LinkedIn Amazon Web Services (AWS) Skill Assessment Answers 2024

100% Free & Updated LinkedIn Amazon Web Services (AWS) Assessment Certification Exam Questions & Answers.

Amazon Web Services (AWS) Assessment Details:

  • 15 multiple-choice questions
  • 1.5 minutes per question
  • Score in the top 30% to earn a badge

Free Certification Answer

🛒 Hire us: It is very hard to take an exam in the middle of your busy schedule. That’s why we are here. If you don’t have enough time, then hire us. We will do all kinds of exams on behalf of you. We provide the LOWEST PRICE for the examination on the internet for taking the exam. Contact Us Now.

🙏 Help Us to Better Serve You: If you did not find any question or if you think any question’s answer is wrong, let us know. We will update our solutions sheet as early as possible. Contact Us Now.

Before you start:

👣 You must complete this assessment in one session — make sure your internet is reliable.

👣 You can retake this assessment once if you don’t earn a badge.

👣LinkedIn won’t show your results to anyone without your permission.

👣 After completing the exam, you will get the verified LinkedIn Amazon Web Services (AWS) Assessment Badge.


✅ You have an application using a 100 GB MySQL database that you are migrating into AWS. What should you consider when deciding between whether to host the database on RDS for MySQL or Aurora?

  • cost
  • ease of maintenance vs. granularity of control
  • all of these answers
  • the current storage engine used by the application, such as InnoDB or MyISAM

✅ Which database is a NoSQL database type that can quickly store and retrieve key-value pairs?

  •  Aurora
  •  Neptune
  •  RDS for MySQL
  •  DynamoDB

✅ Your database is an RDS instance running SQL Server with Multi-AZ replication and you have several older .NET console utilities that perform database operations every 15 seconds. When the cluster has to switch the primary database server to the secondary AZ, the .NET utilities start to report connection failures to the database although other applications are able to access the database. How do you correct this problem?

  •  Use the RDS console to force a reboot of the database instance so that the primary server becomes the master server again.
  •  The server running the .NET utilities is caching the DNS lookup on the database cluster address. Flush the DNS cache of the server and force the C# utilities to open new connections to the database.
  •  A.NET application will retain the IP address of a connection string until the host machine is rebooted.
  •  The NET utilities need to change the SQL Server endpoint in the connection strings to read from the secondary database server using a try/catch.

✅ What AWS services can help you automate your development pipeline for continuous integration and continuous deployment?

  •  CodePipeline
  •  CodeDeploy
  •  all of these answers
  •  CodeBuild

✅ Which AWS service complies with the standards outlined in Payment Card Industry Data Security Standard (PCI DSS) Level 1 for the handling and transmission of credit card data?

  •  API Gateway
  •  all of these answers
  •  Simple Queue Service (SQS)
  •  Kinesis Data Streams

✅ You have a large amount of files on your network-attached storage array that must be archived and maintained for a period of 10 years due to industry regulations. This data will be infrequently accessed but must be kept What is the best AWS service for storing this data?

  •  EFS
  •  Snowball
  •  OEBS
  •  S3 Glacier

✅ For your AWS root account, you have generated a random password of the maximum allowed length and included special characters. Which additional steps should you take to secure your AWS root account?

  • Create an AM role for the account administrator with the highest privileges. Do not store the root password, but when the root account is needed reset the password on the root account via email confirmation and repeat this procedure.
  • Store your randomly generated password in your organizational secrets database using a service such as 1Password or LastPass, and only grant access to this secret to the DevOps team.
  • Create IAM accounts for your administrators and attach the AdministratorAccess policy to their accounts. Disable the root account in the user settings.
  • Create an IAM role for the account administrator with the highest privileges and do not use the root account in day-today operations. Enable two-factor authentication on the root account

✅ Which Elastic Load Balancing option supports Lambda as a target?

  •  Network Load Balancer
  •  Lambda can not be called directly by incoming web requests. You must use API Gateway.
  •  Classic Load Balancer
  •  Application Load Balancer

✅ How do you architect a solution for an SQL Server database to be replicated across AWS regions in an active-active architecture?

  • Use RDS for SQL Server and create the same instance in two different regions. Use Database Migration Service to keep each database in sync.
  • Use a VPN or VPC peering to establish a connection between the VPCs in each region. Install SQL Server Enterprise Edition on EC2 instances in each region and configure an Always On availability group.
  • Use RDS for SQL Server 2016 or 2017 Enterprise Edition. Enable Multi-AZ support and select the Mirroring/Always On option. Select another region for the mirroring option.
  • You can not set up an active-active architecture for SQL Server that spans geographic regions.

✅ What does it cost to launch an EC2 instance from the AWS Marketplace?

  • All images in the AWS Marketplace incur additional hourly fees in addition to the charges from the instance size you select.
  • You can only launch images that were created by other users on your AWS account, so you pay only for the instance size you select and the S3 storage costs for the base image.
  • Each image has its own pricing that could either be free, or include charges for software licensing costs. You will also pay for the instance the image runs on
  • All images in the AWS Marketplace contain only open-source software with no additional fees and are created by other AWS users. You will pay only for the instance size you select.

✅ When using an ECS cluster with EC2 instances, what maintenance tasks should you perform on the EC2s?

  • The instances created by ECS do not have patches that need to be applied; however, you should make sure your containers contain any important security updates.
  • Refresh the cluster with instances built from the latest ECS AMI.
  • ECS clusters do not use EC2 instances.
  • You should not directly manipulate the EC2 instances created by ECS. AWS will automatically update these instances.

✅ What in-memory caching server is not supported by ElastiCache?

  •  Redis 5
  •  Memcached
  •  Elasticsearch
  •  Redis 3

✅ Which AWS service can be used to help generate the documentation required by various compliance standards, such as Payment Card Industry Data Security Standard (PCI DSS) Level 1 for the handling of credit card data?

  •  Artifact
  •  DocumentDB
  •  Print out the AWS Compliance summary and keep it with your required documentation for an audit.
  •  Secrets Manager

✅ When using AWS for research and development ahead of a planned migration, how do you prevent unexpected increases or spikes in the billing?

  • Use the billing dashboard to create a cost budget. Input the max amount you want to be charged each month. Any charges that occur over this amount will cause AWS to automatically suspend those resources
  • Using the root AWS account, activate IAM access to the billing information for the account. Make sure your IAM users have the Billing FullAccessGroup policy. Then from the billing dashboard, check the accrued charges once a day.
  • If you are using the AWS free tier, you will have to confirm the usage of any service that goes over the AWS free tier limits.
  • Using the root AWS account enable Billing Alerts in the user preferences. Then use CloudWatch to create a billing alarm and set a threshold to a specific dollar amount for your estimated monthly charges.

✅ You are creating a DynamoDB table to store all movies that have been released since 1938. Your application will allow users to search by movie title and see the details of that film. Given the sample below showing the movie data that you will be importing, what is the best set of keys to apply to this table?

{
  "title": "The Avengers",
  "year": 2012,
  "cast": ["Mark Ruffalo", "Robert Downey, Jr."],
  "genres": ["Action"]
}
  • The primary key should be a partition key of the title field.
  • The primary key should be the title field and the partition key should be the genres field.
  • The primary key should be a composite key comprised of a partition key on the title field and a sort key on the year field.
  • The primary key should be created as a completely unique value, such a sequential numerical list of movie IDs. The partition key should be title field for fast lookup.

✅ What data store provides a simple and quick way of storing basic user attributes in an object-based format?

  •  ORDS for Oracle
  •  Redshift
  •  Neptune
  •  DynamoDB

✅ You need a schemaless database. Which Amazon database service provides that solution?

  •  ORDS
  •  Aurora
  •  Redshift
  •  DynamoDB

✅ Which communication channel does SNS not support natively?

  •  OSMS text message
  •  push notification
  •  email
  •  automated phone call

✅ When designing a serverless web application using Lambda, what key concept must you factor into your design?

  • Serverless web applications run within the web browser of the user, so you will need to store any data the user changes directly in a database.
  • Lambda only allows you to write functions in JavaScript.
  • Lambda does not use servers, so it can only return the same request to every user.
  • Lambda is stateless, so it won’t remember who a user is in between requests.

✅ A principle of DevOps is to view infrastructure as code. Which AWS service allows you to script your AWS infrastructure?

  •  CloudTrail
  •  CloudFormation
  •  AWS Config
  •  AWS Service Catalog

✅ You created a Windows EC2 instance with a public IP address and installed SQL Server. When attempting to connect to SQL Server from SQL Server Enterprise Manager on your local computer, the Windows EC2 instance is unable to establish a connection to the server. What is the first thing you should check?

  • Check the routing tables for the VPC.
  • Verify that the assigned security groups allow TCP port 1433 traffic from your current IP address.
  • Check the policies within Windows Firewall.
  • Verify that you are connecting to the instance using a user that is not sa.

✅ You are hosting an application configured to stream media to its clients on TCP ports 3380-3384, 3386-3388, and 3390. The Inbound tab below shows three incoming security group policies attached to this instance. Which policy should you use?

  • The rule that exposes TCP ports 3380-3390 would also publicly expose port 3389 (RDP) to the entire internet. Write separate rules to only expose the needed ports.
  • The first security group rule allows all traffic into this instance. Exposing your entire instance to the whole internet leaves the server open to various attacks of the other services running on different port numbers.
  • Verify that the AWS account owners actually control the entire CIDR C block for 12.228.11.0-255 and these are secured IPs for RDP access into this instance.
  • There are no recommendations to make.

✅ You have four front-end web servers behind a load balancer, which use NFS to access another EC2 instance that resizes and stores images for the front-end application. What security group policies should be assigned to these servers?

  • Assign Elastic IPs to all of the instances and create a group that allows all traffic to pass between each of the five Elastic IP addresses and allow all inbound HTTPS traffic.
  • Front-end web servers should allow HTTPS. Assign another group to all of the instances that allows all traffic to pass between instances using that group.
  • Create a security group that allows inbound NFS, HTTP, and HTTPS traffic from all IP addresses. Apply this group to all of the servers.
  • Create a security group that allows inbound HTTP and HTTPS traffic from all IP addresses and apply this to the web servers. Create a second security group for the NFS filestore that allows outbound NFS traffic to the private IP range of the front-end web servers.

