AWS Certified SysOps Administrator – Associate Level Objective’s

 

1) Which of the following metrics do not get automatically reported to Amazon CloudWatch from Amazon EC2? (Choose 3)
The amount of memory being used, The amount of swap space used, How much disk space is available

Explanation
http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/mon-scripts.html

2) What are the two different kinds of status checks when it comes to Amazon EC2 instances?
System status check and Instance status check

Explanation
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-system-instance-status-check.html

3) What best describes burstable performance for t2.micro instances?
Burstable performance gives you a baseline performance and CPU credits that allow you to burst above this baseline if needed.

Explanation
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/t2-instances.html#t2-instances-cpu-credits

4) You currently have Nginx webservers on EC2 instances which receive requests from your ELB. Those Nginx webservers return results from your PHP application. This application connects to an RDS database instance to read and write data. However, a few months ago, you realized that ElastiCache with the Redis caching engine could reduce the load on your RDS database by caching some of the popular data. Fast-forward to today, and your ElastiCache Redis cluster is under a lot of load and needs to scale. Which of these is the best way to scale your cluster?
If the load is read-heavy, scale by adding read replicas to your cache cluster. If the load is write-heavy, scale vertically by increasing the node size.

Explanation
The Redis engine in ElastiCache does not support scaling horizontally for write-heavy workloads because data is not partitioned across nodes (unlike Memcached). All of the data needs to fit in the master node. However, we can add read replicas to our cluster in order to scale for read-heavy workloads. http://docs.aws.amazon.com/AmazonElastiCache/latest/UserGuide/Scaling.RedisStandalone.html

5) Which of these are true when it comes to the differences between EBS-backed storage and SSD-backed instance store?
SSD-backed instance store is usually faster because it is physically attached to the host computer, while EBS volumes transfer data over the network which adds latency., SSD-backed instance store is ephemeral while EBS-backed storage is persistent.

Explanation
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/InstanceStorage.html http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ssd-instance-store.html

1) You’ve created a CloudWatch alarm to monitor ElastiCache evictions. The CloudWatch alarm begins to alert you that the number of evictions has surpassed your applications requirements. How might you go about resolving the high eviction amount issue?
Increaseing the size of the ElastiCache instance, Adding another node to the ElastiCache cluster

Explanation
Increased evictions generally means there is a low amount of free memory in order to cache new information. Evictions mean that the caching engine must remove old data to make room for new data. In order to resolve this issue you will need to increase capacity or add nodes to the caching cluster.

2) One of your instances is not responding. After investigation you see that the instance system status checks indicates a problem. What would be the best method for attempting to fix a failing system status check?
Stop and then start the instance so it can be launched on a new host

Explanation
The best way to resolve system check failure issues is to stop the instance and start it. By stopping and starting the instance, the instance will most likely be launched on a different physical host. Since system failures are related to the physical host then this is the best method for resolving the failure. Just rebooting the instance will not cause the instance to be launched on a different host.

3) AWS Allows billing metrics across all consolidated billing accounts from the payer account.
True

4) You’ve been tasked with optimizing costs in your companies AWS environment. After logging in, you discover that there are 3 unused elastic IP addresses, 6 RDS instances that have not had a DB connection for over 7 days, 5 instances that are running at an average CPU utilization of < 5% and one EC2 instance running at 80% utilization. Your company has not purchased any reserved instances but is highly concerned over AWS costs. As a SysOps administrator you know that you can easily help reduce costs and make the company happy again, select all of the statements below that you might do in order to optimize costs quickly.
Remove all unassigned Elastic IP addresses and create snapshots of all unused EBS volumes and terminate the volumes, Reduce instance size for underutilized instances or combined the instances and terminate the unused, Create a snapshot of RDS instances that have had 0 DB connections after 7 days and terminate the RDS instances

Explanation
Cost optimization includes the process of terminating or stopping unused resources such as idle Elastic Load Balancers that do not have any backing instances, removing unassociated Elastic IP Addresses, resizing instances, and purchasing reserved instances. There are many more ways of optimizing costs; please review the link video.

