IAM/S3
[IAM] What is an additional way to secure the AWS accounts of both the root account and new uses alike?
MFA (Multi-factor Authentication)
[EC2] What does EC2 stand for and what does it do?
Amazon Elastic Compute cloud (Amazon EC2) is a web service that provides resizable compute capacity in the cloud. Amazon EC2 reduces the time required to obtain and boot new server instances to minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change.
[DB] What are the types of backups supported on RDS?
Automated Backups and Database Snapshots
[R53] What is DNS?
Converts human-friendly domain names into an internet IP address
[VPC] What does VPC stand for and explain what it is?
Virtual Private Cloud. A virtual data center int he cloud. A virtual "network" of AWS resources that are logically isolated. You have complete control to define internal IP ranges, subnets, route tables and network gateways
[S3] When you activate Cross Region Replication, do existing objects are replicated?
No. Existing objects will not be replicated. Cross-Region Replication replicates every future upload of every object to another bucket.
[EC2] Your Operations department is using an incident-based application hosted on a set of EC2 instances. These instances are placed behind an Auto Scaling Group to ensure that the right number of instances are in place to support the application. The Operations department has expressed dissatisfaction with regard to poor application performance every day at 9:00 AM. However, it is also noted that the system performance returns to optimal at 9:45 AM. What could be done to fix the issue?
Add a Scheduled Scaling Policy at 8:30 AM
[EC2] What are the Relational Databases on AWS? (6)
1. SQL Server
2. Oracle
3. MySQL Server
4. PostgresSQL
5. Aurora
6. MariaDB
[R53] How do you find the IP address for an ELB?
ELB's do not have pre-defined IPv4 addresses, you resolve to them using a DNS name.
[VPC] Security groups act like a firewall at the instance level, whereas _________ are an additional layer of security that act at the subnet level.
Network ACLs
[S3] You are a solutions architect who works with a large digital media company. The company has decided that they want to operate within the Japanese region and they need a bucket called "testbucket" set up immediately to test their web application on. You log in to the AWS console and try to create this bucket in the Japanese region however you are told that the bucket name is already taken. What should you do to resolve this?
Bucket names are global, not regional. This is a popular bucket name and is already taken. You should choose another bucket name.
[EC2] What are the EC2 Pricing Models and Explain their differences? (4)
1. On Demand - Allows you to pay a fixd rate by the hour (or by the second) with no commitment
2. Reserved - Provides you with a capacity reservation and offer a significant discount on hourly charge for an instance.
3. Spot - Enables you to bid whatever price you want for instance capacity, providing greater savings if your application have flexible start and end times
4. Dedicated Hosts - Physical EC2 Server dedicated for your use.
[DB] RDS has two key features, what are they and explain the differences?
Multi-AZ - For Disaster Recovery. Pointed to a primary database so if the primary is lost the DNS would point to the secondary. Failover is automatic.
Read Replicas - EC2 instances are pointing to a primary connection stream, a copy is made to a second database each time you write. Fail over is not automatic.
[R53] What happens to a record set if it fails a health check?
It will be removed from Route53 until it passes the health check.
[VPC] What are the different Load Balancer Types and explain what they do? (3)
Application Load Balancer - best suited for load balancing of HTTP and HTTP traffic
Network Load Balancers - Best suited for balancing TCP traffic where extreme performance is required
Classic Load Balancer - legacy ELB. You can load balance HTTP/HTTPS application and use Layer 7-specific features.
[S3] What are the S3 Storage Classes and explain their differences? (6)
Standard - Redundant Multi-AZ Copies & Fault Tolerant Designs
S3 Infrequently Accessed - For data that is accessed less frequently but requires rapid access when needed
S3 One Zone IA - Lower cost option for infrequently accessed data, but does not require multiple AZ data resilience
S3 Intelligent Tiering - Designed to optimize costs by automatically moving data to the most cost-effective access tier without performance impact or operational overhead
S3 Glacier - secure, durable and low cost storage class for data archiving. Retrieval times configurable form minutes to hours.
S3 Glacier Deep Archive - Lowest cost storage where retrieval time of 12 hours is acceptable
[EC2] What are the 5 EBS Types, their API names and best Use Cases.
General Purpose SSED (gp2) - Most work loads
Provisioned IOPS SSD (io1) - Databases
Throughput Optimized HDD (st1) - Big Data & Data Warehouses
Cold HDD (sc1) - File Servers
EBS Magnetic (Standard) - Workloads where data is infrequently accessed
You are working for an advertising company as their Senior Solutions Architect handling the S3 storage data. Your company has terabytes of data sitting on AWS S3 standard storage class, which accumulates significant operational costs. The management wants to cut down on the cost of their cloud infrastructure so you were instructed to switch to Glacier to lessen the cost per GB storage.
