SOA-C01 : AWS-SysOps : Part 16
-
A user has enabled termination protection on an EC2 instance. The user has also set Instance initiated shutdown behavior to terminate. When the user shuts down the instance from the OS, what will happen?
- The OS will shutdown but the instance will not be terminated due to protection
- It will terminate the instance
- It will not allow the user to shutdown the instance from the OS
- It is not possible to set the termination protection when an Instance initiated shutdown is set to Terminate
Explanation:
It is always possible that someone can terminate an EC2 instance using the Amazon EC2 console, command line interface or API by mistake. If the admin wants to prevent the instance from being accidentally terminated, he can enable termination protection for that instance. The user can also setup shutdown behavior for an EBS backed instance to guide the instance on what should be done when he initiates shutdown from the OS using Instance initiated shutdown behavior. If the instance initiated behavior is set to terminate and the user shuts off the OS even though termination protection is enabled, it will still terminate the instance. -
A user has deployed an application on an EBS backed EC2 instance. For a better performance of application, it requires dedicated EC2 to EBS traffic. How can the user achieve this?
- Launch the EC2 instance as EBS dedicated with PIOPS EBS
- Launch the EC2 instance as EBS enhanced with PIOPS EBS
- Launch the EC2 instance as EBS dedicated with PIOPS EBS
- Launch the EC2 instance as EBS optimized with PIOPS EBS
Explanation:
Any application which has performance sensitive workloads and requires minimal variability with dedicated EC2 to EBS traffic should use provisioned IOPS EBS volumes, which are attached to an EBS-optimized EC2 instance or it should use an instance with 10 Gigabit network connectivity. Launching an instance that is EBS optimized provides the user with a dedicated connection between the EC2 instance and the EBS volume. -
A user has launched a Windows based EC2 instance. However, the instance has some issues and the user wants to check the log. When the user checks the Instance console output from the AWS console, what will it display?
- All the event logs since instance boot
- The last 10 system event log error
- The Windows instance does not support the console output
- The last three system events’ log errors
Explanation:
The AWS EC2 console provides a useful tool called Console output for problem diagnosis. It is useful to find out any kernel issues, termination reasons or service configuration issues. For a Windows instance it lists the last three system event log errors. For Linux it displays the exact console output. -
Which of the following statements about this S3 bucket policy is true?
- Denies the server with the IP address 192.166 100.0 full access to the “mybucket” bucket
- Denies the server with the IP address 192.166 100.188 full access to the “mybucket bucket
- Grants all the servers within the 192 168 100 0/24 subnet full access to the “mybucket” bucket
- Grants all the servers within the 192 168 100 188/32 subnet full access to the “mybucket” bucket
-
Which services allow the customer to retain run administrative privileges or the underlying EC2 instances? (Choose two.)
- AWS Elastic Beanstalk
- Amazon Elastic Map Reduce
- Elastic Load Balancing
- Amazon Relational Database Service
- Amazon Elastic Cache
-
When an EC2 instance mat is backed by an S3-Based AMI is terminated, what happens to the data on the root volume?
- Data is automatically deleted
- Data is automatically saved as an EBS snapshot.
- Data is unavailable until the instance is restarted
- Data is automatically saved as an EBS volume.
-
How can you secure data at rest on an EBS volume?
- Encrypt the volume using the S3 server-side encryption service.
- Attach the volume to an instance using EC2’s SSL interface.
- Create an IAM policy that restricts read and write access to the volume.
- Write the data randomly instead of sequentially.
- Use an encrypted file system m top of the EBS volume.
-
In order to optimize performance for a compute cluster that requires low inter-node latency, which feature in the following list should you use?
- AWS Direct Connect
- Placement Groups
- VPC private subnets
- EC2 Dedicated Instances
- Multiple Availability Zones
Explanation:A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gigabits per second (Gbps) network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking.
-
Amazon EBS snapshots have which of the following two characteristics? (Choose two.)
- EBS snapshots only save incremental changes from snapshot to snapshot
- EBS snapshots can be created in real-time without stopping an EC2 instance
- EBS snapshots can only be restored to an EBS volume of the same size or smaller
- EBS snapshots can only be restored and mounted to an instance in the same Availability Zone as the original EBS volume
-
You have a proprietary data store on-premises that must be backed up daily by dumping the data store contents to a single compressed 50GB file and sending the file to AWS. Your SLAs state that any dump file backed up within the past 7 days can be retrieved within 2 hours. Your compliance department has stated that all data must be held indefinitely. The time required to restore the data store from a backup is approximately 1 hour. Your on-premise network connection is capable of sustaining 1gbps to AWS.
Which backup methods to AWS would be most cost-effective while still meeting all of your requirements?
- Send the daily backup files to Glacier immediately after being generated
- Transfer the daily backup files to an EBS volume in AWS and take daily snapshots of the volume
- Transfer the daily backup files to S3 and use appropriate bucket lifecycle policies to send to Glacier
- Host the backup files on a Storage Gateway with Gateway-Cached Volumes and take daily snapshots
Explanation:
Because in the stored volume mode, you are storing data locally, the binary-compressed format is already available, and the bandwidth of your AWS connection meets the 7days/2hour SLA. -
You run a web application with the following components Elastic Load Balancer (EL8), 3 Web/Application servers, 1 MySQL RDS database with read replicas, and Amazon Simple Storage Service (Amazon S3) for static content. Average response time for users is increasing slowly.