 

5) In order to monitor operating system-level metrics such as disk usage, swap usage, and memory usage, you must install EC2 monitoring scripts. These scripts put custom metric data into Amazon CloudWatch. What do you need to do in order to give the instance permissions to put those custom metrics in CloudWatch?
Assign a role to the EC2 instance which will be sending custom metrics to CloudWatch

Explanation
The question asks what permissions are required to give the “instance” permissions to put metric data on CloudWatch. In order for an instance to have this permission, you would need to assign a role to the EC2 instance. The role needs to have permissions to “put” data on Amazon CloudWatch. The answer “Create a user with access keys and secret access keys for the script to put the custom metrics onto CloudWatch” will allow the script to communicate with CloudWatch and put custom metrics. However, the question specifically asks for instance permissions, and best practice recommends using roles with instances instead of access keys.

1) Your organization is running an application on EC2 instances which transfers large amounts of data to their respective EBS volumes. You’ve noticed that the data being transferred from some instances is exceeding bandwidth capacity which is causing performance issues. Which of these solutions would help the most?

Change the instance size and type. Bandwidth capacity is dependent upon the instance size and the instance type., Change to an EBS-optimized instance type and enable EBS Optimization if it is not already enabled.

2) You just joined an established company and are in charge of finding ways to optimize costs without compromising performance or causing downtime. You notice that the company is using Auto Scaling to keep a minimum amount of instances running at all times, while also providing the possibility to add more instances if the ELB latency metric increases over a period of 1 minute. At that point, the Auto Scaling group will add 2 more instances in order to ensure that there are plenty of extra resources to handle more load. This is great, but it is not optimized for cost yet. What can you do to reduce costs without losing elasticity or causing downtime?

Purchase reserved instances for the minimum amount of instances and then use on-demand instances for instances launched by Auto Scaling beyond the minimum requirement.

Explanation
This is the best option to both meet the requirements (elasticity and no downtime) and also to lower costs over time.

3) Your current application architecture is not scalable. You’re running one large EC2 instance for your application, webserver, and database. Whenever that instance has an issue or receives more traffic than it can handle, your users are unable to access your e-commerce platform, which is costing thousands of dollars each time there is an outage. So, to solve this, you break apart the database and setup Amazon RDS. You then configure Auto Scaling for your backend instances with an Elastic Load Balancer to distribute the load, and you soon realize that users are constantly losing their sessions and shopping cart information while browsing your e-commerce website. What is causing this issue and how can you solve the problem?

You realize that each time a page loads (and a request is sent), the ELB sends the request to a different backend instance, and since sessions are stored on each instance, the user gets logged out and loses their session. You fix the issue by storing the session information in ElastiCache since this gives us a central location for the application to get and set sessions.

Explanation
Setting this up with ElastiCache is the best option, because that way we can still spread the load evenly across backend instances without losing session data, and we also don’t put a lot more load on our RDS database. Storing session data and retrieving it from the database is usually not recommended. Setting up ELB stickiness would not evenly distribute the load, and so it is best to avoid it if we have other options.

1) What are conditions that can trigger an Amazon RDS failover to happen?
Loss of network connectivity to the primary instance, Storage failure on the primary database, Some kind of resource failure with the underlying virtual resources

2) We currently have one Bastion host instance in one of our public subnets, but we’re worried about availability if the bastion host or the availability zone that it’s in goes down. What can we do?
Set up two Bastion hosts in two separate Availability Zones and assign an Elastic IP Address to the main Bastion host.

Explanation
Using an Elastic IP address makes it easy to switch to the failover Bastion host if the main one becomes unavailable

3) Which of these services give us access to the underlying Operating System?
Amazon EMR, EC2

4) What is the best practice to setup and implement a Bastion host in a VPC?
Create the instance in your public subnet and assign it a public IP address. Then, use ssh-agent forwarding or OpenSSH ProxyCommand to connect to your private instances.

Explanation
The Bastion Host needs to be in your public subnet otherwise you won’t be able to assign it a public IP address to connect to it and access the rest of your infrastructure hidden in private subnets. Using ssh-agent forwarding or OpenSSH ProxyCommand is recommended (versus uploading the PEM SSH key to the instance), because if someone gets access to the instance, they would have the key to your infrastructure. Instead, with the recommended methods, we don’t have to upload the private key.

