I achieved AWS Certified Solutions Architect - Associate certification recently, and would like to share some experiences with people who are pursuing for this certification. I hope my method might saves your time to prepare for the exam. I'm also enlisting some of the questions that I collected from Internet.
Before we begin, its good to have below :
- AWS fundamentals & the overview of the offerings from AWS in the form of services.
- You have some practical hands on experience on AWS (good to have for solving scenario based questions and troubleshooting questions)
I feel Associate exams are much easier than professional level, I believe you can pass this exam in 10 days if you already have fairly good AWS understanding. But if you are brand new to AWS, please spend another month or two for hands-on experience.
If you focus on preparing for the exam (which you must be doing),it shouldn't be that difficult. Question is how do you prepare.
My opinion is you focus on whats relevant. This exam doesn't ask you questions on what buttons to press to launch an EC2 instance or how to launch RDS instances so you don't need to know each and everything step by step.
Services I focused for this particular examination :
S3 | IAM | CloudFront |
EBS | Storage Gateways | EC2 |
CloudWatch | Import/Export | ELB |
PlacementGroups | AutoScalling | Route53 |
DynamoDB | RDS | VPC |
SNS | SQS | SES |
ElasticBeanstalk | CloudFormation | BastionHost |
Keep below tips in mind while you follow my guide step by step, that you DO NOT miss on any of these points while studying.
- Understand the fundamentals/functionalities of all the services listed above.
- VPC is the key to clear any AWS certification. You should have good understanding & working of ENI, EIP, Security Groups, Network ACL, Routers, Gateways and NAT Instances.
- Focus more on RDS concepts than specific database specific implementation details. This includes understanding the snapshots, parameter groups & impact of maintenance window.
- Understand the scenarios on choosing the right AWS services. This includes Auto Scale vs Beanstalk, EBS vs Ephemeral Storage, Security Groups vs NACLs, CloudFormation, RDS vs DynamoDB and so on.
- Integration between Amazon S3 and Glacier, Lifecycle of objects and Bucket Policy vs ACLs.
- Understand the shared responsibility model of AWS. Clearly differentiate between your responsibilities vs. AWS responsibilities
- Know the performance optimization techniques in terms of choosing the right EC2 instance, PIOPS of EBS and EBS Optimized Instances.
- Read the question carefully because most of the correct answers can be derived from the problem statement.
- Finally, applying some commonsense will help you eliminate wrong choices.
STEPS :
1. Online Course :
You may want to enroll in one of the AWS Solution Architect training sessions. There are many options out there,
I studied using Udemy's "A Cloud Guru" series created by Ryan Kroonenburg. Ryan Kroonenburg | Solutions Architect | Udemy, training's that are tailor-made for these certifications (Udemy Online Courses - Learn Anything, On Your Schedule). I would recommend this course since this course is affordable(I got this for $12 in discount.:) )
The best part with them is they have a good amount of practice exam questions that will give you an idea about the quality of questions you may see in actual AWS certification exam.
Complete all the lectures of solutions architect course This is really important to complete all the lectures and the quizzes after each lecture, I would recommend to take quizzes at least twice, because many of these practice questions was appeared in my actual exam.
PS : I’m not trying to encourage/promote any Training providers, neither I'm associated anyhow with these training provider , the names mentioned/recommended is just what I’ve felt to be good. :)
2. Watch some videos for below services:
- Elastic Beanstalk
- Cloud Formation
This is just to understand the fundamentals and functionalities of these services. Do not watch long duration service videos just google it, you’ll find some 8 to 10 min duration videos on YouTube.
3. FAQ’s of all the services:
https://aws.amazon.com/faqs/
If you have seen Udemy course and if you have understood the concepts very well you need not spend much time in checking each service FAQ’s thoroughly, but definitely you should look for some unique questions and limitations mentioned in FAQ’s . But, but if contents of course are not really clear then you should really go through the FAQ’s very well.
I would recommend you FAQ's are the last thing you should study or may be just a day before exam if you are planing to go through them for each and every services, this will help you recall whatever you have studied till now.
4. Service Limits:
Below link has all the service limits, the service limits are really very important in exam point of view as we get direct questions in the exam on limit of service. For example, How many VPC we can create in any region. Ans: 5
So, these kind of direct questions can be asked of service limits, though you need not require to remember each and every parameter of service limits but you should remember limits of main parameters or functions of any services.
http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html
5. Read about Pricing models of AWS services:(i.e how we get charged for AWS services) :
You need to understand how we are getting charged by AWS for using any particular services and what are other factors involved that incurs cost for using the service. For example,
Pricing for EC2 :
Here you need not know what is the exact cost of any particular instance type. But you need to know how we get charged for ec2 and what are other parameters we need to consider in terms of cost if we use ec2 instances. i.e for ec2, other things we might get charged for is elastic ip, ebs, data transfer out/in etc. likewise, same applies for other services also.
This is important to know of scenario based questions where we also need to consider cost factor.
6. Read below blog:
This blog is really useful for solving trouble shooting questions go through complete blog at least once.
http://jayendrapatil.com/
7. Take practice exam and sample questions :
You only need to pay for practice exam once as the questions are the same each time.
These questions are very important, search and learn the answers deeply. Make sure you understand these knowledge shown in these questions. Questions are either same or quite similar in the actual exam.
8. Additional recommendations :
In addition to online courses, I recommend reading the AWS whitepapers and more you need to do thorough Hands-on while you go through AWS documentation and/or Training video sessions. That’s the much needed part of your preparation. Sign up for AWS Free Tier account and play around with the services as you learn. I recommend you read through AWS CloudWatch and setup a couple of Alarms on the Billing as soon as you sign up for AWS Free Tier account, just to make sure you don’t get charged for the unattended services you start for practice(DO NOT FORGET TO DELETE THE RESOURCES YOU START).
You can also go to: https://qwiklabs.com/ which offers more than 72 free labs where you can get to do good amount of hands on practice.
