MegaQuiz

Question 1

You have a high performance compute application and you need to minimize network latency between EC2 instances as much as possible. What can you do to achieve this?

Answer 1

Create a placement group and place the EC2 instances in the group.

Question 2

Placement Groups can be created across 2 or more Availability Zones.

Answer 2

False

Question 3

Which of the services below do you get root access to?

Answer 3

EC2 AND Elastic MapReduce.

Question 4

When you create new subnets within a custom VPC, by default they can communicate with each other, across availability zones.

Answer 4

True

Question 5

It is possible to transfer a reserved instance from one Availability Zone to another.

Answer 5

True

Question 6

You have an EC2 instance which needs to find out both its private IP address and its public IP address. To do this you need to?

Answer 6

Retrieve the instance metadata from:

http://169.254.169.254/latest/meta-data/

Question 7

Amazon S3 buckets in all regions provide read-after-write consistency for PUTS of new objects.

Answer 7

True

Question 8

Amazon S3 buckets in all regions do not provide eventual consistency for overwrite PUTS and DELETES.

Answer 8

False

Question 9

In order to enable encryption at rest using EC2 and Elastic Block Store you need to

Answer 9

Configure encryption when creating the EBS volume

Question 10

Amazon’s Redshift uses which block size for its columnar storage?

Answer 10

1024KB / 1MB

Question 11

You run a website which hosts videos and you have two types of members, premium fee paying members and free members. All videos uploaded by both your premium members and free members are processed by a fleet of EC2 instances which will poll SQS as videos are uploaded.

However you need to ensure that your premium fee paying members videos have a higher priority than your free members. How do you design SQS?

Answer 11

Incorrect, SQS does not set priorities on individual items.

It would be best to create two queues and have the EC2 fleet poll the premium queue first and if empty, then poll your free members SQS queue. .

Question 12

You have been asked to create VPC for your company. The VPC must support both Internet-facing web applications (ie they need to be publicly accessible) and internal private applications (i.e. they are not publicly accessible and can be accessed only over VPN). The internal private applications must be inside a private subnet. Both the internet-facing and private applications must be able to leverage at least three Availability Zones for high availability. At a minimum, how many subnets must you create within your VPC to achieve this?

Answer 12

minimum 6

Question 13

You work for a cosmetic company which has their production website on AWS. The site itself is in a two-tier configuration with web servers in the front end and database servers at the back end. The site uses using Elastic Load Balancing and Auto Scaling. The databases maintain consistency by replicating changes to each other as and when they occur. This requires the databases to have extremely low latency. Your website needs to be highly redundant and must be designed so that if one availability zone goes offline and Auto Scaling cannot launch new instances in the remaining Availability Zones the site will not go offline. How can the current architecture be enhanced to ensure this?

Answer 13

In this scenario.

• You need high low latency - so no cross region replication is an option.
• If you lost an availability zone, you would still have 2 other Availability Zones available each that is configured to handle 50% peak load per zone. 50% + 50% = 100%.

So your site in three different AZs.

• same region
• configure auto scaling to handle 50% of the peak load.

Question 14

You are a systems administrator and you need to monitor the health of your production environment. You decide to do this using Cloud Watch, however you notice that you cannot see the health of every important metric in the default dash board. Which of the following metrics do you need to design a custom cloud watch metric for, when monitoring the health of your EC2 instances?

Answer 14

None Custom:
* CPU + Disk IO + network Ingress

Custom Cloud:
Memory Usage

Question 15

You work for a toy company that has a busy online store. As you are approaching Christmas, you find that your store is getting more and more traffic. Your web tier is behind an Auto Scaling group, but you notice that is is frequently scaling, sometimes multiple times in an hour, only to scale back down after peak usage. You need to keep Auto Scaling from scaling up and down so rapidly. What would help achieve this ?

Answer 15

1) Modify the Auto scaling group cool down triggers.

