Uncategorised

AWS Certified Solutions Architect Exam Guide – Chapter-11

April 29, 2021 comments off

Know the basic use cases for Amazon CloudFront. Know when to use Amazon CloudFront (for popular static and dynamic content with geographically distributed users) and when not to (all users at a single location or connecting through a corporate VPN).

Know how Amazon CloudFront works. Amazon CloudFront optimizes downloads by using geolocation to identify the geographical location of users, then serving and caching content at the edge location closest to each user to maximize performance.

Know how to create an Amazon CloudFront distribution and what types of origins are supported. To create a distribution, you specify an origin and the type of distribution, and Amazon CloudFront creates a new domain name for the distribution. Origins supported include Amazon S3 buckets or static Amazon S3 websites and HTTP servers located in Amazon EC2 or in your own data center.

Know how to use Amazon CloudFront for dynamic content and multiple origins. Understand how to specify multiple origins for different types of content and how to use cache behaviors and path strings to control what content is served by which origin.

Know what mechanisms are available to serve private content through Amazon CloudFront. Amazon CloudFront can serve private content using Amazon S3 Origin Access Identifiers, signed URLs, and signed cookies.

Know the three configurations of AWS storage gateway and their use cases. Gateway-Cached volumes expand your on-premises storage into Amazon S3 and cache frequently used files locally. Gateway-Stored values keep all your data available locally at all times and also replicate it asynchronously to Amazon S3. Gateway-VTL enables you to keep your current backup tape software and processes while eliminating physical tapes by storing your data in the cloud.

Understand the value of AWS Directory Service. AWS Directory Service is designed to reduce identity management tasks, thereby allowing you to focus more of your time and resources on your business.
Know the AWS Directory Service Directory types. AWS Directory Service offers three directory types:

  • AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also referred to as Microsoft AD
  • Simple AD
  • AD Connector

Know when you should use AWS Directory Service for Microsoft Active Directory.
You should use Microsoft Active Directory if you have more than 5,000 users or need a trust relationship set up between an AWS hosted directory and your on-premises directories.

Understand key management.
+Key management is the management of cryptographic keys with a cryptosystem. This includes dealing with the generation, exchange, storage, use, and replacement of keys.
Understand when you should use AWS KMS. AWS KMS is a managed service that makes it easy for you to create and control the symmetric encryption keys use to encrypt your data. AWS KMS lets you create keys that can never be exported from the service and which can be used to encrypt and decrypt data base on policies you define.

Understand when you should use AWS CloudHSM.
AWS CloudHSM helps you meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated hardware security module appliances within the AWS cloud.

Understand the value of AWS CloudTrail.
AWS CloudTrail provides visibility into user activity by recording API calls made on your account. This helps you to track changes made to your AWS resources and to troubleshoot operational issues. AWS CloudTrail makes it easier to ensure compliance with internal with internal policies and regulatory standards.

Know the three services of Amazon Kinesis and their use cases.
Amazon Kinesis Firehose allows you to load massive volumes of streaming data into AWS. Amazon Kinesis Analytics enables you to easily analyze streaming data real time with standard SQL. Amazon Kinesis Streams enables you to build custom applications that process or analyze streaming data real time for specialized needs.

Know what service Amazon EMR provides.
Amazon EMR provides a managed Hadoop service on AWS that allows you to spin up large Hadoop clusters in minutes.

Know the difference between persistent and transient clusters.
Persistent clusters run continuously, so they do not lose data stored on instance-based HDFS. Transient clusters are launched for a specific task, then terminated, so they access data on Amazon S3 via EMRFS.

Know the use cases for Amazon EMR. Amazon EMR is useful for big data analytics in virtually any industry, including, but not limited to, log processing, clickstream analysis, and genomics and life sciences.

Know the use cases for AWS Data Pipeline.
AWS Data Pipeline can manage batch ETL processes at scale on the cloud, accessing data both in AWS and on-premises. It can take advantage of AWS cloud services by spinning up resources required for the process, such as Amazon EC2 instances or Amazon EMR clusters.

Know the types of AWS Import/Export services and the possible sources/destinations of each.
AWS Snowball is Amazon shippable appliances supplied ready to Ship. It can transfer data to and from your on-premises storage and to and from Amazon S3. AWS Import/ Export Disk uses your storage devices and, in addition to transferring data in and out of your on-premises storage, can import data to Amazon S3, Amazon EBS, and Amazon S3; it can only export data from Amazon S3.

Understand the basics of AWS OpsWorks. AWS OpsWorks is a configuration management service that helps you configure and operate applications of all shapes and sizes using Chef. You can define an application’s architecture and the specification of each component including package installation, software configuration, and resources such as storage.