✅ You have a Linux EC2 web server that suddenly is timing out on all HTTP requests and your SSH connection attempts are timing out. You notice that it is failing the system status check in the EC2 console. What action should you take?

  • Restore the instance from the last AMI image. System status checks indicate that the filesystem on the instance is corrupted.
  • Stop and start the instance. This will move the instance to another host.
  • Contact AWS support. Failing a system status check indicates a failure in the underlying hardware and must be addressed by an AWS representative.
  • Reboot the instance. This will stop and start the instance and move it to another host.

✅ You have several on-premise servers and would like to store your offsite backups on AWS. What fully managed backup service can you use to ship your backups to AWS?

  • Windows Server 2016 supports S3 as a target when using storage replicas.
  •  Use Storage Gateway.
  • Sync files directly to S3 with the AWS CLI.
  • Use the RDS console to force a reboot of the database instance so that the primary server becomes the master server again.

✅ What is the best practice for creating a highly available PostgreSQL database in RDS that can sustain the loss of a single AWS region?

  • PostgreSQL cannot be replicated across regions. Restore the database backups from an S3 bucket and repoint your database connections to the new instance.
  • Create Read Replicas in other AWS regions. You can designate a new master database from any of the read replicas until the regional failure is resolved.
  • Verify that your instance is configured for Multi-AZ support. Database changes will be automatically synced to another region in the event of a failure and RDS will automatically select a new master until the regional failure is resolved.
  • Create Read Replicas in other AWS regions. Ensure read operations against the database occur on an available Read Replica, and send write operations to another region if you need to promote a Read Replica to a standalone database if the master is down.

✅ You created a new Linux EC2 instance and installed PostgreSQL but you are not able to establish a connection to the server from your local computer. What steps do you take to resolve this issue?

  • Create a security group rule that allows all traffic from 0.0.0.0/0. This will verify whether or not another rule is denying the traffic.
  • Verify that the assigned security groups allow traffic from your IP address to port 5432. Verify that PostgreSQL is configured to listen to external traffic and is bound to the public interface.
  • Make sure that you are using an Elastic IP and that it is included within the postgresql.conf configuration file.
  • Stop and start the instance. New security group rules will only take effect after a restart.

✅ What does the statement body of this S3 bucket policy do?

{
"Sid": "bucketpolicy1",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::userreports/*",
"Condition": {
"IpAddress": { "aws:SourceIp": "68.249.108.0/24" },
"NotIpAddress": { "aws:SourceIp": "68.249.108.128/32" }
}
}

bucketpolicy1 allows any user to perform any action on the objects in the userreports bucket, but limits the objects to read-only permissions for anyone coming from 68.249.108.0 to 68.249.108.255 – except 68.249.108.128.

  • bucketpolicy1 allows any user coming from the IP range of 68.249.108.0 to access objects in the userreports bucket and denies access to 68.249.108.128.
  • bucketpolicy1 allows any user to perform any action on the objects in the userreports bucket – except anyone coming from the IP of 68.249.108.128.
  • bucketpolicy1 allows any user coming from the IP range of 68.249.108.0 to 68.249.108.255 to access objects in the userreports bucket-except anyone coming from the IP of 68.249.108.128.

✅ A new developer has been added to the team and you have been asked to provide access to the organization’s AWS account. What is the best practice for granting access?

  • Give the new developer the IAM login that is assigned to the development team. This IAM user should already include all of the policies that a developer would need.
  • Create a IAM user for the new developer. Manually assign policies to the new IAM user account.
  • Do not give the new developer access to the AWS console. Using the IAM user that is assigned to the development group, generate a new set of access keys and label these with the name of the developer.
  • Create a IAM user for the new developer. Assign the new developer the a developer group you already created for the other developers.

✅ When launching an EC2 instance with an instance type that supports instance storage, what use case is best for instance storage?

  • Use the instance storage to serve temporary files that require low I/O latency.
  • Use the instance storage to handle files uploaded by your users. Since it is more secure than an EBS volume, you can isolate any malicious files from infecting your server.
  • Instance storage is faster than EBS volumes, so install the root of the operating system on this volume to speed up server performance.
  • Instance storage is a deprecated option for storage and should not be used.

✅ What’s the best practice for horizontally scaling a legacy ASP.NET web application that relies on Active Directory and is currently deployed to a single Windows EC2 instance?

  • Use Sysprep to shut down the instance during a maintenance window. Create an AMI image and place both servers behind Application Load Balancer with sticky sessions.
  • Launch a new EC2 with the latest version of Windows Server and install the application again. Use Application Load Balancer and sticky sessions to balance between both servers.
  • Create a clone of the server using an AMI image and user Application Load Balancer to balance the traffic between both instances using sticky sessions.
  • Horizontal scaling is not the best practice in this situation. Increase the size of the existing EC2 instance and vertically scale the application.

✅ What does this small section of a CloudFormation template do?

FlowLog:
Type: AWS::EC2::FlowLog
Properties:
DeliverLogsPermissionArn: !GetAtt IamRole.Arn
LogGroupName: FlowLogsGroup
ResourceId: !Ref LogVpcId
ResourceType: VPC
TrafficType: ALL
  • It writes the VPC network flow logs to the CloudWatch FlowLogsGroup log group. You could use this to inspect the network connections of your VPC.
  • It logs all of the network traffic within a VPC except Instance IDs defined by LogVpcID and logs it to the CloudWatch FlowLogsGroup log group.
  • It logs all the network traffic going to and from a single EC2 instance into the CloudWatch FlowLogsGroup log group. You could use this to inspect suspicious network traffic coming into an EC2 instance.
  • It logs all of the DNS requests made by resources within a VPC and logs them to the CloudWatch FlowLogsGroup. Use this to diagnose DNS lookup errors within your environment.

✅ You are running Docker containers on ECS. What is the most important metric to monitor?

  •  The running container count for each service from within CloudWatch.
  •  The instance health of each EC2 instance in your cluster from within CloudWatch.
  •  Monitor the EC2 service dashboard. Watch for posted outages to the ECS service.
  •  The memory consumption of each EC2 instance in your cluster from within CloudWatch.

✅ Application Load Balancer can route traffic to several different target groups based upon several conditions. Which of these use cases is not supported by Application Load Balancer?

  •  A request with a HTTP header of X-Requested-With: staging can be routed to a target group for an ECS service in your staging environment.
  •  Source IPs matching 192.0.2.0/24 on a listener port of 1433 can be routed to a target group for an RDS for SQL Server cluster.
  •  A path of /signup* can be routed to a target group for a Lambda function that processes new user registrations.
  •  An Http POST query string of ? action=createuser can be routed to a target group for an ECS service.

✅ What does a VPC do?

  •  creates a cloud-based network to interconnect a set of virtual servers and appliances
  •  creates a secure tunnel between two networks
  •  creates a shared storage plane for application data to be shared across multiple instances.
  •  creates a private network that is completely isolated from the public internet.

✅ Can you lose the public IP address associated with your EC2 instance?

  •  Yes, you can lose it if you reboot the instance.
  •  Yes, you can lose it if you stop and start the instance.
  •  No, you will never lose the public IP address for your instance.
  •  Yes, you can lose it when you edit the instance properties and release the IP address.

✅ Where is the best place to store database backups on an EC2 instance that is configured as a database server?

  •  an S3 bucket, synced with the database backups via a script that calls the AWS CLI
  •  EBS volume attached to the instance
  •  instance attached to the instance
  •  instance storage, with a script that replicates the database backups to another instance in a different availability zone.

✅ Which of these is a valid restriction on the properties of a VPC?

  •  You can have only 10 internet gateways per region on a new AWS account.
  •  You can have only 10 VPCs per region on a new AWS account
  •  You cannot create a CIDR block with a netmask larger than /16
  •  You can have only 10 subnets within a VPC

✅ You have a Linux EC2 instance that is not responding to requests and you can not connect to it via SSH. Using the EC2 console, you issued a command to stop the instance, but for the past 10 minutes the instance has been in the “stopping” state. What is the next step you should take?

  •  Issue another stop action via the EC2 console, and choose the option to forcefully stop the instance.
  •  Create an AMI image of the instance, and choose the option to take the image without restarting the instance.
  •  Edit the instance properties and increase the instance size.
  •  Contact AWS support. Any further actions could corrupt the file system.

✅ You have 14 on-premise web servers, 4 database servers, 6 servers using GIS software, 3 file servers, and 4 development servers. What considerations should you take into account when migrating these servers into AWS?

  •  AWS does not have a way to separate billing for compute costs, so you will need to design a way to split the budget between departments.
  •  New AWS accounts are limited to 20 on-demand EC2 instances. Submit a request to increase your rate limits before starting a migration.

✅ As your web application grows and your application monitoring needs become more complex, which additional log monitoring service should you NOT consider?

  •  ELK stack: Elasticsearch, Loggly, and Kibana
  •  PRTG
  •  New Relic
  •  Datadog

✅ You have a T2 EC2 instance that is critical to your infrastructure. How would you monitor the most important metric for this instance?

  •  Turn on CloudWatch Auto Recovery and put monitors on the System Status and Instance Status checks for the instance to notify you when either is in alarm.
  •  Use CloudWatch to put monitors on the remaining CPU credits. If you run out of CPU credit the instance will be stopped.

✅ Which feature can be used to respond to a sudden increase in web traffic?

  •  EC2 Auto Scaling groups
  •  AWS Shield Advanced
  •  RDS Read Replicas
  •  all of these answers

✅ If a set of servers are located within a private subnet of your VPC, how can you connect those servers to on-premise servers?

  •  Establish a connection with AWS Direct Connect.
  •  Use the AWS Client VPN.
  •  Install a OpenVPN server on an instance that is located within the subnet with an elastic IP.
  •  All of these options can establish a connection to a private subnet.