2) Modify the amazon cloudwatch alarm period that triggers your auto scaling down policy.

Question 16

You work in the genomics industry and you process large amounts of genomic data using a nightly Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR job runs on 3 on-demand core nodes and four on-demand task nodes. The EMR job is now taking longer than anticipated and you have been asked to advise how to reduced the completion time?

Answer 16

1. Using an equal number of spot instances would not reduce the EMR time.

Reduce the the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once.

Question 17

You have been asked to identify a service on AWS that is a durable key value store. Which Service best meets this definition?

Answer 17

Simple Storage Service (S3)

Question 18

You are a solutions architect working for a biotech company who is pioneering research in immunotherapy. They have developed a new cancer treatment that may be able to cure up to 94% of cancers. They store their research data on S3, however recently an intern accidentally deleted some critical files. You’ve been asked to prevent this from happening in the future. What options below can prevent this?

Answer 18

1) Enable S3 Versioning.
2) Enable 2 FA

By enabling versioning’s MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security.

Question 19

Your company has decided to set up a new AWS account for test and dev purposes. They already use AWS for production, but would like a new account dedicated for test and dev so as to not accidentally break the production environment. You launch an exact replica of your production environment using a cloudformation template that your company uses in production. However cloudformation fails. You use the exact same CloudFormation template in production so the failure is something to do with your new AWS account. The CloudFormation template is trying to launch 60 new EC2 instances in a single availability zone. After some research you discover that the problem is;

Answer 19

There is a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved (as per http://aws.amazon.com/ec2/faqs/)

Question 20

You work for a famous bakery who are deploying a hybrid cloud approach. Their legacy IBM AS400 servers will remain on premise within their own datacenter however they will need to be able to communicate to the AWS environment over a site to site VPN connection.

What do you need to do to establish the VPN connection?

Answer 20

Assign a public IP Address to your Amazon VPC gateway. You don’t need an AWS direct connect to establish a VPN Connection)

Question 21

What is an AWS placement group?

Answer 21

Placement Groups are logical groupings or clusters of instances in the selected AWS region. Placement groups are specifically used for launching cluster compute instance types.

Placement Groups are restricted to a single Availability Zone.

Question 22

You work for a automotive company which is migrating their production environment in to AWS. The company has 4 separate segments, Dev, Test, UAT & Production. They require each segment to be logically isolated from each other. What VPC configuration should you recommend?

Answer 22

The best answer is to deploy a separate VPC for each segment, completely isolating that segment from the other segments.

Question 23

By default how many VPCs can you have per region in your AWS account?

Answer 23

5

Question 24

Which of the following is true when writing to S3?

Answer 24

S3:

• Ready-After-Write consistency for puts of new objects.
• eventual consistency for overwrites PUTS and DELETES

Question 25

Which services do you get OS level access to?

Answer 25

EC2 and Elastic Map Reduce (EMR)

Question 26

You are designing an AWS solution for a new customer and they want to use their active directory credentials in order to sign in to the AWS management console. What kind of authentication response is required in order for users to authenticate with the AWS security token service (STS).

Answer 26

SAML2.0

Question 27

You are creating a new VPC with 3 subnets in 3 separate availability zones. You require instances in each subnet to be able to communicate to each other by default. What additional step should you take in order to achieve this objective?

Answer 27

By default all subnets will be able to communicate with each other using the main route table.

Question 28

You are an AWS architect and you require encryption at rest for additional volumes attached to your EC2 instance. What is the quickest and most efficient way to achieve this?

Answer 28

Configure Encryption when creating the EBS volume. You could use the OS to encrypt the volume after mounting it as an Ec2 instance, however, that is not the quickest or most efficient way.

Question 29

You are designing a web application for a new social media start up and have recommended using DynamoDB for the database due to its superior performance. You need to ensure that your database has redundancy. What additional steps should you do?

Answer 29

Dynamo DB is automatically redundant across multiple availability zones.