1) What error code does the Elastic Load Balancer return if it does not have enough resources to handle large spikes in traffic?
HTTP 503

2) One of your customers needs business analytics from data stored in your Amazon RDS database. The problem is, this database is also used to serve data to other customers. The business analytics queries require a lot of table joins and expensive calculations that can’t be offloaded to the client, and so you’re worried about degrading performance. What can you do?
Create a read replica specifically for this customer and their business analytics queries. Give them the replica’s endpoint.

3) We’re restoring a volume from a snapshot and we need maximum performance as soon as we put the volume in production. How can we ensure maximum performance?
Initialize (pre-warm) the volume by reading from every single block.

#############################################

1) You manage a social media website on EC2 instances in an Auto Scaling group. You have configured your Auto Scaling group to deploy one new EC2 instance when CPU utilization is greater than 90% for 3 consecutive periods of 10 minutes. You notice that between 6:00 pm and 10:00 pm every night, you see a gradual increase in traffic to your website. Although Auto Scaling launches several new instances every night, some users complain they are seeing timeouts when trying to load the index page during those hours. What is the least cost-effective way to resolve this problem?

Increase the minimum number of instances in the AutoScaling group

Explanation
Increasing the minimum number of instances in the AutoScaling group will keep more instances running around the clock, thus making it a very inefficient way to manage cost. The other options all increase the AutoScaling group’s sensitivity to an increase in load and enable it to respond quicker to increased load by spinning up instances as soon as they become necessary.

2) You maintain an application on AWS to provide development and test platforms for your developers. Currently, both environments consist of an m1.small EC2 instance. Your developers notice performance degradation as they increase network load in the test environment. How would you mitigate these performance issues in the test environment?

Upgrade the m1.small to a larger instance type

 

3) How might you assign permissions to an EC2 instance so that the EC2 custom CloudWatch metric scripts can send the required data to Amazon CloudWatch?

Assign an IAM role to the EC2 instance at creation time with permissions to write to CloudWatch

4) A successful systems administrator does not need to create a script for:
Automating backups of RDS databases

Explanation
AWS offers automated backups of RDS, thus it is not a requirement to script this task.

5) You have enabled a CloudWatch metric on your Redis ElastiCache cluster. Your alarm is triggered due to an increased amount of evictions. How might you go about solving the increased eviction errors from the ElastiCache cluster?
Increase the size of your node

6) You see an increased load on an EC2 instance that is used as a web server. You decide to place the server behind an Elastic Load Balancer and deploying an additional instance to help meet this increased demand. You deploy the ELB, configure it to listen for traffic on port 80, bring up a second EC2 instance, move both instances behind the load balancer, and provide customers with the ELB’s URL – https://mywebapp-1234567890.us-west-2.elb.amazonaws.com. You immediately begin receiving complaints that customers cannot connect to the web application via the ELB’s URL. Why?

You specified https:// in the ELB’s URL, but the ELB is not configured to listen on port 443.

Explanation
Specifying https:// directs web traffic to port 443. If you only configured a listener for port 80 on the ELB, traffic on port 443 will not be accepted.

7) Your company has decided to deploy a “Pilot Light” AWS environment to keep minimal resources in AWS with the intention of rapidly expanding the environment in the event of a disaster in your on-premises Datacenter. Which of the following services will you likely not make use of?

A Gateway-Cached implementation of Storage Gateway for storing snapshot copies of on-premises data

Explanation
A Gateway-Cached implementation of Storage Gateway stores all of your data in AWS and caches your frequently-accessed data on premises. Keeping all data in AWS is not a minimal AWS implementation. A Gateway-Stored implementation of Storage Gateway would be preferred for a “Pilot Light” AWS environment, as it would allow you retain your data on-premises but take snapshot copies of the data to AWS, so it could be accessed in the event of an on-premises disaster.

8) In order for reserved instances to reduce the cost of running instances, those instances must match the exact specifications of the reserved instance including: Region, Availability Zone, and instance type.

True

Explanation
AWS announced late in 2016 that you could now apply a reserved instance to a region in order to get cost benefits across all AZs. Before this announcement, that was not the case. Because they do not update certification exams with every new feature announcement, and the SysOps course is training for the exam, we need to keep the question the way it is until they update it. With that being said, this is no longer true for “Availability Zone.”

9) Your company is setting up an application that is used to share files. Because these files are important to the sales team, the application must be highly available. Which AWS-specific storage option would you set up for low cost, reliability, and security?

