Just
a place to put some notes on the “AWS Certified Solutions Architect - Associate
(New!)” course from https://linuxacademy.com
Read the whitepapers:
Image:
The Certified Solutions Architect Exam
Links:
Quiz: Final Exam
Q: A colleague would like a new subnet
configured in AWS for a database cluster she is building. She expects that the
subnet will never need more than six IP addresses. Which of the following will
likely be the most appropriate choice for this subnet?
A: A /28 private subnet
E:
Databases generally do not require public access from the Internet, so a
private subnet is likely the better choice from a security perspective. /28 is the smallest possible
subnet in an AWS VPC.
Q: Company B provides an online image
recognition service and utilizes SQS to decouple system components for
scalability. The SQS consumer's readers poll the image queue as often as
possible to keep end-to-end throughput as high as possible. However, Company B
is realizing that polling in tight loops is burning CPU cycles and increasing
costs with empty responses. How can company B reduce the number of empty
responses?
A: Enable long polling by setting the ReceiveMessageWaitTimeSeconds
to a number > 0
Q: The KPL is an easy-to-use, highly-configurable
library that helps you write to an Amazon Kinesis stream. It acts as an
intermediary between your producer application code and the stream's API
actions. One of its key concepts is aggregation. Which of the following best
describes aggregation
as it relates to the KPL?
A: It refers to the storage of multiple
records in a stream's record and allows customers to increase the number of
records sent per API call, which effectively increases producer throughput.
Q: While implementing a disaster
recovery strategy in another region, you are attempting to move the data from
one EBS volume to another in a separate region. What is the best way to do
this? Keep in mind this is not a live production replication copy.
A: Take a snapshot of the EBS volume and
copy it to the desired region
Q: Elasticity is a fundamental property
of the cloud. What best describes elasticity?
A: Power to scale computing resources up
and down easily with minimal friction
Q: If an instance that belongs to an Elastic
Load Balancer's health check fails, what occurs to the instance that fails?
A: The ELB will de-register the instance
and stop sending traffic to the unhealthy instance
Q: Your company is posting a big article
on the front page of your website tomorrow. It is expected that the demand
could potentially overwhelm your infrastructure. In the event of a load
failure, how can you set up DNS failover to a static website?
A: Use Route 53 and the failover option
to failover to a static S3 website bucket or CloudFront distribution in the
event of an issue
Q: As part of your application
architecture requirements, the company you are working for has requested the
ability to run analytics against all combined log files from the Elastic Load
Balancer. Which services are used together to collect logs and process log file
analysis in an AWS environment?
A: Amazon S3 for storing ELB log files
and Amazon EMR for processing the log files in analysis
Q: You recently purchased and deployed
four reserved EC2 instances in the US-East-1 region’s Availability Zone 1 for a
new project. Your supervisor just informed you that this project only requires
two EC2 instances. Rather than selling the reserved instances, she asked you to
terminate the extra instances and convert two of the on-demand instances
already running in Availability Zone 1 to reserved instances. Can this be done?
A: Yes, you can terminate the reserved
instances and AWS will automatically begin billing the two on-demand instances
as reserved instances
E:
If you own three Reserved
Instances with the same instance type and Availability Zone, the billing
system checks each hour to see how many total instances you have running that
match those parameters. If it is three or less, you will be charged the
Reserved Instance rate for each instance running that hour.
Q: Your supervisor asks you to create a
highly available, decoupled web application. Which of the following does not help you accomplish this
goal?
A: IAM user credentials on EC2 instances
to grant permissions to modify an SQS queue
E:
Elastic Load Balancers, Auto Scaling, and SQS can all play a part in a highly
available, decoupled web application. IAM user credentials should not be stored
on a EC2 instance.
Q: While implementing a disaster
recovery strategy in another region, you attempt to move the data from one EBS
volume to another in a separate region. What is the best way to do this? Keep
in mind this is not a live production replication copy.
A: Take a snapshot of the EBS volume and
copy it to the desired region
Q: Your AWS environment contains several
on-demand EC2 instances dedicated to a project that has just been cancelled.
