of version control enabled on it. Which S3 storage solution should you use?

a) S3
b) S3 - IA (Infrequently Accessed Storage)
c) S3 - RRS (Reduced Redundancy Storage)
d) Glacier
a) S3
The difference between S3 and EBS is that EBS is object based where as S3 is block based.

True or False?
False: S3 is object based and EBS is block based
One of your users is trying to upload a 7.5GB file to S3 however they keep getting the following error message - "Your proposed upload exceeds the maximum allowed object size". What is a possible solution for this?

a) Design your application to use the multi-part upload API for all objects.
b) Design your application to use large object upload API for this object.
c) Raise a ticket with AWS to increase your maximum object size.
d) Log in to the S3 console, click on the bucket and then click properties. You can then increase your maximum object size to 1TB.
a) Design your application to use the multi-part upload API for all objects.
S3 has what consistency model for PUTS of new objects?

a) Read after Write consistency
b) Write after Read consistency
c) Eventual consistency
d) Usual consistency
a) Read after Write consistency
What is the availability on RRS?

a) 99.99%
b) 99%
c) 99.90%
d) 100%
a) 99.99%
What is the meta-data URL?
http://169.254.169.254/latest/meta-data
Placement groups can span multiple availability zones.

True or False?
False
The name you specify to your placement group must be unique within your AWS account.

True or False?
True
Existing instances can be moved into placement groups.

True or False?
False
Placement groups cannot be merged.

True or False?
True
What is a placement group?
A grouping of instances within a SINGLE availability zone.
Using the console, I can add a role to an EC2 instance, after that instance has been created and powered up.

True or False?
False
You have developed a new web application in us-west-2 that requires six Amazon Elastic Compute Cloud (EC2) instances running at all times. You have three availability zones available in that region (us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance if any single Availability Zone in us-west-2 becomes unavailable. How would you do this, each answer has 2 parts, select the answer with BOTH parts correct.

a) Answer 1: Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances.
Answer 2: Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances
b) Answer 1: Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances.
Answer 2: Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.
c) Answer 1: Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with no EC2 instances.
Answer 2: Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.
d) Answer 1: Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.
Answer 2: Us-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances.
b) Answer 1: Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances.
Answer 2: Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.
EBS Snapshots are backed up to S3 in what manner?

a) Incrementally
b) Exponentially
c) Decreasingly
d) EBS Snapshots are not stored in S3
a) Incrementally
A placement group is ideal for...

a) Distributing content on a CDN network
b) EC2 instances that require high disk IO
c) EC2 instances that require high network throughput and low latency across multiple availability zones
d) EC2 instances that require high network throughput and low latency across a single availability zone
d) EC2 instances that require high network throughput and low latency across a single availability zone
Can you attach an EBS volume to more than one EC2 instance at the same time?

a) Yes
b) No
c) If that EC2 volume is part of an AMI
d) Depends on which region
b) No
I can change the permissions to a role, even if that role is already assigned to an existing EC2 instance, and these changes will take effect immediately.

True or False?
True
Can I delete a snapshot of an EBS Volume that is used as the root device of a registered AMI?

a) Yes
b) No
c) Only via the CLI
d) Only using the AWS API
b) No
Can a placement group be deployed across multiple Availability Zones?

a) Yes
b) No
c) Only in us-east-1
d) Yes, but only using the AWS API
b) No
While creating the snapshots using the command line tools, which command should I be using?

a) ec2-create-snapshot
b) ec2-fresh-snapshot
c) ec2-deploy-snapshot
d) ec2-new-snapshot
a) ec2-create-snapshot
Can an Amazon EBS root volume persist independently from the life of the EC2 instance? e.g. if I terminated an EC2 instance, would that EBS root volume remain?

a) Yes
b) No
c) Only if instructed to when created
d) Depends on which region the EC2 instance is provisioned in
c) Only if instructed to when created
ELBs (Elastic Load Balancers) do not have pre-defined IPv4 addresses, you resolve them using a DNS name.

True or False?
True or False?
Alias records do not allow you to resolve a naked domain name to an ELBs DNS address.

True or False?
False
When you are making a request to Route 53 for a DNS record you are...

a) Charged for the request if you are using CNAMEs or Alias Records.
b) Charged for the request if you are using CNAMEs, but not charged if you are using Alias Records.
c) Not charged for the request if you are using CNAMEs, but charged if you are using Alias Records.
d) Not charged for the request if you are using CNAMEs or Alias Records.
b) Charged for the request if you are using CNAMEs, but not charged if you are using Alias Records.
Route 53 does not support zone apex records (or naked domain names).

True or False?
False
There is a limit to the number of domain names that you can manage using Route 53.

a) True. There is a hard limit of 10 domain names.
b) False. There is a soft limit of 50 domain names however this limit can be raised by contacting AWS.
c) False. There is no limit of domain names.
b) False. There is a soft limit of 50 domain names however this limit can be raised by contacting AWS.
Route53 supports MX Records.

True or False?
True
What relational databases are available on RDS (Relational Database Service)?
SQL Server, Oracle, MySQL Server, PostgreSQL, Aurora, MariaDB
What are RDS databases typically used for?
OLTP (Online Transaction Processing)
Which database service is relied on by applications that use OLAP (Online Analytics Processing)?
Redshift
What is Elasticache?
Elasticache is a web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud.
What is a Read Replica?
Replicas of databases that can be used to decrease lag and increase performance.
What is a Multi-AZ?
Instances used for failover that are located in different AZs than your original instance. These can NOT be used at the same time.
How many Read Replicas of a database can be made?

a) 1
b) 3
c) 4
d) 5
d) 5
How many copies of your data does Aurora make?
6 copies - 2 copies in each AZ, with a minimum of 3 AZs
While using Aurora, how many copies of your data can be lost before affecting database write availability? Read availability?
Write availability: 2 copies
Read availability: 3 copies
Aurora storage is self-healing.

True or False?
True
What are the two types of Replicas available for use with Aurora?
Aurora Replicas and MySQL Read Replicas
How many Aurora Replicas can you have? MySQL Read Replicas?
Aurora Replicas: 15
MySQL Read Replicas: 5
What type of storage is DynamoDB stored on?
SSD storage
How many geographically distinct data centers is DynamoDB spread across?

a) 1
b) 2
c) 3
d) 4
c) 3
What types consistency models are used for DynamoDB and how do they differ?
Eventual consistent reads and strongly consistent reads. Strongly consistent reads are guaranteed in under 1 second while eventually consistent reads are not.
What types of configurations are available for Redshift?
Single Node and Multi-Node
How does a Multi-Node configuration of Redshift work?
A leader node manages client connections and receives queries while a compute node stores data and perform queries and computations.
How many compute nodes can there be in a Multi-Node configuration of Redshift?
128
What in-memory caching engines does Elasticache support?
Memcached and Redis
When replication data from your primary RDS instance to your secondary RDS instance, what is the charge?

a) No charge, it's free
b) Same as the standard data transfer charge
c) Double the standard data transfer charge
d) Half of the standard data transfer charge
a) No charge, it's free
In RDS when using Multi-AZ, can you use the secondary database as an independent read node?

a) Yes
b) No
c) Depends on how you set it up
d) Only in us-west-1
b) No
What AWS service is best suited for non-relational databases?

a) RDS
b) Redshift
c) Elasticache
d) DynamoDB
d) DynamoDB
What happens to the I/O operations while you take a database snapshot/backup?

a) Nothing
b) I/O operations to the database are suspended for the duration of the snapshot if it is a single AZ RDS instance
c) I/O operations to the database are sent to a Secondary instance of a Multi-AZ installation (for the duration of the snapshot)
d) I/O operations will be functioning normally
b) I/O operations to the database are suspended for the duration of the snapshot if it is a single AZ RDS instance
When you add a rule to an RDS security group you need to specify a port number or protocol.

True or False?
False
What AWS service is best used for Business Intelligence Tools/Data Warehousing?

a) Elastic Beanstalk
b) Elasticache
c) Redshift
d) DynamoDB
c) Redshift
What AWS DB platform is most suitable for OLTP (Online Transaction Processing)?

a) Elasticache
b) DynamoDB
c) RDS (Relational Database Service)
d) Redshift
c) RDS (Relational Database Service)
If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines what is the maximum size RDS volume you can have by default?

a) 500 GB
b) 1 TB
c) 3 TB
d) 6 TB
d) 6 TB
Which databases can you create Read Replicas for?
MySQL, MariaDB, PostrgeSQL
What are placement groups ideal for?
EC2 instances that require high network throughput and low latency across a SINGLE availability zone
What is VPC Peering?
Allows you to connect one VPC to another via a direct route using private IP addresses
When using VPC Peering instances behave as if they are on the same private network.

True or False?
True
You can NOT peer VPCs with other AWS accounts.

True or False?
False
You can peer different VPCs on the same account.

