Instance Types and Pricing Options
Which EC2 instance type is best suited for applications that require a balance of compute, memory, and networking resources?
A. Compute Optimized
B. Memory Optimized
C. General Purpose
D. Storage Optimized
C. General Purpose
General Purpose instances provide a balanced mix of compute, memory, and networking resources, making them suitable for a wide variety of applications.
Which EBS volume type supports larger volumes and higher IOPS, making it suitable for mission-critical applications?
A. gp2
B. io2 Block Express
C. st1
D. sc1
B. io2 Block Express
io2 Block Express volumes are a high-performance option designed for mission-critical applications. They support larger volumes and higher IOPS, making them suitable for applications that require the highest levels of performance and durability.
What is the primary purpose of using Amazon RDS with a multi-AZ configuration?
A. To improve read performance.
B. To provide high availability and failover support.
C. To reduce the cost of database operations.
D. To increase the storage capacity of the database.
B. To provide high availability and failover support.
To provide high availability and failover support: Multi-AZ configuration ensures that your database is highly available and can failover to a standby instance in case of an outage.
Which EBS volume type provides higher baseline performance and lower cost compared to its predecessor?
A. gp2
B. io1
C. gp3
D. sc1
C. gp3
General Purpose SSD (gp3) volumes offer higher baseline performance and lower cost compared to gp2 volumes. They are suitable for a wide range of workloads, including boot volumes and general-purpose application
Which EC2 purchasing option is best suited for applications with flexible start and end times, and can tolerate interruptions, offering potential cost savings of up to 90% compared to On-Demand pricing?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Dedicated Hosts
C. Spot Instances
Spot Instances enable you to bid for unused EC2 capacity at potentially lower prices than On-Demand Instances. This option is ideal for applications with flexible start and end times, or for workloads that are resilient to interruptions, such as batch processing, data analysis, or background processing tasks. Spot Instances can offer cost savings of up to 90% compared to On-Demand pricing.
A developer must identify the public IP addresses of clients connecting to Amazon EC2 instances behind a public Application Load Balancer (ALB). The EC2 instances run an HTTP server that logs all requests to a log file.
How can the developer ensure the client public IP addresses are captured in the log files on the EC2 instances?
a. Configure the HTTP server to add the x-forwarded-for request header to the logs.
b. Install the AWS X-Ray daemon on the EC2 instances and configure request logging.
c. Configure the HTTP server to add the x-forwarded-proto request header to the logs.
d. Install the Amazon CloudWatch Logs agent on the EC2 instances and configure logging.
a. Configure the HTTP server to add the x-forwarded-for request header to the logs.
The X-Forwarded-For request header is automatically added and helps you identify the IP address of a client when you use an HTTP or HTTPS load balancer.
Because load balancers intercept traffic between clients and servers, your server access logs contain only the IP address of the load balancer. To see the IP address of the client, use the X-Forwarded-For request header.
The HTTP server may need to be configured to include the x-forwarded-for request header in the log files. Once this is done, the logs will contain the public IP addresses of the clients.
CORRECT: "Configure the HTTP server to add the x-forwarded-for request header to the logs" is the correct answer (as explained above.)
INCORRECT: "Configure the HTTP server to add the x-forwarded-proto request header to the logs" is incorrect.
This request header identifies the protocol (HTTP or HTTPS).
INCORRECT: "Install the AWS X-Ray daemon on the EC2 instances and configure request logging" is incorrect.
X-Ray is used for tracing applications; it will not help identify the public IP addresses of clients.
INCORRECT: "Install the Amazon CloudWatch Logs agent on the EC2 instances and configure logging" is incorrect.
The Amazon CloudWatch Logs agent will send application and system logs to CloudWatch Logs. This does not help to capture the client IP addresses of connections.
A developer with access to the AWS Management Console terminated an instance in the us-east-1a availability zone. The attached EBS volume remained and is now available for attachment to other instances. Your colleague launches a new Linux EC2 instance in the us-east-1e availability zone and is attempting to attach the EBS volume. Your colleague informs you that it is not possible and need your help.
Which of the following explanations would you provide to them?
a. The required IAM permissions are missing
b. The EBS volume is encrypted
c. EBS volumes are region locked
d. EBS volumes are AZ locked
d. EBS volumes are AZ locked
An Amazon EBS volume is a durable, block-level storage device that you can attach to your instances. After you attach a volume to an instance, you can use it as you would use a physical hard drive. EBS volumes are flexible. For current-generation volumes attached to current-generation instance types, you can dynamically increase size, modify the provisioned IOPS capacity, and change volume type on live production volumes.