You have a UDP load balancer that is created by an instance that is running an NGINX proxy. Your application performance management (APM) solution can detect failures in your load balancer instance and transfer the Elastic IP to a passive standby instance. Using the AWS CLI, which script do you program into your APM to move the Elastic IP?

  • A
aws ec2 disassociate-address --association-id eipassoc-2bebb712
aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
  • B
aws ec2 release-address --association-id eipassoc-2bebb712
aws ec2 assign-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
  • C
aws ec2 stop-instances --instance-ids i-8b953
wait 30
aws ec2 disassociate-address --association-id eipassoc-2bebb712
aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
aws ec2 start-instances --instance-ids i-8b953
  • D
aws ec2 release-address --association-id eipassoc-2bebb712
aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a

✅ The outbound rules of a security group only allow traffic going to 0.0.0.0/0 on TCP Port 22 (SSH) and TCP port 3306 (MySQL). Review the inbound rules listed in the image below. What is the most important issue to fix with this security group configuration, for an Ubuntu EC2 instance acting as a web server?

  • The outbound rules block UDP port 53, so the server will not be able to resolve any DNS lookups.
  •  The outbound rules do not allow for HTTP traffic to leave the instance, so inbound HTTP requests will fail because the clients will never get HTTP responses.
  •  The incoming SSH port should not be open to the public. Limit SSH to a single IP address or IP range of controlled addressed, or use a VPN to access the VPC for this server.
  •  The all incoming TCP ports are exposed, which overrides the HTTP and SSH rules and exposes all TCP ports to the public internet.

✅ An EC2 instance running a WordPress site keeps getting hacked, even though you have restored the server several times and have patched WordPress. What AWS service can help you detect and prevent further attacks?

  •  CloudWatch
  •  GuardDuty
  •  Shield
  •  Security Advisor

✅ A nontechnical client wants to migrate a WordPress site to AWS from a private server managed by a third-party hosting company. Which AWS service should you recommend to migrate the site to?

  •  CloudFront
  •  An EC2 instance launched from the official WordPress AMI
  •  S3
  •  Lightsail

✅ Your company has on-premise servers with an existing onsite backup solution that also replicates backups to another campus on the other side of the country with its own on-site backup solution. You have been asked to create a third level of redundancy by also storing these backups in the cloud. In the event of a primary and secondary backup failure, your boss wants to know that the cloud backups can be accessible as fast as possible to reduce downtime during the recovery. What S3 storage class do you recommend for cost and performance?

  •  S3 Standard
  •  S3 Intelligent-Tiering
  •  S3 Glacier
  •  S3 One Zone-Infrequent Access

✅ Which big data store will let you store large streams of user activity data coming from both web and mobile applications?

  •  Neptune
  •  Aurora
  •  RDS for SQL Server
  •  Redshift

✅ What option is best for Auto Scaling your EC2 instances for predictable traffic patterns?

  •  scale based on a schedule
  •  manual scaling
  •  scale based on demand
  •  maintain current levels at all times

✅ You are migrating an on-premise RabbitMQ cluster into AWS. Which migration path should you choose for ease of both maintenance and deployment?

  •  Rewrite the parts of your application that use RabbitMQ to use SQS.
  •  Launch a RabbitMQ cluster with EC2 instances using a supported AMI.
  •  Rewrite the parts of your application that use RabbitMQ to use Kinesis.
  •  Rewrite the parts of your application that use RabbitMQ to use Amazon MQ.

✅ When creating a new RDS instance, what does the Multi-AZ option do?

  •  replicates backups of your database to S3 and makes them available across regions to prevent against any data loss
  •  creates a second passive database instance within the same region that will become the primary database during a failover
  •  creates a highly available database cluster that will host your database cluster in at least two regions
  •  creates another database instance in another region and keeps a hot standby active to failover to during regional failures

✅ What is the best EC2 instance class for a server that continuously has a heavy CPU load?

  •  C5
  •  T2
  •  R5
  •  H1

Your application performance management (APM) system can read the status of your CloudWatch monitors and perform scripted actions. When the CloudWatch metric StatusCheckFailed enters a failed state (a value of 1), you would like your APM to automatically repair the instance. Which script do you use?

  • A
aws ec2 stop-instances --instance-ids i-0b263919b6498b123
aws ec2 start-instances --instance-ids i-0b263919b6498b123
  • B
aws ec2 reboot-instances --instance-ids i-0b263919b6498b123
  • C
aws ec2 reboot-instances --instance-ids i-0b263919b6498b123
wait 30
aws ec2 start-instance --instance-ids i-0b263919b6498b123
  • D
aws ec2 reboot-instances --instance-ids i-0b263919b6498b123
aws ec2 start-instances --instance-ids i-0b263919b6498b123

✅ What is wrong with the third incoming security group rule, which allows all traffic from sg-269afc5e to go to an Ubuntu EC2 instance configured as a web server?

  • All traffic on all ports is being denied into this instance, which overwrites the HTTP rule and makes it redundant.
  •  The instance was launched with the default security group, but there is no way for an administrator to SSH into the instance. Add another rule that allows for SSH access from a secured source, such as a single IP or a range of managed IP addresses.
  •  There is nothing wrong with this security group rule. Assuming that sg-269afc5e is applied to other resources that are properly secured, this rule allows all traffic to pass through that is also assigned security group sg-269afc5e.
  •  All traffic on all ports are allowed into this instance. This exposes the instance to all public internet traffic and overwrites the incoming HTTP rule.

✅ You have a VPC that has a public and private subnet. There is a NAT gateway in the public subnet that allows instances in the private subnet to access the internet without having public exposure outside of the VPC. What should the routing tables be for the private subnet?

  • A

Destination 1: 10.0.0.0/16, Target 1: local;

Destination 2: 0.0.0.0/0, Target 2: nat-09b4832

  •  B

Destination 1: 10.0.0.0/24, Target 1: local;

Destination 2: 0.0.0.0/0, Target 2: igw-b2ff47d6

  •  C

Destination 1: 10.0.0.0/24, Target 1: subnet-1948ba2;

Destination 2: 0.0.0.0/0, Target 2: nat-09b4832

  •  D

Destination 1: 10.0.0.0/16, Target 1: vpc-12bd09ac2;

Destination 2: 0.0.0.0/0, Target 2: igw-b2ff47d6

✅ To comply with auditing requirements of some compliance standards, which AWS tool can be enabled to maintain an audit log of access and changes to your AWS infrastructure?

  •  CloudTrail
  •  CloudWatch
  •  AWS Audit and Compliance Tool
  •  GuardDuty

✅ You have an application that generates long-running reports, stores them in an S3 bucket, and then emails the user who requested the report with a link to download it. What is the best practice for storing the report data in S3?

  •  Create a public S3 bucket. When your application creates the report object in S3, generate two randomly generated long folder names and place the file within the deepest subfolder. Set the retention policy on the object to one hour and email this link to the user. The link will be active for one hour.
  •  Create a public S3 bucket. Use a hash of the user’s email address and the date and time the report was requested to generate a unique object name. Email this link to the user and have a scheduled task run within your application to remove objects that are older than seven days.
  •  Create a private S3 bucket. The link in the email should take the user to your application, where you can verify the active user session or force the user to log in. After verifying the user has rights to access this file, have the application retrieve the object from S3 and return it in the HTTP response. Delete the file from the S3 bucket after the request is completed.
  •  Create a private S3 bucket. The link in the email should take the user to your application, where you can verify the active user session or force the user to log in. Set the report object in S3 to public. Show the user a “Download” button in the browser that links to the public object.

✅ When sending a large volume of email through SES, what is the most important set of metrics to monitor?

  •  your complaint and bounce rates
  •  opens and clicks
  •  clicks and deliveries
  •  sending volume over the past 15 minutes and over one day to watch for billing spikes

✅ You are going to host an application that uses a MySQL database. Which database should you select if you don’t want to manage scaling or database administration tasks?

  •  Launch an AMI image from the marketplace containing a preconfigured MySQL server.
  •  Aurora
  •  RDS for MySQL
  •  Redshift

✅ A form in web application is sending sign-up data to “http://example.com/signup/new?source=web” and this data needs to be handled by an ECS service behind Application Load Balancer (ALB). Which ALB rule will route this request?

  • A
IF (all match)

    Path is /signup*

    Query string is signup:new

Then

    Forward to ecs-cluse-service <there is a typo - yes!
  •  B
IF (all match)

    Path is /sign/new/&

    Query request method is POST

Then

    Forward to ecs-cluse-service
  •  C …One more with POST
  •  D …Only one with Get

✅ Which AWS service can host the web application server for a WordPress site?

  •  S3
  •  Elastic BeanStalk
  •  ElasticCache
  •  CloudFront

✅ What does the following AWS CLI create-service command for ECS do?

aws ecs create-service \
 --cluster production \
 --service-name rest-api \
 --task-definition rest-api:1 \
 --desired-count 2 \
 --launch-type "FARGATE" \
 --network-configuration \
 "awsvpcConfiguration={subnets=[subnet-0b29129ab],securityGroups=[sg-0b29129ab]}"
  •  changes the security groups of the running rest-api task
  •  creates a cluster called production and launches two containers into Fargate with the rest-api task definition
  •  launches two containers onto Fargate into the existing production cluster using the rest-api task definition
  •  creates a service definition for the rest-api task; put two containers on the production cluster when launched ecs-cli up command

✅ You want to make your public API quickly accessible from all regions. What is the best way to do this?

  •  Create a single API gateway endpoint in a central region.
  •  Create a private API gateway endpoint for each region.
  •  Create a regional API gateway endpoint for each region.
  •  Create edge-optimized API gateway endpoints and deploy them to a CloudFront network.

✅ What type of data solution should you use for data coming from nonrelational and relational data from IoT devices, websites, mobile apps, etc.?