Question 30

What blocksize does Redshift use when storing it’s data in columnar storage?

Answer 30

1024kb

Question 31

You have been monitoring a sensitive autoscaling group, and you expect it to scale-in as you enter a period of holiday downtime. The auto scaling group is distributed over three AZs ( AZ - A & -B have two instances each, and AZ -C has three instances). All instances have different CPU and Memory utilization, and all instances have been running for a different number of days. All instances come from different versions of a root AMI, and all instances have different numbers of sessions connected. Which instance will be the 1st to shut down?

Answer 31

The instance in AZ -C that has the oldest launch configuration.

Question 32

Auto Scaling is a tool used to create fault-tolerant and cost-effective architectures. True / False

Answer 32

True.

Auto-scaling improves availability and will keep your infrastructure at the size needed to run your application

Question 33

What is the maximum VisibilityTimeout of an SQS message in a FIFO queue?

Answer 33

12 hours.
The visibility timeout controls how long a message is invisible in the queue while it is being worked on by a processing instance. This interval should not be confused with how long the message can remain in the queue.

Question 34

A client who is using EC2 believes that someone other than approved administrators is trying to gain access to her Linux web app instances, and she asks what sort of network access logging can be added to the system. What would you recommend?

Answer 34

You should make use of an OS level logging tools such as iptables and log events to CloudWatch or S3.

Question 35

Your company likes the idea of storing files on AWS. However, low-latency service of the last few days of files is important to customer service. Which Storage Gateway configuration would you use to achieve both of these ends?

Answer 35

Gateway-Cached volumes retain a copy of frequently accessed data subsets locally. Cached volumes offer a substantial cost savings on primary storage and minimize the need to scale your storage on-premises.

Question 36

You have a MySQL database running on an EC2 instance in a private subnet. You can connect via SSH, but you are unable to apply updates to the database server via the NAT instance. What might you do to remedy this problem?

Answer 36

With NAT instances, the most common oversight is forgetting to disable Source/Destination Checks.

Question 37

When editing permissions (policies and ACLs), to whom does the concept of the “Owner” refer?

Answer 37

The “Owner” refers to the identity and email address used to create the account AWS account.​​

Question 38

Your company provides an online image recognition service and uses SQS to decouple system components. Your EC2 instances poll the image queue as often as possible to keep end-to-end throughput as high as possible, but you realize that all this polling is resulting in both a large number of CPU cycles and skyrocketing costs.

How can you reduce cost without compromising service?

Answer 38

SQS long polling doesn’t return a response until a message arrives in the queue, reducing your overall cost over time. Short polling WILL return empty responses.

Enable long poling by setting the ReceiveMessageWaitTimeSeconds to a number > 0

Question 39

You work for a popular media outlet about to release a story that is expected to go viral. During load testing on the website, you discover that there is read contention on the database tier of your application. Your RDS instance consists of a MySQL database on an extra large instance. Which two of the following approaches would be best to further scale this instance to meet the anticipated increase in traffic your viral story will generate?

Answer 39

You already have an extra large RDS instance so scaling up is not possible. You should consider using Elasticache.

Question 40

Following advice from your consultant, you have configured your VPC to use Dedicated hosting tenancy. A subsequent change to your application has rendered the performance gains from dedicated tenancy superfluous, and you would now like to recoup some of these greater costs. How do you revert to Default hosting tenancy?

Answer 40

Once a VPC is set to Dedicated hosting, it is not possible to change the VPC or the instances to Default hosting. You must re-create the VPC.

Question 41

Which URL format does S3 support in pointing to bucket “mynewbucket”?

Answer 41

http://mynewbucket.s3-aws-region.amazonaws.com

Question 42

Your company has just purchased another company. As part of the merger, your team has been instructed to cross connect the corporate networks. You run all your confidential corporate services and Internal DNS in a VPC. The merged company has all their confidential corporate services and Internal DNS on-premises. After establishing a Direct-Connect service between your VPC and their on-premise network, and confirming all the routing, firewalls, and authentication, you find that while you can resolve names against their DNS, the other company services is unable to resolve names against your DNS servers.

