Professional Documents
Culture Documents
Which of the following are functions of the Elastic Load Balancer (ELB) ?
( Select 2 options )
Have some EC2 instances created outside of the Auto Scaling Group
A user wants to use an EBS-backed Amazon EC2 instance for a temporary job. Based on
the input data, the job is most likely to finish within a week. Which of the following
steps should be followed to terminate the instance automatically once the job is
finished ?
Configure the EC2 instance with ELB to terminate the instance when it remains idle.
Configure the CIoudWatch alarm on the instance that should perform the termination
action once the
instance is idle.
Configure the Auto Scaling schedule activity that terminates the instance after 7 days.
What are some of the ways in which Horizontal Scaling can happen with RDS ?
1/29
( Select all that apply )
Read Replicas
Sharding
Elasticache
You want to automate the process of creating a VPC, 2 public subnets, 2 private
subnets, Internet Gateway and a NAT instance.
You also want to provision an EC2 instance in the public Subnet and configure the
instance as a Web Server. Which AWS service
will help you to automate this task ?
AWS Config
AWS Opsworks
AWS CloudFormation
AWS Robot
Your team manages a popular website running Amazon Relational Database Service
(Amazon RDS) MySQL back end. The Marketing department has just informed you
about an upcoming television commercial that will drive thousands of new visitors to
the website. How can you prepare your database to handle the load?
(Choose 3 answers)
Create read replicas to offload read requests and update your application.
Upgrade the storage from Magnetic volumes to General Purpose Solid State Drive (SSD) volumes.
What should you do when the Primary fails in an RDS Multi AZ Deployment ?
2/29
Which of the following are benefits of the AWS's Relational Database Service (RDS)?
Fully Managed
Choice of 6 DB Engines
Multi AZ Capability
When using Amazon Relational Database Service (Amazon RDS) Multi-AZ, how can you
offload read requests from the primary?
(Choose 2 answers)
Configure the connection string of the clients to connect to the secondary node and perform reads while the
primary is used for writes.
Amazon RDS automatically sends writes to the primary and sends reads to the secondary.
Add a read replica DB instance, and configure the client’s application logic to use a read-replica.
Create a caching environment using ElastiCache to cache frequently used data. Update the application logic
to read/write from the cache.
Ensure in the application logic that writes are sent to Primary and reads to Secondary
Cloud formation templates can be written using which of the following scripting
languages ? ( Select 2 options )
Javascript
YAML
Perl
JSON
Python
I have a situation where a file uploaded to S3 should trigger the following activities :
Lambda Function should read the file and update RDS MySQL tables
Which entity will help Lambda to access S3 for reading the file from the bucket and
access RDS MySQL table for writing the data
SNS
SQS
IAM Role
3/29
Multi Factor Authentication
A company needs to know which user was responsible for terminating several critical
Amazon Elastic Compute Cloud (Amazon EC2) Instances.
Which service will help to find this information ?
VPC Flowlogs
Trusted Adviser
CloudTrail
CloudWatch
OpsWorks
Config
CloudTrail
CloudFormation
Which service allows for the collection and tracking of metrics for AWS services?
CloudTrail
CloudWatch
CloudMetrics
CloudTrack
There is a json script file where there are the following divisions :
Parameters, Resources, Mappings, Output
Which service are we talking about here ?
Config
CloudTrail
CloudFormation
4/29
Who is the founder and CEO of Amazon ?
Bill Gates
Steve Jobs
Jeff Bezos
Larry Page
SAAS
PAAS
IAAS
RAAS
If Cross Zone Load Balancing is enabled for the above case what will be the traffic
percentage to the 2 instances from AZ A registered with the Load Balancer ?
25% 25%
6.25% 6.25%
50% 50%
5/29
A company wants to implement their website in a virtual private cloud (VPC). The web
tier will use an Auto Scaling group across multiple Availability Zones (AZs). The
database will use Multi-AZ RDS MySQL and should not be publicly accessible. ‘What is
the minimum number of subnets that need to be configured in the VPC ?
1
2
3
4
Elastic Load Balancing allows you to distribute traffic across which of the following?
Multiple Availability Zones within and between regions and on-premises virtualized
instances running OpenStack
Which of the following can be used to increase the fault tolerance of an application ?
6/29
Deploying resources across multiple VPC’s
What are some of the reasons why failover happens in RDS ? ( Select all that apply )
Which among the following Amazon Relational Database Service (Amazon RDS)
database engines support Multi-AZ ?
1. mySQL
2. postGreSQL
3. Aurora
4. Maria DB
5. Oracle
6. SQL Server
All of them
MySQL
An ERP application is deployed across multiple AZs in a single region. In the event of
failure, the
Recovery Time Objective (RTO) must be less than 3 hours, and the Recovery Point
Objective (RPO) must
be 15 minutes the customer realizes that data corruption occurred roughly 1.5 hours
ago.
