AWS认证攻略–E哥的AWSSolutionArchitectureAssociate认证攻略

Versioning can be suspendedMFA Deletenot enabled versioning, verion ID is NULLLifecycle ManagementTransitionexpirationEBSgeneralattached in same AZcreate snapshot cross AZ or regionRoot EBS volume is deleted, by defaultpersists independentlyencryptedPublic or shared snapshots of encrypted volumes are not supportedExisting unencrypted volumes cannot be encrypted directly. Can migrate from copy encripted snapshotSupported on all Amazon EBS volume types, not instance typeperformenceuse raid0 , raid1 improve iopsEBS optimized with PIOPS EBSpricecharge with storage, I/O requests and snapshot storageEBS backed EC2,very stop/start it will be charged as a separate hoursnapshotcloudfrontdeliveryrequest-ROUTE53-edge location-Origin serversupports both static and dynamic contentRMTPS3 bucket as the origin

software VPNEndpointsvpc connect S3VPC and endpoints must in same regionIPprivate, public(dynamic), Elasitic IPVPC wizardauto create : private sub, custom public sub, NAT, IGWNATNAT GatewayNAT InstanceAuto Scaling for HAsource/destination checks on the NAT instance should be disabledPeeringsecurity group vs NACLIAMroot account, user, groupMultiFactor AuthenticationSecurity token-based, 6位数字设备SMS textpolicyAn explicit allow overrides default deny语法 Principal, action,Effect,Resource,conditionCapability policies, Resource policies, IAM policiesRole delegationIdentity ProvidersAmazon CognitoSAMLCustom Identity broker Federation

Cross account accessEC2 has role, app inside can take roleUser-based and Resource-basedELBPre-WarmingConnection DrainingClient-Side SSL certificatesServer Order PreferenceCross-ZoneSSL terminationELB HTTPS listener does not support Client-Side SSL certificatesautoscalingScheduled scaling can not be overlapchoose greatest impact when Multiple Policiescooldown periodTermination PolicyRDSbackuppreferred backup windowbackup retention periodI/O suspension for singlePoint-In-Time RecoverysnapshotDB Snapshots make entire DB instancefrom one region to another region,a copy retain in that regionBecause KMS encryption keys are specific to the region that they are created in, encrypted snapshot cannot be copied toanother regionDB Snapshot SharingDB snapshot that uses an option group with permanent or persistent options cannot be sharedKMS key policy must first be updated by adding any accounts to share the snapshot with, before sharing an encrypted DB

snapshotreplicationrouting read queries from applications to the Read ReplicaFailover mechanism automatically changes the DNS record of the DB instance to point to the standby DB instanceMulti-AZ deploymentread-only traffic, use a Read onous standby replica in a different Availability Zonemust be in same regionRead ReplicaRDS sets up a secure communications channel between the source DB instance and the Read Replica, if that Read Replica isin a different AWS region from the DB instancereplication link is broken, A Read Replica can be promoted to a new independent source DBuse some tools like HAPROXY, with two url ,one for write one tor readsecurityEncryption enabled at creating, can not change key laterOnce encryption, log,snapshot,autobackup, replica are encriptedCross region replicas and snapshots copy does not work since the key is only available in a single regionDatabase security groups default to a “deny all” access modemonitor监控的metric 16 项, ReplicaLagBackup not notify for snapshotmaintenanceMulti-AZ deployment, preform standby, promote standby, preform old primaryRDS takes two DB snapshots , before upgrade, after upgradeDynamoDBsynchronously replicates data across three AZ’s in a regiondurability with shared datasecutiry&permissionIAM Role that allows write access to the DynamoDB,Launch an EC2 Instance with the IAM Role included

Secondary Indexesgloabl, An index with a hash and range key that can be different from those on the tableElasticCacheElastiCache currently allows access only from the EC2 networkMemcache not support multi-AZREDIS replica read can not across regionsRedis Replication Groups, max 5 replicaRedis Multi-AZ with Automatic Failover, promote one replica as primary, disabled Filover, create new instance and sync withexist replicaredshiftSingle vs Multi-Node Clusterfrom 1-128 compute nodescluster can be restored from snapshot in same regionroute53Simple RoutingWeighted RoutingLatency-based RoutingFailover RoutingGeolocation Routingstorage gatewaygateway-cached volumeGateway Stored volumesEC2placement groupAmazon Instance Store/EBS-backed instancesecurityEC2 Key PairsSecurity GroupsConnection Tracking