  •  Amazon DynamoDB
  •  AWS Lake Formation
  •  Amazon Redshift
  •  Amazon Aurora

✅ You have an analytics suite that produces reports about the usage patterns of your web application. After completing your migration to AWS and using Application Load Balancer to balance the load across your web application, your marketing department noticed that location-based reports on the web traffic only show traffic originating from a single location. What is the problem?

  •  Use a Classic Load Balancer, not Application Load Balancer.
  •  Application Load Balancer does not preserve the original source IP address. The analytics software needs to be configured to look at the ‘X-Forwarded-For’ HTTP request header for the correct source IP address.
  •  Application Load Balencer has to be configured to retain the source IP address of the traffic it is forwarding. Create a policy that enables ProxyProtocol support and attach it to the ALB using the AWS CLI.
  •  Configure the web server EC2 instances to only have private IP addresses. The public IP addresses of the instances are being recorded into the web server logs, bug only ALB should have a public interface and it will route traffic to instances via the private interface.

✅ What is not a default user of a common Linux instance launched from an AMI?

  •  ubuntu
  •  system-user
  •  ec2-user
  •  admin

✅ You have replicated the infrastructure that serves the backend API for your web application across regions to better serve your customers in the US and the EU. What is the best way to direct your web application at the nearest data center?

  •  Use Route 53 with geolocation lookups to direct traffic between the two regions.
  •  Create a WAF redirection rule that redirects traffic at the EU data center if the source IP comes from certain countries.
  •  Purchase a country domain extension and direct your users to the correct site, such as example.com and example.co
  •  Have your front-end application test the latency between each data center and use the data center that is responding the fastest.

✅ You have recently launched your new web product and are expecting 1,000 new users each month. However, you have just received word from the CEO that your product will be featured at an upcoming conference covered by several media outlets, and this could lead to 20,000 new users over the next week. How do you plan for a sudden increase in traffic?

  •  Replicate your infrastructure across two regions. You will harden the application to a regional failure and you will double your capacity.
  •  Take an AMI image of a front-end server to save your configuration and then add more servers to your cluster pror to the conference. Remove the servers from the cluster after the spike from the conference.
  •  Test to determine your throughput and how many users you can support. Develop a scaling plan for your front end, microservices, and database based on CloudWatch metrics that align with the tested bottlenecks.
  •  Use Auto Scaling groups to create more front-end servers when the CloudWatch metrics for CPU usage on a single instance rise above 80% for five minutes.

✅ How do you connect via SSH to a Linux EC2 instance with an EBS volume if you lost your key pair?

  •  Stop the instance and create an AMI image. Launch the image using a new key pair.
  •  Contact AWS support. A support specialist can remotely restore access to your instance and send you a new key pair.
  •  You can not connect to this EC2 instance. The key pair is displayed only one time. If you lose it, you have lost all access to this instance. Connect the EBS volume to another instance to recover your files.
  •  Attach the EBS volume to a temporary instance launched with a new key pair, and overwrite ~/.ssh.authorized_keys using the same file from the new instance.

✅ Your on-premise data center (172.16.128.0/24) is already connected to your AWS VPC (10.0.0.0/16) by a customer gateway. You wish to connect another data center for a company you just acquired (172.16.130.0/24) to your VPC as shown in the image. What is the best way to create this link?

  • Establish a connection between your two data centers and connect the second data center to the first through a private tunnel. Traffic will flow from the second data center and then through the first data, and then into AWS.
  •  Create a second customer gateway and configure your VPN client at your second data center to connect to the virtual private gateway.
  •  Create a second virtual private gateway (VPG) and attach it to the VPC. Create a customer gateway for the new virtual private gateway and use your VPN client at your second data center to establish a connection to the VPG.
  •  You can not have more than one customer gateway per VPC, so the proposed solution will not work. Create a second VPC with a virtual private gateway and a customer gateway. Bridge the two VPCs using VPC peering.

✅ You are migrating a 200 GB database from an on-premise SQL Server to RDS for SQL Server. The database needs to have minimal downtime during the migration. What is the best practice for migrating this database?

  •  Close all existing connections to the SQL Server database and use Database Migration Service to transfer the data to RDS.
  •  Use Database Migration Service to replicate the database to RDS and keep it in sync during the migration. Repoint your applications to use the new RDS endpoint.
  •  Detach the SQL Server database during the migration. Take a backup of the database and use SQ with Accelerated Transfer to upload the backups to S3. Restore the backups to the RDS instance.
  •  Use the Import and Export wizard within SQL Server Enterprise Manager to create an export task and export the tables to the RDS instance.

✅ You have enabled Multi-Factor Authentication (MFA) for your AWS root account and you lost your MFA device. What do you need to do to recover access to your account?

  •  You cannot recover access to your AWS root account. Contact AWS support.
  •  An email will be sent to the email address on file to verify ownership of the account. You will then need to provide the phone number on the account.
  • An email will be sent to the email address on file. After clicking in the link in your email, provide one of the MFA recovery codes that were created when MFA was enabled.
  • Use the AWS CLI with the root account access token to disable MFA on the root account. Then use the CLI to set a new password on the root account.

✅ How do you assign an Elastic IP to several EC2 instances?

  • In the VPC dashboard, click Elastic IPs. Select the Elastic IP and click Associate Address. Select each EC2 instance you wish to assign this address to.
  • In the EC2 dashboard, click on EC2 instance. Under Actions, select networking > Manage IP Addresses. click to add a new IP address and type in the address of the Elastic IP. Repeat the process for each EC2 instance you want to assign this Elastic IP to.
  • Use the AWS CLI and pass in several ‘–instance-id’ options to hte aws ec2 assosiate-address command.
  • An elastic IP cannot be assigned to multiple EC2 instances. It can only be assosiated to a single EC2 instance.

✅ You created a VPC that has a public subnet and a private subnet. A web server was placed in the public subnet and a database server was placed in the private subnet. The web server is able to connect to the database server; however, the database server at 10.0.1.2 is unable to get software updates. What is the cause of this issue?

  • There is no NAT gateway for the private subnet, so the database server has no routes that give it public internet access to download software updates.
  •  The database server needs to be assigned a public address from the pool, or assigned an Elastic IP similar to the instance 10.0.0.2.
  • The router is not configured properly on the VPC. Add a route to route table for the VPC that routes all traffic for 0.0.0.0/0 to the ID of the internet gateway.
  • There is no egress-only internet gateway attached to the private subnet of the VPC.

✅ Benefit of using S3 Glacier?

  •  access time
  •  store for small duration
  •  cost
  •  cross-region

✅ After installing AWS Amplify’s CLI, what command allows the user to connect an AWS account with the local install?

  • amplify admin
  • amplify configure
  • amplify connect
  • amplify init

✅ How do you limit access to an S3 bucket by source IP address?

  • Create the S3 bucket as a target for Application Load Balancer. Use Web Application Firewall (WAF) to create a rule to limit access to the S3 bucket by source IP.
  • You can not limit access to an S3 bucket by IP address.
  • In the preperties of the S3 bucket, add an access control option that limit access to the bucket by source IP address. Input the list of IPs into dialog.
  • Create a bucket policy with a condition that limit access to a list of approved IP addresses. Attach this policy to the bucket.

✅ What is the benefits of using S3 Glacier for storage?

  • granual fetching
  • cross-region caching
  • speed of access
  • cost

✅ Which of these AWS services can be related to Lambda via a trigger?

  • Cognito Sync Trigger, SNS
  • SNS, SQS
  • all of these answers
  • SQS, DynamoDB

✅ When creating a RESTful API into a DynamoDB table, which is the right service to facilitate this?

  • API Sync
  • AppSync
  • CloudAPI
  • API Gateway

✅ Which AWS service is valid data source for AppSync?

  • DynamoDB table
  • ElastiCache
  • none of these answers
  • Step Functions

✅ If a single instance has failed to launch within 24 hours due to some issues during a set up of Auto-scaling. Then what will happen to the Auto-Scaling condition?

  • Auto Scaling will continue to launch the instance for straight 3 days
  • The Auto Scaling group will be automatically terminated.
  • In a separate region Auto Scaling will start an instance
  • Auto Scaling will remove the scaling process

✅ Point out the wrong statement.

  • Amazon Machine Instances are sized at various levels and rented on a computing/hour basis
  • The metrics obtained by CloudWatch may be used to enable a feature called Auto Scaling
  • A number of tools are used to support EC2 services
  • None of the mentioned

✅ In terms of Amazon VPC design, a VPC with a single public subnet is ideal for which of the following application designs?

  • A single-tier application
  • A serverless application
  • A microservice application
  • A multi-tier application

✅ If you stop and restart an EC2 instance, does it retain its private IP address?

  • Yes, the instance retains its private IP addresses
  • No, it retains only the public IP addresses
  • No, it retains only the Elastic IP addresses
  • No, it does not retain its private IP addresses

✅ All the Amazon EC2 instances you launch into a nondefault VPC are _ by default.

  • stateless
  • protected
  • public
  • private

✅ When you launch an instance into a dedicated-tenancy VPC, what happens?

  • Your instance is automatically a Dedicated instance, regardless of the instance’s specific tenancy attribute
  • You receive an error message notifying you that you must set your instance’s tenancy attribute to dedicated
  • Your instance launch fails, but AWS prompts you to launch a new one with the tenancy attribute set to dedicated
  • Your instance launch fails immediately

✅ Use the _ protocol in a VPC security group to communicate with a DB instance.

  • SSH
  • SSL
  • TCP
  • UDP

✅ You have an application utilizing a 100 GB MySQL information base that you are relocating into AWS. What would it be a good idea for you to think about while settling on whether to have the information base on RDS for MySQL or Aurora?

  • cost
  • simplicity of upkeep versus granularity of control
  • these responses
  • the current stockpiling motor utilized by the application, like InnoDB or MyISAM

✅ Which information base is a NoSQL data set sort that can rapidly store and recover key-esteem sets?

  • . Aurora
  • . Neptune
  • . RDS for MySQL
  • . DynamoDB

✅ Your information base is a RDS case running SQL Server with Multi-AZ replication and you have a few more seasoned .NET control center utilities that perform data set activities like clockwork. Whenever the bunch needs to change the essential information base server to the optional AZ, the .NET utilities begin to report association disappointments to the data set albeit different applications can get to the data set. How would you address this issue?

