Uncategorised

AWS Certified SysOps Administrator – Chapter – 1

May 3, 2021 comments off

Assessment Test

You notice in the AWS Management Console that Your Amazon Elastic Compute Cloud (Amazon EC2) Instance State is Failed. What would cause this?

  • Loss of network connectivity
  • Loss of System Power
  • Incompatible Kernel
  • Software issues on the physical host

What is the difference between a public Subnet and a Private Subnet in a VPC?

  • The Route Table in the Private has a route to the Network Address Translation (NAT),While the Route Table in a Public Subnet does not.
  • The Route Table in the Public Subnet has a route to the Internet Gateway (IGW), while the Route in a Private Subnet does not.
  • The public Subnet has NAT server, allowed in the Public Subnet.
  • Only Elastic Load Balancers are allowed in the Public Subnet.

You have deployed eight Amazon Elastic Compute Cloud (Amazon EC2) instances in the us-west-1a Availability Zone and two Amazon EC2 instances in us-west-1b Availability Zone. You noticed that the two Amazon EC2 instances in us-west-1b received the same amount of traffic that is load balanced between the other eight Amazon EC2 instances located in the us-west-1a Availability Zone. How can fix this from the load balancer?

  • Enable cross-load balancing on you load balancer.
  • Create an Auto Scaling group, and configure it to balance out the instance between the Availability Zones.
  • Create three instances in us-west-1b, and terminate three instances in us-west-1a.
  • Migrate to an Application load balancer.

You have launched an Amazon Relation Database Service (Amazon RDS) database instance running MySQL. When you created the Amazon RDS instance, you did not specify a maintenance Window, and now you need to update the instance size from micro to large. If you request to have update happen inside the maintenance window, what will occur?

  • Nothing. The command will be ignored until you create and apply a maintenance window.
  • Nothing. It is not possible to change the DB size using Amazon RDS.
  • AWS will select and use a default maintenance window if is not provided.
  • AWS will prompt you to provide a maintenance window when you make the request.

Which of the following is the customer’s responsibility in the Shared Responsibility Model?

  • Restricting access to Amazon Elastic Computer Cloud (Amazon EC2) using Security Groups.
  • Restricting physical access to AWS datacenters
  • Destroying physical media used in AWS datacenters
  • Managing updates to the Hypervisors on instances run

You are tasked with storing 200 GB of archival images that are requested infrequently, averaging one or two requests per image each day. Which is the most cost effective storage option for the images?

  • Amazon Elastic Block Store (Amazon EBS) io1
  • Amazon EBS gp2
  • Amazon Simple Storage Service (Amazon S3)
  • Amazon Elastic File System (Amazon EFS)

You need storage for you production MySQL database. The database is 19 TB in size, and you will need to have approximately 10,000 IOPS—mostly writes. Without considering price, which storage option satisfies the requirements?

  • Provisioned Amazon Elastic File System (Amazon EFS) 20 TB volume with 10,000 IOPS
  • Two provisioned Amazon EFS 10 TB volumes with 5,000 IOPS per volume and RAIDO striping
  • Provisioned Amazon Elastic Block Store (Amazon ESB) (io1) 20 TB volume with 10,000 IOPS
  • Two provisioned Amazon EBS (io1) 10 TB volumes with 5,000 IOPS per volume and RAIDO striping

You have created an Auto Scaling group whit a minimum of two Amazon Elastic Compute Cloud (Amazon EC2) instances, a maximum of six instances, and a desired capacity of four instances. Your instances take 20 minutes to launch, and they take three minutes to start once built. How can you configure autoscaling to start and stop instances versus launching new instances from Amazon Machine Instances (AMIs)?

  • Create a new Auto Scaling launch configuration, and configure the Auto Scaling group to start the instances.
  • Edit the Auto Scaling group’s launch Configuration to Start instances.
    C- This is not possible, as Auto Scaling cannot stop and start instances.
  • Configure the Auto Scaling group to use the Amazon EC2 recovery service.

You have a Multi- AZ Amazon Relation Database Service (Amazon RDS) database running MySQL. During a planned outage, how does AWS ensure that, when switching from the primary DB to the standby, it will not affect your application servers?