Also there are few blogs and IOS application available which has more than 300 questions which might also useful for your practice, you can purchase the same if you want to, from app store, the same is available for android as well.
http://apple.co/1Mv6Bua
Let me know your feedback in comment section below.
9. Now, Questions and answers:
(Apology for unsorted questions )
Q. When you run a DB
Instance as a Multi-AZ deployment, the "_____" serves database writes
and reads
A secondary
B backup
C stand by
D primary
Q. Can I control if
and when MySQL based RDS Instance is upgraded to new supported versions?
A No
B Only in VPC
C Yes
Q. If I modify a DB
Instance or the DB parameter group associated with the instance, should I
reboot the instance for the changes to take effect?
A No
B Yes
Q. Will my standby RDS instance be in the same
Region as my primary?
A Only for Oracle RDS types
B Yes
C Only if configured at launch
D No
Q. In the Amazon
cloudwatch, which metric should I be checking to ensure that your DB Instance
has enough free storage space?
A FreeStorage
B FreeStorageSpace
C FreeStorageVolume
D FreeDBStorageSpace
Q. What is the maximum key length of a tag?
A 512 Unicode characters
B 64 Unicode characters
C 256 Unicode characters
D 128 Unicode
characters --
Q. Groups can't
_____.
A be nested more than 3 levels
B be nested at all --
C be nested more than 4 levels
D be nested more than 2 levels
Q. What does a
"Domain" refer to in Amazon SWF?
A A security group in which only tasks inside can
communicate with each other
B A special type of worker
C A collection of
related Workflows
D The DNS record for the Amazon SWF service
Q. Out of the
stripping options available for the EBS volumes, which one has the following
disadvantage: 'Doubles the amount of I/O required from the instance to EBS
compared to RAID 0, because you're mirroring all writes to a pair of volumes,
limiting how much you can stripe.' ?
A Raid 0
B RAID 1+0 (RAID 10)
C Raid 1
D Raid 2
Q. Is creating a Read
Replica of another Read Replica supported?
A Only in certain
regions
B Only with MSSQL based RDS
C Only for Oracle RDS types
D No
Q. Can Amazon S3 uploads
resume on failure or do they need to restart?
A Restart from
beginning
B You can resume them, if you flag the "resume on
failure" option before uploading.
C Resume on failure
D Depends on the file size
Q. What is the
maximum write throughput I can provision for a single DynamoDB table?
A 1,000 write capacity units
B 100,000 write capacity units
C DynamoDB is designed to scale without limits, but if you
go beyond 10,000 you have to contact AWS first.---
D 10,000 write
capacity units
Q. What does the
following command do with respect to the Amazon EC2 security groups?
ec2-revoke RevokeSecurityGroupIngress
A Removes one or more security groups from a rule.
B Removes one or more security groups from an Amazon EC2
instance.
C Removes one or more
rules from a security group.
D Removes a security group from our account.
Q. Is Federated
Storage Engine currently supported by Amazon RDS for MySQL?
A Only for Oracle RDS instances
B No
C Yes
D Only in VPC
Q. How many types of block devices does Amazon
EC2 support A
A 2
B 3
C 4
D 1
Q. You must increase
storage size in increments of at least _____ %
A 40
B 30
C 10
D 20
Q. What happens to
the I/O operations while you take a database snapshot?
A I/O operations to
the database are suspended for a few minutes while the backup is in progress.
B I/O operations to the database are sent to a Replica (if
available) for a few minutes while the backup is in progress.
C I/O operations will be functioning normally
D I/O operations to the database are suspended for an hour
while the backup is in progress
Q. Read Replicas
require a transactional storage engine and are only supported for the _____
storage engine
A OracleISAM
B MSSQLDB
C InnoDB
D MyISAM
Q. HTTP Query-based
requests are HTTP requests that use the HTTP verb GET or POST and a Query
parameter named_____.
A Action
B Value
C Reset
D Retrieve
Q. _____ embodies the "share-nothing"
architecture and essentially involves breaking a large database into several
smaller databases. Common ways to split a database include 1)splitting tables
that are not joined in the same query onto different hosts or 2)duplicating a
table across multiple hosts and then using a hashing algorithm to determine
which host receives a given update.
A Sharding
B Failure recovery
C Federation
D DDL operations
Q. 1) You have an
application running in us-west-2 that requires six Amazon Elastic Compute Cloud
(EC2) instances running at all times.
With three Availability Zones available in that region (us-west-2a,
us-west-2b, and us-west-2c), which of the following deployments provides 100
percent fault tolerance if any single Availability Zone in us-west-2 becomes
unavailable?Choose 2 answers
A. Us-west-2a with two EC2 instances, us-west-2b with two
EC2 instances, and us-west-2c with two EC2 instances
B. Us-west-2a with three EC2 instances, us-west-2b with
three EC2 instances, and us-west-2c with no EC2 instances
C. Us-west-2a with four EC2 instances, us-west-2b with two
EC2 instances, and us-west-2c with two EC2 instances
D. Us-west-2a with six
EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2
instances
E. Us-west-2a with
three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with
three EC2 instances
Q. You have a business-critical two-tier web app
currently deployed in two Availability Zones in a single region, using Elastic
Load Balancing and Auto Scaling. The app depends on synchronous replication
(very low latency connectivity) at the database layer. The application needs to
remain fully available even if one application Availability Zone goes off-line,
and Auto Scaling cannot launch new instances in the remaining Availability
Zones. How can the current architecture be enhanced to ensure this?
A. Deploy in three Availability Zones, with Auto Scaling
minimum set to handle 33 percent peak load per zone.
B. Deploy in three
Availability Zones, with Auto Scaling minimum set to handle 50 percent peak
load per zone.
C. Deploy in two regions using Weighted Round Robin (WRR),
with Auto Scaling minimums set for 50 percent peak load per Region.
D. Deploy in two regions using Weighted Round Robin (WRR),
with Auto Scaling minimums set for 100 percent peak load per region.