Use Amazon S3, which can be accessed by end users with signed URLs.

10) You have been tasked by your manager to build a tiered storage setup for database backups and their logs. These backups must be archived to a durable solution. After 10 days, the backups can then be archived to a lower priced storage tier. The data, however, must be retained for compliance policies. Which tiered storage solution would help you save cost, and still meet this compliance policy?

Set up an independent EBS volume where we can store daily backups and then copy these files over to S3, where we configure a bucket that has a lifecycle policy to archive files older than 10 days to AWS Glacier

11) You manage a popular blog website on EC2 instances in an Auto Scaling group. You notice that between 8:00 am and 8:00 pm, you see a 50% increase in traffic to your website. In addition, there are occasional random 1 to 2-hour spikes in traffic and some users are seeing timeouts when trying to load the index page during those spikes. What is the least cost-effective way to manage this Auto Scaling group?

Use reserved instances for the instances needed to handle the load during traffic spikes

Explanation
Reserved instances become cost-effective when they are in use for greater than 30% of the time. Using reserved instances to handle the brief spikes in traffic would not be cost effective.

12) In your LAMP application, you have some developers that say they would like access to your logs. However, since you are using an AWS Auto Scaling group, your instances are constantly being re-created. What would you do to make sure that these developers can access these log files?

Set up a central logging server that you can use to archive your logs; archive these logs to an S3 bucket for developer-access.

13) What is the most likely reason you are being charged for an instance you launched from a free-tier eligible AMI?
Your account has passed the one-year trial period

14) Your website is hosted on 10 EC2 instances in five regions around the globe, with two instances per region. How could you configure your site to maintain availability with minimum downtime if one of the five regions was to lose network connectivity for an extended period?

Create a Route 53 Latency Based Routing Record Set that resolves to an Elastic Load Balancer in each region and has the Evaluate Target Health flag set to true.

15) Your company is ready to start migrating its application over to the cloud, but you cannot afford any downtime. Your manager asks you to come up with a plan of action. She also wants a solution that offers the flexibility to test the application on AWS with only a subset of users, but with the ability to increase the number of users over time. Which of these options are you most likely to recommend?

Implement a Route53 weighted routing policy that distribute the traffic between your on-premises application and the AWS application depending on weight.

Explanation
This option works great because we can modify the weight of one record set over the other to increase or decrease the amount of traffic. If the application on AWS is behaving properly, we can slowly increase the number of users that get routed to that application and slowly phase out the on-premises application. Otherwise, we can revert back to the on-premises application.

16) Best practice is to pre-warm:

EBS volumes newly created from snapshots. Pre-warm by accessing each block once.

Explanation
The read and write back method is used to pre-warm EBS volumes created from a snapshot. Fresh EBS volumes do require read or write back during pre-warming. Elastic load balancers should be pre-warmed prior to an anticipated large spike in traffic, but this is done by contacting AWS to provision additional back-end resources, not by a read and write back command.

17) What AWS services give you access to the underlying operating system? (Choose three)

EC2, Amazon EMR, Elastic Beanstalk

18) Which of the following is a security best practice for an AWS environment?

Enable MFA on the root user for your AWS account and use IAM users rather than the root user for administrative tasks.

Explanation
IAM user accounts should not be used for executing automated scheduled tasks on EC2 instances, and automated tasks do not use MFA. The default VPC is built for ease of use, not security. IAM user credentials should not be stored on AMIs; EC2 instances that need permission to perform actions on AWS resources should use IAM roles.

19) You want to run a web application in which application servers on EC2 instances are in an Auto Scaling group spread across two Availability Zones. After monitoring for six months, we notice that only one of our web servers is needed to handle our minimum load. During our core utilization hours (8:00am-8:00pm Monday-Friday), five to six web servers are needed to handle the minimum load. Four to five days a year, the number of web servers required can go up to 18 servers. What choice would reduce our costs the most while providing the highest availability?

Five Reserved Instances (heavy utilization), the rest covered by on-demand instances

Explanation
Different levels of utilization for reserved instances (heavy, medium, light) have been phased out. This might still show up on the exam, however, so it’s a good idea to be familiar with the concept.