Why might this be?

Answer 42

By Design AWS DNS does not respond to requests originating from outside the VPC.

Route53 has a security feature that prevents internal DNS from being read by external sources. The work around is to create a EC2 hosted DNS instance that does zone transfers from the internal DNS, and allows itself to be queried by external servers.

Question 43

How is the Public IP address managed in an instance session via the instance GUI/RDP or Terminal/SSH session?

Answer 43

The public IP address is not managed on the instance.

It is instead, an alias, applied as a NAT of the private IP Address.

Question 44

You have been engaged by a company to design and lead a migration to an AWS environment. The team is concerned about the capabilities of the new environment, especially when it comes to avoiding bottlenecks. The design calls for about 20 instances (C3.2xLarge) pulling jobs/messages from SQS. Network traffic per instance is estimated to be around 500 Mbps at the beginning and end of each job. Which network configuration should you plan on deploying?

Answer 44

Spread the instances over multiple AZs to minimise the traffic concentration and maximise the fault tolerance.

When considering network traffic, you need to understand the difference between storage traffic and general network traffic, and the ways to address each. The 10Gbps is a red-herring, in that the 500Mbps only occurs for short intervals, and therefore your sustained throughput is not 10Gpbs. Whereever possible, use simple solutions such as spreading the load out rather than expensive high tech solutions.

Question 45

You are a consultant planning to deploy DynamoDB across three AZs. Your lead DBA is concerned about data consistency. Which of the following do you advise the lead DBA to do?

Answer 45

Ask the development team to code for strongly consistent reads. As the consultant you will advise the CTO of the increased cost.

Question 46

You successfully configure VPC Peering between VPC-A and VPC-B. You then establish an IGW and a Direct-Connect connection in VPC-B. Can instances in VPC-A connect to your corporate office via the Direct-Connect service, and connect to the Internet via the IGW?

Answer 46

VPC Peering does not support edge to edge routing.

Question 47

You are reviewing Change Control requests, and you note that there is a change designed to reduce wasted CPU cycles by increasing the value of VisibilityTimeout attribute. What does this mean?

Answer 47

When a consumer instance retrieves a message, that message will be hidden from other consumer instances for a fixed period.

Question 48

You manage a Ruby on Rails application that lives on a cluster of EC2 instances. Your website occasionally experiences brief, strong, and entirely unpredictable spikes in traffic that overwhelm your EC2 instances’ resources and freeze the application. As a result, you’re losing recently submitted requests from end users. You use Auto Scaling to deploy additional resources to handle the load during spikes, but the new instances don’t spin-up fast enough to prevent the existing application servers from freezing. Which of the following will provide the most cost-effective solution in preventing the loss of recently submitted requests?

Answer 48

Neither increasing the size of your EC2 instances nor maintaining additional EC2 instances is cost-effective, and pre-warming an ELB signifies that these spikes in traffic are predictable.

The cost-effective solution to the unpredictable spike in traffic is to use SQS to decouple the application components.

Question 49

You’re building out a single-region application in us-west-2. However, disaster recovery is a strong consideration, and you need to build the application so that if us-west-2 becomes unavailable, you can fail-over to us-west-1. Your application relies exclusively on pre-built AMI’s. In order to share those AMI’s with the region you’re using as a backup, which process would you follow?

Answer 49

AWS does not copy launch permissions, user-defined tags, or Amazon S3 bucket permissions from the source AMI to the new AMI.

So Copy the AMI from US_West-2 manually apply permissions, user-defined tags, or Amazon S3 bucket permissions from the source AMI to the new AMI.

Question 50

At the monthly product meeting, one of the Product Owners proposes an idea to address an immediate shortcoming of the product system: storing a copy of the customer price schedule in the customer record in the database. You know that you can store large text or binary objects in DynamoDB. You give a tentative OK to do a Minimal Viable Product test, but stipulate that it must comply with the size limitation on the Attribute Name & Value. Which is the correct limitation?