  • Amazon RDS uses the Elastic IP address that are datached from the primary database and then attached to the standby instance. This promoters the standby to be the primary.
  • Amazon RDS uses the Elastic Queue Service to process requests from application services and send them to database engines. Since this done at the Hypervisor, no user intervention is required.
  • Amazon RDS runs both database instances independently, and each has their own connection string. You will have to update the code on your application server because AWS has no visibility above the Hypervisor.
  • Amazon RDS uses Amazon Route 53 to create connection strings and will automatically update the IP address to point at the instance.

When attaching an Amazon Elastic Block Store (Amazon ESB) volume to an Amazon Elastic Compute Cloud (Amazon EC2) instance, what conditions must be true?

  • The Amazon EBS volume must be in the same Availability Zone (AZ) as the instance.
  • The Amazon EBS Volume must be in the same account as the instance.
  • The Amazon EBS volume must be assigned to an AMI ID.
  • The Amazon EBS volume must have the security group as the instance.

You’ve been asked to migrate a busy Amazon Relation Database Service (Amazon R DS) for MySQL database to Amazon Aurora. You need to do so with little downtime and with no lost data. What is the best way to meet the above requirements?

  • Take a snapshot of the MySQL Amazon RDS instance. Use that snapshot to create an Amazon Aurora Read Replica of the Amazon RDS for MySQL database. Once replication catches up, make the Aurora Read Replica into standalone Amazon Aurora DB cluster, and point the application to the new Amazon Aurora DB cluster.
  • Create an Amazon Simple Storage Service (Amazon S3) Bucker, and Upload the Amazon RDS database as a flat file dump into the bucker. Restore from the dump to a new Amazon Aurora database.
  • Restore the most recent Amazon RDS automated backup to a new Amazon Aurora instance. Stop the application, point the application at the new Amazon Aurora DB instance, and start the application.
  • Take a snapshot. Restore the snapshot to a new Amazon Aurora instance- point the application to the new Amazon Aurora DB instance, and start the application.

Is case of a failure of the primary note of an Amazon Relational Database Service (Amazon RDS) instance with an RDS Multi-AZ deployment, You must do the following to recover:

  • Nothing. The node will automatically fail over to each of the three included read replicas in alternative regions.
  • Nothing. The node will automatically fail over to the standby instance; a short amount of downtime may occur.
  • Manually stand up a new instance by restoring from the most recent automatic backup.
  • Manually initiate the failover using the AWS CLI initialize-rds-failover command.

As part of an application requirement that you’ve been given, you must deploy a new Amazon DynamoDB database. You must do so in a highly available manner. How do you Deploy this database?

  • Deploy the Amazon DyamoDB database is single Availability Zone (AZ). Set up an automation backup job to Amazon S3 and an automation restore job from S3 to a DyamoDB database in a second AZ.
  • Use the Amazon DyamoDB Local version in two AZs.
  • You can’t use Amazon DyamoDB for HA requirements.
  • Deploy an Amazon DyamoDB database in the desired region.

You application has a database that has been reported as being slow by you end users. Upon investigation, you find that the database is seeing an extraordinarily high volume of read activity. What is one way to overcome this constraint?

  • Place an Amazon CloudFront distribution between the application layer and the database.
  • Use AWS Shield to protect against too many read from the application layer to the database.
  • Use Amazon ElastiCache to provide a cache for frequent reads between the application layer and database.
  • Use AWS Route53 Latency Based Routing to direct to the least latent database node.

You haveassigned an Elastic IP to an Amazon Elastic Compute Cloud (Amazon EC2) instance. You then terminate that instance. What happens to that Elastic IP?

  • The Elastic IP remains associated with the account, and you start getting charged for it.
  • The Elastic IP remains associated with the account.
  • The Elastic IP is deleted along with the Amazon EC2 instance.
  • You cannot delete an Amazon EC2 instance with an Elastic IP associated with it. You must remove or delete the Elastic IP fist.

You are using Amazon CloudFront to serve static content to your users. What would be the best way to control access to the content?

  • Create an Amazon Simple Service (Amazon S3) bucket policy using AWS Identity and Management (IAM) as the mechanism to control access.
  • Have your application create and distributed either signed URLs or signed cookies.
  • Use the LIST Distribution API within Amazon CloudFront.
  • Use Origin Access Identity (OAI) to secure access to content in Amazon CloudFornt.

You are looking to encrypt your Amazon DyamoDB table. How wold you do this?