20) What item, when attached to a subnet, will allow the internal subnet to communicate to external networks? (Choose two)

Internet Gateway (IGW), Virtual Private Gateway

21) You patch the operating system on an EC2 instance and issue a reboot command from inside the instance’s OS. After disconnecting from the instance and waiting several minutes, you notice that you still cannot successfully ping the instance’s public IP address. What is the most likely reason for this?

Changes made during OS patching caused a problem with the instance’s NIC driver.

22) Which option below is part of the failover process for a Multi-AZ deployment with an RDS instance?

The DNS for the primary DB instance is switched to the standby DB instance

23) Which of the following statements is true?

You can customize your AWS deployments using the Ruby programming language with OpsWorks templates., You can customize your AWS deployments using JSON templates in CloudFormation.

24) In your infrastructure, you are running a corporate application using a T2.Small instance. You are also using a NAT instance so that your private instances can reach out to the internet without being publicly available. What is one thing that we should do to speed up bandwidth and performance?

Increase your T2.Small instance to a M3.Small or M3.Medium

Explanation
Instance size has a direct influence on the amount of data your instance can send and receive. If your AWS environment has many instances using NAT availability, a network bottleneck could occur. Increasing the instance size will increase the available network throughput.

25) Your AWS application is set up to use Auto Scaling with an ELB. To be sure that your application is performing its best and the page loads quickly, what, precisely, could you monitor in CloudWatch?

Monitor your ELB latency using CloudWatch metrics

Explanation
CloudWatch provides latency metrics which monitor the time it takes for the request to go from the Elastic Load Balancer to the instance and back. Latency is a good metric to determine if our Elastic Load Balancer is healthy.

26) We have developed a mobile application that gets downloaded several hundred times a week. What authentication method should we enable for the mobile clients to access images that are stored in an AWS S3 bucket that provides us with the highest flexibility and rotates credentials?

Identity Federation based on AWS STS using an AWS IAM policy for the respective S3 bucket

27) What might be the cause of an EC2 instance not launching in an auto-scaling group?

The Availability zone is no longer supported, Invalid EBS device mapping, The key pair associated with EC2 instance does not exist

28) You have decided to extend your on-site data center to Amazon Web Services by creating a VPC. You already have multiple DNS servers on-premises. You are using these DNS servers to host DNS records for your internal applications. You have a corporate security network policy that says that a DNS name for an internal application can only be resolved internally and never publicly over the internet. Your existing on-premises data center is already connected to your VPC using IPSec VPN. You are deploying new applications within your AWS service that need to resolve these new applications by name. How might you set up the scalable DNS architecture?

Create a DNS option set that includes both the DHCP options with domain-name-servers=AmazonProvidedDNS and your internal DNS servers

29) You have enabled a CloudWatch metric on your Memcached ElastiCache cluster. Your alarm is triggered due to an increased amount of evictions. How might you go about solving the increased eviction errors from the ElastiCache cluster? (Choose Two)

Increase the node size, Add a node to the cluster

30) A colleague noticed that CloudWatch was reporting that there has not been any connections to one of your MySQL databases for several months. You decided to terminate the database. Two months after the database was terminated, you get a phone call from a very upset user who needs information from that database to run end-of-year reports. You are hopeful that you can restore the database to full functionality from a snapshot, but your database administrator is not quite as confident. Why?

The MySQL database was not using a transactional database engine such as InnoDB and may not restore properly.

31) Which of the following can be overridden at the EC2 instance level?

The choice to not use dedicated tenancy at the VPC level., An IAM policy explicitly allowing a user the right to terminate all EC2 instances.

Explanation
The default option for a VPC is to not use dedicated tenancy, but that can be overridden at the instance level. If the option to use dedicated tenancy is explicitly set at the VPC level, however, it cannot be overridden at the instance level. Explicit denies in IAM policies always trump explicit allows, so a user who is allowed to terminate all EC2 instances in an account can be denied the permission to terminate a particular instance.

32) Your RDS database is experiencing high levels of read requests during the business day and performance is slowing down. You have already verified that the source of the congestion is not from backups taking place during the business day, as automatic backups are not enabled. Which of the following is the first step you can take toward resolving the issue?

Enable automated backups of the database.

