- An enterprise customer is migrating his Oracle database and the DBA has stated that on AWS we need to have 10,000 IOPS in order to satisfy the performance demands. Replication is done via Oracle Data Guard and this must work in the cloud too. What instance type would you choose for this requirement?
A. Dense Storage Instances
B. High I/O instances
C. Memory Optimized Instances
D. RDS db.t2.xlarge
- A distributed application is using SQS to send 350 messages per second. Client applications receive empty responses and experience high CPU processing from workers. How could you solve this issue in the simplest way?
A. Change the WaitTimeSeconds attribute to a value greater than zero in the ReceiveMessage API call
B. Set the ReceiveMessageWaitTimeSeconds queue attribute to something different to zero
C. Configure short polling in the queue and change to the .fifo suffix
D. Extend the visibility timeout of the queue
- You have been designated to design a highly available, highly durable storage solution for customer statements for a big bank company. The solution must be economically efficient. Financial statements (FS) are generated monthly and must survive the concurrent loss of two Availability Zones, a credit score (CS) is calculated by using the original financial statement and stored in XML. Risk scores (RS) are stored as text files and require as input the customer statements (FS) and credit scores (CS) to be calculated in the next 2 months. These documents must be retained for 2 years before deletion. Choose the S3 storage model appropriate for this use case.
A. Store FS with S3 Standard-IA, CS in S3 One Zone-IA, RS in Glacier with Lifecycle management to delete RS after 2 years.
B. Store FS with S3 Standard, CS in S3 Standard with RRS option, RS in Glacier with Lifecycle management policy to delete RS after 2 years.
C. Store FS with S3 Standard, CS in S3 Standard with RRS option, RS with S3 Standard and Lifecycle management policy to transition files to Glacier after 60 days and delete them after 2 years
D. Store FS with S3 Standard, RS in Glacier and CS in S3 Standard with RRS option and Lifecycle management policy to transition files to Glacier after 60 days and delete them after 2 years
- AWSGeek is a company that sells training videos on their website. Our CIO has told the business it is losing revenue because S3 links to videos are leaked on the internet. Which approach would you take in order to protect the video assets in a scalable fashion, while optimizing for performance?
A. Submit a change request to the frontend development team to retrieve the user's current IP and change the S3 bucket policy to allow access only from known clients
B. Use cookies on the web server to identify the logged-in user and create a CloudFront distribution to accelerate video downloads
C. Use S3 pre-signed URLs and CloudFront signed cookies
D. Use CloudFront by creating web distributions. This distribution unique ID (http://d111111abcdef8.cloudfront.net/videos/video1.mp4) permits confidentiality
- You, as a solutions architect, are required to fix an issue in a three-layer application. Network segregation is done via public and private subnets; web servers are placed in the public subnet with t3.medium instances and app servers with m5.large instances in the private subnet. The company recently increased the web and app server layers horizontally due to a growth in sales. High latency is reported when downloading data from an external service provider. Which could be the solution for this scenario?
A. Add an internal load balancer to increase throughput in the app layer
B. Add two Elastic Network Interfaces per instance and increase the instance size
C. Migrate the NAT instance to a NAT Gateway
D. Compress app layer outbound traffic
- A retail company is considering using the AWS Cloud to design a disaster recovery strategy. The company runs on-premises infrastructure. Which of the following options is not a good DR solution?
A. Storage Gateway, Route53, and S3 with S3 One Zone-IA
B. Import/Export Snowball, EBS, Glacier
C. Direct Connect, VPC, Glacier
D. S3 Standard, EBS Snapshot, Storage Gateway stored volumes
- AWSome Products, an e-commerce company, is designing an application that must be compliant with the Payment Card Industry Data Security Standard (PCI DSS) in order to store sensitive user information in S3. The company wants to leverage the capabilities of the cloud with a cryptographic solution that provides unique keys for each object and manage all the security operations. Also, the InfoSec department requires that every uploaded object is always encrypted to prevent object loss. Which one is the best option for this scenario?
A. SSE - KMS with a bucket ACL with READ-only permissions and MFA delete
B. SSE - S3 with a bucket policy using a string condition and versioning
C. SSE - C with a bucket policy using a string condition and object lifecycle
D. AWS KMS–Managed Customer Master Key (CMK) with envelope encryption
- A government agency wants to transfer 1 PT of data over the internet, and for this transfer to be successful it must be done in 1 week. The ISP connection can only handle 100 Mbps and the network is at 80% use throughout the week. This job needs to be cost efficient and provide end-to-end security. Which solution describes the best alternative for the agency with the current restrictions?