Answer: B,EAn International company has deployed a multi-tier web application that relies on DynamoDB in a single region For regulatoryreasons they need disaster recovery capability In a separate region with a Recovery Time Objective of 2 hours and a RecoveryPoint Objective of 24 hours They should synchronize their data on a regular basis and be able to provision me web applicationrapidly using objective is to minimize changes to the existing web application, control the throughput of DynamoDB used for thesynchronization of data and synchronize only the modified design would you choose to meet these requirements?A. Use AWS data Pipeline to schedule a DynamoDB cross region copy once a day. create a Lastupdated’ attribute in yourDynamoDB table that would represent the timestamp of the last update and use it as a filter.B. Use EMR and write a custom script to retrieve data from DynamoDB in the current region using a SCAN operation andpush it to DynamoDB in the second region.C. Use AWS data Pipeline to schedule an export of the DynamoDB table to S3 in the current region once a day then scheduleanother task immediately after it that will import data from S3 to DynamoDB in the other region.D. Send also each Ante into an SQS queue in me second region; use an auto-scaiing group behind the SQS queue to replaythe write in the second : CYou deployed your company website using Elastic Beanstalk and you enabled log file rotation to S3. An Elastic Map Reducejob is periodically analyzing the logs on S3 to build a usage dashboard that you share with your CIO. You recently improvedoverall performance of the website using Cloud Front for dynamic content delivery and your website as the originAfter this architectural change, the usage dashboard shows that the traffic on your website dropped by an order ofmagnitude. How do you fix your usage dashboard’?A. Enable Cloud Front to deliver access logs to S3 and use them as input of the Elastic Map Reduce job.B. Turn on Cloud Trail and use trail log tiles on S3 as input of the Elastic Map Reduce jobC. Change your log collection process to use Cloud Watch ELB metrics as input of the Elastic Map Reduce jobD. Use Elastic Beanstalk “Rebuild Environment” option to update log delivery to the Elastic Map Reduce job.E. Use Elastic Beanstalk ‘Restart App server(s)” option to update log delivery to the Elastic Map Reduce : AIf you’re unable to connect via SSH to your EC2 instance, which of the following should you check and possibly correct torestore connectivity?A. Adjust Security Group to permit egress traffic over TCP port 443 from your IP.B. Configure the IAM role to permit changes to security group settings.C. Modify the instance security group to allow ingress of ICMP packets from your IP.D. Adjust the instance’s Security Group to permit ingress traffic over port 22 from your IP.

E. Apply the most recently released Operating System security : DYour company produces customer commissioned one-of-a-kind skiing helmets combining nigh fashion with custom technicalenhancements Customers can show off theirIndividuality on the ski slopes and have access to head-up-displays. GPS rear-view cams and any other technical innovationthey wish to embed in the current manufacturing process is data rich and complex including assessments to ensure that the custom electronicsand materials used to assemble the helmets are to the highest standards Assessments are a mixture of human andautomated assessments you need to add a new set of assessment to model the failure modes of the custom electronicsusing GPUs with CUDA. across a cluster of servers with low latency architecture would allow you to automate the existing process using a hybrid approach and ensure that the architecturecan support the evolution of processes over time?A. Use AWS Data Pipeline to manage movement of data & meta-data and assessments Use an auto-scaling group of G2instances in a placement group.B. Use Amazon Simple Workflow (SWF) to manages assessments, movement of data & meta-data Use an auto-scaling groupof G2 instances in a placement group.C. Use Amazon Simple Workflow (SWF) to manages assessments movement of data & meta-data Use an auto-scaling groupof C3 instances with SR-IOV (Single Root I/O Virtualization).D. Use AWS data Pipeline to manage movement of data & meta-data and assessments use auto-scaling group of C3 with SR-IOV (Single Root I/O virtualization).Answer: B (SR-IOV is a method of device virtualization that provides higher I/O performance and lower CPU utilization whencompared to traditional virtualized network interfaces)Your startup wants to implement an order fulfillment process for selling a personalized gadget that needs an average of 3-4days to produce with some orders taking up to 6 months you expect 10 orders per day on your first day. 1000 orders perday after 6 months and 10,000 orders after 12 coming in are checked for consistency men dispatched to your manufacturing plant for production quality controlpackaging shipment and payment processing If the product does not meet the quality standards at any stage of the processemployees may force the process to repeat a step Customers are notified via email about order status and any critical issueswith their orders such as payment case architecture includes AWS Elastic Beanstalk for your website with an RDS MySQL instance for customer data can you implement the order fulfillment process while making sure that the emails are delivered reliably?A. Add a business process management application to your Elastic Beanstalk app servers and re-use the ROS database fortracking order status use one of the Elastic Beanstalk instances to send emails to customers.B. Use SWF with an Auto Scaling group of activity workers and a decider instance in another Auto Scaling group withmin/max=1 Use the decider instance to send emails to customers.C. Use SWF with an Auto Scaling group of activity workers and a decider instance in another Auto Scaling group withmin/max=1 use SES to send emails to customers.

D. Use an SQS queue to manage all process tasks Use an Auto Scaling group of EC2 Instances that poll the tasks andexecute them. Use SES to send emails to : CWill my standby RDS instance be in the same Region as my primary?A Only for Oracle RDS typesB YesC Only if configured at launchD NoAnswer： BOut of the stripping options available for the EBS volumes, which one has the following disadvantage: ‘Doubles the amountof I/O required from the instance to EBS compared to RAID 0, because you’re mirroring all writes to a pair of volumes,limiting how much you can stripe.’ ?A Raid 0B RAID 1+0 (RAID 10)C Raid 1D Raid 2Answer: BCan Amazon S3 uploads resume on failure or do they need to restart?A Restart from beginningB You can resume them, if you flag the “resume on failure” option before uploading.C Resume on failureD Depends on the file sizeAnswer: AWhat is the maximum write throughput I can provision for a single DynamoDB table?A 1,000 write capacity unitsB 100,000 write capacity unitsC DynamoDB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.—D 10,000 write capacity unitsAnswer: DQ. Is Federated Storage Engine currently supported by Amazon RDS for MySQL?

A Only for Oracle RDS instancesB NoC YesD Only in VPCAnswer: BYou must increase storage size in increments of at least _ %A 40B 30C 10D 20Answer: CHTTP Query-based requests are HTTP requests that use the HTTP verb GET or POST and a Query parameter named_____.A ActionB ValueC ResetD RetrieveAnswer: AYou have an application running in us-west-2 that requires six Amazon Elastic Compute Cloud (EC2) instances running at alltimes. With three Availability Zones available in that region (us-west-2a, us-west-2b, and us-west-2c), which of the followingdeployments provides 100 percent fault tolerance if any single Availability Zone in us-west-2 becomes unavailable?Choose 2answersA. Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instancesB. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with no EC2 instancesC. Us-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instancesD. Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instancesE. Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instancesAnswer： D, EYou have a business-critical two-tier web app currently deployed in two Availability Zones in a single region, using Elastic LoadBalancing and Auto Scaling. The app depends on synchronous replication (very low latency connectivity) at the database application needs to remain fully available even if one application Availability Zone goes off-line, and Auto Scaling cannotlaunch new instances in the remaining Availability Zones. How can the current architecture be enhanced to ensure this?A. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 33 percent peak load per zone.