When you create an EBS volume, it is automatically replicated within its Availability Zone to prevent data loss due to the failure of any single hardware component. You can attach an EBS volume to an EC2 instance in the same Availability Zone.
What is the primary benefit of using IAM roles with EC2 instances?
A. Reduces the cost of EC2 instances
B. Simplifies the process of launching instances
C. Grants permissions to instances without hardcoding credentials
D. Increases the storage capacity of instances
C. Grants permissions to instances without hardcoding credentials
IAM roles allow you to grant permissions to EC2 instances without the need to hardcode credentials, enhancing security and simplifying access management.
A cybersecurity firm wants to run their applications on single-tenant hardware to meet security guidelines.
Which of the following is the MOST cost-effective way of isolating their Amazon EC2 instances to a single tenant?
a. Dedicated Hosts
b. Spot Instances
c. Dedicated Instances
d. On-Demand Instances
c. Dedicated Instances
Dedicated Instances are Amazon EC2 instances that run in a virtual private cloud (VPC) on hardware that's dedicated to a single customer. Dedicated Instances that belong to different AWS accounts are physically isolated at a hardware level, even if those accounts are linked to a single-payer account. However, Dedicated Instances may share hardware with other instances from the same AWS account that are not Dedicated Instances.
A Dedicated Host is also a physical server that's dedicated for your use. With a Dedicated Host, you have visibility and control over how instances are placed on the server. This option is costlier than the Dedicated Instance and hence is not the right choice for the current requirement.
An Amazon EC2 instance is being deployed with an Elastic Load Balancer (ELB). A developer needs to run a script when the instance is being launched. What is the SIMPLEST method of running the script?
a. Place the code in the EC2 User Data
b. Using EC2 Run Command
c. Place the code in the EC2 Metadata
d. Using Amazon CloudWatch Events
a. Place the code in the EC2 User Data
When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts. You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives. You can also pass this data into the launch wizard as plain text, as a file (this is useful for launching instances using the command line tools), or as base64-encoded text (for API calls).
Using user data is definitely the simplest method of achieving this requirement. If using an Auto Scaling Group, you would also only have to place the data in the user data field once for the launch configuration.
INCORRECT: "Using EC2 Run Command" is incorrect. Run command does allow the running of scripts on EC2 instances at scale. However, this is not the simplest method of achieving this objective as we’re only dealing with a single instance.
INCORRECT: "Place the code in the EC2 Metadata" is incorrect. Instance metadata is data about your instance that you can use to configure or manage the running instance.
INCORRECT: "Using Amazon CloudWatch Events" is incorrect as this service alerts you to events happening in your AWS resources, it does not allow you to run scripts on EC2 instances.
References:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/user-data.html
An organization has offices across multiple locations and the technology team has configured an Application Load Balancer across targets in multiple Availability Zones. The team wants to analyze the incoming requests for latencies and the client's IP address patterns.
Which feature of the Load Balancer will help collect the required information?
a. ALB request tracing
b. ALB access logs
c. CloudWatch metrics
d. CloudTrail logs
b. ALB access logs
ALB access logs - Elastic Load Balancing provides access logs that capture detailed information about requests sent to your load balancer. Each log contains information such as the time the request was received, the client's IP address, latencies, request paths, and server responses. You can use these access logs to analyze traffic patterns and troubleshoot issues. Access logging is an optional feature of Elastic Load Balancing that is disabled by default.
Incorrect options:
CloudTrail logs - Elastic Load Balancing is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Elastic Load Balancing. CloudTrail captures all API calls for Elastic Load Balancing as events. You can use AWS CloudTrail to capture detailed information about the calls made to the Elastic Load Balancing API and store them as log files in Amazon S3. You can use these CloudTrail logs to determine which API calls were made, the source IP address where the API call came from, who made the call, when the call was made, and so on.
CloudWatch metrics - Elastic Load Balancing publishes data points to Amazon CloudWatch for your load balancers and your targets. CloudWatch enables you to retrieve statistics about those data points as an ordered set of time-series data, known as metrics. You can use metrics to verify that your system is performing as expected. This is the right feature if you wish to track a certain metric.
ALB request tracing - You can use request tracing to track HTTP requests. The load balancer adds a header with a trace identifier to each request it receives. Request tracing will not help you to analyze latency specific data.