  • Utilize the RDS control center to drive a reboot of the information base occurrence so the essential server turns into the expert server once more.
  • The server running the .NET utilities is reserving the DNS query on the data set bunch address. Flush the DNS reserve of the server and power the C# utilities to open new associations with the data set.
  • A.NET application will hold the IP address of an association string until the host machine is rebooted.
  • The NET utilities need to change the SQL Server endpoint in the association strings to peruse from the auxiliary information base server utilizing an attempt/get.

✅ What AWS administrations can assist you with mechanizing your advancement pipeline for constant coordination and persistent sending?

  • CodePipeline
  • CodeDeploy
  • these responses
  • CodeBuild

✅ Which AWS administration consents to the principles laid out in Payment Card Industry Data Security Standard (PCI DSS) Level 1 for the taking care of and transmission of Visa information?

  • Programming interface Gateway
  • these responses
  • Straightforward Queue Service (SQS)
  • Kinesis Data Streams

✅ You have a lot of documents on your organization appended capacity cluster that should be filed and kept up with for a time of 10 years because of industry guidelines. This information will be inconsistently gotten to however should be saved What is the best AWS administration for putting away this information?

  • EFS
  • Snowball
  • OEBS
  • S3 Glacier

✅ For your AWS root account, you have produced an irregular secret phrase of the most extreme permitted length and included extraordinary characters. Which extra advances would it be a good idea for you to take to get your AWS root account?

  • Make an AM job for the record manager with the most elevated honors. Try not to store the root secret word, yet when the root account is required reset the secret phrase on the root account through email affirmation and rehash this methodology.
  • Store your haphazardly created secret key in your authoritative mysteries data set utilizing a help like 1Password or LastPass, and just award admittance to this mystery to the DevOps group.
  • Make IAM represents your heads and append the AdministratorAccess strategy to their records. Cripple the root account in the client settings.
  • Create an IAM job for the record overseer with the most noteworthy honors and don’t utilize the root account in day-today tasks. Empower two-factor confirmation on the root account

✅ Which Elastic Load Balancing choice backings Lambda as an objective?

  • Network Load Balancer
  • Lambda can not be called straight by approaching web demands. You should utilize API Gateway.
  • Exemplary Load Balancer
  • Application Load Balancer

✅ How would you designer an answer for a SQL Server data set to be imitated across AWS locales in a functioning dynamic engineering?

  • Use RDS for SQL Server and make similar occurrence in two unique districts. Use Database Migration Service to keep every information base in a state of harmony.
  • Utilize a VPN or VPC looking to lay out an association between the VPCs in every district. Introduce SQL Server Enterprise Edition on EC2 cases in every district and arrange an Always On accessibility bunch.
  • Use RDS for SQL Server 2016 or 2017 Enterprise Edition. Empower Multi-AZ support and select the Mirroring/Always On choice. Select one more district for the reflecting choice.
  • You can not set up a functioning dynamic design for SQL Server that traverses geographic locales.

✅ What does it cost to send off an EC2 example from the AWS Marketplace?

  • All pictures in the AWS Marketplace bring about extra hourly expenses notwithstanding the charges from the occasion size you select.
  • You can send off pictures that were made by different clients on your AWS account, so you pay just for the occurrence size you select and the S3 stockpiling costs for the base picture.
  • Each picture has own valuing could either be free, or incorporate charges for programming authorizing costs. You will likewise pay for the occurrence the picture runs on
  • All pictures in the AWS Marketplace contain just open-source programming with no extra charges and are made by other AWS clients. You will pay just for the example size you select.

✅ While utilizing an ECS bunch with EC2 occasions, what support undertakings would it be a good idea for you to perform on the EC2s?

  • The cases made by ECS don’t have patches that should be applied; notwithstanding, you should ensure your holders contain any significant security refreshes.
  • Refresh the bunch with occasions worked from the most recent ECS AMI.
  • ECS groups don’t utilize EC2 examples.
  • You ought not straightforwardly control the EC2 occasions made by ECS. AWS will naturally refresh these examples.

✅ What in-memory reserving server isn’t upheld by ElastiCache?

  • Redis 5
  • Memcached
  • Elasticsearch
  • Redis 3

✅ Which AWS administration can be utilized to assist with producing the documentation expected by different consistence principles, like Payment Card Industry Data Security Standard (PCI DSS) Level 1 for the treatment of Visa information?

  • Artifact
  • DocumentDB
  • Print out the AWS Compliance rundown and save it with your necessary documentation for a review.
  • Mysteries Manager

✅ While involving AWS for innovative work in front of an arranged relocation, how would you forestall surprising increments or spikes in the charging?

  • Utilize the charging dashboard to make an expense spending plan. Input the maximum sum you need to be charged every month. Any charges that happen over this sum will make AWS naturally suspend those assets
  • Utilizing the root AWS account, actuate IAM admittance to the charging data for the record. Ensure your IAM clients have the Billing FullAccessGroup strategy. Then, at that point, from the charging dashboard, actually look at the accumulated charges one time per day.
  • Assuming you are utilizing the AWS complementary plan, you should affirm the use of any assistance that goes over the AWS complementary plan limits.
  • Using the root AWS account empower Billing Alerts in the client inclinations. Then, at that point, use CloudWatch to make a charging alert and set an edge to a particular dollar sum for your assessed month to month charges.

✅ You are making a DynamoDB table to store all films that have been delivered starting around 1938. Your application will permit clients to look by film title and see the subtleties of that film. Given the example underneath showing the film information that you will import, what is the best arrangement of keys to apply to this table?

'''json
{
  "title": "The Avengers",
  "year": 2012,
  "project": ["Mark Ruffalo", "Robert Downey, Jr."],
  "kinds": ["Action"]
}
'''
  • The essential key should be a segment key of the title field.
  • The essential key should be the title field and the segment key should be the class field.
  • The essential key ought to be a composite key included a segment key on the title field and a sort key on the year field.
  • The essential key ought to be made as a totally exceptional worth, such a consecutive mathematical rundown of film IDs. The parcel key ought to be title field for quick query.

✅ What information store gives a straightforward and speedy approach to putting away fundamental client credits in an article based organization?

  • ORDS for Oracle
  • Redshift
  • Neptune
  • DynamoDB

✅ You really want a schemaless data set. Which Amazon data set assistance gives that arrangement?

  • ORDS
  • Aurora
  • Redshift
  • DynamoDB

✅ Which correspondence channel does SNS not help locally?

  • OSMS instant message
  • message pop-up
  • email
  • mechanized call

✅ While planning a serverless web application utilizing Lambda, what key idea must you factor into your plan?

  • Serverless web applications run inside the internet browser of the client, so you should store any information the client changes straightforwardly in a data set.
  • Lambda just permits you to compose capacities in JavaScript.
  • Lambda doesn’t utilize servers, so it can return a similar solicitation to each client.
  • Lambda is stateless, so it will not recall who a client is in the middle of solicitations.

✅ A rule of DevOps is to see framework as code. Which AWS administration permits you to prearrange your AWS foundation?

  • CloudTrail
  • CloudFormation
  • AWS Config
  • AWS Service Catalog

✅ You made a Windows EC2 occurrence with a public IP address and introduced SQL Server. While endeavoring to associate with SQL Server from SQL Server Enterprise Manager on your nearby PC, the Windows EC2 occurrence can’t lay out an association with the server. What is the main thing you should check?

  • Check the directing tables for the VPC.
  • Verify that the relegated security bunches permit TCP port 1433 traffic from your present IP address.
  • Actually take a look at the arrangements inside Windows Firewall.
  • Check that you are interfacing with the occasion utilizing a client that isn’t sa.

✅ You are facilitating an application designed to stream media to its clients on TCP ports 3380-3384, 3386-3388, and 3390. The Inbound tab beneath shows three approaching security bunch arrangements connected to this case. Which strategy would it be a good idea for you to utilize?

  • The standard that uncovered TCP ports 3380-3390 would likewise openly uncover port 3389 (RDP) to the whole web. Compose separate guidelines to just uncover the required ports.
  • The principal security bunch rule permits all traffic into this example. Uncovering your whole case to the entire web leaves the server open to different assaults of different administrations running on various port numbers.
  • Check that the AWS account proprietors really control the whole CIDR C square for 12.228.11.0-255 and these are gotten IPs for RDP access into this occurrence.
  • There are no suggestions to make.

✅ You have four front-end web servers behind a heap balancer, which use NFS to get to another EC2 case that resizes and stores pictures for the front-end application. What security bunch strategies ought to be appointed to these servers?

  • Allocate Elastic IPs to the cases as a whole and make a gathering that permits all traffic to pass between every one of the five
  • Flexible IP addresses and permit all inbound HTTPS traffic.
  • Front-end web servers ought to permit HTTPS. Relegate one more gathering to every one of the cases that permits all traffic to pass between examples utilizing that gathering.
  • Make a security bunch that permits inbound NFS, HTTP, and HTTPS traffic from all IP addresses. Apply this gathering to the servers as a whole.

. Make a security bunch that permits inbound HTTP and HTTPS traffic from all IP addresses and apply this to the web servers. Make a subsequent security bunch for the NFS filestore that permits outbound NFS traffic to the private IP scope of the front-end web servers.

✅ You have a Linux EC2 web server that abruptly is timing out on all HTTP demands and your SSH association endeavors are timing out. You notice that it is bombing the framework status check in the EC2 console. What move would it be a good idea for you to make?

  • Restore the occasion from the last AMI picture. Framework status checks demonstrate that the filesystem on the example is defiled.
  • Pause and begin the example. This will move the example to another host.
  • Contact AWS support. Bombing a framework status check demonstrates a disappointment in the basic equipment and should be tended to by an AWS agent.
  • Reboot the occurrence. This will pause and begin the occurrence and move it to another host.

✅ You have a few on-premise servers and might want to store your offsite reinforcements on AWS. What completely oversaw reinforcement administration would you be able to use to send your reinforcements to AWS?