Your supervisor does not want to incur charges for these on-demand instances
but also does not want to lose the data just yet because there is a chance the
project may be revived in the next few days. What should you do to minimize
charges for these instances in the meantime?
A: Stop the instances as soon as
possible
E:
You should not terminate an instance that you may need to place back into
production in a few days. The best way to minimize charges is to stop the
instances to avoid any data transfer charges that the instance might incur if
left running.
Q: Your company is posting a big article
on the front page of your website tomorrow. It is expected that the demand
could potentially overwhelm your infrastructure. In the event of a load
failure, how can you set up DNS failover to a static website?
A: Use Route 53 and the failover option
to failover to a static S3 website bucket or CloudFront distribution in the
event of an issue
Q: When designing a cloud service based
on AWS and you choose to use RRS on S3 instead of S3 standard storage type,
what type of trade offs do you have to build your application around?
A: RRS only has 99.99% durability and
you have to design automation around replacing lost objects
Q: One of your more important clients is
a Telecom business who needs to process some real-time data in a distributed
manner. They suggest to you that they think they should use either Amazon SQS
or Amazon Kinesis to achieve this and they want you to tell them what would be
the difference between the two. After some research, you decide that they
should use Kinesis and are trying to put together some reasons for this. One of
the below statements is INCORRECT,
regarding this. Which one?
A: Kinesis cannot route related data
records to the same record processor (as in streaming MapReduce).
E:
Kinesis can route related data records to the same record processor
Q: Which of the following best describes
what "bastion hosts" are?
A: Bastion hosts are instances that sit
within your public subnet and are typically accessed using SSH or RDP. Once
remote connectivity has been established with a bastion host, it then acts as a
‘jump’ server, allowing you to use SSH or RDP to log in to other instances
(within private subnets) deeper within your network.
Q: You and a colleague create an SQS
queue and create several messages in it. You both test your ability to manually
poll the queue by using the command-line API calls. After testing, you find
that your colleague’s polling attempt retrieved messages 1, 3, and 5. Your
polling attempt retrieved messages 4, 6, and 8. Nether of your attempts
retrieved messages 2 or 7. What is a possible cause for this behavior?
A1: You and your colleague did not see
the same messages because of the visibility timeout
A2: You and your colleague used short
polling
E:
When a message is retrieved, that message is hidden from other polling attempts
until the message is deleted or the visibility timeout expires. Short polling
does not query all the servers that the SQS messages can reside on, so multiple
queries of the queue may be needed to retrieve all messages in the queue.
T: The AMI ID used in an Auto Scaling
policy is configured in the Launch
configuration
Q: When reviewing the Auto Scaling
events, it is noticed that an application is scaling up and down multiple times
within the hour. What design change could you make to optimize cost while
preserving elasticity?
A: Change the scale down CloudWatch
metric to a higher threshold
T: You cannot deny the AWS root account to EC2 instances via IAM
policy.
Q: By default, is data in S3 encrypted?
A: No, but it can be when the right APIs
are called for SSE
Q: You are working for a startup company
that is building an application that receives large amounts of data.
Unfortunately, current funding has left the startup short on cash, unable to
afford thousands of dollars of storage hardware. The company has opted to use
AWS. Which services would you implement to store a virtually unlimited amount
of data without any effort to scale when demand unexpectedly increases?
A: Amazon S3, because it provides
unlimited amounts of storage data, scales automatically, is highly available,
and durable
T: Amazon SQS (Simple Queue Service)
guarantees delivery of AT LEAST 1 message but cannot guarantee it will not
create duplicates.
Q: You are consulting for a healthcare
company that has strict compliance and auditing requirements. When architecting
the application environment on AWS, which services or service features might
you enable to take advantage of monitoring to ensure auditing the environment
for compliance is easy and follows the strict healthcare compliance
requirements?