Answer 50

DynamoDB allows for the storage of large text and binary objects, but there is a limit of 400 KB.

Question 51

You work in the security industry for a large consultancy. A new customer of yours runs a production environment in AWS and they require a log of all API calls made to their Elastic Load Balancer. How can you achieve this?

Answer 51

Enable Cloud Trail on the ELB

Question 52

You have a static HTML website that requires inexpensive, highly available hosting solution that scales automatically to meet traffic demands. Which AWS service would best suit this requirement?

Answer 52

S3 - Static Website hosting

Question 53

True or False: You should expect the same latency and throughput performance as Amazon S3 Standard when using Standard - IA.

Answer 53

True.
S3 Standard - IA offers the high durability, throughput, and low latency of Amazon S3 Standard, with a low per GB storage price and per GB retrieval fee.

Question 54

You have a website that allows users in third world countries to store their important documents safely and securely online. Internet connectivity in these countries is unreliable, so you implement multipart uploads to improve the success rate of uploading files. This works well, however you notice that when an object is not uploaded successfully, incomplete parts of that object are still being stored in S3 and you are still being charged for those objects. What S3 service can you implement to expire incomplete multipart uploads?

Answer 54

S3 Lifecycle policies.\You can create a lifecycle policy that expires incomplete multipart uploads, allowing you to save on costs by limiting the time non-completed multipart uploads are stored.

Question 55

What is the durability of S3 - IA?

Answer 55

S3 Standard - IA is designed for the same 99.999999999% durability as S3 Standard and Amazon Glacier.

Question 56

What is the minimum time interval granularity for the data that Amazon CloudWatch receives and aggregates?

Answer 56

1 minute.

Question 57

True or False: S3 does not support website redirects.

Answer 57

False.

S3 does support website redirects.

Question 58

You work for an electric car company that has its front end website on EC2. Company policy dictates that you must retain a history of all EC2 API calls made on your account for security analysis and operational troubleshooting purposes. What AWS service can assist you with this?

Answer 58

CloudTrail.
To receive a history of all EC2 API calls (including VPC and EBS) made on your account, you simply turn on CloudTrail in the AWS Management Console

Question 59

True or False: You can use S3 Transfer Acceleration with multipart uploads.

Answer 59

True.

TRUE, You can use S3 Transfer Acceleration with multipart uploads.

Question 60

You have built an online dating application that allows users to send and receive photos as they court each other. You need to secure this data and you need to implement server-side encryption to protect this data. You decide that you want server-side encryption provided by Amazon. You will also need to have an audit trail so you can see who used your key to access which object and when, as well as view failed attempts to access data from users without permission to decrypt the data. What out of the box Amazon solution would enable you to achieve this?

Answer 60

SSE-KMS.
AWS KMS provides an audit trail so you can see who used your key to access which object and when, as well as view failed attempts to access data from users without permission to decrypt the data.

Question 61

You need to restore an object from Glacier. What 2 ways can you accomplish this?

Answer 61

1) Using the AWS console.

2) Using the S3 API.

Question 62

What is the Uptime SLA for Amazon EC2 and EBS within a given region?

Answer 62

99.95%

Question 63

What is the minimum object size for S3 - IA?

Answer 63

128kb

Question 64

You have designed an application that stores large videos in S3. These videos are usually larger than 100Mb in size. You need to maximize upload performance. What should you do ?

Answer 64

Multi-part Upload is recommended for files greater than 100 Mb, and is required for files 5 GB or larger. S3 Transfer Acceleration is especially useful in cases where your bucket resides in a Region other than the one in which the file transfer was originated.

Question 65

You have an application that uses S3 to store objects. Company policy dictates that certain objects (such as JPGs and PDF’s) must be replicated to another region for redundancy. However, some objects (such as Word files) can stay in a single region. Company policy also dictates that you should use as few buckets as possible. How should you architect this solution?