True or False?
True
If VPC A is peered with VPCs B and C, data can be sent or received from B to C or vise versa.

True or False?
False: VPC peering is not transitive
What is created as a side effect of creating a custom VPC?
A Route Table for that VPC
How many AZs is a subnet matched to?

a) 1
b) 2
c) 3
d) 4
a) 1
What is an Internet Gateway?
An Internet Gateway allows you internet access to your EC2 instances.
How many Internet Gateways can be attached to a VPC?

a) 1
b) 2
c) 3
d) 4
a) 1
What is the difference between a private subnet and a public subnet?
Public subnets are internet accessible while private subnets are not internet accessible.
Why is it necessary to disable the source/destination check for a NAT instance?
Source/destination checks ensure that an EC2 instance is either the source or destination of any traffic that it recieves, but a NAT instance must be able to send and receive traffic when the source or destination is not itself.
What does NAT stand for?
Network Address Translation (Server)
What are NATs used for?
NATs are used as a bridge to provide servers and private subnets with an internet connection without ssh-ing in.
What is an ACL (Access Control List)?
ACLs allow you to create network rules across entire subnets.
ACLs overrule the rules in a security group.

True or False?
True
An ACL is created by default when a VPC is created.

True or False?
True: it allows all inbound and outbound traffic
Custom ACLs allow both inbound and outbound traffic upon creation.

True or False?
False: they start off allowing no inbound or outbound traffic
What happens if you don't associate a subnet with a Network ACL?
It becomes associated with the default Network ACL.
Network ACLs are NOT stateless.

True or False?
False: they are stateless
How many NACLs can be associated with a subnet?

a) 1
b) 2
c) 3
d) 4
a) 1
An EC2 instance in a public subnet has internet access.

True or False?
False: an instance in a public subnet doesn't guarantee that it will have internet access
Select the incorrect statement.

a) In Amazon VPC, an instance retains its private IP
b) It is possible to have private subnets in VPC
c) In Amazon VPC, an instance does NOT retain its private IP
d) You may only have 1 IGW (internet gateway) per VPC
c) In Amazon VPC, an instance does NOT retain its private IP
How many VPCs am I allowed in each region by default?

a) 1
b) 2
c) 5
d) 6
c) 5
Security groups act like a firewall at the instance level whereas ________ are an additional layer of security that act at the subnet level.

a) Network ACLs (Access Control Lists)
b) DB Security Groups
c) VPC Security Groups
d) Route Tables
a) Network ACLs (Access Control Lists)
How many IGW (internet gateways) can I attach to my custom VPC?

a) 1
b) 2
c) 3
d) 4
a) 1
What is SQS (Simple Queue Service)?
SQS (Simple Queue Service) is a web service that gives you access to a message queue that can be used to store messages while waiting for a computer to process them.
How much text can an SQS (Simple Queue Service) message store?
256 KB of text in any format
SQS (Simple Queue Service) ensures delivery of each message at least how many times?

a) 1
b) 2
c) 3
d) 4
a) 1
SQS (Simple Queue Service) supports multiple readers and writers interacting with the same queue.

True or False?
True
SQS (Simple Queue Service) guarantees first in, first out delivery of messages.

True or False?
False
SQS (Simple Queue Service) pulls ands pushes messages to and from the queue.

True or False?
False: SQS (Simple Queue Service) only pulls messages
How many hours is the message visibility time out window for SQS (Simple Queue Service)?

a) 2 hours
b) 6 hours
c) 8 hours
d) 12 hours
d) 12 hours
What does SWF stand for?
Simple Workflow Service
How long is the retention period for SQS (Simple Queue Service)?

a) 1 day
b) 5 days
c) 12 days
d) 30 days
c) 12 days
How long is the retention period for SWF (Simple Workflow Service)?

a) 1 day
b) 1 month
c) 6 months
d) 1 year
d) 1 year
SWF (Simple Workflow Service) presents a message-oriented API.

True or False?
False: SQS (Simple Queue Service) presents a message-oriented API while SWF (Simple Workflow Service) presents a task-oriented API
SWF (Simple Workflow Service) ensures that a task is assigned only once and is never duplicated.

True or False?
True
SQS (Simple Queue Service) ensures that a message is handled only once and is never duplicated.

True or False?
False: duplicate messages need to be handled in SQS (Simple Queue Service) and any given message may need to be ensured that it is processed only once
SWF (Simple Workflow Service) does NOT keep track of all tasks and events in an application.

True or False?
False
SQS (Simple Queue Service) does NOT keep track of all tasks and events in an application.

True or False?
True: you need to implement your own app-level tracking, especially if your app uses multiple queues
What is a Workflow Starter?
An app that can initiate a workflow.
What does a Decider do?
Controls the flow of activity tasks in a workflow execution. If something finishes or fails a Decider decides what to do next.
What does an Activity Worker do?
Carry out the activity tasks.
What is SNS (Simple Notification Service)?
A web service that makes it easy to set up, operate, and send notifications from the cloud.
All messages published to SNS (Simple Notification Service) are stored redundantly across multiple AZs.

True or False?
True
Which of the following is NOT true about SNS (Simple Notification Service)?

a) Instantaneous, push based delivery
b) Flexible message delivery over multiple transport protocols
c) Inexpensive, pay-as-you-go model with no up-front costs
d) Notifications have retention period of 30 days
d) Notifications have retention period of 30 days
What AWS services are you most likely to see SNS (Simple Notification Service) being used?
CloudWatch and AutoScaling
What are SNS (Simple Notification Service) Subscribers (protocols)?
HTTP, HTTPS, Email, Email-JSON, SQS, Application, Lambda
What application service allows you to decouple your infrastructure using messaged based queues?

a) SNS
b) SWF
c) SQS
d) SES
c) SQS (Simple Queue Service)
What does Amazon SES stand for?

a) Software Enabled Server
b) Simple Email Service
c) Simple Elastic Server
d) Software Email Solution
b) Simple Email Service
What does "domain" refer to in Amazon SWF (Simple Workflow Service)?

a) A security Group in which only tasks inside can initiate
b) A special type of worker
c) The DNS record for the Amazon SWF service
d) A collection of related workflows
d) A collection of related workflows
What is the difference between SNS and SQS?

a) SQS sends messages to people on topics, where as SNS manages tasks
b) SNS pulls (polls) where as SQS is push based message service
c) SNS is push notification service, where as SQS is message system that requires worker nodes to poll the queue
d) SQS and SNS are basically the same service
c) SNS is push notification service, where as SQS is message system that requires worker nodes to poll the queue
Amazon SWF ensures that a task is assigned only once and is never duplicated.

True or False?
True
By default, EC2 instances pull SQS messages from an SQS queue on a FIFO (First In First out) basis.

True or False?
False: SQS is not first in, first out
Amazon SWF restricts me to use specific programming languages.

True or False?
False
What happens when you create a topic on Amazon SNS?

a) The topic will terminate your EC2 instance without a tag.
b) You can create a topic on Amazon SQS not on SNS.
c) You cannot create a topic on SNS.
d) An Amazon Resource Name is created.
d) An Amazon Resource Name is created.
What compliances does AWS need to abide by?
SOC 1, 2 and 3, PCI, ISO 9001 and 27001
What type of security model does AWS use?
Shared Security Model: AWS is responsible for securing the underlying infrastructure that supports the cloud, and you're responsible for anything you put on the cloud or connect to the cloud.
What is AWS responsible for protecting?
Global infrastructure (hardware, software, networking, and facilities that run AWS services) and security configuration of its products that are considered managed services (DynamoDB, RDS, Redshift, etc.).
What are you responsible for protecting?
Security configuration and management of IaaS (EC2, VPC, S3) and account management and user access of managed services.
What is recommended for you to do for managed services?
Implement MFA, communicate to these services using SSL/TLS and that API/user activity logging be setup with CloudTrail.
What protections does AWS provide by default?
DDoS, Man in the Middle, IP Spoofing, Port Scanning, Packet Sniffing
How does AWS prevent IP Spoofing?
The AWS-controlled, host-based firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own.
EC2 port scans need to be authorized by AWS.

True or False?
True: unauthorized port scans are a violation of the AWS Acceptable Use Policy. Vulnerability scans MUST be requested in advanced.
What are the different AWS credentials and their uses?
Passwords & MFA: root account or IAM user account login to the console

Access keys: digitallys signed requests to APIs (using SDK, CLI, or REST/Query APIs)

Key Pairs: SSh login to EC2 instances and CloudFront signed URLs

X.509 Certificates: secures content sent using CloudFront
What type of keys does EC2 use?
1024-bit SSH-2 RSA keys
Instances running on the machine are NOT isolated from each other.

True or False?
False: instances running on the same machine are isolated from each other via the Xen hypervisor
Customer instances have only access to virtualized disks.