A. Install the AWS CLI and use the s3 cp command and work in parallel
B. Use VM Import/Export and Storage Gateway
C. Use Direct Connect with a 1 Gbps port to perform the transfer
D. Use AWS Snowball with several appliances
- Which statement about RDS is incorrect?
A. RDS read replicas work in asynchronous mode
B. RDS Multi-AZ instances are resilient to hardware failure
C. RDS can be provisioned with 95 GB SSD and 1,000 provisioned IOPS
D. RDS provides TDE for SQL Server and Oracle Databases
- A coworker asks you to create a RAID 1 configuration on a file server to improve performance and fault tolerance. What recommendation would you give to him?
A. Create a RAID 5 configuration to provide low redundancy cost
B. Create a RAID 1 to mirror every block to a redundant disk
C. Create EBS snapshots scheduled with a snapshot lifecycle policy
D. Create a RAID 0 to distribute I/O between the available disks in the array
- An infrastructure engineer is migrating their CRM application to Docker containers; the application is stateful and works with HTTP. He is asking for advice on which kind of load balancer must be used for this scenario. What kind of load balancer is needed and which configuration attributes are relevant?
A. Classic Load Balancer with sticky sessions and cross-zone load balancing
B. Network Load Balancer with an Elastic IP and cross-zone load balancing
C. Application load balancer with sticky sessions and cross-zone load balancing
D. Route 53 with a CNAME and a Classic Load Balancer with sticky sessions
- Your company is developing a software as a Service solution for an ERP software hosted in the AWS marketplace. The servers created by end customers need to provide confidentiality to provide users with usernames and passwords for the first run. How would you implement such a feature in a secure and simple way?
A. Store all the usernames and passwords in an S3 bucket and include a fetch script in the application code
B. Use an RDS database with a table storing the usernames and passwords unencrypted
C. Use the instance metadata and ask the user to log in with the private key certificate so he can read the username and password
D. Send the username and password over simple email
- The CIO has contracted you to implement a solution that provides full visibility and an automatic response to audit every system change in the corporate AWS account. The solution must be scalable and cost-efficient. What will you do?
A. Use CloudTrail and AWS Config with custom Lambda functions
B. Use CloudWatch with metrics and filters that alert changes to SNS topics
C. Use a marketplace instance that records every infrastructure change in the local filesystem
D. Use CloudTrail and API access to system events
- In which service are you not allowed to use SSH to manage the operating system?
A. RDS
B. EMR
C. EC2
D. Elastic Beanstalk
- Which responsibilities does the customer take, according to the shared responsibility model in AWS? Mark all that apply.
A. Decommissioning storage devices
B. Encryption of EBS volumes
C. Management of IAM credentials
D. Controlling physical access to data centers
- A SysOps admin wants to be notified about important events when working with Amazon Glacier. What kind of notifications are available to achieve this?
A. SNS topics when files are copied to S3
B. Archival complete and Glacier add files
C. Vault Inventory and Retrieval Job Complete
D. Retrieval Job Complete only
- Which of the following statements are true about VPC subnets? Choose all that apply.
A. /24 CIDR block for subnets can be chosen
B. /17 CIDR block for VPCs can be chosen
C. Each subnet spans only one AZ
D. Each subnet spans at least two AZs
- To provide the highest network throughput you can do all the following, except__. Choose the wrong option.
A. Use Placement Groups
B. Enable Jumbo frames
C. Use Spot Instances
D. Use enhanced networking
- Gamma Games is designing a real-time mobile app that uses SQS queues to send playback history to other users in a reliable way; the application is Java serverless and uses DynamoDB to track all the game records. As the game becomes more popular, history is exceeding 256 KB per message. Which could be a good solution for this?
A. Change the database layer from DynamoDB to RDS, using blobs to store the game history
B. Use compression to store the game history in a smaller SQS message
C. Use the DynamoDB enhanced client to store the history blob in S3
D. Store blob information in S3 and send the reference in the SQS message
- A high traffic news website is low performing at peak times. After investigating, you notice that hot news queries are slowing the database. Hot news must be refreshed every 15 minutes. Which could be a non-intrusive scalable solution for this problem?
A. Use ElastiCache for the hot news queri...