The Amazon Glacier storage service is primarily used for which use case? (Choose 2)
[A] Storing cached session data
[B] Storing infrequently accessed data
[C] Storing Data archives
[D] Used for active database storage
[E] Use as a data warehouse
B & C
[B] Storing infrequently accessed data
[C] Storing Data archives
[R53] Explain the differences between the Route53 Routing Policies. (6)
Simple Routing Policy - only 1 DNS record with single or multiple IP adddresses
Weighted Routing Poicy - based on user-defined weights for different IPs, Route 53 will enforce proportional loads (ex: 20% of requests go to Seattle IP, 80% will go to Texas)
Latency Based Routing - selects region to deliver fastest response (lowest network latency) for end users
Failover Routing - automatically re-routes to backup site if Primary fails Health Check
Geolocation Routing - custom routing based on user location
Multi-Value Answer Routing - allows you to create multiple A records with optional health checks (so only health server are returned), similar to simple routing but this allows multiple IPs
[VPC] You are instructed by your manager to set up a bastion host in your Amazon VPC and it should only be accessed from the corporate data center via SSH. What is the best way for you to achieve this?
[A] Create a large EC2 instance with a security group which only allows access on port 22 using your own pre-configured password
[B] Create a large EC2 instance with a security group which only allows access on port 22 via the IP address of the corporate data center. Use a private key (.pem) file to connect to the bastion host.
[C] Create a small EC2 instance with a security group which only allows access on port 22 using your own pre-configured password.
[D] Create a small EC2 instance with a security group which only allows access on port 22 via the IP address of teh corporate data center. Use a private (.pem) file to connect to the bastion host.
[D] Create a small EC2 instance with a security group which only allows access on port 22 via the IP address of teh corporate data center. Use a private (.pem) file to connect to the bastion host.
You are working for a litigation firm as the Data Engineer for their case history application. You need to keep track of all the cases your firm has handled. The static assets like .jpg, .png, and .pdf files are stored in S3 for cost efficiency and high durability. As these files are critical to your business, you want to keep track of what's happening in your S3 bucket. You found out that S3 has an event notification whenever a delete or write operation happens within the S3 bucket.
What are the possible Event Notification destinations available for S3 buckets? (Choose 2)
[A] Kinesis
[B] SES
[C] SQS
[D] Lambda function
[E] SWF
C & D
[C] SQS
[D] Lambda function
You run a website which accepts high-quality photos and turns them into a downloadable video montage. The website offers a free account and a premium account that guarantees faster processing. All requests by both free and premium members go through a single SQS queue and then processed by a group of EC2 instances which generate the videos. You need to ensure that the premium users who paid for the service have higher priority than your free members.
How do you re-design your architecture to address this requirement?
[A] For the requests made by premium members, set a higher priority in the SQS queue so it will be processed first compared to the requests made by free members.
[B] Create an SQS queue for free members and another one for premium members. Configure your EC2 instances to consume messages from the premium queue first and if it is empty, poll from the free members' SQS queue.
[C] Use Amazon Kinesis to process the photos and generate the video montage in real time.
[D] Use Amazon S3 to store and process the photos and then generate the video montage afterward.
[B] Create an SQS queue for free members and another one for premium members. Configure your EC2 instances to consume messages from the premium queue first and if it is empty, poll from the free members' SQS queue.
As a Junior Software Engineer, you are developing a hotel reservations application and are given the task of improving the database aspect of the app. You found out that RDS does not satisfy the needs of your application because it does not scale as easily compared with DynamoDB. You need to demonstrate to your Senior Software Engineer the advantages of using DynamoDB over RDS.
What are the valid use cases for Amazon DynamoDB? (Choose 2)
[A] Running relational SQL joins and complex data updates
[B] Managing web sessions.
[C] Storing large amounts of infrequently accessed data
[D] Storing metadata for Amazon S3 objects
[E] Storing BLOB data.
B & D
[B] Managing web sessions.
[D] Storing metadata for Amazon S3 objects
You are an IT Consultant for an advertising company that is currently working on a proof of concept project that automatically provides SEO analytics for their clients. Your company has a VPC in AWS that operates in dual-stack mode in which IPv4 and IPv6 communication is allowed. You deployed the application to an Auto Scaling group of EC2 instances with an Application Load Balancer in front that evenly distributes the incoming traffic. You are ready to go live but you need to point your domain name (tutorialsdojo.com) to the Application Load Balancer.
In Route 53, which record types will you use to point the DNS name of the Application Load Balancer? (Choose 2)
[A] Non-Alias with a type "A" record set
[B] Alias with a type "AAAA" record set
[C] Alias with a type "CNAME" record set
[D] Alias with a type "A" record set
[E] Alias with a type of "MX" record set
B & D
[B] Alias with a type "AAAA" record set
[D] Alias with a type of "A" record set
[VPC] A media company has two VPCs: VPC-1 and VPC-2 with peering connection between each other. VPC-1 only contains private subnets while VPC-2 only contains public subnets. The company uses a single AWS Direct Connect connection and a virtual interface to connect their on-premises network with VPC-1.
Which of the following options increase the fault tolerance of the connection to VPC-1? (Choose 2)
[A] Establish a hardware VPN over the Internet between VPC-a and the on-premises Network
[B] Use the AWS VPN CloudHub to create a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2
[C] Establish a hardware VPN over the internet between VPC-2 and the on-premises network.
[D] Establish a new AWS Direct Connect connection and private virtual interface in the same region as VPC-2
[E] Establish another AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1
A & E
[A] Establish a hardware VPN over the Internet between VPC-a and the on-premises Network
[E] Establish another AWS Direct Connect connection and private virtual interface in the same AWS region as VPC-1