Reference:
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-monitoring.html
Which IAM feature allows you to control access to AWS resources based on the user's identity and the resources they are trying to access?
A. IAM Policies
B. IAM Groups
C. IAM Roles
D. IAM Users
A. IAM Policies
IAM Policies allow you to control access to AWS resources based on the user's identity and the resources they are trying to access, specifying what actions are allowed or denied.
Which EC2 pricing model allows you to commit to a specific amount of compute power for one or three years, offering savings across various AWS services?
A. On-Demand Instances
B. Reserved Instances
C. Spot Instances
D. Savings Plans
D. Savings Plans
Savings Plans allow you to commit to a specific amount of compute power (measured in dollars per hour) for a period of one or three years, providing savings across various AWS services, including EC2, Lambda, and Fargate. This model offers flexibility and cost savings.
A business operates a web app on Amazon EC2 instances utilizing a bespoke Amazon Machine Image (AMI). They employ AWS CloudFormation for deploying their app, which is currently active in the us-east-1 Region. However, their goal is to extend the deployment to the us-west-1 Region.
During an initial attempt to create an AWS CloudFormation stack in us-west-1, the action fails, and an error message indicates that the AMI ID does not exist. A developer is tasked with addressing this error through a method that minimizes operational complexity.
Which action should the developer take?
a. Create a new AMI in the us-west-1 Region and update the CloudFormation template with the new AMI ID.
b. Modify the CloudFormation template to refer to the AMI in us-east-1 Region.
c. Copy the AMI from the us-east-1 Region to the us-west-1 Region and use the new AMI ID in the CloudFormation template.
d. Use AWS Lambda to create an AMI in the us-west-1 Region during stack creation.
c. Copy the AMI from the us-east-1 Region to the us-west-1 Region and use the new AMI ID in the CloudFormation template.
This is the best option as it allows the developer to use the same AMI in a different region with minimal effort and maintenance.
CORRECT: "Copy the AMI from the us-east-1 Region to the us-west-1 Region and use the new AMI ID in the CloudFormation template" is the correct answer (as explained above.)
INCORRECT: "Create a new AMI in the us-west-1 Region and update the CloudFormation template with the new AMI ID" is incorrect.
This is incorrect as creating a new AMI would be operationally complex and time-consuming.
INCORRECT: "Modify the CloudFormation template to refer to the AMI in us-east-1 Region" is incorrect.
AMIs are regional resources and cannot be used directly in other regions.
INCORRECT: "Use AWS Lambda to create an AMI in the us-west-1 Region during stack creation" is incorrect.
This process would add unnecessary complexity and the new AMI would not be identical to the original one.
A retail company is migrating its on-premises database to Amazon RDS for PostgreSQL. The company has read-heavy workloads. The development team at the company is looking at refactoring the code to achieve optimum read performance for SQL queries.
Which solution will address this requirement with the least current as well as future development effort?
a. Set up Amazon RDS with one or more read replicas. Refactor the application code so that the queries use the endpoint for the read replicas
b. Configure Elasticache for Redis to act as a caching layer for Amazon RDS. Refactor the application code so that the queries use the Elasticache for Redis endpoint
c. Set up Amazon RDS in the multi-AZ configuration with a single standby instance. Refactor the application code so that the queries use the standby instance endpoint
d. Configure Elasticache for Memcached to act as a caching layer for Amazon RDS. Refactor the application code so that the queries use the Elasticache for Memcached endpoint
a. Set up Amazon RDS with one or more read replicas. Refactor the application code so that the queries use the endpoint for the read replicas
Amazon RDS uses the PostgreSQL DB engine's built-in replication functionality to create a special type of DB instance called a read replica from a source DB instance. The source DB instance becomes the primary DB instance. Updates made to the primary DB instance are asynchronously copied to the read replica. You can reduce the load on your primary DB instance by routing read queries from your applications to the read replica. Using read replicas, you can elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads. For the given use case, you can achieve optimum read performance for SQL queries by using the read-replica endpoint for the read-heavy workload.
Incorrect options:
Configure Elasticache for Redis to act as a caching layer for Amazon RDS. Refactor the application code so that the queries use the Elasticache for Redis endpoint
Configure Elasticache for Memcached to act as a caching layer for Amazon RDS. Refactor the application code so that the queries use the Elasticache for Memcached endpoint
Both Redis and Memcached are popular, open-source, in-memory data stores (also known as in-memory caches). These are not relational databases and cannot be used to run SQL queries. So, both these options are incorrect.
