SOA-C01 : AWS-SysOps : ​​​​​Part 02

SOA-C01 : AWS-SysOps ​​​​​: Part 02

1. Your entire AWS infrastructure lives inside of one Amazon VPC. You have an Infrastructure monitoring application running on an Amazon instance in Availability Zone (AZ) A of the region, and another application instance running in AZ B. The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application.

   Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else? If so how?

   • No, two instances in two different AZ’s can’t talk directly to each other via ICMP ping as that protocol is not allowed across subnet (iebroadcast) boundaries
   • Yes, both the monitoring instance and the application instance have to be a part of the same security group, and that security group needs to allow inbound ICMP
   • Yes, the security group for the monitoring instance needs to allow outbound ICMP and the application instance’s security group needs to allow Inbound ICMP
   • Yes, both the monitoring instance’s security group and the application instance’s security group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connection-oriented protocol

2. You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets. One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly.

   Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside the VPC? (Choose two.)

   • A network ACL that allows communication between the two subnets.
   • Both instances are the same instance class and using the same Key-pair.
   • That the default route is set to a NAT instance or internet Gateway (IGW) for them to communicate.
   • Security groups are set to allow the application host to talk to the database on the right port/protocol.

3. Which services allow the customer to retain full administrative privileges of the underlying EC2 instances? (Choose two.)

   • Amazon Elastic Map Reduce
   • Elastic Load Balancing
   • AWS Elastic Beanstalk
   • Amazon Elasticache
   • Amazon Relational Database service

4. You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2 8xlarge EC2 instance inside of a VPC The instance when under load is having problems returning requests within the SLA as defined by your business The application maintains its state in a DynamoDB table, but the data tier is properly provisioned and responses are consistently fast.

   How can you best resolve the issue of the application responses not meeting your SLA?

   • Add another cc2 8xlarge application instance, and put both behind an Elastic Load Balancer
   • Move the cc2 8xlarge to the same Availability Zone as the DynamoDB table
   • Cache the database responses in ElastiCache for more rapid access
   • Move the database from DynamoDB to RDS MySQL in scale-out read-replica configuration

5. You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration.

   Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? (Choose two.)

   • Create an ELB to reroute traffic to a failover instance
   • Create a secondary ENI that can be moved to a failover instance
   • Use Route53 health checks to fail traffic over to a failover instance
   • Assign a secondary private IP address to the primary ENIO that can be moved to a failover instance

6. You are designing a system that has a Bastion host. This component needs to be highly available without human intervention.

   Which of the following approaches would you select?

   • Run the bastion on two instances one in each AZ
   • Run the bastion on an active Instance in one AZ and have an AMI ready to boot up in the event of failure
   • Configure the bastion instance in an Auto Scaling group. Specify the Auto Scaling group to include multiple AZs but have a min-size of 1 and max-size of 1
   • Configure an ELB in front of the bastion instance

7. Which of the following statements about this S3 bucket policy is true?

   

    

   • Denies the server with the IP address 192 168 100 0 full access to the “mybucket” bucket
   • Denies the server with the IP address 192 168 100 188 full access to the “mybucket” bucket
   • Grants all the servers within the 192 168 100 0/24 subnet full access to the “mybucket” bucket
   • Grants all the servers within the 192 168 100 188/32 subnet full access to the “mybucket” bucket

8. Which of the following requires a custom CloudWatch metric to monitor?

   • Data transfer of an EC2 instance
   • Disk usage activity of an EC2 instance
   • Memory Utilization of an EC2 instance
   • CPU Utilization of an EC2 instance

9. You run a web application where web servers on EC2 Instances are in an Auto Scaling group. Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum load During the day up to 12 servers are needed five to six days per year, the number of web servers required might go up to 15.

   What would you recommend to minimize costs while being able to provide hill availability?

   • 6 Reserved instances (heavy utilization).
     6 Reserved instances {medium utilization), rest covered by On-Demand instances
   • 6 Reserved instances (heavy utilization).
     6 On-Demand instances, rest covered by Spot Instances
   • 6 Reserved instances (heavy utilization)
     6 Spot instances, rest covered by On-Demand instances
   • 6 Reserved instances (heavy utilization)
     6 Reserved instances (medium utilization) rest covered by Spot instances

10. You have been asked to propose a multi-region deployment of a web-facing application where a controlled portion of your traffic is being processed by an alternate region.

    Which configuration would achieve that goal?

    • Route53 record sets with weighted routing policy
    • Route53 record sets with latency based routing policy
    • Auto Scaling with scheduled scaling actions set
    • Elastic Load Balancing with health checks enabled

11. You have set up Individual AWS accounts for each project. You have been asked to make sure your AWS Infrastructure costs do not exceed the budget set per project for each month.