Understand the value of AWS CloudFormation. AWS CloudFormation is a service that helps you model and set up your AWS resources. AWS CloudFormation allows organizations to deploy, modify, and update resources in a controlled and predictable way, in effect applying version control to AWS infrastructure the same way you would do with software.

Understand the value of AWS Elastic Beanstalk. AWS Elastic Beanstalk is the fastest and simplest way to get an application up and running on AWS. Developers can simply upload their application code, and the service automatically handles all the details such as resource provisioning, load balancing, Auto Scaling, and monitoring.

Understand the components of AWS Elastic Beanstalk. An AWS Elastic Beanstalk application is the logical collection of environments, versions, and environment configurations. In AWS Elastic Beanstalk, an application is conceptually similar to a folder.

Understand the value of AWS Config. AWS Config is a fully managed service that provides organizations with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance. With AWS Config, organizations can discover existing and deleted AWS resources, determine their overall compliance against rules and dive into configuration details of a resource at any point in time. These capabilities enable compliance auditing, security analysis, resource change tracking, and troubleshooting.

Review Questions
What origins servers are supported by Amazon CloudFront? (Choose 3 answers)

  • An Amazon Route 53 Hosted Zone
  • An Amazon Simple Storage Service (Amazon S3) bucket
  • An HTTP server running on Amazon Elastic Compute Cloud (Amazon EC2)
  • An Amazon EC2 Auto Scaling Group
  • An HTTP server running on-premises

Which of the following are good use cases for Amazon CloudFront? (Choose 2 answers)

  • A popular software download site that supports users around the world, with dynamic content that changes rapidly
  • A corporate website that serves training videos to employees. Most employees are located in two corporate campuses in the same city.
  • A heavily used video and music streaming service that requires content to be delivered only to paid subscribers
  • A corporate HR website that supports a global workforce. Because the site contains sensitive data, all users must connect through a corporate Virtual Private Network (VPN)

You have a web application that contains both static content in an Amazon Simple Storage service Amazon S3) bucket—primarily images and CSS files—and also dynamic content currently served by a PHP web app running on Amazon Elastic Compute Cloud (Amazon EC2). What features of Amazon CloudFront can be used to support this application with a single Amazon CloudFront distribution? (Choose 2 answers)

  • Multiple Origin Access Identifiers
  • Multiple signed URLs
  • Multiple origins
  • Multiple edge locations
  • Multiple cache behaviors

You are building a media-sharing web application that serves video files to end users on both PCs and mobile devices. The media files are stored as objects in an Amazon Simple Storage Service (Amazon S3) bucket, but are to be delivered through Amazon CloudFront. What is the simplest way to ensure that only Amazon CloudFront has access to the objects in the Amazon S3 bucket?

  • Create Signed URLs for each Amazon S3 object.
  • Use an Amazon CloudFront Origin Access Identifier (OAI).
  • Use public and private keys with signed cookies.
  • Use an AWS Identity and Access Management (IAM) bucket policy.

    Your company data center is completely full, but the sales group has determined a need to store 200TB of product video. The videos were created over the last several years, with the most recent being accessed by sales the most often. The data must be accessed locally, but there is no space in the data center to install local storage devices to store this data. What AWS cloud service will meet sales’ requirements?
  • AWS Storage Gateway Gateway-Stored volumes
  • Amazon Elastic Compute Cloud (Amazon EC2) instances with attached Amazon EBS Volumes
  • AWS Storage Gateway Gateway—Cached volumes
  • AWS Import/Export Disk

Your company wants to extend their existing Microsoft Active Directory capability into an Amazon virtual Private Cloud (Amazon VPC) without establishing a trust relationship with the existing on–premises Active Directory. Which of the following is the best approach to achieve this goal?

  • Create and connect an AWS Directory Service AD Connector
  • Create and connect an AWS Directory Service Simple AD.
  • Create and connect an AWS Directory Service for Microsoft Active Directory (Enterprise Edition).
  • None of the above

Which of the following are AWS Key Management Service (AWS KMS) keys that will never exit AWS unencrypted?

  • AWS KMS data keys
  • Envelope encryption keys
  • AWS KMS Customer Master Keys (CMKs)
  • A and C

Which cryptographic method is used by AWS Key Management Service (AWS KMS) to encrypt data?

  • Password-based encryption
  • Asymmetric
  • Shared secret
  • Envelope encryption

Which AWS service records Application Program Interface (API) calls made on your account and delivers log files to Your Amazon Simple Storage Service (Amazon S3) bucket?