  • Windows Server 2016 backings S3 as an objective while utilizing stockpiling copies.
  • Use Storage Gateway.
  • Sync documents straightforwardly to S3 with the AWS CLI.
  • Utilize the RDS control center to compel a reboot of the information base case with the goal that the essential server turns into the expert server once more.

✅ What is the best practice for making an exceptionally accessible PostgreSQL data set in RDS that can support the departure of a solitary AWS area?

  • PostgreSQL can’t be duplicated across districts. Reestablish the data set reinforcements from a S3 pail and repoint your data set associations with the new occasion.
  • Make Read Replicas in other AWS areas. You can assign another expert data set from any of the read copies until the local disappointment is settled.
  • Check that your occasion is arranged for Multi-AZ support. Data set changes will be consequently adjusted to one more locale in case of a disappointment and RDS will naturally choose another expert until the territorial disappointment is settled.
  • Create Read Replicas in other AWS locales. Guarantee read tasks against the information base happen on an accessible Read Replica, and send compose activities to another district in the event that you really want to elevate a Read Replica to an independent data set assuming the expert is down.

✅ You made another Linux EC2 occasion and introduced PostgreSQL yet you can’t lay out an association with the server from your nearby PC. What steps do you take to determine this issue?

  • Make a security bunch decide that permits all traffic from 0.0.0.0/0. This will confirm whether or not any more principles is denying the traffic.
  • Verify that the alloted security bunches permit traffic from your IP address to port 5432. Confirm that PostgreSQL is designed to pay attention to outer traffic and is bound to the public connection point.
  • Ensure that you are utilizing an Elastic IP and that it is incorporated inside the ‘postgresql.conf’ design document.
  • Pause and begin the occasion. New security bunch rules will just produce results after a restart.

✅ How does the assertion body of this S3 container strategy respond?

'''json
{
  "Sid": "bucketpolicy1",
  "Impact": "Permit",
  "Head": "*",
  "Activity": "s3:GetObject",
  "Asset": "arn:aws:s3:::userreports/*",
  "Condition": {
    "IpAddress": { "aws:SourceIp": "68.249.108.0/24" },
    "NotIpAddress": { "aws:SourceIp": "68.249.108.128/32" }
  }
}
'''
  • bucketpolicy1 permits any client to play out any activity on the items in the userreports pail, however restricts the items to peruse just consents for anybody coming from 68.249.108.0 to 68.249.108.255 – with the exception of 68.249.108.128.
  • bucketpolicy1 permits any client coming from the IP scope of 68.249.108.0 to get to objects in the userreports can and denies admittance to 68.249.108.128.
  • bucketpolicy1 permits any client to play out any activity on the articles in the userreports pail – with the exception of anybody coming from the IP of 68.249.108.128.
  • bucketpolicy1 permits any client coming from the IP scope of 68.249.108.0 to 68.249.108.255 to get to objects in the userreports pail with the exception of anybody coming from the IP of 68.249.108.128.

✅ Another engineer has been added to the group and you have been approached to give admittance to the association’s AWS account. What is the best practice for conceding access?

  • Give the new designer the IAM login that is alloted to the advancement group. This IAM client should as of now incorporate every one of the arrangements that a designer would require.
  • Make an IAM client for the new engineer. Physically appoint approaches to the new IAM client account.
  • Try not to give the new engineer admittance to the AWS console. Utilizing the IAM client that is allocated to the improvement bunch, produce another arrangement of access keys and mark these with the name of the engineer.
  • Create an IAM client for the new designer. Allocate the new designer the an engineer bunch you previously made for different designers.

✅ While sending off an EC2 occurrence with an occasion type that supports case stockpiling, what use case is best for example stockpiling?

  • Use the example stockpiling to serve impermanent documents that require low I/O idleness.
  • Utilize the occasion stockpiling to deal with records transferred by your clients. Since it is safer than an EBS volume, you can separate any noxious records from tainting your server.
  • Occurrence stockpiling is quicker than EBS volumes, so introduce the base of the working framework on this volume to accelerate server execution.
  • Case stockpiling is a deplored choice for capacity and ought not be utilized.

✅ What’s the best practice for on a level plane scaling an inheritance ASP.NET web application that depends on Active Directory and is at present sent to a solitary Windows EC2 example?

  • Use Sysprep to close down the occasion during an upkeep window. Make an AMI picture and spot the two servers behind Application Load Balancer with tacky meetings.
  • Send off another EC2 with the most recent variant of Windows Server and introduce the application once more. Use Application Load Balancer and tacky meetings to adjust between the two servers.
  • Make a clone of the server utilizing an AMI picture and client Application Load Balancer to adjust the traffic between the two occurrences utilizing tacky meetings.
  • Even scaling isn’t the most ideal practice in the present circumstance. Increment the size of the current EC2 occasion and in an upward direction scale the application.

✅ How does this little segment of a CloudFormation layout respond?

'''yaml
FlowLog:
  Type: AWS::EC2::FlowLog
  Properties:
    DeliverLogsPermissionArn: !GetAtt IamRole.Arn
    LogGroupName: FlowLogsGroup
    ResourceId: !Ref LogVpcId
    ResourceType: VPC
    TrafficType: ALL
'''
  • It composes the VPC network stream logs to the CloudWatch FlowLogsGroup log bunch. You could utilize this to investigate the organization associations of your VPC.
  • It logs all of the organization traffic inside a VPC aside from Instance IDs characterized by LogVpcID and logs it to the CloudWatch FlowLogsGroup log bunch.
  • It logs all the organization traffic going to and from a solitary EC2 case into the CloudWatch FlowLogsGroup log bunch. You could utilize this to examine dubious organization traffic coming into an EC2 case.
  • It logs all of the DNS demands made by assets inside a VPC and logs them to the CloudWatch FlowLogsGroup. Utilize this to analyze DNS query mistakes inside your current circumstance.

✅ You are running Docker holders on ECS. What is the main measurement from screen’s point of view?

  • The running holder count for each help from inside CloudWatch.
  • The occasion strength of each EC2 case in your group from inside CloudWatch.
  • Screen the EC2 administration da
  • The memory consumption of each EC2 instance in your cluster from within CloudWatch.

✅ Application Load Balancer can course traffic to a few different objective gatherings in view of a few circumstances. Which of these utilization cases isn’t upheld by Application Load Balancer?

  • A solicitation with a HTTP header of X-Requested-With: organizing can be steered to an objective gathering for an ECS administration in your arranging climate.
  • Source IPs matching 192.0.2.0/24 on an audience port of 1433 can be directed to an objective gathering for a RDS for SQL Server group.
  • A way of/signup\* can be steered to an objective gathering for a Lambda work that processes new client enlistments.
  • A Http POST inquiry line of ? action=createuser can be directed to an objective gathering for an ECS administration.

✅ How does a VPC respond?

  • makes a cloud-based organization to interconnect a bunch of virtual servers and apparatuses
  • makes a safe passage between two organizations
  • makes a common stockpiling plane for application information to be shared across numerous occurrences.
  • makes a private organization that is totally detached from the public web.

✅ Would you be able to lose the public IP address related with your EC2 case?

  • Indeed, you can lose it in the event that you reboot the occasion.
  • Yes, you can lose it assuming that you pause and begin the case.
  • No, you won’t ever lose the public IP address for your occurrence.
  • Indeed, you can lose it when you alter the occasion properties and delivery the IP address.

✅ Where is the best put to store data set reinforcements on an EC2 occasion that is arranged as a data set server?

  • a S3 can, adjusted with the information base reinforcements by means of a content that calls the AWS CLI
  • EBS volume appended to the occasion
  • occasion connected to the occurrence
  • example stockpiling, with a content that repeats the data set reinforcements to one more case in an alternate accessibility zone.

✅ Which of these is a legitimate limitation on the properties of a VPC?

  • You can have just 10 web entryways for every district on another AWS account.
  • You can have just 10 VPCs per district on another AWS account
  • You can’t make a CIDR block with a netmask bigger than/16
  • You can have just 10 subnets inside a VPC

✅ You have a Linux EC2 occasion that isn’t reacting to solicitations and you can not associate with it through SSH. Utilizing the EC2 console, you gave an order to stop the occurrence, however for the beyond 10 minutes the occasion has been in the “halting” state. What is the following stage you should take?

  • Issue another stop activity through the EC2 console, and pick the choice to powerfully stop the case.
  • Make an AMI picture of the example, and pick the choice to take the picture without restarting the case.
  • Alter the example properties and increment the case size.
  • Contact AWS support. Any further activities could ruin the document framework.

✅ You have 14 on-premise web servers, 4 data set servers, 6 servers utilizing GIS programming, 3 document servers, and 4 improvement servers. What contemplations would it be advisable for you to consider while relocating these servers into AWS?

  • AWS doesn’t have a method for isolating charging for register costs, so you should plan a method for parting the spending plan between divisions.
  • New AWS accounts are restricted to 20 on-request EC2 examples. Present a solicitation to build your rate limits prior to beginning a movement.

✅ As your web application develops and your application observing requirements become more perplexing, which extra log checking administration would it be a good idea for you NOT consider?

  • ELK stack: Elasticsearch, Loggly, and Kibana
  • PRTG
  • New Relic
  • Datadog

✅ You have a T2 EC2 example that is basic to your framework. How might you screen the main measurement for this example?

  • [for Turn on CloudWatch Auto Recovery and set screens on the System Status and Instance Status checks for the occasion to tell you when either is in caution.
  • Use CloudWatch to place screens on the excess CPU credits. Assuming that you run out of CPU credit the example will be halted.

✅ Which component can be utilized to react to an unexpected expansion in web traffic?

  • EC2 Auto Scaling gatherings
  • AWS Shield Advanced
  • RDS Read Replicas
  • these responses

✅ In the event that a bunch of servers are situated inside a private subnet of your VPC, how might you associate those servers to on-preface servers?