B. Deploy in three Availability Zones, with Auto Scaling minimum set to handle 50 percent peak load per zone.C. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 50 percent peak load perRegion.D. Deploy in two regions using Weighted Round Robin (WRR), with Auto Scaling minimums set for 100 percent peak load : BAmazon Glacier is designed for:Choose 2 answersA. Frequently accessed dataB. Active database storageC. Infrequently accessed dataD. Cached session dataE. Data archivesAnswer： C, EYou receive a Spot Instance at a bid of0.05/30minutes,theSpotPriceincreasesto0.05/30minutes,theSpotPriceincreasesto0.06/hr and your SpotInstance is terminated by AWS. What was the total EC2 compute cost of running your Spot Instance?You receive a Spot Instance at a bid of0.03/30minutes,theSpotPriceincreasesto0.03/30minutes,theSpotPriceincreasesto0.05/hr and your SpotInstance is terminated by AWS. What was the total EC2 compute cost of running your Spot Instance?A. $0.00B. $0.02C. $0.03D. $0.05E. $0.06Answer: AYou have been tasked with creating a VPC network topology for your company. The VPC network must support bothInternet-facing applications and internally-facing applications accessed only over VPN. Both Internet-facing and internally-facing applications must be able to leverage at least three AZs for high availability. At a minimum, how many subnets mustyou create within your VPC to accommodate these requirements?A. 2B. 3C. 4D. 6

Answer: DYour customer wishes to deploy an enterprise application to AWS which will consist of several web servers, several applicationservers and a small (50GB) Oracle database information is stored, both in the database and the file systems of the variousservers. The backup system must support database recovery whole server and whole disk restores, and individual file restoreswith a recovery time of no more than two hours They have chosen to use RDS Oracle as the database Which backuparchitecture will meet these requirements?A. Backup RDS using automated daily DB backups Backup the EC2 instances using AMIs and supplement with file-levelbackup to S3 using traditional enterprise backup software to provide file level restoreB. Backup RDS using a Multi-AZ Deployment Backup the EC2 instances using Amis, and supplement by copying file systemdata to S3 to provide file level restore.C. Backup RDS using automated daily DB backups Backup the EC2 instances using EBS snapshots and supplement with file-level backups to Amazon Glacier using traditional enterprise backup software to provide file level restoreD. Backup RDS database to S3 using Oracle RMAN Backup the EC2 instances using Amis, and supplement with EBSsnapshots for individual volume : BYou have a content management system running on an Amazon EC2 instance that is approaching 100% CPU option will reduce load on the Amazon EC2 instance?A. Create a load balancer, and register the Amazon EC2 instance with itB. Create a CloudFront distribution, and configure the Amazon EC2 instance as the originC. Create an Auto Scaling group from the instance using the CreateAutoScalingGroup actionD. Create a launch configuration from the instance using the CreateLaunchConfiguration actionAnswer： AWith which AWS services HSM can be used?A. s3,B. ebs,C. redshift **D. dynamodbAnswer: CCompany B is launching a new game app for mobile devices. Users will log into the game using their existing social mediaaccount to streamline data capture. Company B would like to directly save player data and scoring information from themobile app to a DynamoDS table named Score Data When a user saves their game the progress data will be stored to theGame state S3 bucket. what is the best approach for storing data to DynamoDB and S3?A. Use an EC2 Instance that is launched with an EC2 role providing access to the Score Data DynamoDB table and theGameState S3 bucket that communicates with the mobile app via web services.B. Use temporary security credentials that assume a role providing access to the Score Data

DynamoDB table and the Game State S3 bucket using web identity federation.C. Use Login with Amazon allowing users to sign in with an Amazon account providing the mobile app with access to theScore Data DynamoDB table and the Game State S3 bucket.D. Use an 1AM user with access credentials assigned a role providing access to the Score Data DynamoDB table and theGame State S3 bucket for distribution with the mobile appAnswer: BAn instance running a webserver is launched in a VPC subnet. A security group and a NACL are configured to allow inboundport 80. What should be done to make web server accessible by everyone?A. Outbound Port 80 rule should be enabled on security groupB. Outbound Ports 49152-65535 should be enabled on NACLC. Outbound Port 80 rule should be enabled on both security group and NACLD. All ports both inbound and outbound should be enabled on security group and NACLAnswer: BWhat happens to data on ephemeral volume of an EBS-backed instance if instance is stopped and started?A. Data persistsB. Data is deletedC. Volume snapshot is saved in S3D. Data is automatically copied to another volumeAnswer：BYou’re creating a forum DynamoDB database for hosting forums. Your “thread” table contains the forum name and each“forum name” can have one or more “subjects”. What primary key type would you give the thread table in order to allowmore than one subject to be tied to the forum primary key name?A. HashB. Primary and rangeC. Range and HashD. Hash and RangeAnswer: DIn the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics:A. web server visible metrics such as number failed transaction requestsB. operating system visible metrics such as memory utilizationC. database visible metrics such as number of connections