True or False?
True
How does AWS ensure that one customer' data is never unintentionally exposed to another?
By reseting every block of storage used by the customer using its disk virtualization layer.
On Guest OS, AWS has access rights to your instances and guest OS.

True or False?
False: you have full root access or admin control over accounts, services, and apps. AWS does not have any access rights.
EC2s firewall allows all inbound traffic by default.

True or False?
False: the inbound firewall is configured in a default deny-all mode and you must explicitly open the ports to allow inbound traffic
Can EC2 volumes be encrypted?
Yes, using AES-256 encryption
SSL termination on ELBs is supported.

True or False?
True
What does Direct Connect allow you to do?
Bypass ISPs in your network path.
How often is the AWS strategic business plan re-evaluated?
At least every 6 months
What industry specific standards does AWS need to abide by?
HIPAA, CSA (Cloud Security Alliance), MPAA (Motion Picture Association of America
What is Import/Export?
Import/Export accelerates moving large amounts of data into and out of AWS using portable storage devices for transport. (Using Snowball is recommended over this)
Import/Export uses the internet to transfer data onto and off of storage devices.

True or False?
False: AWS transfers your data directly onto and off of storage devices using Amazon's internal network and bypassing the internet
What are the different Storage Gateway volumes?
gateway-cached and gateway-stored
What is a gateway-cached volume?
Gateway-cached volumes allow you to access your primary data on S3, while retaining frequently accessed data locally.
What do gateway-cached volumes provide?
Provides on-premises apps with low-latency access to frequently accessed data and minimizes the need to scale your on-premises storage infrastructure.
What is the maximum size of a gateway-cached volume?
32 TB
What is a gateway-stored volume?
Gateway-stored volumes store your primary data locally, while asynchronously backing up to S3.
What is the maximum size of a gateway-stored volume?
1 TB
What do gateway-stored volumes provide?
Provides on-premises apps with low-latency access to entire datasets, while providing durable, off-site backups in the form of EBS snapshots.
What are some technical benefits of the Cloud?
Automation, Auto-scaling, Proactive scaling, More efficient development lifecycle, Improved testability, Disaster recovery and business continuity, "Overflow" traffic to the cloud
Why is it important to decouple your components?
So that if one component were to fail, not respond, or be slow to respond, the other components in the system are built to continue working as if no failure is happening.
What are the ways that elasticity can be implemented?
Proactive cyclic scaling: scaling based on recurring cycles

Proactive event-based scaling: scaling when a surge is expected

Auto-scaling based on demand: scale up or down based on metrics
How should your apps be secured?
Secure your app by tiers:
Web layer (HTTP and HTTPS) can access app layer
App layer (SSH) can access DB layer
DB layer is connected to EBS volume and denies all other traffic
RDS Reserved Instances are available for Multi-AZ deployments.

True or False?
True
What is the maximum response time for a business level premium support case?

a) 15 minutes
b) 1 hour
c) 12 hours
d) 1 day
b) 1 hour
The AWS platform consists of how many regions currently?

a) 10
b) 11
c) 12
d) 13
d) 13
In a default VPC, all Amazon EC2 instances are assigned 2 IP addresses at launch, what are these?

a) Public and Private
b) Public and Secret
c) Elastic and Public
d) IPv6 and Elastic
a) Public and Private
When creating a security group, all outbound traffic is allowed by default.

True or False?
True
When deploying databases on your own EC2 instances, it is recommended that you deploy these on magnetic storage rather than SSD storage as you get better performance.

True or False?
False
What are the four levels of AWS premium support?

a) It's an IaaS platform, there is no support
b) Free, Bronze, Silver, Gold
c) Basic, Startup, Business, Enterprise
d) Basic, Developer, Business, Enterprise
d) Basic, Developer, Business, Enterprise
In RDS, what is the maximum value I can set for my backup retention period?

a) 15 days
b) 30 days
c) 35 days
d) 45 days
c) 35 days
If you want your application to check whether a request generated an error then you look for an ______ node in the response from the Amazon RDS API

a) Incorrect
b) Error
c) False
d) True
b) Error
In RDS, you are responsibly for maintaining OS & Application security patching, antivirus etc.

True or False?
False
An Amazon EBS volume that is the root device of an instance can be detached without stopping the instance.

True or False?
False.
Can I move a reserved instance from one region to another?

a) Yes
b) No
c) Only in the US
d) Depends on the region
b) No
SWF (Simple Workflow Service) is designed to help users...

a) Manage user identification and authorization
b) Coordinate synchronous and asynchronous tasks
c) Secure their VPCs
d) Store file based objects
b) Coordinate synchronous and asynchronous tasks
An Amazon EBS volume that is an additional partition (ie not the root volume) can be detached without stopping the instance.

True or False?
True: it may take some time though
If I want to run a database on an EC2 instance, which is the most recommended Amazon storage option?

a) RDS
b) EBS
c) S3
d) Glacier
b) EBS
In RDS, changes to the backup window take effect...

a) After 30 minutes
b) The next day
c) Immediately
d) You cannot back up in RDS
c) Immediately
In what circumstances would I choose provisioned IOPS in RDS over standard storage?

a) If you use production online transaction processing
b) If you have workloads that are not sensitive to latency/lag
c) If this was a test DB
d) If your business was trying to save money
a) If you use production online transaction processing
Amazon RDS does not currently support increasing storage on a _______ Db instance.

a) MySQL
b) Aurora
c) Oracle
d) SQL Server
d) SQL Server
Automated backups are enabled by default for a new DB Instance?

True or False?
True
You can RDP or SSH in to an RDS instance to see what is going on with the operating system.

True or False?
False
To save administration headaches, Amazon recommend that you leave all security groups in web facing subnets open on port 22 to 0.0.0.0/0 CIDR, that way you can connect where ever you are in the world.

True or False?
...
MySQL installations default to port number...

a) 1433
b) 3389
c) 80
d) 3306
d) 3306
To help you manage your Amazon EC2 instances you can assign your own metadata in the form of

a) Wildcards
b) Certificates
c) Tags
d) Notes
c) Tags
When using a custom VPC and placing an EC2 instance in to a public subnet, it will be automatically internet accessible (ie you do not need to apply an elastic IP address or ELB to the instance).

True or False?
False
Individual instances are provisioned in...

a) Regions only, you cannot choose anything below this
b) AZs
c) Global
b) AZs
A __________ is a document that provides a formal statement of one or more permissions.

a) User
b) Group
c) Policy
d) Role
c) Policy
Can I "force" a failover for any RDS instance that has Multi-AZ configured?

a) Yes
b) No
c) Only for Oracle RDS instances
a) Yes
Auditing user access/API calls etc across the entire AWS estate can be achieved by using...

a) CloudTrail
b) CloudWatch
c) CloudFront
d) CloudFlare
a) CloudTrail
As the AWS platform is PCI DSS 1.0 compliant, I can immediately deploy a website to it that can take and store credit card details. I do not need to get any kind of delta accreditation from a QSA.

True or False?
False
When creating a new security group, all in bound traffic is allowed by default.

True or False?
False
What is the underlying Hypervisor for EC2?

a) Hyper-V
b) Xen
c) ESX
d) OVM
b) Xen
In S3 the durability of my files is...

a) 99.99%
b) 99.90%
c) 99.999999999%
d) 100%
c) 99.999999999%
In RDS what is the maximum size for a Microsoft SQL Server DB with SQL Server Express edition?

a) 10 GB
b) 300 GB
c) 1 TB
d) 4 TB
a) 10 GB
What are the pillars of the Well-Architected Framework?
Security, Reliability, Performance Efficiency, Cost Optimization
What areas does security on the cloud consist of?
Data protection: classify your data into different segments and implement a least privilege access system. Encrypt EVERYTHING where possible, whether it be at rest or in transit

Privilege management: ensures that only authorized and authenticated users are able to access your resources and only in a manner that is intended.