Explanation
A read replica of the database cannot be created until automated backups are enabled. Your first step should be to enable automated backups. Once automated backups are enabled, you can proceed with creating a read replica of the database and offloading some client read requests to .

33) True or False: Multi-AZ RDS replications use asynchronous data replication.

False

Explanation
Data replication is synchronous

34) If you configure a VPC with an Internet gateway that has a private and a public subnet, with each subnet in a different Availability Zone. The VPC also has a dual-tunnel VPN between the Virtual Private Gateway and the router in the private data center. You want to make sure that you do not have a potential single point of failure in this design. What could you do to make sure we achieve this above environment?

You set up a secondary router in your private data center to establish another dual-tunnel VPN connection with your Virtual Private Gateway.

35) Select all that apply: Per the AWS Acceptable Use Policy, penetration testing of EC2 instances:

may be performed by the customer against their own instances with prior authorization from AWS

36) Your RDS instance is consistently maxed out on its resource utilization. What are multiple ways to solve this issue? (Choose three)

Fire up an ElastiCache cluster in front of your RDS instance., Increase RDS instance size., Offload read-only activity to a read replica if the application is read-intensive.

37) True or False: If Multi-AZ is enabled and automated backups occur on your instance, your application will experience performance issues due to the increased I/O operations caused by the automated backup.

False

Explanation
Automated backups are performed on the backup instance instead of the source database instance in order to avoid this performance degradation.

38) Your company’s compliance department mandates that within your multi-national organization, all data for customers in the UK must never leave UK servers and networks. Similarly, US data must never leave US servers and networks without explicit authorization first. What do we have to do to comply with this requirement in our web-based applications running on AWS in EC2? The user has already set up a user profile that states their geographic location.

We can run EC2 instances in multiple regions, and leverage a third-party data provider to determine whether a user should be redirected to the appropriate region based on that user’s profiles.

39) True or False: By default, there is no route between the subnets in a VPC.

False

40) You are running an EC2 instance serving a website with an SSL certificate. Your CPU utilization is constantly high. How might you resolve this issue?

Offload the SSL cert from the EC2 instance and configure it on the Elastic Load Balancer

41) Assuming you have kept the default settings and have taken manual snapshots, which of the following manual snapshots will be retained?

A snapshot of an EBS root volume when the EC2 instance is terminated, A snapshot of an RDS database when the RDS instance is terminated

Explanation
Manual snapshots of RDS databases and EBS volumes persist after instance termination. You cannot snapshot an EC2 instance store volume.

42) Which of the following will cause a noticeable performance impact on an RDS Multi-AZ deployment?

None of these

43) True or False: In a Network ACL an explicit Deny always overrides an explicit Allow.

False

Explanation
Rules are evaluated in order depending on the rule number. As soon as a matching rule is found, it is applied, even if there is another rule contradicting the first rule.

44) What is the result of the following bucket policy? { “Statement”: [ { “Sid”: “Sid2”, “Action”: “s3:*”, “Effect”: “Allow”, “Resource”: “arn:aws:s3:::mybucket/*.”, “Condition”: { “ArnEquals”: { “s3:prefix”: “finance_” } }, “Principal”: { “AWS”: [ “*” ] } } ] }

It will allow all actions only against objects with the prefix finance_

45) A deny overrides an allow in which circumstances?

An explicit allow is set in an IAM policy governing S3 access and an explicit deny is set on an S3 bucket via an S3 bucket policy.

46) You need to establish a secure backup and archiving solution for your company, using AWS. Documents should be immediately accessible for three months and available for five years for compliance reasons. Which AWS service fulfills these requirements in the most cost-effective way?

Upload data to S3 and use lifecycle policies to move the data into Glacier for long-term archiving.

47) Your infrastructure does not have an Internet Gateway attached to any of the subnets. What might you do in order to SSH into your EC2 instances? All other configurations are correct.

Create a VPN connection

48) What is the result of the following bucket policy? { “Statement”: [ { “Sid”: “SID1”, “Effect”: “Allow”, “Principal”: { “AWS”: “*” }, “Action”: “s3:*”, “Resource”: “arn:aws:s3:::mybucket/*”, “Condition”: { “IpAddress”: { “aws:SourceIp”: “50.97.0.0/32” } } } ] }

It will deny all access to the S3 mybucket bucket except for requests coming from the IP 50.97.0.0

49) You have created an application that utilizes Auto Scaling behind an Elastic Load Balancer. You notice that user’s sessions are not evenly distributed on the newly spun up instances. What could be a reason that your users’ web sessions are stuck on one instance and not using others?