What DR strategy could be used to achieve this RTO and RPO in the event of this kind
of failure?
Take hourly DB backups to S3, with transaction logs stored in S3 every 5 minutes.
Use synchronous database master-slave replication between two availability zones.
Take hourly DB backups to EC2 Instance store volumes with transaction logs stored In
S3 every 5 minutes.
Take 15 minute DB backups stored In Glacier with transaction logs stored in S3 every 5
minutes.
7/29
Question - 26 SCORE: 5 points
You launch an Amazon EC2 instance without an assigned AWS identity and Access
Management (IAM) role. Later, you decide that the instance should be running with an
IAM role. Which action must you take in order to have a running Amazon EC2 instance
with an IAM role assigned to it ?
Create an image of the instance, and register the image with an IAM role assigned and
an Amazon EBS volume mapping.
Create a new IAM role with the same permissions as an existing IAM role, and assign it
to the running instance.
Create an image of the instance, add a new IAM role with the same permissions as the
desired IAM role, and deregister the image with the new role assigned.
Create an image of the instance, and use this image to launch a new instance with the
desired IAM role assigned.
Your AWS account administrator left your company today. The administrator had
access to the root user and a personal IAM administrator account. With these
accounts, he generated other IAM accounts and keys. Which of the following should
you do today to protect your AWS infrastructure? (Choose 4 answers)
You want to grant the individuals on your network team the ability to fully manipulate
Amazon EC2 instances. Which of the following accomplish this goal?
(Choose 2 answers)
Create a new policy allowing EC2:* actions, and name the policy NetworkTeam.
Assign the managed policy, EC2FullAccess, to a group named NetworkTeam, and assign all the team
members’ IAM user accounts to that group.
Create a new policy that grants EC2:* actions on all resources, and assign that policy to each individual’s IAM
user account on the network team.
Create a NetworkTeam IAM group, and have each team member log in to the AWS Management Console
using the user name/password for the group.
8/29
Which service enables AWS customers to manage users and permissions in AWS ?
Amazon Inspector
There is a requirement to collect important metrics from AWS RDS and EC2 Instances.
Which of the following services can help fulfill this requirement.
Amazon CloudFront
Amazon CloudSearch
Amazon CloudWatch
Amazon Config
X => NACL
Y => Target
Z => Listener Process
9/29
Question - 33 SCORE: 5 points
Permission
Role
Resource
Policy
B) You can specify separate rules for inbound and outbound traffic.
C) By default, no inbound traffic is allowed until you add inbound rules to the security
group.
D) By default, new security groups have an outbound rule that allows all outbound
traffic. You can remove the rule and add outbound rules that allow specific
E) Security groups are stateful. This means that responses to allowed inbound traffic
are allowed to flow outbound regardless of outbound rules and vice versa. This is an
D only
A Only
E only
Both A & D
What is the significance of using Security Group A in the source field of Inbound Rules
of a Security Group B ?
It means that only instances other than those that have Security Group A will be
allowed to send traffic
It means that only instances that have Security Group A will be allowed to send traffic
It means that the same rules in Security Group A will be applicable for SEcurity Group B
An EC2 instance is provisioned in a public subnet within a VPC. We are unable to
connect to the instance using putty(SSH). The Key Pair is verified to be the correct one.
What do you think is the issue ? The Inbound & Outbound rules of the Security Group
and NACL are provided below :
10/29
Security Group Inbound Rules
NACL Inbound Rules
NACL Outbound Rules
There is no Outbound Rule for TCP traffic in Security Groups and
There is no Outbound
Rule ALLOW rule for TCP traffic in NACL
There is no HTTP rules in both Inbound as well as Outbound in both Security Groups as
well as NACL
11/29
Question - 37 SCORE: 5 points
Which of the following statements are NOT TRUE regarding Security Groups ? ( Select
2)
You can specify separate rules for inbound and outbound traffic
You can change the security groups with which an instance is associated after launch, and the changes will
take effect immediately.
By default, new security groups have an outbound rule that allows all outbound traffic. You can remove the
rule and add outbound rules that allow specific outbound traffic only.
When you want to update the Security Group with which an instance is associated you
must :
Stop the instance, Update Security Group information, Start the Instance
You don't have to do anything. The updated rules take effect immediately
Update the Security Group. Download a fresh KeyPair and then connect to the instance
Assuming that the Security Group allows ALL incoming Traffic from ALL sources (
0.0.0.0/0 ) will our web server receive HTTP Traffic ?