Infrastructure protection: how are you protecting your VPC

Detective controls: used to detect or identify a security breach
What areas does security on the cloud consist of?
...
What are examples of Privilege Management?
ACLs, Role based access controls, Password management
What are AWS services that can be used as Detective Controls?
CloudTrail, CloudWatch, Config, S3, Glacier
What AWS services apply to the Data Protection sub-pillar?
ELB, EBS, S3, RDS
What AWS services apply to the Privilege Management sub-pillar?
IAM, MFA
What AWS services apply to the Infrastructure Protection sub-pillar?
VPC
What AWS services apply to the Data Protection sub-pillar?
CloudTrail, Config, CloudWatch
What does the reliability pillar cover?
The ability of a system to recover from service or infrastructure outages/disruptions as well as the ability to dynamically acquire computing resources to meet demand.
What areas does reliability in the cloud consist of?
Foundations: be aware of the service limits in place before architecting your system

Change management: be aware of how change affects a system so that you can plan proactively around it

Failure management: always architect your system with the assumptions that failures will occur. Always be aware of these failures, how they occurred, how to respond to them and how to prevent them from happening again
What AWS services apply to the Foundations sub-pillar?
IAM, VPC
What AWS services apply to the Change Management sub-pillar?
CloudTrail
What AWS services apply to the Foundations sub-pillar?
CloudFormation
What does the performance efficiency pillar cover?
How to use computing resources efficiently to meet your requirements and how to maintain efficiency as demand changes and technology evolves.
What areas does performance efficiency in the cloud consist of?
Compute, Storage, Database, Space-time trade-off
What does the cost optimization pillar cover?
Reduce costs to a minimum and use those savings for other parts of your business. A cost-optimized system allows you to pay the lowest price possible while still achieving your business objectives.
What areas does the cost optimization in the cloud consist of?
Matched supply and demand
Cost-effective resources
Expenditure awareness
Optimizing over time
What are the steps to build a custom VPC?
1. Create a VPC
2. Create subnets
3. Create an internet gateway (IGW)
4. Attach the new IGW to your VPC
5. Create a new route table (RT)
6. Add the IGW as a route to the new RT
7. Add a subnet to the RTs subnet associations (this will be the public facing subnet)
8. Create web server (public subnet) and database server (private subnet) instances

9. Create a new security group for the NAT instance
10. Add HTTP and HTTPS inbound rules that allow traffic from the private subnets IP
11. Create a NAT instance (public subnet)
- Community AMIs
- Search for amzn-ami-vpc-nat
- Choose the first image
- Diable Auto-assign Public IP
- Add it to the NAT security group
12. Create an Elastic IP
12. Associate the Elastic IP to the NAT
13. Disable Source/Destination Checks for the NAT
14. Add the NAT instance as a route to the initial VPC RT
What AWS service is used to consume big data?

a) Elastic Map Reduce
b) Kinesis
c) Redshift
b) Kinesis
What AWS service is used to process big data?

a) Elastic Map Reduce
b) Kinesis
c) Redshift
a) Elastic Map Reduce
What AWS service is used for business intelligence?

a) Elastic Map Reduce
b) Kinesis
c) Redshift
c) Redshift
What are characteristics of EC2 EBS volumes?
They are persistent, detachable, and can be stopped without losing data
What are characteristics of EC2 Instance Store volumes?
They are ephemeral (not persistent), cannot be detached, data is wiped once stopped
What are the types of EC2 storage available?
EBS volumes and Instance Store volumes
VPC Peering connections can me made between VPCs in different regions.

True or False?
False
There is no single point of failure for communication or bandwidth botteneck in a VPC Peering connection.

True or False?
True
VPC Peering connections can be made between VPCs that have matching or overlapping CIDR blocks.

True or False?
False
What's the difference between a CNAME and an Alias Record?
A CNAME is used to redirect one DNS name to another DNS name (www.mobile.facebook.com --> www.m.facebook.com) while an Alias Record is used to map one DNS name to another target DNS name (www.mobile
ELBs have predefined IP addresses.

True or False?
False: ELBs are resolved to using a DNS name
Direct Connect is more useful than a VPN when an encrypted connection needs to be made.

True or False?
False: an encrypted connection cannot be made using Direct Connect.
What is the biggest difference between Direct Connect and a VPN?
Direct connect takes anywhere from 1-5 months to set up, while VPN can be set up in minutes.
AWS never initiates the movement of data between regions.

True or False?
True
You can authenticate with Active Directory using SSL.

True or False?
False: You can authenticate using SAML
You authenticate to active directory before you are given a security credential.

True or False?
True
When you create new subnets within a custom VPC, by default they can communicate with each other, across availability zones.

True or False?
True
Your company has deployed their production environment on AWS and now need to access this via a bastion host using Windows Remote Desktop protocol. What do you recommenced they do to achieve this?

a) Install the bastion host in the office and then use it to connect in to the AWS environment.
b) Create a bastion host in AWS in a private subnet and then open port 22 so that users can RDP in to that host.
c) Create a bastion host in a public subnet and then open the RDP port up to the bastion security group. Lock the RDP protocol down so that only users with IP address ranges from your office can RDP in to this bastion host.
d) Create a bastion host in a private subnet and then open the RDP port up to the bastion security group. Lock the RDP protocol down so that only users with IP address ranges from your office can RDP in to this bastion host.
c) Create a bastion host in a public subnet and then open the RDP port up to the bastion security group. Lock the RDP protocol down so that only users with IP address ranges from your office can RDP in to this bastion host.
Your company has decided to set up a new AWS account for test and dev purposes. They already use AWS for production, but would like a new account dedicated for test and dev so as to not accidentally break the production environment. You launch an exact replica of your production environment using a cloudformation template that your company uses in production. However cloudformation fails. You use the exact same CloudFormation template in production so the failure is something to do with your new AWS account. The CloudFormation template is trying to launch 60 new EC2 instances in a single availability zone. After some research you discover that the problem is;

a) For all new AWS accounts there is a soft limit of 20 EC2 instances per availability zone. You should submit the limit increase form and retry the template after your limit has been increased.
b) For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the limit increase form and retry the template after your limit has been increased.
c) You cannot launch more than 20 instances in your default VPC, instead reconfigure the CloudFormation template to provision the instances in a custom VPC.
d) Your CloudFormation template is configured to use the parent account and not the new account. Change the account number in the CloudFormation template and relaunch the template.
b) For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the limit increase form and retry the template after your limit has been increased.
You work in the genomics industry and you process large amounts of genomic data using a nightly Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR job runs on 3 on-demand core nodes and four on-demand task nodes. The EMR job is now taking longer than anticipated and you have been asked to advise how to reduced the completion time?

a) Use four Spot Instances for the task nodes rather than four On-Demand instances.
b) Configure an independent VPC in which to run the EMR jobs and then mount EFS as an independent volume for your core nodes.
c) Store the file on Elastic File Service instead of S3 and then mount EFS as an independent volume for your core nodes.
d) You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once.
d) You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once.
You are a systems administrator and you need to monitor the health of your production environment. You decide to do this using Cloud Watch, however you notice that you cannot see the health of every important metric in the default dash board. Which of the following metrics do you need to design a custom cloud watch metric for, when monitoring the health of your EC2 instances?

a) CPU usage
b) Memory usage
c) Disk read operations
d) Network in
b) Memory usage
You work for a famous bakery who are deploying a hybrid cloud approach. Their legacy IBM AS400 servers will remain on premise within their own datacenter however they will need to be able to communicate to the AWS environment over a site to site VPN connection. What do you need to do to establish the VPN connection?

a) Connect to the environment using AWS Direct Connect.
b) Create a dedicated NAT and deploy this to the public subnet.
c) Assign a public IP address to your Amazon VPC Gateway.
d) Update your route table to add a route for the NAT to 0.0.0.0/0.
...
AWS does not copy launch permissions, user-defined tags, or Amazon S3 bucket permissions from the source AMI to the new AMI.
...
How do you secure company critical data on S3? (Choose 4 correct answers)

a) IAM Policies
b) Bucket Policies
c) Access Control Lists (ACLs)
d) Server Side Encryption (SSE)
e) Cloudfront
a) IAM Policies
b) Bucket Policies
c) Access Control Lists (ACLs)
d) Server Side Encryption (SSE)
How to secure data at rest on EBS?

a) EBS automatically encrypts data on it for more security
b) You can use your own encryption layer on the top
c) Use S3 instead
d) Block the EC2 to access data to your EBS
a) EBS automatically encrypts data on it for more security
You have a photo selling website where you have a library of photos on S3. You noticed that there are some websites that are showing the link to your S3 photos. How do you restrict sites like these using your S3 photos link?

a) Use Cloudfront to server images
b) Restrict access to those websites in the bucket policy
c) Use Glacier to store images
d) Restrict access to those websites in the IAM policy
e) Remove the public URL link from the object in S3
a) Use Cloudfront to server images
In which of the following cases should you use SQS? (Choose 2 correct answers)

a) Designing a business application which requires a lot of coordination between different tasks.
b) Video encoding application where each video is encoded with a predefined number of steps.
c) Receiving thousands of notifications from a process and add them to a queue
d) Process a queue of messages where each message is a task that needs to be completed
c) Receiving thousands of notifications from a process and add them to a queue
d) Process a queue of messages where each message is a task that needs to be completed
How do you ensure that the data has been saved properly in S3?

a) Every S3 account has a predefined bucket where the logs are stored
b) When processing a request to store data, the service will redundantly store your object across multiple facilities before returning SUCCESS
c) You can see the HTTP success code in the logs
d) Using a combination of Content-MD5 checksums
b) When processing a request to store data, the service will redundantly store your object across multiple facilities before returning SUCCESS
You're running an application on an EC2 and now you want to add another EC2 for your application that requires a high bandwidth connect with the existing EC2. Where should you launch your EC2 in this case?