Q. Amazon Glacier is designed for:Choose 2
answers
A. Frequently accessed data
B. Active database storage
C. Infrequently
accessed data
D. Cached session data
E. Data archives
Q. You receive a Spot Instance at a bid of
$0.05/hr. After 30 minutes, the Spot Price increases to $0.06/hr and your Spot
Instance is terminated by AWS. What was the total EC2 compute cost of running
your Spot Instance?
You receive a Spot Instance at a bid of $0.03/hr. After 30
minutes, the Spot Price increases to $0.05/hr and your Spot Instance is
terminated by AWS. What was the total EC2 compute cost of running your Spot
Instance?
A. $0.00
B. $0.02
C. $0.03
D. $0.05
E. $0.06
Q. You have been
tasked with creating a VPC network topology for your company. The VPC network
must support both Internet-facing applications and internally-facing
applications accessed only over VPN. Both Internet-facing and internally-facing
applications must be able to leverage at least three AZs for high
availability. At a minimum, how many
subnets must you create within your VPC to accommodate these requirements?
A. 2
B. 3
C. 4
D. 6
Q. One of your users
is trying to upload a 7.5GB file to S3 however they keep getting the following
error message - �"Your proposed upload
exceeds the maximum allowed object size.". What is a possible solution for
this?_
The answer seems a bit odd "design you app to
use...".
Ans : multipart
upload
Q . Your customer
wishes to deploy an enterprise application to AWS which will consist of several
web servers, several application servers and a small (50GB) Oracle database
information is stored, both in the database and the file systems of the various
servers. The backup system must support database recovery whole server and
whole disk restores, and individual file restores with a recovery time of no
more than two hours They have chosen to use RDS Oracle as the database Which
backup architecture will meet these requirements?
A. Backup RDS using automated daily DB backups Backup the
EC2 instances using AMIs and supplement with file-level backup to S3 using
traditional enterprise backup software to provide file level restore
B. Backup RDS using a Multi-AZ Deployment Backup the EC2
instances using Amis, and supplement by copying file system data to S3 to
provide file level restore.
C. Backup RDS using automated daily DB backups Backup the
EC2 instances using EBS snapshots and supplement with file-level backups to
Amazon Glacier using traditional enterprise backup software to provide file
level restore
D. Backup RDS database to S3 using Oracle RMAN Backup the
EC2 instances using Amis, and supplement with EBS snapshots for individual
volume restore.
Q. You are tasked
with setting up a cluster of EC2 Instances for a NoSQL database. The database
requires random read IO disk performance up to a 100,000 IOPS at 4KB block side
per node.
Which of the
following EC2 instances will perform the best for this workload?
A. A High-Memory Quadruple Extra Large (m2.4xlarge) with
EBS-Optimized set to true and a PIOPs EBS volume
B. A Cluster Compute Eight Extra Large (cc2.8xlarge) using
instance storage
C. High I/O Quadruple Extra Large (hi1.4xlarge) using
instance storage
D. A Cluster GPU Quadruple Extra Large (cg1.4xlarge) using
four separate 4000 PIOPS EBS volumes in a RAID 0 configuration
Q. Your company Is
moving towards tracking web page users with a small tracking
Image loaded on each
page Currently you are serving this image out of US-East, but are starting to
get concerned about the time It takes to load the image for users on the west
coast.
What are the two best
ways to speed up serving this image?
Choose 2 answers
A. Use Route 53's Latency Based Routing and serve the image
out of US-West-2 as well as US-East-1
B. Serve the image out through CloudFront
C. Serve the image out of S3 so that it isn't being served
of of your web application tier
D. Use EBS PIOPs to serve the image faster out of your EC2
instances
Q. Your EC2-Based
Multi-tier application includes a monitoring instance that periodically makes
application -level read only requests of various application components and if
any of those fail more than three times 30 seconds calls CloudWatch lo fire an
alarm, and the alarm notifies your operations team by email and SMS of a
possible application health problem. However, you also need to watch the
watcher -the monitoring instance itself - and be notified if it becomes unhealthy.
Which of the
following is a simple way to achieve that goal?
A. Run another monitoring instance that pings the monitoring
instance and fires a could watch alarm mat notifies your operations team should
the primary monitoring instance become unhealthy.
B. Set a CloudWatch alarm based on EC2 system and instance
status checks and have the alarm notify your operations team of any detected
problem with the monitoring instance.
C. Set a CloudWatch alarm based on the CPU utilization of
the monitoring instance and nave the alarm notify your operations team if the
CPU usage exceeds 50% few more than one minute: then have your monitoring
application go into a CPU-bound loop should it Detect any application problems.
D. Have the monitoring instances post messages to an SOS
queue and then dequeue those messages on another instance should the queue
cease to have new messages, the second instance should first terminate the
original monitoring instance start another backup monitoring instance and
assume the role of the previous monitoring instance and beginning adding
messages to the SQS queue.
Q .You have a content management system
running on an Amazon EC2 instance that is approaching 100% CPU utilization.
Which option will reduce load on the Amazon EC2 instance?
1.Create a load
balancer, and register the Amazon EC2 instance with it
2.Create a CloudFront distribution, and configure the Amazon
EC2 instance as the origin
3.Create an Auto
Scaling group from the instance using the CreateAutoScalingGroup action
4.Create a launch configuration from the instance using the
CreateLaunchConfiguration action
Q. With which AWS
services HSM can be used?
s3,
ebs,
redshift **
dynamodb
Q. If we are to host
an application on a single ec2 instance, what can be done to make sure highest
iops?
a. A single ec2 ebs
backed instance with provisioned IOPS
b. An array of EBS volumes with provisioned IOPS.