Your ELB is sending all the sessions to the old instance and not evenly sending sessions to all new instances that are spun up during Auto Scaling because of sticky sessions

Explanation
If sticky sessions are enabled on the Elastic Load Balancer then the load balancer will “remember” what instance that request was sent to and will continue to send that request to the same instance.

 

50) You notice that several of your AWS environment’s CloudWatch metrics consistently have a value of zero. Which of these are you most likely to be concerned about and take action on?

RDS DatabaseConnections

Explanation
Zero connections to a database for a long period of time may mean you are paying for a database that is not in use. If you cannot find anyone with a legitimate use case for the database, you may want to consider taking a snapshot of it and terminating it. Zero is an ideal value for the other metrics listed.

51) You have been asked to maintain a small AWS environment consisting of five on-demand EC2 web server instances. Traffic from the Internet is distributed to these servers via an Elastic Load Balancer. Your supervisor is not pleased with a recent AWS bill. Assuming a consistent, moderately high load on the web servers, what option should you recommend to reduce the cost of this environment without negatively affecting availability?

Use reserved EC2 instances rather than on-demand instances.

Explanation
Auto Scaling can often save money in environments with variable load, but would likely not help reduce costs in an environment with a consistent high load spread across all servers. Reserved instances are recommended for instances with a consistently high load. Removing the ELB or using spot instances would save money, but could decrease availability.

52) We have a two-tiered application with the following components. We have an ELB, three web and application servers on EC2, and one MySQL RDS database. When our load grows, the database queries take longer and slow down the overall response time for the user request. Which three options would we choose to speed up performance?

We can shard the database and distribute the load between shards, We can create an RDS read-replica and redirect half of the database read requests to it, We can cache our database queries with ElastiCache

53) True or False: Read replicas can be created from a read replica of another read replica.

True

54) For which of the following reasons would you not contact AWS?

Request consolidated billing for multiple AWS accounts owned by your company

55) When working with Amazon RDS, by default, AWS is responsible for implementing which two management-related activities?

Installing and periodically patching the database software, If automated backups are enabled, creating and maintaining automated database backups with a point-in-time recovery of up to five minutes

56) You have multiple AWS users with access to an Amazon S3 bucket. These users have permission to add and delete objects. If you wanted to prevent accidental deletions, what might you do to prevent these users from performing accidental deletions of an object?

You can use MFA to prevent accidental deletions of an object

57) Your supervisor sends you a list of several processes in your AWS environment that she would like you to automate via scripts. Which of the following list items should you set as the highest priority?

Implement CloudWatch alerts for EC2 instances’ memory usage

58) Your company’s website is hosted on several EC2 instances behind an Elastic Load Balancer. Every time the development team deploys a new upgrade to the web application, the support desk begins receiving calls from customers being disconnected from their sessions. Customers’ session data is very important, as it contains their shopping cart information, and this information is lost when the customers’ sessions are disconnected. Which of the following steps can be taken to prevent customers’ shopping cart data from being lost without affecting website availability? (Choose Two)

Use ElastiCache to store session state., Enable connection draining and remove instances from the Elastic Load Balancer prior to upgrading the application on those instances.

Explanation
Storing session state in ElastiCache will allow an instance to become unavailable without losing session data. Removing instances from the Elastic Load Balancer prior to upgrading them will prevent users from establishing new sessions on instances that are about to receive the application upgrade.

59) Your applications in AWS need to authenticate against LDAP credentials that are in your on-premises data center. You need low latency between the AWS app authenticating and your credentials. How can you achieve this?

If you don’t already have a secure tunnel, create a VPN between your on-premises data center and AWS. You can then spin up a secondary LDAP server that replicates from the on-premises LDAP server.

60) You have an Elastic Load Balancer with an Auto Scaling group for your application. You also have 4 running instances and you have Auto Scaling enabled. Some of those instances are running in one Availability Zone, and others are in a different Availability Zone. Some instances within one of the zones are not available to the ELB. What could be the cause?

The ELB isn’t configured for that Availability Zone