a) VPC
b) Public Subnet
c) Private Subnet
d) Placement Group
e) Availability Zone
d) Placement Group
Where should you use SWF- Simple Workflow Service (Choose 2 correct answer)

a) Designing a business application which requires a lot of coordination between different tasks
b) Video encoding application where each video is encoded with a predefined number of steps
c) Receiving thousands of notifications from a process and add them to a queue
d) Process a queue of messages where each message is a task that needs to be completed
a) Designing a business application which requires a lot of coordination between different tasks
b) Video encoding application where each video is encoded with a predefined number of steps
What services are required for Auto Scaling (Choose 2)

a) SNS
b) Cloudwatch
c) SQS
d) ELB
b) Cloudwatch
d) ELB
What are the characteristics of Simple DB (Choose 4)

a) Automatic geo-redundant replication
b) It provides a simple web interface to create and store data sets, query and return data
c) You can store your relational database in Simple DB
d) Data is automatically indexed
e) You don't need to worry about the infrastructure required
a) Automatic geo-redundant replication
b) It provides a simple web interface to create and store data sets, query and return data
d) Data is automatically indexed
e) You don't need to worry about the infrastructure required
Amazon Glacier is designed to (Choose 2)

a) Active database storage
b) Infrequently accessed data
c) Data archives
d) Frequently accessed data
e) Cached session data
b) Infrequently accessed data
c) Data archives
An instance is launched into the public subnet of a VPC. Which of the following must be done in order for it to be accessible FROM the internet?

a) Attach an Elastic IP to the instance
b) Nothing. The instance is accessible from the internet
c) Launch a NAT instance and route all the traffic to it
d) Make an entry in the route table passing all traffic going outside the VPC to the NAT
a) Attach an Elastic IP to the instance
In VPCs w/ private and public subnets, database servers should ideally be launched into

a) The public subnet
b) The private subnet
c) Either
d) Not recommended, they should ideally be launched outside of the VPC
a) The private subnet
What are the benefits of using ElastiCache for your web application? (Choose 2)

a) It reduces the load on your web servers
b) It reduces the load on your db
c) Gives you more availability of cached data when your Multi-AZ RDS is under maintenance
d) Gives you faster access to your cache data
a) It reduces the load on your web servers
b) It reduces the load on your db
You configured ELB to perform health checks on EC2 instances. If an instance fails to pass health checks, which statement will be true?

a) The instance is replaced automatically by the ELB
b) The instance gets terminated automatically by the ELB
c) The ELB stops sending traffic to the instance that failed its health check
d) The instance gets quarantined by the ELB for the root cause analysis
c) The ELB stops sending traffic to the instance that failed its health check
What are the characteristics of Dynamo DB (Choose 3)

a) It is used for SQL databases like MsSQL, MySQL, Oracle
b) Gives you a fast and predictable performance with seamless scalability
c) It is a managed service provided by AWS
d) When reading data from Amazon DynamoDB, users can specify whether they want the read to be eventually consistent or strongly consistent
e) There is a limit of stored data or throughput of data
b) Gives you a fast and predictable performance with seamless scalability
c) It is a managed service provided by AWS
d) When reading data from Amazon DynamoDB, users can specify whether they want the read to be eventually consistent or strongly consistent
You have a business critical application that requires it to be highly available with 6 instances always running. What should you do to achieve this (Choose 3)

a) 2 EC2 in 3 regions with ELB on top
b) 2 EC2 in 2 AZ with ELB on top
c) AutoScaling rule for 6 instances always running
d) Autoscaling rule for 3 instance always running in each zone
e) AutoScaling Replace the lost capacity in case of zone failure in the other zone
f) AutoScaling Replace the lost capacity in case of region failure in other region
c) AutoScaling rule for 6 instances always running
d) Autoscaling rule for 3 instance always running in each zone
e) AutoScaling Replace the lost capacity in case of zone failure in the other zone
What are the characteristics of Elastic Beanstalk (Choose 2)

a) You can use it to replace an instance in the ELB when it fails its health check
b) Helps you quickly deploy and manage applications in the AWS cloud
c) It creates a template for your EC2 instances
d) You don't need to worry about the infra required to run your application
b) Helps you quickly deploy and manage applications in the AWS cloud
d) You don't need to worry about the infra required to run your application
How do you achieve single sign on with AWS

a) It is configurable in the IAM policies for the user
b) By using Multi-factor authentication
c) By using Active Directory and LDAP integration
d) By configuring SAML 2.0
e) It is currently not possible in AWs
c) By using Active Directory and LDAP integration
What is true about VPC (Choose 3)

a) You can have one EC2 in more than 1 VPC
b) There will always be at least 1 default VPC
c) A VPC is always across multiple AZ within a region
d) You can either have a VPC with public subnet or private subnet
e) You may use a 3rd party VPN to create a site to site or remote access VPN connection with your VPC via the Internet Gateway
b) There will always be at least 1 default VPC
c) A VPC is always across multiple AZ within a region
e) You may use a 3rd party VPN to create a site to site or remote access VPN connection with your VPC via the Internet Gateway
You are building a system to distribute confidential training videos to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publically accessible from S3 directly?

a) Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI
b) Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket policy
c) Create an Identity and Access Management (IAM) user for CloudFront and grant access to the objects in your S3 bucket to the IAM user
d) Create a S3 bucket policy that lists the CloudFront distribution ID as the principal and the target bucket as the Amazon Resource Name (ARN)
a) Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI
An instance is connected to an ENI (Elastic Network Interface) in one subnet. What happens when you attach an ENI of a different subnet to this instance?

a) The instance follows the rules of the older subnet
b) The instance follows the rules of both the subnets
c) The instance follows the rules of the newer subnet
d) Not possible cannot be connected to 2 ENIs
b) The instance follows the rules of both the subnets
How do you point apex record of your website (example.com) to the public DNS of the Elastic Load Balancer

a) A record
b) CName record
c) AAAA record
d) Alias
e) NS record
d) Alias
Which of the following will occur when an EC2 instance in a VPC with an associated Elastic IP is stopped and started (Choose 2)

a) The Elastic IP will be dissociated from the instance
b) All data on instance-store devices will be lost
c) All data on EBS(Elastic Block Store) devices will be lost
d) The ENI (Elastic Network Interface) is detached
e) The underlying host for the instance may change
b) All data on instance-store devices will be lost
e) The underlying host for the instance may change
You are running an ERP application on EC2 for your company that runs 24x7 and the load is predictable and constant throughout the year. Which is the most cost-efficient option for the EC2 purchase model in this case?

a) On-Demand
b) Reserve
c) Dedicated
d) Spot
e) EC2 is not the right choice here
b) Reserve
What are the characteristics of EBS (Choose 3)

a) You can attach one EBS volume to multiple EC2 instances
b) Data in EBS is stored across multiple AZ for redundancy
c) Maximum size of an EBS can be 16 TB
d) You can have provisioned IOPS w/ your EBS volumes
e) EBS behaves like raw unformatted block device
c) Maximum size of an EBS can be 16 TB
d) You can have provisioned IOPS w/ your EBS volumes
e) EBS behaves like raw unformatted block device
What is true about AMI? (Choose 4)

a) You can share your AMI w/ other AWS account owners
b) You can create an instance store-backed AMI
c) You can create an EBS-backed AMI
d) For instance stored-backed AMIs, the root volume is stored in S3
e) For EBS stored-backed AMIs, the root volume is stored in S3
a) You can share your AMI w/ other AWS account owners
b) You can create an instance store-backed AMI
c) You can create an EBS-backed AMI
d) For instance stored-backed AMIs, the root volume is stored in S3
What is true about RDS? (Choose 3)

a) You can create multiple read replica for read heavy applications
b) You can have a read replica of a read replica
c) Daily backups are automatically taken
d) You can enable Multi-AZ option to have automatic failover in a different region
e) You can have provisioned IOPS for your RDS database
a) You can create multiple read replica for read heavy applications
c) Daily backups are automatically taken
e) You can have provisioned IOPS for your RDS database
You notice that you are not able to access your EC2 linux instance using SSH. What should you check first?

a) Make sure that the patches are up to date on the instance
b) Make sure that port 22 is open on the subnet for incoming traffic
c) Make sure that port 22 is open on the subnet for outgoing traffic
d) Make sure that port 22 is open on the security group for the incoming traffic
e) Make sure that port 22 is open on the security group for outgoing traffic
d) Make sure that port 22 is open on the security group for the incoming traffic
What are the characteristics of Subnet? (Choose 2)

a) Network traffic entering and exiting each subnet can be allowed or denied via network Access Control Lists (ACLs)
b) A subnet can be across multiple AZs
c) A subnet can be across multiple regions
d) Default subnets are assigned a /20 net blocks
e) Default subnets are assigned a /16 new blocks
a) Network traffic entering and exiting each subnet can be allowed or denied via network Access Control Lists (ACLs)
d) Default subnets are assigned a /20 net blocks
You have created 4 weighted resource record sets with weights 1, 2, 3, and 4. The 3rd record set is selected by Route53:

a) 1/7th of the time
b) 3/10th of the time
c) 3/7th of the time
d) 1/4th of the time
b) 3/10th of the time
Which of the following can be used as an origin server in CloudFront? (Choose 3)

a) A webserver running on EC2
b) A webserver running in your own datacenter
c) A RDS instance
d) An Amazon S3 bucket
e) Glacier storage
a) A webserver running on EC2
b) A webserver running in your own datacenter
d) An Amazon S3 bucket
In CloudFront what happens when content is NOT present at an Edge location and a request is made to it?