  • AWS CloudTrail
  • Amazon CloudWatch
  • Amazon Kinesis
  • AWS Data Pipeline

    You are trying to decrypt ciphertext with AWS KMS and the decryption operation is failing. Which of the following are possible causes? (Choose 2 answers)
  • The private key does not match the public key in the ciphertext.
  • The plaintext was encrypted along with an encryption context, and you are not providing the identical encryption context when calling the Decrypt API.
  • The ciphertext you are trying to decrypt is not valid.
  • You are not providing the correct symmetric key to the Decrypt API.

Your company has 30 years of financial records that take up 15TB of on-premises storage. It is regulated that you maintain these records, but in the year you have worked for the company no one has ever requested any of this data. Given that the company data center is already filling the bandwidth of its Internet connection, what is an alternative way to store the data on the most appropriate cloud storage?

  • AWS Import/Export to Amazon Simple Storage Service (Amazon S3)
  • AWS Import/Export to Amazon Glacier
  • Amazon Kinesis
  • Amazon Elastic MapReduce (AWS EMR)

Your company collects information from the point of sale registers at all of its franchise locations. Each month these processes collect 200TB of information stored in Amazon Simple Storage Service (Amazon S3). Analytics jobs taking 24 hours are performed to gather knowledge from this data. Which of the following will allow you to perform these analytics in a cost-effective way?

  • Copy the data to a persistent Amazon Elastic MapReduce (Amazon EMR) cluster, and run the MapReduce jobs.
  • Create an application that reads the information of the Amazon S3 bucket and runs it through an Amazon Kinesis stream.
  • Run a transient Amazon EMR cluster, and run the MapReduce job against the data directly in Amazon S3.
  • Launch a d2.8xlarge (32 vCPU, 244GB RAM) Amazon Elastic Compute Cloud (Amazon EC2) instance, and run an application to read and process each object sequentially?

Which service allows you to process nearly limitless streams of data in flight?

  • Amazon Kinesis Firehose
  • Amazon Elastic MapReduce (Amazon EMR)
  • Amazon Redshift
  • Amazon Kinesis Streams

What combination of services enable you to copy daily 50TB of data to Amazon storage, process the data in Hadoop, and store the results in large data warehouse?

  • Amazon Kinesis, Amazon Data Pipeline, Amazon Elastic MapReduce (Amazon EMR), and Amazon Elastic Compute Cloud (Amazon EC2)
  • Amazon Elastic Block Store (Amazon EBS), Amazon Data Pipeline, Amazon EMR, and Amazon Redshift 
  • Amazon Simple Storage Service (Amazon S3), Amazon Data Pipeline, Amazon EMR, and Amazon Redshift
  • Amazon S3, Amazon Simple Workflow, Amazon EMR, and Amazon DynamoDB

Your company has 50,000 weather stations around the country that send updates every 2 seconds. What service will enable you to ingest this stream of data and store it to Amazon Simple Storage Service (Amazon S3) for future processing?

  • Amazon Simple Queue Service (Amazon SQS)
  • Amazon Kinesis Firehose
  • Amazon Elastic Compute Cloud (Amazon EC2)
  • Amazon Data Pipeline

Your organization uses Chef heavily for its deployment automation. What AWS cloud service provides integration with Chef recipes to start new application server instances, configure application server software, and deploy applications?

  • AWS Elastic Beanstalk
  • Amazon Kinesis
  • AWS OpsWorks
  • AWS CloudFormation

A firm is moving its testing platform to AWS to provide developers with instant access to clean test and development environments. The primary requirement for the firm is to make environments easily reproducible and fungible. What service will help the firm meet their requirements?

  • AWS CloudFormation
  • AWS Config
  • Amazon Redshift
  • AWS Trusted Advisor

Your company’s IT management team is looking for an online tool to provide recommendations to save money, improve system availability and performance, and to help close security gaps. What can help the management team?

  • Cloud-init
  • AWS Trusted Advisor
  • AWS Config
  • Configuration Recorder

Your company works with data requires audits of your AWS environment to ensure compliance with compliance with internal policies and best practice. In order to perform these audits, you need access to historical configurations of your resources to evaluate relevant configuration changes. Which service will provide the necessary information for your audits?

  • AWS Config
  • AWS Key Management Service (AWS KMS)
  • AWS CloudTrail
  • AWS OpsWorks

All of the website deployments are currently done by your company’s development team. With a surge in website popularity, the company is looking for ways to be more agile with deployments. What AWS cloud service can help the developers focus more on writing code instead of spending time managing and configuring servers, databases, load balancers, firewalls, and networks?

  • AWS Config
  • AWS Trusted Advisor
  • Amazon Kinesis
  • AWS Elastic Beanstalk
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)