D. hypervisor visible metrics such as CPU utilizationAnswer: on 6 (of 7): Which is an operational process performed by AWS for data security?A. AES-256 encryption of data stored on any shared storage deviceB. Decommissioning of storage devices using industry-standard practicesC. Background virus scans of EBS volumes and EBS snapshotsD. Replication of data across multiple AWS Regions E. Secure wiping of EBS data when an EBS volume is un-mountedAnswer: the correct set of options. These are the initial settings for the default security group:A. Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to eachother.B. Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security group to talk to eachother.C. Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group totalk to each other.D. Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talkto each : A refAn IAM user is trying to perform an action on an object belonging to some other root account’s bucket. Which of the belowmentioned options will AWS S3 not verify?A. Permission provided by the parent of the IAM user on the bucketB. The object owner has provided access to the IAM userC. Permission provided by the parent of the IAM userD. Permission provided by the bucket owner to the IAM userAnswer: C If the IAM user is trying to perform some action on the object belonging to another AWS user’s bucket, S3 willverify whether the owner of the IAM user has given sufficient permission to him. It also verifies the policy for the bucket aswell as the policy defined by the object owner. refPlacement Groups: enables applications to participate in a low-latency, 10 Gbps network. Which of below statements is false.A. Not all of the instance types that can be launched into a placement group.B. A placement group can’t span multiple Availability Zones.C. You can move an existing instance into a placement group by specify parameter of placement group.D. A placement group can span peered VPCs.

Answer: D refWhat about below is false for AWS SLAA. S3 availability is guarantee to 99.95%.B. EBS availability is guarantee to 99.95%.C. EC2 availability is guarantee to 99.95%.D. RDS multi-AZ is guarantee to 99.95%.Answer: A S3 availability is 99.9% refYou have assigned one Elastic IP to your EC2 instance. Now we need to restart the VM without EIP changed. Which of belowyou should not do?A. Reboot and stop/start both works.B. Reboot the instance.C. When the instance is in VPC public subnets, stop/start works.D. When the instance is in VPC private subnet, stop/start : A refAbout the charge of Elastic IP Address, which of the following is true?A. You can have one Elastic IP (EIP) address associated with a running instance at no charge.B. You are charged for each Elastic IP addressed.C. You can have 5 Elastic IP addresses per region with no charge.D. Elastic IP addresses can always be used with no : B [ref](EC2 roleA. Launch an instance with an AWS Identity and Aceess Management (IAM) role to restrict AWS API access for the instance.B. Pass access AWS credentials in the User Data field when the instance is launched.C. Setup an IAM group with restricted AWS API access and put the instance in the group at launch.D. Setup an IAM user for the instance to restrict access to AWS API and assign it at : A refWhat cli tools does AWS provideA. AWS CLI.B. Amazon EC2 CLI.C. All of the three.

D. AWS Tools for Windows ： CAll three are providedWhich of the below mentioned steps will not be performed while creating the AMI of instance stored-backend?A. Define the AMI launch permissions.B. Upload the bundled volume.C. Register the AMI.D. Bundle the ： A refThe user just started an instance at 3 PM. Between 3 PM to 5 PM, he stopped and started the instance twice. During thesame period, he has run the linux reboot command by ssh once and triggered reboot from AWS console once. For how manyinstance hours will AWS charge this user?A. 4B. 3C. 2D. 5Answer: B refEach time you start a stopped instance we charge a full instance hour, even if you make this transition multiple times within asingle ing an instance doesn’t start a new instance billing hour, unlike stopping and restarting your Redshift is what type of data warehouse service?A. Gigabyte-scaleB. Exobyte-scaleC. Petabyte-scaleD. Terabyte-scaleAnswer: C Amazon Redshift is a fully-managed, petabyte-scale data warehouse does MPP stand for when referring to the type of architecture Redshift has?A. massively parallel processingB. massive protection policyC. massively parallel policy

D. massive protection processingAnswer: a Redshift has a massively parallel processing architecture that parallelizes and distributes SQL operations to takeadvantage of available ft can provide fast query performance by leveraging _ storage approaches and technology.A. key-valueB. databaseC. rowD. columnarAnswer: D Redshift can provide fast query performance by leveraging columnar storage approaches and technology, much ofwhich is taken from enterprise database ’s Redshift data warehouse allows enterprise IT pros to execute against data sets.A. simple SQL queries / smallB. complex SQL queries / largeC. simple SQL queries / largeD. complex SQL queries / smallAnswer: B Amazon’s Redshift data warehouse allows enterprise IT pros to execute complex SQL queries against large ft was designed to alleviate the frustrating, time-consuming challenges database clusters have imposed on _administrators?A. systemB. databaseC. certifiedD. privilegeAnswer: b Redshift was designed to alleviate the frustrating, time-consuming challenges database clusters have imposed ondatabase or False: Amazon Redshift is adept at handling data analysis workflows.A. TrueB. FalseAnswer: A There currently are two Amazon data warehouse services adept at handling data analysis workflows: AmazonRedshift and Amazon Relational Database nodes to a Redshift cluster provides _ performance improvements.A. linear

B. non-linearC. bothD. neitherAnswer: C Adding nodes to a Redshift cluster provides linear or near-linear performance preferred way to load data into Redshift is through __ using the COPY command.A. Remote hostsB. Simple Storage ServiceC. Elastic MapReduceD. All of the aboveAnswer: D The preferred way to load data into Redshift is through remote hosts, Simple Storage Service or Elastic MapReduceusing the COPY command. The COPY command executes loads in parallel and has the option to compress data during theload Redshift has how many pricing components?A. 4B. 3C. 2D. 5Answer: B (Amazon Redshift has three pricing components: data warehouse node hours, backup storage and data transfer.)What type of API provides a management interface to manage data warehouse clusters programmatically?A. QueryB. RESTC. ManagementD. SOAPAnswer: A The Amazon Redshift Query API provides a management interface to manage data warehouse Web Services falls into which cloud-computing category?A. Software as a Service (SaaS)B. Platform as a Service (PaaS)C. Infrastructure as a Service (IaaS)D. Back-end as a Service (BaaS)