  • In the Amazon DyamoDB console, turn on server-side encryption.
  • Via the AWS CLI, turn on server-side encryption.
  • Use client-side encryption, as Amazon DyamoDB does not support server-side encryption.
  • Enable Transparent Data Encryption (TDE).

You are part of a team which is rebuilding your company’s monolithic web application. The team plans on using a tiered architecture. One of the primary goals is to be able to use Auto Scaling to add and remove Amazon Elastic Compute Cloud (Amazon EC2) instances on demand. To this end, you need to get user state data off of individual instances. Which of the following AWS cloud services will provide you with a shared data store that is highly durable and has low latency?

  • Amazon DyamoDB
  • Amazon EC2 Instance Storage
  • Amazon Simple Storage Database Service (Amazon RDS)
  • Amazon simple storage Service (Amazon S3)

Your company maintains an application that has a home-grown messaging cluster. You want to avoid maintaining this legacy cluster, and you need to migrate to an AWS service that provide this functionality. What service do you set up?

  • AWS X-Ray
  • Amazon CloudFront
  • Amazon Elasticsearch
  • Amazon Simple Queue Service (Amazon SQS)
  • You need to create an Amazon Virtual Private Cloud (Amazon VPC) that will allow you to use AWS Direct Connect. Which of the following Combinations will allow you to use AWS Direct Connect but also prevent connectivity to the Internet?
  • You are not able to do so. If you have an AWS Direct Connect connection, by default, you have a connection to the internet.
  • Create a VPC with both an Internet Gateway (IGW) and a VPN Gateway.
  • Create a VPS with an AWS Direct Connect Gateway.
  • Create a VPC with A VPN Gateway.

You have 10 Amazon Elastic Computer Cloud (Amazon EC2) instances behind a classic load balancer. What do you need to do ensure that traffic is routed only to healthy instances?

  • Terminate the unhealthy instances.
  • Enable cross-zone load balancing on your load balancer.
  • Turn on health checks, and the load balancer will send traffic to the healthy instances.
  • Nothing. The load balancer will terminate the unhealthy instances.

You have noticed that your Auto Scaling Group scaled up to its maximum size. How can you be notified when your Auto Scaling group scales out and scales in?

  • Have your Auto Scaling group Scaling group send messages to Amazon Simple Queue Service (Amazon SQS ). Periodically check the queue for you Auto Scaling massages.
  • Configure an Amazon Simple Notification Service (Amazon SNS) topic with an SMS Subscription to your phone number.
  • Configure an Amazon Simple Notification Service (Amazon SNS) topic with an AWS Lambda function that sends an email.
  • Periodically query the Auto Scaling Group to check the desired capacity.

You are giver a project to implement a High Performance Computing (HPC) workload for your R&D department. The workload takes tasks one-by-one, and it is tolerant of a node in the cluster failing. Each tasks runs for approximately one hour. Which of the following AWS cloud service is best suited for your workload from a cost-effectiveness standpoint?