Set up Amazon RDS in the multi-AZ configuration with a single standby instance. Refactor the application code so that the queries use the standby instance endpoint - In an Amazon RDS Multi-AZ deployment with a single standby instance, Amazon RDS automatically creates a primary database (DB) instance and synchronously replicates the data to an instance in a different AZ. When it detects a failure, Amazon RDS automatically fails over to a standby instance without manual intervention. You cannot route the read queries from an application to the standby instance of a multi-AZ RDS database as it's not accessible for the read traffic in the single standby instance configuration.
References:
https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ReadRepl.html
https://aws.amazon.com/premiumsupport/knowledge-center/requests-rds-read-replicas/
Which of the following statements about EBS volumes is true?
A. EBS volumes can only be attached to one EC2 instance at a time.
B. EBS volumes are automatically backed up to S3.
C. EBS volumes cannot be resized after creation.
D. EBS volumes are ephemeral and data is lost when the instance is stopped.
A. EBS volumes can only be attached to one EC2 instance at a time
This is true for standard EBS volumes, although there are multi-attach options for specific volume types.
An application requires high, sequential read and write access to very large data sets on local storage. Which EC2 instance type is most appropriate for this use case?
A. General Purpose
B. Compute Optimized
C. Memory Optimized
D. Storage Optimized
D. Storage Optimized
Storage Optimized instances are designed for workloads that require high, sequential read and write access to very large data sets on local storage, making them suitable for applications like distributed file systems and data warehousing.
A company runs its flagship application on a fleet of Amazon EC2 instances. After misplacing a couple of private keys from the SSH key pairs, they have decided to re-use their SSH key pairs for the different instances across AWS Regions.
As a Developer Associate, which of the following would you recommend to address this use-case?
a. Generate a public SSH key from a private SSH key. Then, import the key into each of your AWS Regions
b. It is not possible to reuse SSH key pairs across AWS Regions
c. Store the public and private SSH key pair in AWS Trusted Advisor and access it across AWS Regions
d. Encrypt the private SSH key and store it in the S3 bucket to be accessed from any AWS Region
a. Generate a public SSH key from a private SSH key. Then, import the key into each of your AWS Regions
Here is the correct way of reusing SSH keys in your AWS Regions:
Generate a public SSH key (.pub) file from the private SSH key (.pem) file.
Set the AWS Region you wish to import to.
Import the public SSH key into the new Region.
Incorrect options:
It is not possible to reuse SSH key pairs across AWS Regions - As explained above, it is possible to reuse with manual import.
Store the public and private SSH key pair in AWS Trusted Advisor and access it across AWS Regions - AWS Trusted Advisor is an application that draws upon best practices learned from AWS' aggregated operational history of serving hundreds of thousands of AWS customers. Trusted Advisor inspects your AWS environment and makes recommendations for saving money, improving system performance, or closing security gaps. It does not store key pair credentials.
Encrypt the private SSH key and store it in the S3 bucket to be accessed from any AWS Region - Storing private key to Amazon S3 is possible. But, this will not make the key accessible for all AWS Regions, as is the need in the current use case.
Reference:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html
What is a necessary step when using ElastiCache for Redis or Memcached to optimize read performance?
A. Refactoring the application code to use the caching layer endpoint.
B. Increasing the instance size of the primary database.
C. Enabling multi-AZ configuration.
D. Creating additional read replicas
A. Refactoring the application code to use the caching layer endpoint.
To utilize ElastiCache for Redis or Memcached, the application code must be refactored to interact with the caching layer.
A Developer needs to create an instance profile for an Amazon EC2 instance using the AWS CLI. How can this be achieved? (Select THREE.)
a. Run the aws iam create-instance-profile command
b. Run the CreateInstanceProfile API
c. Run the "aws iam add-role-to-instance-profile" command
d. Run the AddRoleToInstanceProfile API
e. Run the "aws ec2 associate-instance-profile" command
f. Run the AssignInstanceProfile API
a, c, e
To add a role to an Amazon EC2 instance using the AWS CLI you must first create an instance profile. Then you need to add the role to the instance profile and finally assign the instance profile to the Amazon EC2 instance.
The following example commands would achieve this outcome:
References:
https://aws.amazon.com/premiumsupport/knowledge-center/attach-replace-ec2-instance-profile/