A: CloudTrail for security logs
Q: If your organization is concerned
about storing sensitive data in the cloud, you should:
A1: Encrypt the file system on an EBS
volume using Linux tools
A2: Enable EBS Encyption
A3: Enable S3 Encryption
Q: You are designing a global
application that takes advantage of multiple regions. As part of your
application, the need to synchronize from one region to another is required to
ensure your application is serving the same data when employing latency-based
Route 53 DNS records. To ensure this happens, you have determined that using
the AWS CLI to sync files from the primary storage servers to S3 is the best
method. How might you implement AWS CLI authentication against the S3 service?
A: Create an EC2 IAM role and assign it
to each EC2 instance that utilizes the AWS CLI to sync the data
Q: What is the difference between an
Availability Zone and an edge location?
A: An Availability Zone is an Amazon
resource within an AWS region, whereas an edge location will deliver cached
content to the closest location to reduce latency
Q: Currently, you're helping design and
architect a highly-available application. After building the initial
environment, you've found that part of your application does not work correctly
until port 443 is added to the security group. After adding port 443 to the appropriate
security group, how much time will it take before the changes are applied and
the application begins working correctly?
A: Changes apply instantly to the
security group, and the application should be able to imediately respond to 443
requests
Q: Your supervisor asks you to create a
highly available website which serves static content from EC2 instances. Which
of the following is not a
requirement to accomplish this goal?
A: An SQS queue
E:
While an SQS queue can be an important part of a multi-step decoupled web
application, it is not necessary to host a highly-available static website on
EC2. An Auto Scaling group configured to deploy EC2 instances in multiple
subnets located in multiple Availability Zones allows an application to remain
online despite an instance or AZ failure.
Q: Your company wants to back up the
onsite file server to AWS but does not want to serve the files from S3 to your
office network when files need to be accessed. Which service and setup would
you use to accomplish this task?
A: Use Amazon Storage Gateway and
gateway-stored volumes to store the data locally and asynchronously backup
point-in-time snapshots to S3
Q: A user needs access to Elastic Load
Balancing. This is the first and possibly only time that they will require this
access. Which of the following choices would be the best way to allow this
access?
A: Delegate access to the ELB using an
IAM role
Q: You own an image manipulation
application. Your users take a picture, upload it to your app, and request
filters to be added to the image. You need to decouple the application so your
users are not waiting for the image processing to take place. How would you go
about doing this?
A: Use Amazon SQS to store the requests
using metadata and JSON in the message, use S3 to store the image, and Auto
Scaling to determine when to fire off more worker instances based on queue size
Q: You have 5 Cloudformation templates.
Each template is for a different application architecture. These architectures
vary between your blog apps and your gaming apps. What determines the cost of
using the Cloudformation templates?
A: CloudFormation does not have a cost
but you are charged for the underlying resources it builds
Q: Your application's usage peaks at 90%
during the hours of 9 AM and 10 AM everyday. All other hours require only 10%
of the peak resources. What is the best way to scale your application so you're
only paying for max resources during peak hours?
A: Proactive Cycle Scaling
Q: You are asked to review a plan that
your company has made to create a new application that makes use of SQS, EC2,
Auto Scaling, and CloudWatch. Which of the following action items should you
advise your company not to
implement?
A: Utilize short polling with a wait
time of 20 seconds to reduce the number of empty responses from the SQS queue
E:
Polling executed with a wait time of greater than 0 seconds is called long
polling.
FALSE: When a snapshot is being taken
against an EBS volume, the volume becomes unavailable and the instance no
longer has the ability to communicate with the EBS volume until the snapshot is
complete.
Q: Your EC2 instances are configured to
run behind an Amazon VPC. You have assigned two web servers instances to an
Elastic Load Balancer. However, the instances and the ELB are not reachable via
URL to the elastic load balancer serving the web app data from the EC2
instances. How might you resolve the issue so that your instances are serving
the web app data to the public Internet?
A: Attach an internet gateway to the VPC
and route it to the subnet
Q: You create an SQS queue with the
default settings for a new application your company is deploying. While new
messages are added to the queue throughout the week, management has indicated
that the application which retrieves the messages should only be run during
your company’s weekly Sunday evening maintenance window. It is quickly noticed
on Monday morning that several messages were not processed the previous evening
and the messages are no longer in the queue. What is a likely cause for this
issue?