Answer: CAmazon Elastic Compute Cloud (Amazon EC2) does which of the following?A. Provides customers with an isolated section of the AWS cloud where they can launch AWS resources in a virtual networkthat they define.B. Provides resizable computing capacity in the cloud.C. Provide a simple web services interface that customers can use to store and retrieve any amount of data from anywhereon the Web.D. Provides a web service allowing customers to easily set up, operate and scale relational databases in the : B ( AWS describes Amazon EC2 a web service that provides resizable computing capacity in the cloud, allowingcustomers “to quickly scale capacity, both up and down, as your computing requirements change.”)Amazon Glacier is a storage service allowing customers to store data for as little as:A. 1 cent per gigabyte (GB) per monthB. 10 cents per GB per monthC. 20 cents per GB per monthD. 50 cents per GB per monthAnswer: AAmazon Elastic Beanstalk automates the details of which of the following functions?A. Capacity provisioningB. Load balancingC. Auto-scalingD. Application deploymentE. All of the aboveAnswer: E (According to AWS, Amazon Elastic Beanstalk offers capacity provisioning, load balancing, auto-scaling andapplication deployment. )All AWS IaaS services are pay-as-you-go.A. TrueB. FalseAnswer: AAmazon S3 is which type of storage service?A. ObjectB. Block

C. SimpleD. SecureAnswer: A ( Object storage is more scalable than traditional file system storage, which is typically what users think aboutwhen comparing storage to databases for data persistence.)Which AWS storage service assists S3 with transferring data?A. CloudFrontB. AWS Import/ExportC. DynamoDBD. ElastiCacheAnswer: b ( AWS Import/Export accelerates moving large amounts of data into and out of AWS using portable storagedevices. AWS transfers your data directly onto and off of storage devices by using Amazon’s internal network and avoidingthe Internet.)Object storage systems store files in a flat organization of containers called what?A. BasketsB. BracketsC. ClustersD. BucketsAnswer: D ( Instead of organizing files in a directory hierarchy, object storage systems store files in a flat organization ofcontainers known as buckets in Amazon S3.)Amazon S3 offers encryption services for which types of data?A. data in flightB. data at relaxC. data at restD. data in motionE. a and cF. b and dAnswer: E Amazon offers encryption services for data at flight and data at S3 has how many pricing components?A. 4B. 5C. 3

D. 2Answer: C Amazon S3 offers three pricing options. Storage (per GB per month), data transfer in or out (per GB per month),and requests (per x thousand requests per month).What does RRS stand for when referring to the storage option in Amazon S3 that offers a lower level of durability at a lowerstorage cost?A. Reduced Reaction StorageB. Redundant Research StorageC. Regulatory Resources StorageD. Reduced Redundancy StorageAnswer:D (Non-critical data, such as transcoded media or image thumbnails, can be easily reproduced using the ReducedRedundancy Storage option. Objects stored using the RRS option have less redundancy than objects stored using standardAmazon S3 storage.)Object storage systems require less _ than file systems to store and access files.A. Big dataB. MetadataC. Master dataD. Exif dataAnswer: B (Object storage systems are typically more efficient because they reduce the overhead of managing file metadataby storing the metadata with the object. This means object storage can be scaled out almost endlessly by adding nodes.)True or False. S3 objects are only accessible from the region they were created in.A. TrueB. FalseAnswer: B While S3 objects are created in a specific region, they can be accessed from S3 offers developers which combination?A. High scalability and low latency data storage infrastructure at low costs.B. Low scalability and high latency data storage infrastructure at high costs.C. High scalability and low latency data storage infrastructure at high costs.D. Low scalability and high latency data storage infrastructure at low : A ( Amazon S3 offers software developers a reliable, highly scalable and low-latency data storage infrastructure atvery low costs. S3 provides an interface that can be used to store and retrieve any amount of data from anywhere on theWeb.)Why is a bucket policy necessary?

A. To allow bucket access to multiple users.B. To grant or deny accounts to read and upload files in your bucket.C. To approve or deny users the option to add or remove buckets.D. All of the aboveAnswer: B Users need a bucket policy to grant or deny accounts to read and upload files in your ERP application is deployed across multiple AZs in a single region. In the An ERP application is deployed across multipleAZs in a single region. In the event of failure, the Recovery Time Objective (RTO) must be less than 3 hours, event of failure,the Recovery Time Objective (RTO) must be less than 3 hours, and the Recovery Point Objective (RPO) must be 15 minutesthe customer and the Recovery Point Objective (RPO) must be 15 minutes the customer realizes that data corruptionoccurred roughly 1.5 hours DR strategy realizes that data corruption occurred roughly 1.5 hours DRstrategy could be used to achieve this RTO and RPO in the event of this kind of failure?could be used to achieve this RTO andRPO in the event of this kind of failure?A. Take hourly DB backups to S3, with transaction logs stored in S3 every 5 A. Take hourly DB backups to S3, withtransaction logs stored in S3 every 5 s.B. Use synchronous database master-slave replication between two availability B. Use synchronous database master-slavereplication between two availability .C. Take hourly DB backups to EC2 Instance store volumes with transaction logs C. Take hourly DB backups to EC2 Instancestore volumes with transaction logs stored In S3 every 5 In S3 every 5 minutes.D. Take 15 minute DB backups stored In Glacier with transaction logs stored in D. Take 15 minute DB backups stored InGlacier with transaction logs stored in S3 every5 minutes.S3 every5 : AYou are designing a social media site and are considering how to mitigate distributed denial-of-service (DDoS) attacks. Whichof the below are viable mitigation techniques? (Choose 3 answers)A. Add multiple elastic network interfaces (ENIs) to each EC2 instance to increase the network bandwidth.B. Use dedicated instances to ensure that each instance has the maximum performance possible.C. Use an Amazon CloudFront distribution for both static and dynamic content.D. Use an Elastic Load Balancer with auto scaling groups at the web. App and Amazon Relational Database Service (RDS) tiersE. Add alert Amazon CloudWatch to look for high Network in and CPU utilization.F. Create processes and capabilities to quickly add and remove rules to the instance OS : B,D,FYou would like to create a mirror image of your production environment in another region for disaster recovery of the following AWS resources do not need to be recreated in the second region? (Choose 2 answers)A. Route 53 Record SetsB. IM1 Roles