    Which of the following approaches can help ensure that you do not exceed the budget each month?

    • Consolidate your accounts so you have a single bill for all accounts and projects
    • Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account
    • Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project.
    • Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend

12. When creation of an EBS snapshot Is initiated but not completed the EBS volume?

    • Cannot De detached or attached to an EC2 instance until me snapshot completes
    • Can be used in read-only mode while me snapshot is in progress
    • Can be used while me snapshot Is in progress
    • Cannot be used until the snapshot completes

13. You are using ElastiCache Memcached to store session state and cache database queries in your infrastructure. You notice in CloudWatch that Evictions and GetMisses are Doth very high.

    What two actions could you take to rectify this? (Choose two.)

    • Increase the number of nodes in your cluster
    • Tweak the max_item_size parameter
    • Shrink the number of nodes in your cluster
    • Increase the size of the nodes in the duster

14. You are running a database on an EC2 instance, with the data stored on Elastic Block Store (EBS) for persistence. At times throughout the day, you are seeing large variance in the response times of the database queries Looking into the instance with the isolate command you see a lot of wait time on the disk volume that the database’s data is stored on.

    What two ways can you improve the performance of the database’s storage while maintaining the current persistence of the data? (Choose two.)

    • Move to an SSD backed instance
    • Move the database to an EBS-Optimized Instance
    • T Use Provisioned IOPs EBS
    • Use the ephemeral storage on an m2 4xiarge Instance Instead

15. Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application -level read only requests of various application components and if any of those fail more than three times 30 seconds calls CloudWatch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem. However, you also need to watch the watcher -the monitoring instance itself – and be notified if it becomes unhealthy.

    Which of the following is a simple way to achieve that goal?

    • Run another monitoring instance that pings the monitoring instance and fires a could watch alarm mat notifies your operations team should the primary monitoring instance become unhealthy.
    • Set a CloudWatch alarm based on EC2 system and instance status checks and have the alarm notify your operations team of any detected problem with the monitoring instance.
    • Set a CloudWatch alarm based on the CPU utilization of the monitoring instance and have the alarm notify your operations team if C r the CPU usage exceeds 50% few more than one minute: then have your monitoring application go into a CPU-bound loop should it Detect any application problems.
    • Have the monitoring instances post messages to an SOS queue and then dequeue those messages on another instance should the queue cease to have new messages, the second instance should first terminate the original monitoring instance start another backup monitoring instance and assume (he role of the previous monitoring instance and beginning adding messages to the SQSqueue.

16. You have decided to change the Instance type for instances running in your application tier that are using Auto Scaling.

    In which area below would you change the instance type definition?

    • Auto Scaling launch configuration
    • Auto Scaling group
    • Auto Scaling policy
    • Auto Scaling tags

17. You are attempting to connect to an instance in Amazon VPC without success. You have already verified that the VPC has an Internet Gateway (IGW) the instance has an associated Elastic IP (EIP) and correct security group rules are in place.

    Which VPC component should you evaluate next?

    • The configuration of a NAT instance
    • The configuration of the Routing Table
    • The configuration of the internet Gateway (IGW)
    • The configuration of SRC/DST checking

18. You are tasked with the migration of a highly trafficked Node JS application to AWS in order to comply with organizational standards Chef recipes must be used to configure the application servers that host this application and to support application lifecycle events.

    Which deployment option meets these requirements while minimizing administrative burden?

    • Create a new stack within Opsworks add the appropriate layers to the stack and deploy the application
    • Create a new application within Elastic Beanstalk and deploy this application to a new environment
    • Launch a Mode JS server from a community AMI and manually deploy the application to the launched EC2 instance
    • Launch and configure Chef Server on an EC2 instance and leverage the AWS CLI to launch application servers and configure those instances using Chef.

19. You have been asked to automate many routine systems administrator backup and recovery activities. Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest with the AWS CLI and scripts.

    Which task would be best accomplished with a script?

    • Creating daily EBS snapshots with a monthly rotation of snapshots
    • Creating daily RDS snapshots with a monthly rotation of snapshots
    • Automatically detect and stop unused or underutilized EC2 instances
    • Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer

20. Your organization’s security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password.

    Which two of the following options would allow an organization to enforce this policy for AWS users? (Choose two.)

    • Configure multi-factor authentication for privileged 1AM users
    • Create 1AM users for privileged accounts
    • Implement identity federation between your organization’s Identity provider leveraging the 1AM Security Token Service
    • Enable the 1AM single-use password policy option for privileged users