  • Lay out an association with AWS Direct Connect.
  • Utilize the AWS Client VPN.
  • Introduce an OpenVPN server on an example that is situated inside the subnet with a flexible IP.
  • All of these choices can lay out an association with a private subnet.

✅ You have a UDP load balancer that is made by an occurrence that is running a NGINX intermediary. Your application execution the executives (APM) arrangement can distinguish disappointments in your heap balancer case and move the Elastic IP to an aloof reserve case. Utilizing the AWS CLI, which content do you program into your APM to move the Elastic IP?

  • A
'''
aws ec2 disassociate-address - - affiliation id eipassoc-2bebb712
aws ec2 partner address - - occurrence id I-8b953 - - assignment id eipalloc-02d021a
'''
  • B
'''
aws ec2 discharge address - - affiliation id eipassoc-2bebb712
aws ec2 appoint address - - occasion id I-8b953 - - designation id eipalloc-02d021a
'''
  • C
'''
aws ec2 stop-cases - - example ids I-8b953
stand by 30
aws ec2 disassociate-address - - affiliation id eipassoc-2bebb712
aws ec2 partner address - - case id I-8b953 - - distribution id eipalloc-02d021a
aws ec2 start-cases - - example ids I-8b953
'''
  • D
'''
aws ec2 discharge address - - affiliation id eipassoc-2bebb712
aws ec2 partner address - - example id I-8b953 - - assignment id eipalloc-02d021a
'''

✅ What administration can have your Docker compartments?

  • Lightsail
  • Flexible Container Service (ECS)
  • Flexible Compute Cloud (EC2)
  • All of these administrations can have a Docker holder.

✅ In the S3 console, under the Access segment, what does the public identification close to the pail name demonstrate?

  • All objects inside this can are doled out community and could be coherent or writable by anybody on the web. Guarantee no delicate information is in effect freely shared inside this container.
  • All objects inside this can are writable, and that implies that the public web can transfer any record straightforwardly to your S3 container. Your S3 pail could be utilized to serve malware.
  • A few articles inside this container are relegated free. Confirm that any openly shared articles inside this pail contain no touchy information.
  • Objects inside this container can be disclosed, assuming the ACL on that article is set to permit everybody access. Private pails don’t permit you to set public consents on any item.

✅ What honor is explicit to the AWS root account, and can’t be allowed to one more IAM client on the record?

  • Deny the AdministratorAccess job or award it to another IAM client.
  • Make another facilitated zone in Route 53.
  • Delete the AWS account.
  • Alter the charging subtleties.

✅ Your application is sending 50,000 messages through SES every day. Since you should keep a low ricochet rate to try not to be placed waiting on the post trial process, what straightforward framework do you draftsman to naturally deal with hard skips?

  • Configure SES to send all bob occasions to a SNS theme. Make a Lambda work that processes each hard bob occasion and naturally signals that record as a bob in your application to forestall further sending endeavors.
  • Design SES to never again ship off email tends to that are on your bob list.
  • Arrange SES to send the logs of all conveyance endeavors through Kinesis Firehose. Process every occasion and search for ricochet types and eliminate these messages from your rundown.
  • Send all messages through SES with a custom answer to header. Arrange SES to tune in for occasions on this email address and banner any email address that answers to this record as a skiped message and eliminate it from your email list.

✅ Your web application is getting a dubious measure of awful demands from unfamiliar IP addresses. Your business is working in a couple of nations and you might want to obstruct some other traffic. What is the best practice for restricting admittance to your web application by country?

  • Use Web Application Firewall and make a geo match condition to drop all demands from nations that aren’t on your permit list.
  • Use Application Load Balancer to make a new steering decide that ganders at source IP address. Add an IP block for the nations that approach.
  • Have the front finish of your site in CloudFront and design a geo limitation on the dissemination.
  • Use CloudTrail to screen the IP locations of the awful demands. Use Lambda to add these IP locations to an Application Load Balancer decide that impedes the IPs.

✅ What is the best practice for keeping up with Windows EC2 occurrences and applying refreshes?

  • Turn on auto update in Windows Update on each EC2 that is sent off, or make your own AMI with this element empowered and send off all of your EC2 examples from this AMI.
  • Make an upkeep plan that a representative should finish up every week affirming a visual examination of each occasion was led and what patches were applied.
  • Use AWS Systems Manager Patch Manager to observe a fix occurrences that require refreshes during a set support window.
  • Introduce Window Server Update Services on your essential Active Directory regulator.

✅ Notwithstanding CloudFormation, you can utilize other arrangement instruments to robotize server development and support. Which apparatus is _not_ a productive decision for the organization of an enormous foundation?

  • Gourmet specialist
  • Ansible
  • Manikin
  • Vagrant

✅ What befalls a SQL Server RDS case assuming that the information bases expansion in size and go over the distributed space?

  • RDS will naturally expand the assigned space by 10% and will send the AWS root account an email with goal steps. Dispense more space to keep away from overage charges.
  • The information base occurrence will report a STORAGE_FULL status and become distant on the off chance that the occasion needs more leftover stockpiling to work. Apportion more space to the case.
  • SQL Server will close all current associations with the data sets and endeavor to contract its log documents to recover extra room.
  • RDS will consequently expand the assigned space by 5% and will keep on allotting new space up to half of the orginal apportioned space. At the point when extra room has increment half, RDS will consequently stop the example to save information trustworthiness.

✅ You have an armada of IoT gadgets that send telemetry to a server-side application gave by your IoT seller to translating an exclusive informing design. The gadgets are provisioned to send telemetry reports to your server through UDP on port 6339. What is the most ideal way scale this server as more Iot gadgets are added to your armada?

  • Utilize a Network Load Balancer to convey the traffic across your servers. Use UDP wellbeing checks to decide whether the server is accessible to get traffic.
  • Use Route 53 with HTTP wellbeing checks. Make an application on the server to report the availability status of the seller gave server programming to Route 53 by means of HTTP.
  • Use Route 53 with UDP wellbeing checks. As you increase, Route 53 wiwll course the traffic to the new servers on the off chance that they pass the wellbeing checks.
  • Use Application Load Balancer to disperse the traffic across your servers.

✅ the outbound guidelines of a security bunch just permit traffic going to 0.0.0.0/0 on TCP Port 22 (SSH) and TCP port 3306 (MySQL). Audit the inbound standards recorded in the picture underneath. What is the main issue to fix with this security bunch setup, for a Ubuntu EC2 occasion going about as a web server?

  • The outbound guidelines block UDP port 53, so the server can not resolve any DNS queries.
  • The outbound standards don’t take into account HTTP traffic to leave the example, so inbound HTTP solicitations won’t come up short on the grounds that the clients will ever get HTTP reactions.
  • The approaching SSH port ought not be available to people in general. Limit SSH to a solitary IP address or IP scope of controlled tended to, or utilize a VPN to get to the VPC for this server.
  • The all approaching TCP ports are uncovered, which abrogates the HTTP and SSH rules and uncovered all TCP ports to the public web.

✅ An EC2 example running a WordPress site continues to get hacked, despite the fact that you have reestablished the server a few times and have fixed WordPress. What AWS administration can help you identify and forestall further assaults?

  • CloudWatch
  • GuardDuty
  • Safeguard
  • Security Advisor

✅ A nontechnical client needs to move a WordPress site to AWS from a private server oversaw by an outsider facilitating organization. Which AWS administration would it be advisable for you to prescribe to move the site to?

  • CloudFront
  • An EC2 occasion sent off from the authority WordPress AMI
  • S3
  • Lightsail

✅ Your organization has on-premise servers with a current on location reinforcement arrangement that additionally reproduces reinforcements to one more grounds on the opposite side of the country with its own nearby reinforcement arrangement. You have been approached to make a third degree of overt repetitiveness by likewise putting away these reinforcements in the cloud. In case of an essential and auxiliary reinforcement disappointment, your manager needs to realize that the cloud reinforcements can be open as quick as conceivable to lessen personal time during the recuperation. What S3 stockpiling class do you suggest for cost and execution?

  • S3 Standard
  • S3 Intelligent-Tiering
  • S3 Glacier
  • S3 One Zone-Infrequent Access

✅ Which enormous information store will allow you to store huge surges of client movement information coming from both web and portable applications?

  • Neptune
  • Aurora
  • RDS for SQL Server
  • Redshift

✅ What choice is best for Auto Scaling your EC2 cases for unsurprising traffic designs?

  • scale in view of a timetable
  • manual scaling
  • scale in view of interest
  • keep up with current levels consistently

✅ You are relocating an on-premise RabbitMQ group into AWS. Which relocation way would it be advisable for you to decide for simplicity of both upkeep and arrangement?

  • Change the pieces of your application that utilization RabbitMQ to utilize SQS.
  • Send off a RabbitMQ bunch with EC2 cases utilizing an upheld AMI.
  • Change the pieces of your application that utilization RabbitMQ to utilize Kinesis.
  • Rewrite the pieces of your application that utilization RabbitMQ to utilize Amazon MQ.

✅ While making another RDS occurrence, how does the Multi-AZ choice respond?

  • duplicates reinforcements of your information base to S3 and makes them accessible across areas to forestall against any information misfortune
  • makes a second inactive information base occurrence inside the very area that will turn into the essential data set during a failover
  • makes an exceptionally accessible data set group that will have your data set bunch in something like two districts
  • makes one more information base occasion in one more district and keeps a hot reserve dynamic to failover to during provincial disappointments

✅ What is the best EC2 occasion class for a server that ceaselessly has a weighty CPU load?

  • C5
  • T2
  • R5
  • H1

✅ Your application execution the board (APM) framework can peruse the situation with your CloudWatch screens and perform prearranged activities. Whenever the CloudWatch metric StatusCheckFailed enters a bombed express (a worth of 1), you would like your APM to consequently fix the example. Which content do you utilize?