Answer 65

Create 1 bucket and enable CRR on just a subset of objects (JPGS, PDFs) uploaded by specifying prefixes.

Question 66

ou back the files that exist on an in-house SAN to S3. You need to minimize cost, however company policy states that objects must be instantly accessible. What S3 storage class should you use?

Answer 66

S3-IA.

The best solutions for instant access, but lowese cost would be S3 - Infrequently Accessed storage.

Question 67

You need to implement a new web application which allows users to store family photos online in such a way that only invited guests will be able to view the images. Which type of S3 encryption should you choose to maintain full end-to-end control of the encryption/decryption of objects and assure that only encrypted objects are transmitted over the Internet to Amazon S3.

Answer 67

Amazon S3 Encryption Client.

Using an encryption client library, such as the Amazon S3 Encryption Client, you retain control of the keys and complete the encryption and decryption of objects client-side using an encryption library of your choice. Some customers prefer full end-to-end control of the encryption and decryption of objects; that way, only encrypted objects are transmitted over the Internet to Amazon S3.

Question 68

How can you securely upload or download your data to/from the S3 service?

Answer 68

1) SSL endpoints using HTTPS.
2) HTTP endpoints using HTTPS.

You can securely upload/download your data to/from Amazon S3 via SSL or HTTP endpoints using HTTPS.

Question 69

Which types of server side encryption are available for S3?

Answer 69

You can choose to encrypt data using:
SSE-S3
SSE-C
SSE-KMS,

or a client library such as the Amazon S3 Encryption Client. All four enable you to store sensitive data encrypted at rest in Amazon S3.

Question 70

Your legal company is moving its production estate to AWS. They currently have a private cloud platform with VMDK files as their virtual machines. You need to move these files to AWS and create EC2 instances using the VMDK files. Which AWS service would help you achieve this goal?

Answer 70

VM Import/Export is designed to help you do exactly that.

Question 71

You are running a Cassandra database that requires access to tens of thousands of low latency IOPS. What EC2 instance family would best suit your needs?

Answer 71

High I/O Instances.

High I/O instances use SSD-based local instance storage to deliver very high, low latency, I/O capacity to applications, and are optimized for applications that require tens of thousands of IOPS.

Question 72

What is the availability of S3 - IA?

Answer 72

99.90%

Question 73

You work for a security company that stores highly sensitive documents on S3. One of your customers has had a security breach and, as a precaution, they have asked you to remove a sensitive PDF from their S3 bucket. You log in to the AWS console using your account and attempt to delete the object. You notice that versioning is turned on, and when you dig a little deeper you discover that you cannot delete the object. What may be the cause of this?

Answer 73

You cannot delete the object because you are not the owner of the bucket.

Question 74

True or False: You can use your existing Microsoft Windows Server licenses with an Amazon EC2 shared tenancy instance.

Answer 74

FALSE. A Dedicated Host is required if you’d like to use your existing Windows Server licenses.

Question 75

By default, how many Elastic IP addresses are you limited to per region?

Answer 75

5

Question 76

By default, how many S3 buckets can you have with a new AWS account?

Answer 76

100

Question 77

You have developed a file-sharing website for a large corporate entity. They require that the site has regional redundancy. Which S3 service should you use to achieve this?

Answer 77

S3 - Cross Region Replication.

S3 with Cross-Region Replication (CRR) automatically replicates data across AWS regions. With CRR, every object uploaded to an S3 bucket is automatically replicated to a destination bucket in a different AWS region that you choose.

Question 78

You have been load testing a customers new production environment. You create the environment using CloudFormation and you utilize CloudWatch to monitor the environment. After extensive load testing, you are ready to hand the cloudformation template over to your customer. You delete the environment and give your customer the CloudFormation template. However, they now want to see the results of the load test. How long does CloudWatch store the metrics for EC2 & ELB after deleting those resources?