Answers to the Assessment Test

  1. C. Instance Status monitors the software and hardware of your individual instance. The other items listed are issues that affect the underlying AWS hardware.
  2. B. The route table in the Public Subnet has a route pointing to the IGW. IGWs are associated with VPCs, not with subnets. Elastic Load Balancers can be in both the Public Subnet and the Private Subnet.
  3. A. by default, the load balancer distributes traffic evenly across the Availability Zones that you enable for your load balancer. To distribute traffic evenly across all registered instance in all enable Availability Zone, enable cross-Zone load balancing on your load balancer. However, it is still recommended that you maintain approximately equivalent number of instance in each Availability Zone for better fault tolerance.
  4. C. If you don’t specify a preferred maintenance window when you create the DB instance or DB cluster, them Amazon RDS assigns a 30-minute maintenance window on a randomly selected day of week.
  5. A. You are responsible for security in the cloud, which includes configuring and applying Security Groups to resources running within the customer’s account.
  6. C. Amazon Simple Storage Service (Amazon S3) provides a low- cost method of storing Object in a highly available and durable manner.
  7. D. You can chose up to a maximum of 16 TB per Amazon ESB volume, so you must create a RAID array of multiple volume to achieve the IOPS being sought.
  8. A. User is run at boot time and can be used to install software. The other answers listed are examples of metadata, which is associated with the Amazon EC2 instance and can be accessed via the Amazon EC2 metadata service.
  9. C. Subnets of a VPC have to be in the same address space as the VPC itself.
  10. C. You can use scaling policies to increase or decrease the number of running Amazon EC2 instances in your group automatically to meet changing conditions. When the scaling policy is in effect, the Auto Scaling group adjusts the desired capacity of the group and launches or terminates the instances as needed. If you manually scale on a schedule, you must adjust the desired capacity of the group in order for the changes to take effect.
  11. D. Amazon RDS connection strings are based on Amazon Route 53 DNS. Inside Amazon RDS, they are referred to as endpoints. Endpoints include both the DNS name and the port number for the database instance.
  12. A. Amazon EBS volume must reside within the same Availability Zone (AZ) as the instance to which you are attaching the volume.
  13. A. You can create an Amazon Aurora Read Replica to sync data from an Amazon RDS for MySQL source. By failing over to the replica,You can efficiently migrate between databases. Use manual snapshot to pre-Populate the read replica.
  14. B. An Amazon RDS instance in a Multi-AZ deployment will automatically fail from a failed primary node to the standby node.
  15. D. An Amazon DynamoDB database is replicated across three facilities in an AWS Region automatically.
  16. C. Amazon ElasticCache provides an in-memory cache that can cache frequently read data and alleviate common read queries from hitting your database layer.
  17. A. Elastic IPs are associated with the account, not the Amazon EC2 instance. However, unassigned Elastic IPs incur a charge. This is to discourage hoarding of IP addresses.
  18. B IAM should not be used because content will be accessed by individuals who do not have an IAM account. The LIST Distribution API just lists distributions; it does not control access. Origin Access Identity (OAI) is how you control access in an Amazon S3 object, not an Amazon CloudFornt Distribution.
  19. C. Amazon DyamoDB does not support the AWS Key Management Service (AWS KMS) nor service-side encryption. You can use customer-side encryption to store encrypted data in Amazon DyamoDB.
  20. A. Amazon DyamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is fully managed, and it supports both document and key-value store models.
  21. D. Amazon SQS provides a Scalable message queueing service, which allows the operator to avoid the undifferentiated heavy lifting associated with running a traditional message queuing application.
  22. D. AWS Direct Connect uses the VPN Gateway as the VPC. You can create a VPC that only has a VPS Gateway attached to it.
  23. C. You can configure heath checks, which are used to monitor the heath of the registered instances so that the load balancer can send requests only to the healthy instances.
  24. B when you use Auto Scaling to scale application automatically, it is useful to know when Auto Scaling is lunching or terminating the Amazon EC2 instances in your Auto Scaling group. Amazon SNS coordinates and manages the delivery or sending of notifications to subscribing clients or endpoint. You can configure Auto Scaling to send a SNS notification whenever you Auto Scaling group scales. AWS Lambda blocks port 25, the SMTP port,Therefore it is not possible to send emails with Lambda.
  25. A. Spot instances provide you with access to unused Amazon EC2 capacity at steep discounts relative to On-Demand prices. The Spot price fluctuates based on the supply and demand of available unused EC2 capacity.

Review Questions

Each AWS region is composed of two or more location that provide you with the ability to introduce high availability, fault tolerance, and/or scale to your applications. What are these location called?

  • Data centers
  • Edge locations
  • Computer centers
  • Availability Zones

What AWS Cloud service is designed to give you an easy way to establish a trusted relationship between your Active Directory and AWS?

  • Amazon Elastic Computer Cloud (Amazon EC2)
  • AWS Key Management Service (AWS KMS)
  • Amazon Virtual Private Cloud (Amazon VPC)
  • Active Directory Connector

What AWS Cloud service provides a logically isolated section of the AWS Cloud where systems operators can launch AWS resources into a virtual network they defined?

  • Amazon Virtual Private Cloud (Amazon VPC)
  • Amazon Route 53
  • Availability Zones
  • Security Groups

You manage a fleet of web servers hosted on Amazon Elastic Computer Cloud (Amazon EC2). Most, if not all, of the websites are static in nature. What AWS Cloud service can host a static website, thus replacing servers?

  • Amazon Elastic Compute Cloud (Amazon EC2)
  • Amazon Simple Storage service (Amazon S3)
  • Amazon Route 53
  • Amazon API Gateway
Rajesh Kumar
Follow me
Latest posts by Rajesh Kumar (see all)