Q. What all things
are for aws users to make sure are secure?
a. Security Group
b. IAM User access
c. NACL
d. Wrong ones: a. decommissioning of storage devices
b. Physical Security
Q. If an instance
hosts website on multiple virtual hosts each with it's own ssl certificate,
what should be done?
a. Upload the SSL certificates to IAM
b. Create an SSL termination at the ELB
Q. Name four things that Trusted Advisor checks
...
performance
cost opt
security
fault tolerance
Q. 2 services that you get root access to (and
ec2 is not an option) ...
emr
Q. Amazon RDS automated
backups and DB Snapshots are currently supported for only the ______ storage
engine
A. MyISAM
B. InnoDB
Q. The compliance
department within your multi-national organization requires that all data for
your customers that
reside in the European Union (EU) must not leave the EU and also data for
customers that reside
in the US must not leave the US without explicit authorization. In order
to register, a user
must include a residential address as part of the user profile.
What must you do to
comply with this requirement for a web-based application running on
Amazon Elastic
Compute Cloud (EC2)?
A. Run Amazon EC2 instances in multiple regions, and
leverage Route 53’s latency-based
routing capabilities to route traffic to the appropriate
region based on a user’s profile.
B. Run Amazon EC2 instances in multiple regions, and
leverage an elastic load balancer with
session stickiness to route traffic to the appropriate
region based on a user’s profile.
C. Run Amazon EC2
instances in multiple regions, and leverage a third-party data provider to
determine whether a
user should be redirected to the appropriate region based on that
user’s profile.
D. Run Amazon EC2 instances in multiple AWS Availability
Zones in a single region, and
leverage an elastic load balancer with session stickiness to
route traffic to the appropriate
zone based on a user’s profile.
Q. Your customer
wishes to deploy an enterprise application to AWS which will consist of several
web servers, several application servers and a small (50GB) Oracle database
information is stored, both in the database and the file systems of the various
servers. The backup system must support database recovery whole server and
whole disk restores, and individual file restores with a recovery time of no
more than two hours They have chosen to use RDS Oracle as the database Which
backup architecture will meet these requirements?
A. Backup RDS using automated daily DB backups Backup the
EC2 instances using AMIs and supplement with file-level backup to S3 using traditional
enterprise backup software to provide file level restore
B. Backup RDS using a Multi-AZ Deployment Backup the EC2
instances using Amis, and supplement by copying file system data to S3 to
provide file level restore.
C. Backup RDS using automated daily DB backups Backup the
EC2 instances using EBS snapshots and supplement with file-level backups to
Amazon Glacier using traditional enterprise backup software to provide file
level restore
D. Backup RDS database to S3 using Oracle RMAN Backup the
EC2 instances using Amis, and supplement with EBS snapshots for individual
volume restore.
Q. Company B is
launching a new game app for mobile devices. Users will log into the game using
their existing social media account to streamline data capture. Company B would
like to directly save player data and scoring information from the mobile app
to a DynamoDS table named Score Data When a user saves their game the progress
data will be stored to the Game state S3 bucket. what is the best approach for
storing data to DynamoDB and S3?
A. Use an EC2 Instance that is launched with an EC2 role
providing access to the Score Data DynamoDB table and the GameState S3 bucket
that communicates with the mobile app via web services.
B. Use temporary
security credentials that assume a role providing access to the Score Data
DynamoDB table and
the Game State S3 bucket using web identity federation.
C. Use Login with Amazon allowing users to sign in with an
Amazon account providing the mobile app with access to the Score Data DynamoDB
table and the Game State S3 bucket.
D. Use an 1AM user with access credentials assigned a role
providing access to the Score Data DynamoDB table and the Game State S3 bucket
for distribution with the mobile app
Q. An instance
running a webserver is launched in a VPC subnet. A security group and a NACL
are configured to allow inbound port 80. What should be done to make web server
accessible by everyone?
1. Outbound Port 80
rule should be enabled on security group
2. Outbound Ports 49152-65535 should be enabled
on NACL
3. Outbound Port 80
rule should be enabled on both security group and NACL
4. All ports both
inbound and outbound should be enabled on security group and NACL
Q. What happens to
data on ephemeral volume of an EBS-backed instance if instance is stopped and
started?
1. Data persists
2. Data is deleted
3. Volume snapshot
is saved in S3
4. Data is
automatically copied to another volume
Q. You're creating a
forum DynamoDB database for hosting forums. Your "thread" table contains
the forum name and each "forum name" can have one or more
"subjects". What primary key type would you give the thread table in
order to allow more than one subject to be tied to the forum primary key name?
Hash
Primary and range
Range and Hash
Hash and Range
Q Amazon Glacier is
designed for: (Choose 2 answers)
·
A. active database storage.
·
B. infrequently accessed data.
·
C. data archives.
·
D. frequently accessed data.
·
E. cached session data.
Answer: B. infrequently accessed data. C. data archives.
Q. You configured ELB to perform health checks on these EC2
instances. If an instance fails to pass health checks, which statement will be
true?
·
A. The instance is replaced
automatically by the ELB.
·
B. The instance gets terminated
automatically by the ELB.
·
C. The ELB stops sending traffic
to the instance that failed its health check.
·
D. The instance gets quarantined
by the ELB for root cause analysis.
Answer: C.
Q. You are building a system to distribute confidential training
videos to employees. Using CloudFront, what method could be used to serve
content that is stored in S3, but not publically accessible from S3 directly?
·
A. Create an Origin Access
Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket
to that OAI.
·
B. Add the CloudFront account
security group “amazon-cf/amazon-cf-sg” to the appropriate S3 bucket policy.
·
C. Create an Identity and Access
Management (IAM) User for CloudFront and grant access to the objects in your S3
bucket to that IAM User.
·
D. Create a S3 bucket policy that
lists the CloudFront distribution ID as the Principal and the target bucket as
the Amazon Resource Name (ARN).
Answer: A.
Q. Which of the following will occur when an EC2 instance in a
VPC (Virtual Private Cloud) with an associated Elastic IP is stopped and
started? (Choose 2 answers)
·
A. The Elastic IP will be
dissociated from the instance
·
B. All data on instance-store
devices will be lost
·
C. All data on EBS (Elastic Block
Store) devices will be lost
·
D. The ENI (Elastic Network
Interface) is detached
·
E. The underlying host for the
instance is changed
Answers: B.