The NACL Inbound Rules are displayed below :
No
Yes
May be
12/29
Your instance is associated with two security groups. The first allows Remote Desktop
Protocol (RDP) access over port 3389 from Classless Inter-Domain Routing (CIDR) block
72.14.0.0/16. The second allows HTTP access over port 80 from CIDR block 0.0.0.0/0.
What traffic can reach your instance ?
No traffic is allowed.
RDP traffic over port 3389 from 72.14.0.0/16 and HTTP traffic over port 80 from
0.0.00/0
EC2
Spot Instances, On Demand Instances, Reserved Instances, Dedicated Instances
On Demand Instances, Spot Instances, Reserved Instances, Dedicated Instances
Reserved Instances, Spot Instances, On Demand Instances, Dedicated Instances
IAM
I have a scenario where I have copy some files (objects) from S3 to my EC2 instance
(EBS). I have checked that AWS CLI is installed properly.
When I try connecting to the Linux EC2 instance using PUTTY I am able to connect. But
I am not able to access S3. What could be the issue here ? ( Select 2 options )
Check whether IAM role was configured when the instance was created
13/29
Question - 43 SCORE: 5 points
When you provision an EC2 instance by default every instance will have
Only Private IP is assigned by Default,
Public IP only on request,
Elastic IP should be
obtained separately and attached
Only Private IP & Public IP are assigned by Default
Elastic IP should be obtained
separately and attached
Nothing is by default. You need to request for Private, Public & Elastic IP
The following graph shows CPU utilization of EC2 instances in an Auto Scaling Group ?
Which service provides this information ?
CloudTrail
CloudFront
CloudWatch
CloudFormation
You want to take a snapshot of an EC2 Instance and create a new instance out of it. In
AWS what is this snapshot equivalent to?
EBS Volumes
AMI
EC2 Snapshot
EBS Snapshot
When you upgrade your existing EC2 instance to an instance with more compute &
RAM. Changing an Instance Type to a better capacity instance is called
14/29
________________________
Horizontal Scaling
Load Balancing
Optimization
Vertical Scaling
A company has a set of EC2 Linux based instances hosted in AWS. They need to have a
standard file interface to files which can be shared by all
linux instances. Which of the following AWS Services are appropriate for the purpose ?
S3
EBS
EFS
Storage Gateway
EBS
a
b
c
d
e
S3
16/29
"Resource":["arn:aws:s3::: examplebucket /*"]
}
]
}
A
B
C
D
S3
Identical Lifecycle Policies must be created for both Source and Destination Buckets
Both Source and Destination Buckets should have the same owner
The objects in the Source and Destination buckets cannot exceed 2 TB is size
S3 - Storage Analytics
S3 - Lifecycle Policy
S3 - Intelligent Tiering
S3 - Reduced Redundancy
How can you allow access of the buckets created by you ( you are the owner ) to
another AWS Account ?
By adding the other AWS Account as principal and your bucket as the Resource in the
Bucket Policy
By adding the other AWS Account as principal and your bucket as the Resource in the
IAM User Policy
By updating the Bucket Metadata and changing the owner of the Bucket to the other
AWS Account user
17/29
Question - 54 SCORE: 5 points
You are migrating your applications to the cloud. You have decided to use S3 as the
storage solution for your needs.
You have to move a set of files and folders to S3 from your on-premise unix file system.
You have to strictly maintain
the hierarchy in the order shown below.
logs/2016/January/server42.log
logs/2016/February/server42.log
logs/2016/March/server42.log
How would you create this hiearchy in S3 ?
Create a bucket called logs and under that bucket create a bucket for the year 2016
and under that bucket create buckets for each of the months January through
December and then upload the file server42.log
You cannot create this hierarchy in S3 as S3 follows a flat hierarchy. You have to use
EBS instead
Though you cannot create this hierarchy with S3 you can simulate the same behavior by
the filename Prefix. S3 allows / to be used in filenames and the filename can be used to
reflect the hierarchy though all files will be stored in a flat structure inside the bucket
S3 allows only 2 levels of nesting and hence the year and month should be created as
separate buckets inside the logs bucket
EC2
In the EC2 Lab you copied in this script in the User Data window. What does this script
do ?
#!/bin/bash
yum update -y
18/29
It installs the Apache Web Server on the Linux EC2 instance and runs the Web Server
It installs the IIS Web Server on the Windows EC2 instance and runs the Web Server
SRM
Which of the following is the responsibility of the customer to ensure the availability
and backup of EBS Volumes ?