C. Elastic IP Addresses (EIP)D. EC2 Key PairsE. Launch configurationsF. Security GroupsAnswer : A,CYou are responsible for a legacy web application whose server environment is approaching end of life You would like tomigrate this application to AWS as quickly as possible, since the application environment currently has the followinglimitations:The VM’s single 10GB VMDK is almost full Mevirtual network interface still uses the 10Mbps driver, which leaves your100Mbps WAN connection completely underutilized It is currently running on a highly customized. Windows VM within aVMware environment: You do not have me installation media This is a mission critical application with an RTO (Recovery TimeObjective) of 8 hours. RPO (Recovery Point Objective) of 1 hour. How could you best migrate this application to AWS whilemeeting your business continuity requirements?A. Use the EC2 VM Import Connector for vCenter to import the VM into EC2.B. Use Import/Export to import the VM as an ESS snapshot and attach to EC2.C. Use S3 to create a backup of the VM and restore the data into EC2.D. Use me ec2-bundle-instance API to Import an Image of the VM into EC2Answer : AYou are designing Internet connectivity for your VPC. The Web servers must be available on the Internet. The application musthave a highly available alternatives should you consider? (Choose 2 answers)A. Configure a NAT instance in your VPC Create a default route via the NAT instance and associate it with all subnetsConfigure a DNS A record that points to the NAT instance public IP address.B. Configure a CloudFront distribution and configure the origin to point to the private IP addresses of your Web serversConfigure a Route53 CNAME record to your CloudFront distribution.C. Place all your web servers behind EL8 Configure a Route53 CNMIE to point to the ELB DNS name.D. Assign BPs to all web servers. Configure a Route53record set with all EIPs. With health checks and DNS failover.E. Configure ELB with an EIP Place all your Web servers behind ELB Configure a Route53 A record that points to the : B,CYour company has recently extended its datacenter into a VPC on AWS to add burst computing capacity as needed Membersof your Network Operations Center need to be able to go to the AWS Management Console and administer Amazon EC2instances as necessary You don’t want to create new IAM users for each NOC member and make those users sign in againto the AWS Management Console Which option below will meet the needs for your NOC members?A. Use OAuth 2 0 to retrieve temporary AWS security credentials to enable your NOC members to sign in to the AVVSManagement Console.B. Use web Identity Federation to retrieve AWS temporary security credentials to enable your NOC members to sign in to the

AWS Management Console.C. Use your on-premises SAML 2 O-compliant identityprovider (IDP) to grant the NOC members federated access to the AWSManagement Console via the AWS single sign-on (SSO) endpoint.D. Use your on-premises SAML2.0-compliam identity provider (IDP) to retrieve temporary security credentials to enable NOCmembers to sign in to the AWS Management : DYou are implementing AWS Direct Connect. You intend to use AWS public service end points such as Amazon S3, across theAWS Direct Connect link. You want other Internet traffic to use your existing link to an Internet Service Provider. What is thecorrect way to configure AWS Direct connect for access to services such as Amazon S3?A. Configure a public Interface on your AWS Direct Connect link Configure a static route via your AWS Direct Connect linkthat points to Amazon S3 Advertise a default route to AWS using BGP.B. Create a private interface on your AWS Direct Connect link. Configure a static route via your AWS Direct connect link thatpoints to Amazon S3 Configure specific routes to your network in your VPC.C. Create a public interface on your AWS Direct Connect link Redistribute BGP routes into your existing routing infrastructureadvertise specific routes for your network to AWS.D. Create a private interface on your AWS Direct connect link. Redistribute BGP routes into your existing routinginfrastructure and advertise a default route to : CYou have deployed a web application targeting a global audience across multiple AWS Regions under the . You decide to use Route53 Latency-Based Routing to serve web requests to users from the regionclosest to the user. To provide business continuity in the event of server downtime you configure weighted record setsassociated with two web servers in separate Availability Zones per region. Dunning a DR test you notice that when you disableall web servers in one of the regions Route53 does not automatically direct all users to the other region. What could behappening? (Choose 2 answers)A. Latency resource record sets cannot be used in combination with weighted resource record sets.B. You did not setup an http health check tor one or more of the weighted resource record sets associated with me disabledweb servers.C. The value of the weight associated with the latency alias resource record set in the region with the disabled servers ishigher than the weight for the other region.D. One of the two working web servers in the other region did not pass its HTTP health check.E. You did not set “Evaluate Target Health” to “Yes” on the latency alias resource record set associated with example comin the region where you disabled the : B,DYour company produces customer commissioned one-of-a-kind skiing helmets combining nigh fashion with custom technicalenhancements Customers can show off their Individuality on the ski slopes and have access to head-up-displays. GPS rear-view cams and any other technical innovation they wish to embed in the current manufacturing process is datarich and complex including assessments to ensure that the custom electronics and materials used to assemble the helmetsare to the highest standards Assessments are amixture of human and automated assessments you need to add a new set ofassessment to model the failure modes of the custom electronics using GPUs with CUDA. across a cluster of servers with low