Q. In the basic monitoring package for EC2, Amazon CloudWatch
provides the following metrics:
·
A. web server visible metrics
such as number failed transaction requests
·
B. operating system visible
metrics such as memory utilization
·
C. database visible metrics such
as number of connections
·
D. hypervisor visible metrics
such as CPU utilization
Answer: D.
Question 6 (of 7): Which is
an operational process performed by AWS for data security?
·
A. AES-256 encryption of data
stored on any shared storage device
·
B. Decommissioning of storage
devices using industry-standard practices
·
C. Background virus scans of EBS
volumes and EBS snapshots
·
D. Replication of data across
multiple AWS Regions E. Secure wiping of EBS data when an EBS volume is
un-mounted
Answer: B.
Q. To protect S3 data from both accidental deletion and
accidental overwriting, you should:
·
A. enable S3 versioning on the bucket
·
B. access S3 data using only
signed URLs
·
C. disable S3 delete using an IAM
bucket policy
·
D. enable S3 Reduced Redundancy
Storage
·
E. enable Multi-Factor
Authentication (MFA) protected access
Answer: A.
1. 1.
Question
1
points
Category:
Security
Select
the correct set of options. These are the initial settings for the default
security group:
o Allow
no inbound traffic, Allow all outbound traffic and Allow instances associated
with this security group to talk to each other.
o Allow
all inbound traffic, Allow no outbound traffic and Allow instances associated
with this security group to talk to each other.
o Allow
no inbound traffic, Allow all outbound traffic and Does NOT allow instances
associated with this security group to talk to each other.
o Allow
all inbound traffic, Allow all outbound traffic and Does NOT allow instances
associated with this security group to talk to each other.
Correct
2. 2.
Question
1
points
Category:
Security
An IAM
user is trying to perform an action on an object belonging to some other root
account’s bucket. Which of the below mentioned options will AWS S3 not verify?
o Permission
provided by the parent of the IAM user on the bucket
o The
object owner has provided access to the IAM user
o Permission
provided by the parent of the IAM user
o Permission
provided by the bucket owner to the IAM user
Correct
If the
IAM user is trying to perform some action on the object belonging to another
AWS user’s bucket, S3 will verify whether the owner of the IAM user has given
sufficient permission to him. It also verifies the policy for the bucket as
well as the policy defined by the object owner.
http://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-auth-workflow-object-operation.html
http://docs.aws.amazon.com/AmazonS3/latest/dev/access-control-auth-workflow-object-operation.html
3. 3.
Question
1
points
Category:
High Availability
Placement
Groups: enables applications to participate in a low-latency, 10 Gbps network.
Which of below statements is false.
o Not
all of the instance types that can be launched into a placement group.
o A
placement group can't span multiple Availability Zones.
o You
can move an existing instance into a placement group by specify parameter of
placement group.
o A
placement group can span peered VPCs.
Correct
4. 4.
Question
1
points
Category:
High Availability
What
about below is false for AWS SLA
o S3
availability is guarantee to 99.95%.
o EBS
availability is guarantee to 99.95%.
o EC2
availability is guarantee to 99.95%.
o RDS
multi-AZ is guarantee to 99.95%.
Correct
S3
availability is 99.9%
http://aws.amazon.com/s3/sla/
http://aws.amazon.com/s3/sla/
5. 5.
Question
1
points
Category:
Networks
You
have assigned one Elastic IP to your EC2 instance. Now we need to restart the
VM without EIP changed. Which of below you should not do?
o Reboot
and stop/start both works.
o Reboot
the instance.
o When
the instance is in VPC public subnets, stop/start works.
o When
the instance is in VPC private subnet, stop/start works.
Correct
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-lifecycle.html#lifecycle-differences
6. 6.
Question
1
points
Category:
Networks
About
the charge of Elastic IP Address, which of the following is true?
o You
can have one Elastic IP (EIP) address associated with a running instance at no
charge.
o You
are charged for each Elastic IP addressed.
o You
can have 5 Elastic IP addresses per region with no charge.
o Elastic
IP addresses can always be used with no charge.
Correct
7. 7.
Question
1
points
Category:
Networks
EC2
role
o Launch
an instance with an AWS Identity and Aceess Management (IAM) role to restrict
AWS API access for the instance.
o Pass
access AWS credentials in the User Data field when the instance is launched.
o Setup
an IAM group with restricted AWS API access and put the instance in the group
at launch.
o Setup
an IAM user for the instance to restrict access to AWS API and assign it at
launch.
Correct
8. 8.
Question
1
points
Category:
Data Management
A
startup company hired you to help them build a mobile application, that will
ultimately store billions of images and videos in Amazon Simple Storage Service
(S3). The company is lean on funding, and wants to minimize operational costs,
however, they have an aggressive marketing plan, and expect to double their
current installation base every six months. Due to the nature of their
business, they are expecting sudden and large increases in traffic to and from
S3, and need to ensure that it can handle the performance needs of their application.
What other information
must you gather from this customer in order to determine whether S3 is the
right option?
o You
must know the size of the individual objects being written to S3, in order to
properly design the key namespace.
o You
must find out the total number of requests per second at peak usage.
o In
order to build the key namespace correctly, you must understand the total
amount of storage needs for each S3 bucket.
o You
must know how many customers the company has today, because this is critical in
understanding what their customer base will be in two years.
Correct
B
9. 9.
Question
1
points
Category:
Data Management
What
cli tools does AWS provide
o AWS
CLI.
o Amazon
EC2 CLI.
o All
of the three.
o AWS
Tools for Windows PowerShell.
Correct
All
three are provided
10.
10. Question
1
points
Category:
Deployment / Provisioning
Which
of the below mentioned steps will not be performed while creating the AMI of
instance stored-backend?
o
Define the AMI launch permissions.
o Upload
the bundled volume.
o Register
the AMI.
o Bundle
the volume.