A: The messages surpassed the retention
period for the queue
E:
The default message retention period for an SQS queue is four days, so messages
older than four days would have been deleted.
Q: Your company has an application that
requires access to a NoSQL database. Your IT department has no desire to manage
the NoSQL servers. Which Amazon service provides a fully-managed and highly
available NoSQL service?
A: DynamoDB
Q: An AWS VPC (Virtual Private Cloud)
allows you to…
A: …connect your cloud resources to your
own encrypted IPSec VPN connections
Q: In order to establish a successful
site-to-site VPN connection from your on-premises network to the VPC (Virtual
Private Cloud), which of the following needs to be configured inside of the
VPC?
A: A public IP address on the customer
gateway for the on-premise network
E:
When you configure a VPN, you're configuring it from the VPC and from the
on-premises network. You are taking information (the public IP) from the
on-premises network and configuring it inside of the VPC.
T: Auto Scaling is a tool used for
creating elastic and self-healing applications.
Q: For basic monitoring on AWS, which
metrics are not included as part of the basic monitoring package?
A1: Free memory
A2: Free swap
T: Amazon Auto Scaling is not meant to
handle instant load spikes but is built to grow with a gradual increase in
usage over a short time period.
Q: Your AWS environment contains several
reserved EC2 instances dedicated to a project that has just been cancelled.
Your supervisor wants to stop incurring charges for these reserved instances
immediately and recuperate as much of the reserved instance cost as possible.
What can you do to avoid being charged for them?
A: Terminate the instances as soon as
possible, Sell the reserved instances on the AWS Reserved Instance Marketplace
E:
You should terminate the instance to avoid any data transfer charges that the
instance might incur if left running and sell the reserved instance in the AWS
Reserved Instance Marketplace to recuperate cost.
Q: In AWS, when a request is made, the
AWS service decides whether a given request should be allowed or denied. The
distinction between a request being denied or allowed by default and an
explicit deny in a policy is important. Which of the following statements best
describes this distinction?
A: By default, a request is denied, but
this can be overridden by an allow. In contrast, if a policy explicitly denies
a request, that deny can't be overridden.
T: US-East-1 supports Multi-AZ RDS
deployments.
Q: Your supervisor asks you to create a
decoupled application whose process includes dependencies on EC2 instances and
servers located in your company’s on-premises datacenter. Which of these are
you least likely to recommend as part of that process?
A: SQS polling from an EC2 instance
using IAM user credentials
E:
An EC2 IAM role should be used when deploying EC2 instances to grant
permissions rather than storing IAM user credentials in EC2 instances
Q: You manage an application that uses
EC2 instances and SQS to process requests from end users. Your application is
working great, but your supervisor is concerned about the cost of the AWS
resources it uses. Which of the following would not help address that concern?
A: Increase the visibility timeout for
messages in the SQS queue
Q: Your company has moved a legacy
application from an on-premises data center to the cloud. The legacy
application requires a static IP address hard-coded into the backend, which
prevents you from deploying the application with high availability and fault
tolerance using the ELB. Which steps would you take to apply high availability
and fault tolerance to this application?
A1: Ensure that the instance it's using
has an elastic IP address assigned to it
A2: Write a custom script that pings the
health of the instance, and, if the instance stops responding, switches the
elastic IP address to a standby instance
Q: Which statement is true about Amazon
SQS?
A1: Amazon SQS (Simple Queue Service)
guarantees delivery of AT LEAST 1 message but cannot guarantee it will not
create duplicates.
A2: Amazon SQS guarantees delivery of AT
LEAST 1 message but cannot guarantee message order, although does attempt to.
Q: Your company is moving their entire
20 TB data warehouse to the cloud. With your current bandwidth it would take 2
months to transfer the data. Which service would allow you to quickly get your
data into AWS?
A: Amazon Import/Export
Comments
Post a Comment