  • . A

”’

aws ec2 stop-cases – – case ids I-0b263919b6498b123

aws ec2 start-occasions – – case ids I-0b263919b6498b123

”’

  • . B

”’

aws ec2 reboot-occasions – – case ids I-0b263919b6498b123

”’

  • . C

”’

aws ec2 reboot-examples – – case ids I-0b263919b6498b123

standby 30

aws ec2 start-example – – case ids I-0b263919b6498b123

”’

  • . D

”’

aws ec2 reboot-examples – – case ids I-0b263919b6498b123

aws ec2 start-examples – – case ids I-0b263919b6498b123

”’

✅ What’s going on with the third approaching security bunch rule, which permits all traffic from sg-269afc5e to go to a Ubuntu EC2 case designed as a web server?

  • All traffic on all ports is being denied into this case, which overwrites the HTTP rule and makes it excess.
  • The occasion was sent off with the default security bunch, however it is absolutely impossible for a director to SSH into the case. Add another standard that takes into consideration SSH access from a got source, for example, a solitary IP or a scope of overseen IP addresses.
  • Nothing bad can really be said about this security bunch rule. Expecting that sg-269afc5e is applied to different assets that are appropriately gotten, this standard permits all traffic to go through that is additionally appointed securitybunch sg-269afc5e.
  • ?> All traffic on all ports are permitted into this occurrence. This opens the occurrence to all open web traffic and overwrites the approaching HTTP rule.

✅ You have a VPC that has a public and private subnet. There is a NAT door in the public subnet that permits occasions in the private subnet to get to the web without having public openness outside of the VPC. What should the directing tables be for the private subnet?

  • . A

”’

Objective 1: 10.0.0.0/16, Target 1: neighborhood;

Objective 2: 0.0.0.0/0, Target 2: nat-09b4832

”’

  • . B

”’

Objective 1: 10.0.0.0/24, Target 1: neighborhood;

Objective 2: 0.0.0.0/0, Target 2: igw-b2ff47d6

”’

  • . C

”’

Objective 1: 10.0.0.0/24, Target 1: subnet-1948ba2;

Objective 2: 0.0.0.0/0, Target 2: nat-09b4832

”’

  • . D

”’

Objective 1: 10.0.0.0/16, Target 1: vpc-12bd09ac2;

Objective 2: 0.0.0.0/0, Target 2: igw-b2ff47d6

✅ To conform to reviewing necessities of some consistence guidelines, which AWS device can be empowered to keep a review log of access and changes to your AWS framework?

  • CloudTrail
  • CloudWatch
  • AWS Audit and Compliance Tool
  • GuardDuty

✅ You have an application that creates long-running reports, stores them in a S3 container, and afterward messages the client who mentioned the report with a connection to download it. What is the best practice for putting away the report information in S3?

  • Make a public S3 can. Whenever your application makes the report object in S3, produce two arbitrarily created long envelope names and spot the document inside the most unfathomable subfolder. Set the maintenance strategy on the item to one hour and email this connect to the client. The connection will be dynamic for 60 minutes.
  • Make a public S3 can. Utilize a hash of the client’s email address and the date and time the report was mentioned to create a extraordinary article name. Email this connect to the client and have a booked undertaking run inside your application to eliminate objects that are more established than seven days.
  • Create a private S3 pail. The connection in the email should accept the client to your application, where you can confirm the dynamic client meeting or power the client to sign in. Subsequent to confirming the client has freedoms to get to this record, have the application recover the article from S3 and return it in the HTTP reaction. Erase the document from the S3 container after the solicitation is finished.
  • Make a private S3 pail. The connection in the email should accept the client to your application, where you can confirm the dynamic client meeting or power the client to sign in. Set the report object in S3 to public. Show the client a “Download” button in the program that connections to the public article.

✅ While sending a huge volume of email through SES, what is the main arrangement of measurements to screen?

  • your objection and skip rates
  • opens and snaps
  • snaps and conveyances
  • sending volume throughout the course of recent minutes and more than one day to look for charging spikes

✅ You will have an application that utilizes a MySQL information base. Which data set would it be a good idea for you select to make due scaling or information base organization errands?

  • Send off an AMI picture from the commercial center containing a preconfigured MySQL server.
  • Aurora
  • RDS for MySQL
  • Redshift

✅ A structure in web application is sending join information to “http://example.com/information exchange/new?source=web” and this information should be dealt with by an ECS administration behind Application Load Balancer (ALB). Which ALB rule will course this ask for?

  • A
'''

On the off chance that (all match)

    Way is/signup*

    Question string is signup:new

Then, at that point,

    Forward to ecs-cluse-administration <there is a mistake - yes!

'''
  • B
'''

IF (all match)

    Way is/sign/new/and

    Question demand technique is POST

Then, at that point,

    Forward to ecs-cluse-administration

'''
  • C …One more with POST
  • D …Only one with Get

✅ Which AWS administration can have the web application server for a WordPress webpage?

  • S3
  • Elastic BeanStalk
  • ElasticCache
  • CloudFront

✅ What does the accompanying AWS CLI ‘make administration’ order for ECS do?

'''
aws ecs make administration \
 --bunch creation \
 --administration name rest-programming interface \
 --task-definition rest-api:1 \
 --wanted count 2 \
 --send off type "FARGATE" \
 --network-setup \
 "awsvpcConfiguration={subnets=[subnet-0b29129ab],securityGroups=[sg-0b29129ab]}"
'''
  • changes the security gatherings of the running **rest-api** task
  • makes a bunch called **production** and dispatches two holders into Fargate with the **rest-api** task definition
  • dispatches two compartments onto Fargate into the current **production** bunch utilizing the **rest-api** task definition
  • for an assistance definition for the **rest-api** task; set two holders on the creation bunch when sent off **ecs-cli** up order

✅ You need to make your public API rapidly open from all locales. What is the most ideal way to do this?

  • Make a solitary API entryway endpoint in a focal area.
  • Make a private API entryway endpoint for every area.
  • Make a provincial API entryway endpoint for every area.
  • Create edge-upgraded API entryway endpoints and convey them to a CloudFront organization.

✅ What kind of information arrangement would it be advisable for you to use for information coming from nonrelational and social information from IoT gadgets, sites, versatile applications, and so on?

  • Amazon DynamoDB
  • AWS Lake Formation
  • Amazon Redshift
  • Amazon Aurora

✅ You have an examination suite that produces reports about the utilization examples of your web application. Subsequent to finishing your movement to AWS and utilizing Application Load Balancer to adjust the heap across your web application, your showcasing division saw that area put together reports with respect to the web traffic just show traffic beginning from a solitary area. What is the issue?

  • Utilize a Classic Load Balancer, not Application Load Balancer.
  • Application Load Balancer doesn’t safeguard the first source IP address. The examination programming should be arranged to take a gander at the ‘X-Forwarded-For’ HTTP demand header for the right source IP address.
  • Application Load Balencer must be arranged to hold the source IP address of the traffic it is sending. Make an arrangement that empowers ProxyProtocol support and join it to the ALB utilizing the AWS CLI.
  • Arrange the web server EC2 occasions to just have private IP addresses. The public IP locations of the occasions are being recorded into the web server logs, bug just ALB ought to have a public connection point and it will course traffic to examples through the private point of interaction.

✅ What isn’t a default client of a typical Linux occasion sent off from an AMI?

  • ubuntu
  • framework client
  • ec2-client
  • administrator

✅ You have repeated the foundation that serves the backend API for your web application across districts to all the more likely serve your clients in the US and the EU. What is the most effective way to coordinate your web application at the closest server farm?

  • Use Route 53 with geolocation queries to coordinate traffic between the two districts.
  • Make a WAF redirection decide that sidetracks traffic at the EU server farm assuming the source IP comes from specific nations.
  • Buy a country area expansion and direct your clients to the right site, for example, example.com and example.co
  • . Have your front-end application test the idleness between every server farm and utilize the server farm that is reacting the quickest.

✅ You have as of late sent off your new web item and are anticipating 1.000 new clients every month. In any case, you have quite recently gotten word from the CEO that your item will be included at an impending meeting covered by a few news sources, and this could prompt 20,000 new clients throughout the following week. How would you anticipate an abrupt expansion in rush hour gridlock?

  • Repeat your framework across two districts. You will solidify the application to a territorial disappointment and you will twofold your ability.
  • Take an AMI picture of a front-end server to save your setup and afterward add more servers to your group pror to the meeting. Eliminate the servers from the bunch after the spike from the meeting.
  • Test to decide your throughput and the number of clients you can uphold. Foster a scaling plan for your front end, microservices, and data set in light of CloudWatch measurements that line up with the tried bottlenecks.
  • Use Auto Scaling gatherings to make more front-end servers when the CloudWatch measurements for CPU utilization on a solitary example transcend 80% for five minutes.

✅ How would you associate through SSH to a Linux EC2 occurrence with an EBS volume assuming you lost your key pair?

  • Stop the example and make an AMI picture. Send off the picture utilizing another key pair.
  • Contact AWS support. A help expert can remotely reestablish admittance to your example and send you another key pair.
  • You can not associate with this EC2 occasion. The key pair is shown just one time. Assuming you lose it, you have lost all admittance to this occurrence. Interface the EBS volume to one more occasion to recuperate your records.
  • Append the EBS volume to a transitory case sent off with another key pair, and overwrite ~/.ssh.authorized_keys utilizing a similar document from the new case.

✅ Your on-premise server farm (172.16.128.0/24) is now associated with your AWS VPC (10.0.0.0/16) by a client passage. You wish to associate another server farm for an organization you recently gained (172.16.130.0/24) to your VPC as displayed in the picture. What is the most effective way to make this connection?

  • Lay out an association between your two server farms and interface the subsequent server farm to the first through a private passage. Traffic will move from the subsequent server farm and afterward through the main information, and afterward into AWS.
  • Make a second client passage and design your VPN client at your subsequent server farm to interface with the virtual private door.
  • Create a second virtual private entryway (VPG) and join it to the VPC. Make a client passage for the new virtual private entryway and utilize your VPN client at your subsequent server farm to lay out an association with the VPG.
  • You can not have more than one client door for each VPC, so the proposed arrangement won’t work. Make a second VPC with a virtual private passage and a client entryway. Span the two VPCs utilizing VPC looking.