Incorrect
11. 11. Question
1
points
Category:
Monitoring / Metrics
The
user just started an instance at 3 PM. Between 3 PM to 5 PM, he stopped and
started the instance twice. During the same period, he has run the linux reboot
command by ssh once and triggered reboot from AWS console once. For how many
instance hours will AWS charge this user?
o
4
o 3
o 2
o 5
Incorrect
QUESTION 1
Amazon Redshift is what type
of data warehouse service?
·
Gigabyte-scale
·
Exobyte-scale
·
Petabyte-scale
·
Terabyte-scale
YOUR ANSWER - Petabyte-scale
MORE
INFORMATION:
Amazon Redshift is a
fully-managed, petabyte-scale data warehouse service.
QUESTION 2
What does MPP stand for when
referring to the type of architecture Redshift has?
·
massively parallel processing
·
massive protection policy
·
massively parallel policy
·
massive protection processing
YOUR ANSWER - massively parallel processing
MORE
INFORMATION:
Redshift has a massively
parallel processing architecture that parallelizes and distributes SQL
operations to take advantage of available resources.
QUESTION 3
Redshift can provide fast
query performance by leveraging _______ storage approaches and technology.
·
key-value
·
database
·
row
·
columnar
YOUR ANSWER - columnar
MORE
INFORMATION:
Redshift can provide fast
query performance by leveraging columnar
storage approaches and technology, much of which is taken from
enterprise database technology.
QUESTION 4
Amazon's Redshift data
warehouse allows enterprise IT pros to execute ________ against ____ data sets.
·
simple SQL queries / small
·
complex SQL queries / large
·
simple SQL queries / large
·
complex SQL queries / small
YOUR ANSWER - complex SQL queries / large
MORE INFORMATION:
Amazon's Redshift data
warehouse allows enterprise
IT pros to execute complex SQL queries against large data sets.
QUESTION 5
Redshift was designed to
alleviate the frustrating, time-consuming challenges database clusters have
imposed on _____ administrators?
·
system
·
database
·
certified
·
privilege
YOUR ANSWER - system
CORRECT
ANSWER - database
MORE
INFORMATION:
Redshift was designed to
alleviate the frustrating, time-consuming challenges database clusters have
imposed on database administrators.
QUESTION 6
True or False: Amazon
Redshift is adept at handling data analysis workflows.
·
True
·
False
YOUR ANSWER - undefined
CORRECT
ANSWER - True
MORE
INFORMATION:
There currently are two Amazon data warehouse services adept at handling data analysis workflows: Amazon
Redshift and Amazon Relational Database Service.
QUESTION 7
Adding nodes to a Redshift
cluster provides _______ performance improvements.
·
linear
·
non-linear
·
both
·
neither
YOUR ANSWER - both
MORE
INFORMATION:
Adding nodes to a Redshift
cluster provides linear or near-linear performance improvements.
QUESTION 8
The preferred way to load
data into Redshift is through ______ using the COPY command.
·
Remote hosts
·
Simple Storage Service
·
Elastic MapReduce
·
All of the above
YOUR ANSWER - All of the above
MORE
INFORMATION:
The preferred way to load
data into Redshift is through remote hosts, Simple Storage Service or Elastic
MapReduce using the COPY command. The COPY command executes loads in parallel
and has the option to compress data during the load process.
QUESTION 9
Amazon Redshift has how many
pricing components?
·
4
·
3
·
2
·
5
YOUR ANSWER - 3
MORE
INFORMATION:
Amazon Redshift has three
pricing components: data warehouse node hours, backup storage and data
transfer.
QUESTION 10
What type of API provides a
management interface to manage data warehouse clusters programmatically?
·
Query
·
REST
·
Management
·
SOAP
YOUR ANSWER - Management
CORRECT
ANSWER - Query
MORE
INFORMATION:
The Amazon Redshift Query API
provides a management interface to manage data warehouse clusters
programmatically.
--------------------------------------------------------------------------------------------------------
QUESTION 1
Amazon Web Services falls into which
cloud-computing category?
·
Software as a Service (SaaS)
·
Platform as a Service (PaaS)
·
Infrastructure as a Service (IaaS)
·
Back-end as a Service (BaaS)
YOUR ANSWER - Infrastructure as a Service (IaaS)
CORRECT
ANSWER -
AWS is among the largest IaaS vendors.
QUESTION 2
Amazon Elastic Compute Cloud (Amazon EC2)
does which of the following?
·
Provides customers with an isolated section of the AWS cloud
where they can launch AWS resources in a virtual network that they define.
·
Provides resizable computing capacity in the cloud.
·
Provide a simple web services interface that customers can use
to store and retrieve any amount of data from anywhere on the Web.
·
Provides a web service allowing customers to easily set up,
operate and scale relational databases in the cloud.
YOUR ANSWER - Provides resizable computing capacity in the cloud.
CORRECT
ANSWER -
AWS describes Amazon EC2 a web service that provides resizable computing capacity
in the cloud, allowing customers "to quickly scale capacity, both up and
down, as your computing requirements change."
QUESTION 3
Amazon Glacier is a storage service
allowing customers to store data for as little as:
·
1 cent per gigabyte (GB) per month
·
10 cents per GB per month
·
20 cents per GB per month
·
50 cents per GB per month
YOUR ANSWER - 10 cents per GB per month
CORRECT
ANSWER - 1
cent per gigabyte (GB) per month
According to AWS, Amazon Glacier customers can store data for as little as 1 cent per
gigabyte per month.
QUESTION 4
Amazon Elastic Beanstalk automates the
details of which of the following functions?
·
Capacity provisioning
·
Load balancing
·
Auto-scaling
·
Application deployment
·
All of the above
YOUR ANSWER - All of the above
CORRECT
ANSWER -
According to AWS, Amazon Elastic Beanstalk offers capacity provisioning, load balancing,
auto-scaling and application deployment.
QUESTION 5
All AWS IaaS services are pay-as-you-go.