a) An Error 404 not found is returned
b) CloudFront delivers the content directly from the origin server & stores it in the cache of the edge location
c) The request is kept on hold till content is delivered to the edge location
d) The request is routed to the next closest edge location
b) CloudFront delivers the content directly from the origin server & stores it in the cache of the edge location
Which of the following is true with respect to serving private content through CloudFront? (Choose 3)

a) Signed URLs can be created to access objects from CloudFront edge locations
b) Direct access to S3 URLs can be removed therefore allowing access only through CloudFront URLs
c) Mark the S3 bucket private and allow access objects from CloudFront by means of Roles
d) Mark the S3 bucket private and create an Origin Access Identity to access the objects
a) Signed URLs can be created to access objects from CloudFront edge locations
b) Direct access to S3 URLs can be removed therefore allowing access only through CloudFront URLs
d) Mark the S3 bucket private and create an Origin Access Identity to access the objects
You have written a CloudFormation template that creates 1 elastic load balancer fronting 2 EC2 instances. Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack?

a) Resources
b) Parameters
c) Outputs
d) Mappings
c) Outputs
You are doing a large data analysis which requires high computing power and many instances to be launched simultaneously and then to be retired after the analysis. If the instance is retired during the analysis, the program automatically shifts the analysis to the other instance. Which is the most cost-efficient option for launching the EC2 in this case?

a) On-Demand
b) Reserved
c) Dedicated
d) Spots
e) EC2 is not the right choice here
d) Spots
What is true about penetration testing in AWS? (Choose 2)

a) You can do the penetration on your individual EC2 instance only
b) A prior permission is required from AWS for penetration testing
c) You cant do the penetration testing at all
d) You can ask AWS support to do the penetration testing
e) AWS will automatically conduct penetration testing from time to time
a) You can do the penetration on your individual EC2 instance only
b) A prior permission is required from AWS for penetration testing
What are the benefits of Multi-AZ RDS deployments? (Choose 2)

a) You get a read-replica
b) More availability during the maintenance window
c) Automatic failover in case of one data center failure
d) More IOPS available for data throughput
e) You get more privileges to manage your database
b) More availability during the maintenance window
c) Automatic failover in case of one data center failure
What are the characteristics of IAM? (Choose 2)

a) By default all the services are enabled for a new IAM user
b) By default all the services are disabled for a new IAM user
c) You can create multiple access ID and secret keys for 1 IAM user
b) By default all the services are disabled for a new IAM user
c) You can create multiple access ID and secret keys for 1 IAM user
What kind of data should not be stored in S3? (Choose 3)

a) Images and videos
b) Static files for your site
c) Your website database
d) Notifications from a computer program
e) Static files that are accessed once in many years
c) Your website database
d) Notifications from a computer program
e) Static files that are accessed once in many years
What are the characteristics of a reserved instance? (Choose 3)

a) It can be applied across regions
b) It save you significant money over on-demand instance
c) You can shut down the reserved instance any time you want and the hourly charges wont incur for the shutdown hours
d) If your AMI changes the Reserved instance is still valid if it's the same instance type
e) You pay a fixed amount of money irrespective of the number of hours you used the instance for
b) It save you significant money over on-demand instance
c) You can shut down the reserved instance any time you want and the hourly charges won't incur for the shutdown hours
d) If your AMI changes the Reserved instance is still valid if it's the same instance type
What are the characteristics of CloudFormation (Choose 2)

a) You can use it to replace an instance in the ELB when it fails its health check
b) Helps you quickly deploy and manage applications in the AWS cloud
c) It creates a template for your EC2 instance
d) You don't need to worry about the infra required to run your applications
c) It creates a template for your EC2 instance
d) You don't need to worry about the infra required to run your applications
To protect S3 data from accidental deletion and overwiritng you should...

a) Disable S3 delete using an IAM bucket policy
b) Access S3 data only using signed URLs
c) Enable S3 reduced redundancy storage
d) Enable S3 versioning on the bucket
e) Enable MFA protected access
d) Enable S3 versioning on the bucket
Which is an operational process performed by AWS for data security?

a) AES 256 bit encryption of data stored on any shared storage device
b) Decommissioning of storage device using industry-standard practices
c) Background virus scans of EBS volumes and EBS snapshots
d) Replication of data across multiple geographic regions
e) Secure wiping of EBS volumes when they are un-mounted
b) Decommissioning of storage device using industry-standard practices
Which metrics could CloudWatch watch? (Choose 2)

a) Hypervisor visible metrics such as CPU utilization
b) Operating system visible metrics such as memory utilization
c) Network Utilization (Read-write)
d) Web server visible metrics such as number failed transaction requests
e) Database visible metrics such as number of connections
a) Hypervisor visible metrics such as CPU utilization
c) Network Utilization (Read-write)
How should you launch instance if you need a pre-defined IP?

a) Launch it in a VPC
b) Launch it under an ELB
c) Pre-assign an IP using CloudFormation script
d) Launch it in a placement group
a) Launch it in a VPC
What is true about EBS? (Choose 3)

a) The snapshots are stored in S3
b) The snapshots are just stored as another EBS volume
c) Snapshots are incremental in nature and only
d) You can share the snapshot with other AWS accounts
e) Snapshots are automatically encrypted
a) The snapshots are stored in S3
c) Snapshots are incremental in nature and only
d) You can share the snapshot with other AWS accounts
What is the difference between a security group in VPC and a network ACL in VPC? (Choose 3)

a) Security group restricts access to a subnet while ACL restricts traffic to EC2
b) Security groups restricts access to EC2 while ACL restricts traffic to a subnet
c) Security group can work outside the VPC also while ACL only works within a VPC
d) Network ACL performs stateless filtering and Security group provides stateful filtering
e) Security group can only set allow rule, while ACL can set deny rule also
b) Security groups restricts access to EC2 while ACL restricts traffic to a subnet
d) Network ACL performs stateless filtering and Security group provides stateful filtering
e) Security group can only set allow rule, while ACL can set deny rule also
In which case do you have full authority of the underlying instance? (Choose 2)

a) EC2
b) RDS
c) Dynamo DB
d) EMR (Elastic Map Reduce)
e) Simple DB
a) EC2
d) EMR (Elastic Map Reduce)
What happens to data when an EC2 instance terminates? (Choose 3)

a) For EBS backed AMI, the EBS volume with operation system on it is preserved
b) For EBS backed AMI, any volume attached other than the OS volume is preserved
c) All the snapshots for the EBS volume with operating system is preserved
d) For S3 backed AMI, all the data in the local (ephemeral) hard drive is deleted
e) For instance store-backed EC2 the data is lost when the instance is rebooted
b) For EBS backed AMI, any volume attached other than the OS volume is preserved
c) All the snapshots for the EBS volume with operating system is preserved
d) For S3 backed AMI, all the data in the local (ephemeral) hard drive is deleted
For an EC2 instance launched in a private subnet in VPC, which of the following are the options for it to be able to connect to the internet (assume security groups have proper ports open)?

a) Simply attach an elastic IP
b) If there is also a public subnet in the same VPC, an ENI can be attached to the instance with the IP address range of the public subnet
c) If there is a public subnet in the same VPC with a NAT instance attached to internet gateway, then a route can be configured from the instance to the NAT
d) There is no way for an instance in private subnet to talk to the internet
c) If there is a public subnet in the same VPC with a NAT instance attached to internet gateway, then a route can be configured from the instance to the NAT
Which of the following Auto Scaling cannot do? (Choose 3)

a) Startup EC2 instances when the CPU utilization is above threshold
b) Release EC2 instances when CPU utilization is below threshold
c) Increase the instance size when utilization is above threshold
d) Add more Relational Database Service (RDS) read replicas when utilization is above threshold
e) Reboots an instance if the health check is failed for that instance
c) Increase the instance size when utilization is above threshold
d) Add more Relational Database Service (RDS) read replicas when utilization is above threshold
e) Reboots an instance if the health check is failed for that instance
Does S3 provides read-after-write consistency?