latency architecture would allow you to automate the existing process using a hybrid approach and ensurethat the architecture can support the evolution of processes over time?A. Use AWS Data Pipeline to manage movement of data & meta-data and assessments Use an auto-scaling group of G2instances in a placement group.B. Use Amazon Simple Workflow (SWF) 10 manages assessments, movement of data & meta-data Use an auto-scaling groupof G2 instances in a placement group.C. Use Amazon Simple Workflow (SWF) lo manages assessments movement of data & meta-data Use an auto-scaling group ofC3 instances with SR-IOV (Single Root I/O Virtualization).D. Use AWS data Pipeline to manage movement of data & meta-data and assessments use auto-scaling group of C3 with SR-IOV (Single Root I/O virtualization).Answer : AYou require the ability to analyze a large amount of data, which is stored on Amazon S3 using Amazon Elastic Map are using the cc2 8x large Instance type, whose CPUs are mostly idle during processing. Which of the below would be themost cost efficient way to reduce the runtime of the job?A. Create more smaller flies on Amazon additional cc2 8x large instances by introducing a task group.C. Use smaller instances that have higher aggregate I/O performance.D. Create fewer, larger files on Amazon : CYou are designing a photo sharing mobile app the application will store all pictures in a single Amazon S3 willupload pictures from their mobile device directly to Amazon S3 and will be able to view and download their own picturesdirectly from Amazon want to configure security to handle potentially millions of users in the most secure mannerpossible. What should your server-side application do when a new user registers on the photo-sharing mobile application?A. Create a set of long-term credentials using AWS Security Token Service with appropriate permissions Store thesecredentials in the mobile app and use them to access Amazon S3.B. Record the user’s Information in Amazon RDS and create a role in IAM with appropriate permissions. When the user usestheir mobile app create temporary credentials using the AWS Security Token Service ‘AssumeRole’ function Store thesecredentials in the mobile app’s memory and use them to access Amazon S3 Generate new credentials the next time the userruns the mobile app.C. Record the user’s Information In Amazon DynamoDB. When the user uses their mobile app create temporary credentialsusing AWS Security Token Service with appropriate permissions Store these credentials in the mobile app’s memory and usethem to access Amazon S3 Generate new credentials the next time the user runs the mobile app.D. Create IAM user. Assign appropriate permissions to the IAM user Generate an access key and secret key for the IAM user,store them in the mobile app and use these credentials to access Amazon an IAM user. Update the bucket policy with appropriate permissions for the IAM user Generate an access Key andsecret Key for the IAM user, store them In the mobile app and use these credentials to access Amazon : B

A customer has a 10 GB AWS Direct Connect connection to an AWS region where they have a web application hosted onAmazon Elastic Computer Cloud (EC2). The application has dependencies on an on-premises mainframe database that uses aBASE (Basic Available. Sort stale Eventual consistency) rather than an ACID (Atomicity. Consistency isolation. Durability)consistency model. The application is exhibiting undesirable behavior because the database is not able to handle the volume ofwrites. How can you reduce the load on your on-premises database resources in the most cost-effective way?A. Use an Amazon Elastic Map Reduce (EMR) S3DistCp as a synchronization mechanism between the on-premises databaseand a Hadoop cluster on AWS.B. Modify the application to write to an Amazon SQS queue and develop a worker process to flush the queue to the on-premises database.C. Modify the application to use DynamoDB to feed an EMR cluster which uses a map function to write to the on-premisesdatabase.D. Provision an RDS read-replica database on AWS to handle the writes and synchronize the two databases using : AYou are the new IT architect in a company that operates a mobile sleep tracking application When activated at night, themobile app is sending collected data points of 1 kilobyte every5 minutes to your backend The backend takes care ofauthenticating the user and writing the data points into an Amazon DynamoDB table. Every morning, you scan the table toextract and aggregate last night’s data on a per user basis, and store the results in Amazon are notified viaAmazon SMS mobile push notifications that new data is available, which is parsed and visualized by (The mobile app Currentlyyou have around 100k users who are mostly based out of North America. You have been tasked to optimize the architectureof the backend system to lower cost what would you recommend? (Choose 2 answers)A. Create a new Amazon DynamoDB (able each day and drop the one for the previous day after its data is on Amazon S3.B. Have the mobile app access Amazon DynamoDB directly instead of JSON files stored on Amazon S3.C. Introduce an Amazon SQS queue to buffer writes to the Amazon DynamoDB table and reduce provisioned writethroughput.D. Introduce Amazon Elasticache lo cache reads from the Amazon DynamoDB table and reduce provisioned read throughput.E. Write data directly into an Amazon Redshift cluster replacing both Amazon DynamoDB and Amazon : B,DYour company is getting ready to do a major public announcement of a social media site on AWS. The website is running onEC2 instances deployed across multiple Availability Zones with a Multi-AZ RDS MySQL Extra Large DB Instance. The siteperforms a high number of small reads and writes per second and relies on an eventual consistency model. Aftercomprehensive tests you discover that there is read contention on RDS MySQL. Which are the best approaches to meet theserequirements? (Choose 2 answers)A. Deploy ElasticCache in-memory cache running in each availability zoneB. Implement sharding to distribute load to multiple RDS MySQL instancesC. Increase the RDS MySQL Instance size and Implement provisioned IOPSD. Add an RDS MySQL read replica in each availability zoneAnswer : A,C