·
True
·
False
YOUR ANSWER - True
CORRECT
ANSWER -
At this writing, AWS services
are pay-as-you-go, with no long-term contracts required and no minimum
fees.
QUESTION 6
When analyst firm IDC interviewed 11
major AWS customers in 2012, researchers found an average five-year return on
investment of how much?
·
26%
·
186%
·
626%
·
1,226%
YOUR ANSWER - 186%
CORRECT
ANSWER - 626%
In research commissioned by
AWS, IDC researchers
found that companies earned an average five-year ROI of 626%.
QUESTION 7
In the same survey, researchers said the
customers' average payback period on their AWS IaaS investments was how long?
·
7 weeks
·
7 months
·
14 months
·
2.5 years
YOUR ANSWER - 14 months
CORRECT
ANSWER - 7
months
IDC researchers found that
the average payback period on survey respondents' AWS investments is about 7
months.
QUESTION 8
AWS reaches customers in how many
countries?
·
86
·
137
·
182
·
190
YOUR ANSWER - 86
CORRECT
ANSWER - 190
AWS says it serves
hundreds of thousands of customers in 190 countries.
QUESTION 9
The investment firm Robert W. Baird &
Co. predicts that AWS revenues will reach how much by 2016?
·
$3 billion
·
$10 billion
·
$12 billion
·
$15 billion
YOUR ANSWER - $3 billion
CORRECT
ANSWER - $10
billion
Baird estimates that AWS
revenues will reach $10 billion by 2016.
QUESTION 10
Baird also estimates that for every $1
spent on AWS, the traditional IT market loses how much?
·
$1 to $2
·
$2 to $3
·
$3 to $4
·
$4 to $5
YOUR ANSWER - $2 to $3
CORRECT
ANSWER - $3
to $4
Baird estimates that every $1
customers spend on AWS reduces spending on traditional IT services by $3 to $4.
QUESTION 1
Amazon S3 is which type of storage
service?
·
Object
·
Block
·
Simple
·
Secure
YOUR ANSWER - Object
CORRECT
ANSWER -
Object storage is more scalable than traditional file system storage,
which is typically what users think about when comparing storage to databases
for data persistence.
QUESTION 2
Which AWS storage service assists S3 with
transferring data?
·
CloudFront
·
AWS Import/Export
·
DynamoDB
·
ElastiCache
YOUR ANSWER - AWS Import/Export
CORRECT
ANSWER -
AWS Import/Export accelerates moving large amounts of data into and out of
AWS using portable storage devices. AWS transfers your data directly onto and
off of storage devices by using Amazon's internal network and avoiding the
Internet.
QUESTION 3
Object storage systems store files in a
flat organization of containers called what?
·
Baskets
·
Brackets
·
Clusters
·
Buckets
YOUR ANSWER - Buckets
CORRECT
ANSWER -
Instead of organizing files
in a directory hierarchy, object storage systems store files in a flat organization of containers known as
buckets in Amazon S3.
QUESTION 4
Amazon S3 offers encryption services for
which types of data?
·
data in flight
·
data at relax
·
data at rest
·
data in motion
·
a and c
·
b and d
YOUR ANSWER - data at rest
CORRECT
ANSWER - a
and c
Amazon offers encryption services for data at flight and data at rest.
QUESTION 5
Amazon S3 has how many pricing
components?
·
4
·
5
·
3
·
2
YOUR ANSWER - 2
CORRECT
ANSWER - 3
Amazon S3 offers three
pricing options. Storage (per GB per month), data transfer in or out (per GB
per month), and requests (per x thousand requests per month).
QUESTION 6
What does RRS stand for when referring to
the storage option in Amazon S3 that offers a lower level of durability at a
lower storage cost?
·
Reduced Reaction Storage
·
Redundant Research Storage
·
Regulatory Resources Storage
·
Reduced Redundancy Storage
YOUR ANSWER - Reduced Redundancy Storage
CORRECT
ANSWER -
Non-critical data, such as
transcoded media or image thumbnails, can be easily reproduced using the Reduced Redundancy Storage option. Objects stored using the RRS option have less
redundancy than objects stored using standard Amazon S3 storage.
QUESTION 7
Object storage systems require less _____
than file systems to store and access files.
·
Big data
·
Metadata
·
Master data
·
Exif data
YOUR ANSWER - Metadata
CORRECT
ANSWER -
Object storage systems are
typically more efficient because they reduce the overhead of managing file
metadata by storing the metadata with the object. This means object storage can
be scaled out almost endlessly by adding nodes.
QUESTION 8
True or False. S3 objects are only
accessible from the region they were created in.
·
True
·
False
YOUR ANSWER - False
CORRECT
ANSWER -
While S3 objects are created
in a specific region, they can be
accessed from anywhere.
QUESTION 9
Amazon S3 offers developers which
combination?
·
High scalability and low latency data storage infrastructure at
low costs.
·
Low scalability and high latency data storage infrastructure at
high costs.
·
High scalability and low latency data storage infrastructure at
high costs.
·
Low scalability and high latency data storage infrastructure at
low costs.
YOUR ANSWER - High scalability and low latency data storage infrastructure at low costs.
CORRECT
ANSWER -
Amazon S3 offers software
developers a reliable, highly scalable and low-latency data storage
infrastructure at very low costs. S3 provides an interface that can be used to
store and retrieve any amount of data from anywhere on the Web.
QUESTION 10
Why is a bucket policy necessary?
·
To allow bucket access to multiple users.
·
To grant or deny accounts to read and upload files in your
bucket.
·
To approve or deny users the option to add or remove buckets.
·
All of the above
YOUR ANSWER - All of the above
CORRECT
ANSWER - To
grant or deny accounts to read and upload files in your bucket.
Users need a bucket
policy to
grant or deny accounts to read and upload files in your bucket.
1.
Multi-AZ deployment for
high availability and provisioned IOPS for fast, consistent performance
INCORRECT: You gave no
answer
ANSWER: For databases used in production or pre production you should
consider two options
2.