What three CloudWatch RDS metrics will allow you to identify if the database is the bottleneck? (Choose three.)
- The number of outstanding IOs waiting to access the disk.
- The amount of write latency.
- The amount of disk space occupied by binary logs on the master.
- The amount of time a Read Replica DB Instance lags behind the source DB Instance
- The average number of disk I/O operations per second.
-
Which method can be used to prevent an IP address block from accessing public objects in an S3 bucket?
- Create a bucket policy and apply it to the bucket
- Create a NACL and attach it to the VPC of the bucket
- Create an ACL and apply it to all objects in the bucket
- Modify the IAM policies of any users that would access the bucket
-
Your organization is preparing for a security assessment of your use of AWS.
In preparation for this assessment, which two IAM best practices should you consider implementing? (Choose two.)
- Create individual IAM users for everyone in your organization
- Configure MFA on the root account and for privileged IAM users
- Assign IAM users and groups configured with policies granting least privilege access
- Ensure all users have been assigned and are frequently rotating a password, access ID/secret key, and X.509 certificate
-
Your business is building a new application that will store its entire customer database on a RDS MySQL database, and will have various applications and users that will query that data for different purposes.
Large analytics jobs on the database are likely to cause other applications to not be able to get the query results they need to, before time out. Also, as your data grows, these analytics jobs will start to take more time, increasing the negative effect on the other applications.
How do you solve the contention issues between these different workloads on the same data?
- Enable Multi-AZ mode on the RDS instance
- Use ElastiCache to offload the analytics job data
- Create RDS Read-Replicas for the analytics work
- Run the RDS instance on the largest size possible
-
What would happen to an RDS (Relational Database Service) multi-Availability Zone deployment if the primary DB instance fails?
- The IP of the primary DB Instance is switched to the standby DB Instance.
- A new DB instance is created in the standby availability zone.
- The canonical name record (CNAME) is changed from primary to standby.
- The RDS (Relational Database Service) DB instance reboots.
Explanation:
Failover Process for Amazon RDS:
In the event of a planned or unplanned outage of your DB instance, Amazon RDS automatically switches to a standby replica in another Availability Zone if you have enabled Multi-AZ. The time it takes for the failover to complete depends on the database activity and other conditions at the time the primary DB instance became unavailable.
The failover mechanism automatically changes the DNS record of the DB instance to point to the standby DB instance. As a result, you will need to re-establish any existing connections to your DB instance. -
When you put objects in Amazon S3, what is the indication that an object was successfully stored?
- Each S3 account has a special bucket named_s3_logs. Success codes are written to this bucket with a timestamp and checksum.
- A success code is inserted into the S3 object metadata.
- A HTTP 200 result code and MD5 checksum, taken together, indicate that the operation was successful.
- Amazon S3 is engineered for 99.999999999% durability. Therefore, there is no need to confirm that data was inserted.
Explanation:
There are two opportunities for a copy request to return an error. One can occur when Amazon S3 receives the copy request and the other can occur while Amazon S3 is copying the files. If the error occurs before the copy operation starts, you receive a standard Amazon S3 error. If the error occurs during the copy operation, the error response is embedded in the 200 OK response. This means that a 200 OK response can contain either a success or an error. Make sure to design your application to parse the contents of the response and handle it appropriately.
If the copy is successful, you receive a response that contains the information about the copied object. -
How can an EBS volume that is currently attached to an EC2 instance be migrated from one Availability Zone to another?
- Simply create a new volume in the other AZ and specify the original volume as the source.
- Detach the volume, then use the ec2-migrate-volume command to move it to another AZ.
- Create a snapshot of the volume, and create a new volume from the snapshot in the other AZ.
- Detach the volume and attach it to another EC2 instance in the other AZ.
-
You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from pre-defined customer IP addresses.
Which two options meet this security requirement? (Choose two.)
- Configure web server VPC security groups to allow traffic from your customers’ IPs
- Configure your web servers to filter traffic based on the ELB’s “X-forwarded-for” header
- Configure ELB security groups to allow traffic from your customers’ IPs and deny all outbound traffic
- Configure a VPC NACL to allow web traffic from your customers’ IPs and deny all outbound traffic
-
How can software determine the public and private IP addresses of the Amazon EC2 instance that it is running on?
- Query the local instance metadata.
- Query the appropriate Amazon CloudWatch metric.
- Query the local instance userdata.
- Use ipconfig or ifconfig command.
-
The compliance department within your multi-national organization requires that all data for your customers that reside in the European Union (EU) must not leave the EU and also data for customers that reside in the US must not leave the US without explicit authorization.
What must you do to comply with this requirement for a web based profile management application running on EC2?
- Run EC2 instances in multiple AWS Availability Zones in single Region and leverage an Elastic Load Balancer with session stickiness to route traffic to the appropriate zone to create their profile
- Run EC2 instances in multiple Regions and leverage Route 53’s Latency Based Routing capabilities to route traffic to the appropriate region to create their profile
- Run EC2 instances in multiple Regions and leverage a third party data provider to determine if a user needs to be redirect to the appropriate region to create their profile
- Run EC2 instances in multiple AWS Availability Zones in a single Region and leverage a third party data provider to determine if a user needs to be redirect to the appropriate zone to create their profile
Subscribe
0 Comments
Newest