Answer 78

2 weeks.

Question 79

What are the two different types of virtualization available on AWS?

Answer 79

Hardware virtual machines? (HVM)
Paravirtual Machine (PV)

Question 80

You have an application that stores data in S3, and you need to design an integrated solution providing encryption at rest. You want Amazon to handle key management and protection using multiple layers of security. Which S3 encryption option should you use?

Answer 80

SSE-S3.

SSE-S3 uses managed keys and one of the strongest block ciphers available, AES-256, to secure your data at rest.

Question 81

You have an application that allows people in very remote locations to store their files safely and securely. You need to leverage Amazon CloudFront’s globally distributed AWS Edge Locations so that as data arrives at an AWS Edge Location the data is routed to your Amazon S3 bucket over an optimized network path. Which service should you use?

Answer 81

S3 Transfer Acceleration.
Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket. Transfer Acceleration leverages Amazon CloudFront’s globally distributed AWS Edge Locations.

Question 82

Which of the 4 protocols are not supported with an Elastic Load Balancer?
HTTP
HTTPS
SSH
RDS

Answer 82

SSH
RDS

Amazon’s ELB supports the following protocols - “HTTP, HTTPS, TCP, SSL”

Question 83

CRR replicates every object-level upload that you make directly to your source bucket. Which of the following also forms a part of that replication?

Answer 83

1) Object Meta Data

2) Object ACLs

Question 84

You work for a genetics company that has extremely large datasets stored in S3. You need to minimize storage costs, while maintaining mandated restore times that depend on the age of the data. Data 30-59 days old must be available immediately, and data ≥ 60 days old must be available within 12 hours. Which two of the following options below should you consider?

Answer 84

1) S3-IA
2) Glacier.

You should use S3 - IA for the data that needs to be accessed immediately, and you should use Glacier for the data that must be recovered within 12 hours. S3 - RRS would not be suitable solution for irreplacable data, and CloudFront is a CDN service, not a storage solution.

Question 85

How quickly can objects be restored from Glacier?

Answer 85

3-5 hours.

Question 86

What is the minimum object size for S3 Standard?

Answer 86

0 Bytes.

Question 87

Your application stores your customers’ sensitive passport information in S3. You are required by law to encrypt all data at rest. Company policy states that you must maintain control of your encryption keys. For ease of management however, you do not want to implement or maintain a client side encryption library. Which S3 encryption option should you use to secure your data at rest?

Answer 87

SSE-C.
Use SSE-C if you want to maintain your own encryption keys, but don’t want to implement or leverage a client-side encryption library.

Question 88

Which of the following are compute services with AWS?
EC2 ? 
ECS ? 
Lambda ? 
Glacier ?

Answer 88

EC2
ECS
Lambda

Question 89

You are a system administrator and you need to take a consistent snapshot of your EC2 instance. Your application holds large amounts of data in cache that is not written to disk automatically. What would be the best approach to taking an application consistent snapshot?

Answer 89

Shutdown the EC2 instance and detach the EBS volume, then take the snapshot.

Question 90

Your application requires highly-available object storage, and must comply with EU privacy laws. As such, no data may be stored outside the EU. Which options should you consider?

Answer 90

1) Use an S3 Bucket in EU-West-1.

2) Use an S3 Bucket in EU-Central-1

Question 91

Best two AWS technologies for storing Session Data?

Answer 91

DynamoDB

ElasticCache

Question 92

A company has built an application where users can upload videos and images, these are going to be stored in S3. there is a concern that there could an over whealming number of read and write requests on the S3 bucket.

What could you implement to ensure optimal performance on the underlying S3 storage bucket?

Answer 92

Use a hexadecimal hash for the prefix.

Question 93

A company has a requirement for block level storage, each storage device will store around 100GB of data. Which AWS technology is best suited for this ?

Answer 93

AWS EBS Volume.