Auto Scaling Group
INCORRECT: You gave no
answer
ANSWER: This tells AWS where it can create servers : which launch
configuration to use, the minimum and maximum allowed servers in the group, and
how to scale up and down.
3.
The automated snapshot
will be deleted
INCORRECT: You gave no
answer
ANSWER: If you choose not to create a final snapshot for a DB instance
what will happen to the automated snapshot associated with the instance?
4.
Placement Groups
INCORRECT: You gave no
answer
ANSWER: using these types od groups enables applications to get the
full-bisection bandwidth and low-latency network performance required for
tightly coupled, node-to-node communication typical of High Performance
Computing (HPC) on AWS.
5.
Your ec2 instance
INCORRECT: You gave no
answer
ANSWER: This type of storage is a device like a RAM disk physically
attached to your virtual server and characteristically it gets completely wiped
every reboot
5 Matching questions
1.
An AWS account can have up
to ____CloudFront origin access identities.
INCORRECT: No answer given
ANSWER: d100
2.
This type of storage is
suitable for temporary storage, but nothing that needs to survive something as
simple as a reboot.
INCORRECT: No answer given
ANSWER: bec2 instance
3.
_____ is a web service
that gives you access to a ______ that can be used to store messages while
waiting for a computer to process them. This allows you to quickly build
message queuing applications that can be run on any computer on the internet.
INCORRECT: No answer given
ANSWER: aAmazon SQS is a web
service that gives you access to a message queue that can be used to store
messages while waiting for a computer to process them. This allows you to
quickly build message queuing applications that can be run on any computer on
the internet.
4.
You are building a system
to distribute confidential training videos to employees. Using CloudFront, what
method could be used to serve content that is stored in S3, but not publically
accessible from S3 directly?
INCORRECT: No answer given
ANSWER: eCreate an Origin Access
Identity known as, OAI for CloudFront and grant access to the objects in your
S3 bucket to that OAI.
5.
You can restrict access to
S3 content by creating a special Cloudfront user called:
INCORRECT: No answer given
ANSWER: corigin access identiy
(OAI) You restrict access to Amazon S3 content by creating an origin access
identity, which is a special CloudFront user
1.
aAmazon SQS is a web
service that gives you access to a message queue that can be used to store
messages while waiting for a computer to process them. This allows you to
quickly build message queuing applications that can be run on any computer on
the internet.
2.
bec2 instance
3.
corigin access identiy
(OAI) You restrict access to Amazon S3 content by creating an origin access
identity, which is a special CloudFront user
4.
d100
5.
eCreate an Origin Access
Identity known as, OAI for CloudFront and grant access to the objects in your
S3 bucket to that OAI.
5 Multiple choice questions
1.
autoscaling group &
launch configuration(No Answer)
a.
This tells AWS where it
can create servers : which launch configuration to use, the minimum and maximum
allowed servers in the group, and how to scale up and down.
b.
These two actions will
occur when an EC2 instance in a VPC (Virtual Private Cloud) with an associated
Elastic IP is stopped and started
c.
True or false Elastic IPs
are sticky until re-assigned
d.
CORRECT: These two items handle
replacement of instances when they are configured. Then when an instance fails
the health checks,presumably because it is down, it is these two items that
will decide whether we now need to add another server to compensate
2.
EBS (Elastic Block Store)(No Answer)
.
This type of storage is a
device like a RAM disk physically attached to your virtual server and characteristically
it gets completely wiped every reboot
a.
_____ is a web service
that gives you access to a ______ that can be used to store messages while
waiting for a computer to process them. This allows you to quickly build
message queuing applications that can be run on any computer on the internet.
b.
CORRECT: _____is a service where you buy
devices more akin to a hard disk that can be attached to one (and only one -at
the time of writing) EC2 instance
c.
for a DB instance the
default setting for minor upgrades is set to
3.
enable S3 versioning on
the bucket(No Answer)
.
True or false Elastic IPs
are sticky until re-assigned
a.
CORRECT: To protect S3 data from both
accidental deletion and accidental overwriting, you should:
b.
What 3 things must you
provide the DB instance during setup
c.
for a DB instance the
default setting for minor upgrades is set to
4.
infrequently accessed data
& data archives.(No Answer)
.
True or false Elastic IPs
are sticky until re-assigned
a.
Define a Placement Group
b.
CORRECT: Amazon Glacier is designed for____
& ______
c.
S3 Versioning means
5.
EBS devices are
independent of EC2 instances and by default outlive them (unless configured
otherwise). All data on Instance storage however will be lost and also on the
root (/dev/sda1) partition of S3 backed servers(No Answer)
.
CORRECT: EBS devices are ______of EC2
instances and by default _____them (unless configured otherwise). All data on
Instance storage however will be lost and also on the root (/dev/sda1)
partition of S3 backed servers
a.
These two items handle
replacement of instances when they are configured. Then when an instance fails
the health checks,presumably because it is down, it is these two items that
will decide whether we now need to add another server to compensate
b.
True or false Elastic IPs
are sticky until re-assigned
c.
for a DB instance the
default setting for minor upgrades is set to
5 True/False questions
1.
You configured ELB to
perform health checks on these EC2 instances. If an instance fails to pass
health checks what can we assume the ELB will do? → The ELB stops sending traffic to the instance that failed its
health check
This is true. You gave no answer.
2.
What 3 things must you
provide the DB instance during setup → The DB instance Identifer, the master username, the master
password
This is true. You gave no answer.
3.
This storage option is
best for storing your EC2 server images (Amazon Machine Images aka AMIs),
static content e.g. for a web site, input or output data files (like you've use
an SFTP site), or anything that you'd treat like a file. → S3
This is true. You gave no answer.
4.
Define a Placement Group → A placement group is a logical grouping of instances within a
single Availability Zone
This is true. You gave no answer.
5.
True or false Elastic IPs
are sticky until re-assigned → True Elastic Ips
are sticky until the instance or volume they are associated with is deleted
This is true. You
gave no answer.