a) Yes, not all regions
b) Yes, for all regions
c) No, it doesn't provide read-after-write consistency
d) You can provision this by making the right API calls
b) Yes, for all regions
What is true for S3 buckets? (Choose 3)

a) Bucket namespace is shared globally among all AWS users
b) Bucket names can contain alphanumeric characters
c) Buckets are associated with a region, and all data in a bucket resides in that region
d) Buckets can be transferred from one account to another through API
e) You can have unlimited number of buckets in each AWS account
a) Bucket namespace is shared globally among all AWS users
b) Bucket names can contain alphanumeric characters
c) Buckets are associated with a region, and all data in a bucket resides in that region
Choose the correct statement (Choose 3)

a) You can have unlimited number of objects in S3 bucket
b) An S3 object can be of unlimited size
c) Data stored in S3 is encrypted
d) You can use Reduced Redundancy storage for lower cost option
e) You can serve your static site from S3
a) You can have unlimited number of objects in S3 bucket
d) You can use Reduced Redundancy storage for lower cost option
e) You can serve your static site from S3
In ClodFront what happens when content is NOT present at an Edge location and a request is made to it?

a) An Error 404 not found is returned
b) CloudFront delivers the content directly from the origin server and stores it in the cache of the edge location
c) The request is kept on hold till content is delivered to the edge location
d) The request is routed to the next closest edge location
b) CloudFront delivers the content directly from the origin server and stores it in the cache of the edge location
Which of the services could spread across Multi-AZ? (Choose 2)

a) EC2
b) ELB
c) RDS
d) Dynamo DB
e) EBS
b) ELB
c) RDS
How do you attach a new EBS to an EC2? (Choose 3)

a) Using AWS management console
b) Using AWS API tools
c) Using AWS command line interface
d) By doing an RDP to the instance
e) By doing an SSH to the instance
a) Using AWS management console
b) Using AWS API tools
c) Using AWS command line interface
Which of the following will provide the maximum IOPS for your EC2?

a) Instance based SSD storage
b) EBS with SSD storage
c) EBS with provisioned IOPS
d) Stripe data across Multiple EBS volumes with Raid 5
e) Stripe data across Multiple EBS volumes with Raid 0
e) Stripe data across Multiple EBS volumes with Raid 0
Choose the right statements about EC2 instance: (Choose 3)

a) The instance based storage is automatically saved in S3
b) You can use the instance based storage for your root volume
c) You can attach multiple Elastic IPs to a single EC2
d) The public DNS of the EC2 remains intact when you shutdown the EC2 and start it again
e) Data on the instance based storage remains intact when you reboot the instance
b) You can use the instance based storage for your root volume
c) You can attach multiple Elastic IPs to a single EC2
e) Data on the instance based storage remains intact when you reboot the instance
What is the best way of taking a fast snapshot without losing the consistency?

a) Stop the EC2, issue a snapshot command, Switch on the EC2
b) Stop the EC2, issue a snapshot command, and wait to complete the snapshot, remount EBS
c) Just issue the snapshot command
d) Unmount EBS, issue snapshot command, remount
e) Unmount EBS, take snapshot, wait to complete the snapshot, remount EBS
d) Unmount EBS, issue snapshot command, remount
What is the max size of a single S3 object?

a) There is no such limit
b) 5 TB
c) 5 GB
d) 100 GB
b) 5 TB
Which of the following benefits does adding Multi-AZ deployment in RDS provide?

a) Multi-AZ deployed database can tolerate an AZ failure
b) Decrease latencies if app servers accessing database are in multiple AZ
c) Make database access times faster for all app servers
d) Make data base more available during maintenance tasks
a) Multi-AZ deployed database can tolerate an AZ failure
d) Make data base more available during maintenance tasks
When an ELB is setup, what is the best way to route a website's traffic to it?

a) Resolve the ELB name to an IP address and point the website to that IP
b) There is no direct way to do so, Route53 has to be used
c) Generate a CNAME record for the website pointing to the DNS name of the ELB
c) Generate a CNAME record for the website pointing to the DNS name of the ELB
You want to use Route53 to direct your www sub-domain to an elastic load balancer fronting your web servers. What kind of record set should you create?

a) A
b) AAAA
c) NS
d) CNAME
d) CNAME
You have created a Route53 latency record set from your domain to a machine in Singapore and a similar record to a machine in Oregon. When a user located in India visits your domain he will be routed to:

a) Singapore
b) Oregon
c) Depends on the load on each machine
d) Both, because the 2 request are made, 1 to each team
a) Singapore
If I want an instance to have a public IP address, which IP address should I user?

a) Elastic IP address
b) Class B IP address
c) Class A IP address
d) Dynamic IP address
a) Elastic IP address
What does RRS stand for when talking about S3?

a) Redundancy Removal System
b) Relational Rights Storage
c) Regional Rights Standard
d) Reduced Redundancy Storage
d) Reduced Redundancy Storage
What does the AWS Storage Gateway provide?

a) It allows to integrate on-premises IT environments with Cloud Storage
b) A direct encrypted connection to Amazon S3
c) It's a backup solution that provides an on-premises Cloud storage
d) It provides an encrypted SSL endpoint for backups in the Cloud
a) It allows to integrate on-premises IT environments with Cloud Storage
How many relational database engines does RDS currently support?

a) 5: MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL server
b) 2: MySQL and Oracle
c) 5: MySQL, PostgreSQL, MongoDB, Cassandra and SQLite
d) Just MySQL
a) 5: MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL server
What are the two permission types used by AWS?

a) Resource based and Product based
b) Product based and Service based
c) Service based
d) User based and Resource based
d) User based and Resource based
Which of the following requires a custom CloudWatch metric to monitoring?

a) Disk usage activity of the ephemeral volumes of an Amazon EC2 instance
b) CPU Utilization of an Amazon EC2 instance
c) Disk usage activity of an EBS volume attached to an EC2 instance
d) Disk full percentage of an Elastic Block store volume
d) Disk full percentage of an Elastic Block store volume
Your web application is using Auto Scaling and ELB . You want to monitor the application to ensure that is maintain a good quality of service for your customers, defined by the application's page load time.

a) Latency reported by the elastic load balancer
b) Request count reported by the ELB
c) Aggregate networking for the web tier
d) Aggregate CPU Utilization for the web tier
a) Latency reported by the elastic load balancer
You run a two tiered app with the following components: an ELB, there web/app server on EC2, and one MySQL RDS database. With growing load, database query take longer and longer and slow down the overall response time for the user request.

What of the following options could speed up performance? (Choose 3)

a) Create an RDS read-replica and redirect half of the database read request to it
b) Cache database queries in Amazon Elastic Cloud
c) Setup RDS in multi-availability zone mode
d) Shard the database and distribute loads between shards
e) Use Amazon CloudFront to cache database queries
a) Create an RDS read-replica and redirect half of the database read request to it
b) Cache database queries in Amazon Elastic Cloud
d) Shard the database and distribute loads between shards
As an application has increased in popularity, reports of performance issues have grown. The current configuration initiates scaling actions based on avg CPU utilization; however during reports of slowness, CloudWatch graphs have shown that avg CPU remains steady at 40%. This is well below the alarm threshold of 60%. Your developers have discovered that, due to the unique design of the app, performance degradation occurs on an instance when it is processing more than 200 threads.

What is the best way to ensure that your app scales to match the demands?

a) Launch two to six additional instances outside of the auto-scaling group to handle the additional load.
b) Populate the custom CloudWatch metric for concurrent session and initiate scaling action based on that metric instead of CPU use.
c) Empirically determine the expected CPU use for 200 concurrent session and initiate scaling action based on that metric instead of CPU use.
d) Add a script to each instance to detect the number of concurrent sessions. If the number of session remains over 200 for five minutes, have the instance increased the desired capacity of the auto-scaling group by one.
c) Empirically determine the expected CPU use for 200 concurrent session and initiate scaling action based on that metric instead of CPU use.
Your company has built a mobile application that has already been downloaded several hundred thousand times.