You are tasked with moving a legacy application from a virtual machine running Inside your datacenter to an Amazon VPCUnfortunately this app requires access to a number of on-premises services and no one who configured the app still worksfor your company. Even worse there’s no documentation for it. What will allow the application running inside the VPC toreach back and access its internal dependencies without being reconfigured? (Choose 3 answers)A. An AWS Direct Connect link between the VPC and the network housing the internal services.B. AnInternet Gateway to allow a VPN connection.C. An Elastic IP address on the VPC instanceD. An IP address space that does not conflict with the one on-premisesE. Entries in Amazon Route 53 that allow the Instance to resolve its dependencies’ IP addressesF. A VM Import of the current virtual machineAnswer : A,C,FYour company currently has a 2-tier web application running in an on-premises data center. You have experienced severalinfrastructure failures in the past two months resulting in significant financial losses. Your CIO is strongly agreeing to movethe application to AWS. While working on achieving buy-infrom the other company executives, he asks you to develop adisaster recovery plan to help improve Business continuity in the short term. He specifies a target Recovery Time Objective(RTO) of 4 hours and a Recovery Point Objective (RPO) of 1 hour or also asks you to implement the solution within 2weeks. Your database is 200GB in size and you have a 20Mbps Internet connection. How would you do this while minimizingcosts?A. Create an EBS backed private AMI which includes a fresh install or your application. Setup a script in your data center tobackup the local database every 1 hour and to encrypt and copy the resulting file to an S3 bucket using multi-part upload.B. Install your application on a compute-optimized EC2 instance capable of supporting the application’s average loadsynchronously replicate transactions from your on-premises database to a database instance in AWS across a secure DirectConnect connection.C. Deploy your application on EC2 instances within an Auto Scaling group across multiple availability zones asynchronouslyreplicate transactions from your on-premises database to a database instance in AWS across a secure VPN connection.D. Create an EBS backed private AMI that includes a fresh install of your application. Develop a Cloud Formation templatewhich includes your Mil and the required EC2. Auto-Scaling and ELB resources to support deploying the application acrossMultiple-Ability Zones. Asynchronously replicate transactions from your on-premises database to a database instance in AWSacross a secure VPN : ARefer to the architecture diagram above of a batch processing solution using Simple Queue Service (SOS) to set up amessage queue between EC2 instances which are used as batch processors Cloud Watch monitors the number of Jobrequests (queued messages) and an Auto Scaling group adds or deletes batch servers automatically based on parameters setin Cloud Watch alarms. You can use this architecture to implement which of the following features in a cost effective andefficient manner?A. Reduce the overall lime for executing jobs through parallel processing by allowing a busy EC2 instance that receives amessage to pass it to the next instance in a daisy-chain setup.B. Implement fault tolerance against EC2 instance failure since messages would remain in SQS and worn can continue with

autoscaling group & launch configuration-A ___ tells AWS how to stand up a bootstrapped server that once up is ready to do work without any human interventionlaunch configuration-This tells AWS where it can create servers : which launch configuration to use, the minimum and maximum allowed servers inthe group, and how to scale up and Scaling Group-An AWS account can have up to ____CloudFront origin access identities.100-True or false Elastic IPs are sticky until re-assignedTrue Elastic Ips are sticky until the instance or volume they are associated with is deleted-EBS devices are ______of EC2 instances and by default _____them (unless configured otherwise). All data on Instance storagehowever will be lost and also on the root (/dev/sda1) partition of S3 backed serversEBS devices are independent of EC2 instances and by default outlive them (unless configured otherwise). All data on Instancestorage however will be lost and also on the root (/dev/sda1) partition of S3 backed servers-S3 Versioning meansS3 versioning means that all versions of a file are kept and retrievable at a later date (by making a request to the bucket,using the object ID and also the version number). The only charge for having this enabled is from the fact that you will incurmore storage. When an object is deleted, it will still be accessible just not visible.-Define a Placement GroupA placement group is a logical grouping of instances within a single Availability Zone-using these types od groups enables applications to get the full-bisection bandwidth and low-latency network performancerequired for tightly coupled, node-to-node communication typical of High Performance Computing (HPC) on ent Groups-

For Relational Database, the setting of provisioned IOPS storage does whatprovides fast, consistent performance-for a DB instance the default setting for minor upgrades is set toyes, allow auto minor version upgrades-What 3 things must you provide the DB instance during setupThe DB instance Identifer, the master username, the master password-in DB management options what options exist and what are they set to on defaultEnable Automatic Backups, set to yes on defaultbackup retention period-the daily time range which automated backups are created if automated backups are created isdefault set to 1 day, the backup window-is set to no preference, the weekly time range-is a web service that gives you access to a _ that can be used to store messages while waiting for a computer to processthem. This allows you to quickly build message queuing applications that can be run on any computer on the SQS is a web service that gives you access to a message queue that can be used to store messages while waiting fora computer to process them. This allows you to quickly build message queuing applications that can be run on any computeron the internet.-If you choose to delete a DB instance on the management console what question might you be asked in regards to backupsYou will be asked if you wish to create a final snapshot-If you choose not to create a final snapshot for a DB instance what will happen to the automated snapshot associated withthe instance?The automated snapshot will be deleted-fill in the 3 blanks:____Instances allow us to optimize processing costs - and ____allows us to orchestrate the process in a distributed andasynchronous manner & ____facilitates the storage of intermediate and final processing resultsSpot Instances + SQS + S3 = Magic - Spot Instances allow us to optimize processing costs - Amazon SQS allows us toorchestrate the process in a distributed and asynchronous manner - Amazon Simple Storage Service (S3) facilitates thestorage of intermediate and final processing results