12 Months Free
Always Free
S3
19/29
We will be able to upload files into the bucket
Rendering an image
Processing a Form
Rendering a Video
RDS
20/29
Step 3 => Configure the inbound rules of the Security Group of the
EC2 instance to allow mySQL Traffic on port 3306 from the
Internet
Step 4 => Create an RDS instance with mySQL engine in the
private subnet
Step 5 => Configure the Security Groups for the RDS instance to
allow mySQL Traffic on port 3306 from the EC2 instance
Step 6 => Configure for Multi AZ
Step 7 => Connect to the EC2 instance in the public subnet using
SSH
Step 8 => From the EC2 instance connect to the RDS instance
Step 9 => Connect to the RDS instance using the IP address
as well as the username and password that were
configured
Consider the above diagram. There are 2 Availability Zones AZ1 & AZ2. The ELB spans
both the Availability Zones.
EC2 Instances A & B are in Subnets in AZ1 and C, D and E are in Subnets in AZ2.
If Cross Zone Load Balancing is enabled on the ELB what will be the percentage of
traffic to the EC2 instances
A => 25% B => 25% C => 16.66% D => 16.66% E => 16.66%
A => 20% B => 20% C => 20% D => 20% E => 20%
21/29
ELB cannot span Availability Zones. So the configuration is not possible
VPC
If a VPC has a configuration 10.0.0.0/26 - How many IP addresses are available for EC2
instances to be created in that VPC ?
64
62
59
32
In EC2, what happens to the data in an instance store if an instance reboots (either
intentionally or accidentally) ?
Which of the following must be specified when launching a new Amazon Elastic
Compute Cloud (Amazon EC2) Windows instance ? (Choose 2 answers)
RDS
In the RDS Lab that you did what type of traffic did you allow in the Inbound Rules of
the Security Group for your RDS instance
SSH, Port 22
HTTP, Port 80
22/29
MySQL, Port 3306
RDS
Which of the following services in sharing the read workloads of the Master Database ?
( Select 2 options )
Elasticache
Standby
Read Replica
Secondary Database
In the RDS Lab you connected to your database instance using an RDS Endpoint such
as
my_app_db.ch6fe7ykq1zd.us-west-2.rds.amazonaws.com
What happens when you connect to the RDS Endpint ?
RDS Endpoints get resolved by DNS to the IP Address of the RDS Instance
The Web Server instances in the Public Subnet have a table mapping RDS Instance
Endpoints to VPC Endpoints
The Hash Code generated by the Endpoint indexes a table that contains the IP address
of the RDS instance
What type of replication happens between the Main RDS instance and the Standby RDS
instance in the Multi AZ configuration shown below ?
23/29
There is no replication from Main to Standby.
Synchronous Replication
Asynchronous Replication
Skewed Replication
Which RDS Database Engine combines the performance and availability of high-end
commercial databases with
Oracle
MS SQL Server
Maria DB
Aurora
A. Provisioning an RDS mySQL Instance with higher IOPS
B. Installing a relational database such as mySQL on an EC2 instance
C. Provisioning an RDS mySQL with higher IOPS and multi AZ
D. Provisioning an RDS mySQL Instance
A, B, C, D
B, D, A, C
C, B, A, D
D, A, B. C
24/29
Question - 71 SCORE: 5 points
ELB
ELB
The Auto Scaling that kicked in the ELB Lab that you did can be categorized as
Manual Scaling
Scheduled Scaling
Dynamic Scaling
Static Scaling
25/29
Question - 73 SCORE: 5 points
Cloud Watch
Cloud Watch
In the Cloud Watch Lab the alram will trigger based on what Metric ?
Tracking Metrics
Alarms
IAAS
PAAS
SAAS
Bucket Policy
26/29
Nobody can access this bucket
Nobody can access this bucket except the owner of the bucket
Anybody can list and download files but they cannot upload files or update(modify)
objects
Anybody can upload and download objects but they cannot update or delete objects
A user has an S3 object in the US Standard region with the content “color=red”. The
user updates the object with the content as “color=”white”.
If the user tries to read the value immediately after it was uploaded, what will S3
return ?
It will return an error saying that the object was not found
27/29
Which of the following help improve performance with respect to S3 ? ( Select 2 )
Range GET's
Multi-part Uploads
In this URL identify the Bucket Name and Object Name (Key)
http://johnsmith.s3.amazonaws.com/photos/puppy.jpg
Bucket Name =>johnsmith.s3.amazonaws.com/photos
Object Name => puppy.jpg
Bucket Name =>johnsmith.s3.amazonaws.com
Object Name => photos/puppy.jpg
Which feature of AWS enables very fast, easy, and secure transfers of files over long
distances between your client and your
Amazon S3 bucket ?
File Transfer
HTTP Transfer
S3 Acceleration
Transfer Acceleration
Vault Lock
28/29
Expedited Retrieval
Bulk Retrieval
Standard Retrieval
.NET
IAM
When I want to group users who need permissions to common resources then I would
create ____________________
IAM Role
IAM User
IAM Group
IAM Policy
Use passwords that you can remember easily such as your name, DOB etc.
29/29