Which authentication solution would enable mobile clients to access pictures stored in an AWS S3 bucket and provide you with the highest flexibility to rotate credentials?

a) Identify federation based on AWS security token service (STS) using an AWS IAM policy for the respective S3 bucket
b) IAM user per registered client with an IAM policy granted AWS S3 access to the respective bucket
c) AWS S3 policy A
a) Identify federation based on AWS security token service (STS) using an AWS IAM policy for the respective S3 bucket
EBS can always tolerate an Availability Zone failure?

a) No, all EBS volume is stored in a single AZ
b) Yes, EBS volume has multiple copies so it should be fine
c) Depends on how it is setup
d) Depends on the Regions where the EBS volume is initiated
a) No, all EBS volume is stored in a single AZ
You receive a spot instance at a bid of $0.05/hr. After 30 minutes, the spot price increased to $0.06/hr and your spot instances is terminated by AWS. What was the total EC2 compute cost of running your spot instance?

a) $0.00
b) $0.02
c) $0.03
d) $0.05
a) $0.00
You have an Amazon EC2 security group with several running EC2 instances. You change the security group rules to allow inbound traffic on a new port and protocol, and launch several new instance in the same security group. The new rule apply:

a) Immediately to the new instances only
b) Immediately to the new instances only, but old instance must be stopped and restarted before the new rule apply
c) TO all instances, but it may take several minutes for old install to see the changes.
d) Immediately to all instances in the security group
d) Immediately to all instances in the security group
You are developing a highly available web application using stateless web servers. Which services are suitable for storing session state data? (Choose 3)

a) Amazon DynamoDB
b) Amazon ElastiCache
c) ELB
d) AWS Storage Gateway
e) RDS
f) Amazon CloudWatch
a) Amazon DynamoDB
b) Amazon ElastiCache
e) RDS
What combination of the following options will protect Amazon S3 objects from both accidental deletion and accidental overwriting? (Choose 2)

a) Enable S3 versioning on bucket
b) Access S3 data using only signed URLs
c) Disable S3 delete using an IAM bucket policy
d) Enable S3 Reduced Redundancy Storage
e) Enable Multi-factor authentication (MFA) protected access
a) Enable S3 versioning on bucket
e) Enable Multi-factor authentication (MFA) protected access
You have been tasked with creating a VPC network topology for your company. The VPC network must support both internet facing application and internally facing application accessed only over VPN. Both internet facing and internally facing applications must be able to leverage at least 3 AZs for high availability. At a min, how many subnets must you create within your VPC to accommodate these requirements?

a) 2
b) 3
c) 4
d) 6
d) 6
You have an Amazon VPC with a public subnet. 3 Amazon EC2 instances currently running inside the subnet can successfully communicate with other hosts on the internet. You launch a 4th instance in the same subnet, using the same AMI and security group config, you used for others, but find that this instance cannot be accessed from the internet. What should you do to enable internet access?

a) Deploy a NAT instance into the public subnet
b) Modify the routing table for the public subnet
c) Config a publically routable IP address in the host OS of the 4th instance
d) Assign an elastic IP address to the 4th instance
d) Assign an elastic IP address to the 4th instance
You have a business-critical two-tier web app currently deployed in two AZs in a single region, using ELB and autoscaling. The app depends on synchronous replication (very low latency connectivity) at the data layer. The app needs to remain fully avail even if one app AZ goes off-line, and autoscaling cannot launch new instance in the remaining AZ, how can the current architecture be enhanced to ensure this?

a) Deploy in 3 AZ, with autoscaling min set to handle 33% peak load per zone
b) Deploy in 2 regions using Weighted ROund Robin (WRR), with autoscaling min set for 50%
c) Deploy in 2 regions using Weighted ROund Robin (WRR), with autoscaling min set for 100%
d)Deploy in 3 AZ, with autoscaling min set to handle 50% peak load per zone
d)Deploy in 3 AZ, with autoscaling min set to handle 50% peak load per zone
Which of the following requires a custom CloudWatch metric to monitor?

a) Memory Use
b) CPU use
c) Disk read operations
d) Network in
e) Estimated charges
a) Memory Use
How can software determine the public and private IP of the AWS EC2 instance that it is running on?

a) Query the appropriate AWS CloudWatch metric
b) Use ipconfig or ifconfig command
c) Query the local instance metadata
d) Query the local instance userdata
c) Query the local instance metadata
Amazon Glacier is designed for: (Choose 2)

a) Infrequently accessed data
b) Cached session data
c) Active database storage
d) Data archive
e) Frequently accessed data
a) Infrequently accessed data
d) Data archive
What action is required to establish an VPC VPN connection between an on-premise data center and Amazon VPC virtual private gateway

a) Established a dedicated network connection using AWS direct connect
b) Modify the main route table to allow traffic to a network address translation instance
c) Use a dedicated network address translation instance in the public subnet
d) Assign a static internet routable IP address to Amazon VPC customer gateway
d) Assign a static internet routable IP address to Amazon VPC customer gateway
Which of the following is a durable key-value store?

a) Amazon SNS
b) Amazon SQS
c) Amazon SWS
d) Amazon S3
d) Amazon S3
Which route must be added to your routing table in order to allow connections to the internet from your subnet?

a) Destination:0.0.0.0/0 => Target: your internet gateway
b) Destination:192.168.1.257/0 => Target: your internet gateway
c) Destination:0.0.0.0/33 => Target: your virtual private gateway
d) Destination:0.0.0.0/0 => Target: 0.0.0.0/24
e) Destination:0.0.0.0/32 => Target: your virtual private gateway
a) Destination:0.0.0.0/0 => Target: your internet gateway
After creating a new AWS account, you use the API to request 40 ondemand AWS EC2 instances in a single AZ. After 20 successful requests, subsequent request failed. What could be a reason for this issue, and how would you resolve it?

a) You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved
b) AWS allows you to provision no more than 20 instances per AZ. Select a different AZ and retry the failed request
c) You need to use Amazon VPC in order to provision more than 20 instances in a single AZ. Simply terminate the resources already provisioned and re-launch them all in a VPC
d) You encounter an API throttling situation and should try the failed request using an exponential decay retry algorithm
a) You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved
In reviewing the auto scaling events for your app you notice that your appl is scaling up and down multiple times in the same hour. What design choice could you make to optimize for cost while preserving elasticity? (Choose 2)

a) Modify the auto-scaling group termination policy to terminate the oldest instance first
b) Modify the auto scaling to use scheduled scaling actions
c) Modify the auto scaling group termination policy to terminate the newest instance first
d) Modify the Amazon CloudWatch alarm period that trigger your auto scaling scale down policy
e) Modify the auto scaling group cool-down timers.
d) Modify the Amazon CloudWatch alarm period that trigger your auto scaling scale down policy
e) Modify the auto scaling group cool-down timers.
A customer's nightly EMR job processes a single 2-tb data file stored on S3. The Amazon EMR job runs on two on-demand core nodes and threes on-demand task nodes. Which of the following may help reduce the EMR job completion time? (Choose 2)

a) Use 3 spot instances rather than 3 on-demand instances for the task nodes
b) Change the input split size in the MapReduce job config
c) Use a bootstrap action to present the S3 bucket as a local file system
d) Launch the core nodes and take nodes within Amazon Virtual Cloud
e) Adjust the number of simultaneous mapper tasks
f) Enable termination protection for the job flow
b) Change the input split size in the MapReduce job config
e) Adjust the number of simultaneous mapper tasks
You have an app running in US-West-2 that requires 6 Amazon EC2 instances running at all the times. With 3 AZs available in that Region (US-West-2a, US-West-2b, US-West-2c) which of the following deployments provides 100% fault tolerance if any single AZ in US-West-2 becomes unavailable? (Choose 2)

a) US-West-2a with 2 EC2 instances, US-West-2b with 2 EC2 instances, US-West-2c with 2 EC2 instances
b) US-West-2a with 3 EC2 instances, US-West-2b with 3 EC2 instances, US-West-2c with no EC2 instances
c) US-West-2a with 4 EC2 instances, US-West-2b with 2 EC2 instances, US-West-2c with 2 EC2 instances
d) US-West-2a with 6 EC2 instances, US-West-2b with 6 EC2 instances, US-West-2c with no EC2 instances
e) US-West-2a with 3 EC2 instances, US-West-2b with 3 EC2 instances, US-West-2c with 3 EC2 instances
d) US-West-2a with 6 EC2 instances, US-West-2b with 6 EC2 instances, US-West-2c with no EC2 instances
e) US-West-2a with 3 EC2 instances, US-West-2b with 3 EC2 instances, US-West-2c with 3 EC2 instances
A VPC public subnet is one that:

a) Has at least 1 route in its associate routing table that uses an Internet Gateway (IGW)
b) Included a route in its associated routing table via a NAT
c) Has Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0
d) Has the public subnet options selected in it congif
a) Has at least 1 route in its associate routing table that uses an Internet Gateway (IGW)
You are deploying an app on EC2 that must call AWs APIs. WHat method of securely passing credentials to the app should you use?

a) Store API credentials as an object in Amazon S3
b) Use AWS identity and access management roles for EC2 instance
c) Pass API credentials to the instance using instance user data
d) Embed the API credential into your jar file
b) Use AWS identity and access management roles for EC2 instance
A startup co hired you to help them build a mobile application, that will ultimately store billions of images and videos in Amazon Simple Storage double their current installation base every 6 months, due to the nature of their business, they are expecting sudden and large increase in traffic to and from S3, and need to ensure that it can handle the performance need of their applications. What other information must you gather from this customer in order to determine whether S3 is the right option?

a) You must know how many customers the company has today, because this critical in understanding what their customer base will be in two years
b) You must find out total number of requests per second at peak large
c) You must know the size individual objects being written to S3, in order to properly design they key namespace
d) In order to build the key namespace correctly, you must understand the total amount of storage needs for each S3 bucket
b) You must find out total number of requests per second at peak large
YOU MIGHT ALSO LIKE...