1.
cost
2.
ease of maintenance vs. granularity of control
3.
all of these answers
4.
the current storage engine used by the application, such as InnoDB or MyISAM
Q 1 / 81
1.
Aurora
2.
Neptune
3.
RDS for MySQL
4.
DynamoDB
Q 2 / 81
1.
Use the RDS console to force a reboot of the database instance so that the primary server becomes the master server again.
2.
The server running the .NET utilities is caching the DNS lookup on the database cluster address. Flush the DNS cache of the server and force the C# utilities to open new connections to the database.
3.
A.NET application will retain the IP address of a connection string until the host machine is rebooted.
4.
The NET utilities need to change the SQL Server endpoint in the connection strings to read from the secondary database server using a try/catch.
Q 3 / 81
1.
CodePipeline
2.
CodeDeploy
3.
all of these answers
4.
CodeBuild
Q 4 / 81
1.
API Gateway
2.
all of these answers
3.
Simple Queue Service (SQS)
4.
Kinesis Data Streams
Q 5 / 81
1.
EFS
2.
Snowball
3.
OEBS
4.
S3 Glacier
Q 6 / 81
1.
Create an AM role for the account administrator with the highest privileges. Do not store the root password, but when the root account is needed reset the password on the root account via email confirmation and repeat this procedure.
2.
Store your randomly generated password in your organizational secrets database using a service such as 1Password or LastPass, and only grant access to this secret to the DevOps team.
3.
Create IAM accounts for your administrators and attach the AdministratorAccess policy to their accounts. Disable the root account in the user settings.
4.
Create an IAM role for the account administrator with the highest privileges and do not use the root account in day-today operations. Enable two-factor authentication on the root account
Q 7 / 81
1.
Network Load Balancer
2.
Lambda can not be called directly by incoming web requests. You must use API Gateway.
3.
Classic Load Balancer
4.
Application Load Balancer
Q 8 / 81
1.
Use RDS for SQL Server and create the same instance in two different regions. Use Database Migration Service to keep each database in sync.
2.
Use a VPN or VPC peering to establish a connection between the VPCs in each region. Install SQL Server Enterprise Edition on EC2 instances in each region and configure an Always On availability group.
3.
Use RDS for SQL Server 2016 or 2017 Enterprise Edition. Enable Multi-AZ support and select the Mirroring/Always On option. Select another region for the mirroring option.
4.
You can not set up an active-active architecture for SQL Server that spans geographic regions.
Q 9 / 81
1.
All images in the AWS Marketplace incur additional hourly fees in addition to the charges from the instance size you select.
2.
You can only launch images that were created by other users on your AWS account, so you pay only for the instance size you select and the S3 storage costs for the base image.
3.
Each image has its own pricing that could either be free, or include charges for software licensing costs. You will also pay for the instance the image runs on
4.
All images in the AWS Marketplace contain only open-source software with no additional fees and are created by other AWS users. You will pay only for the instance size you select.
Q 10 / 81
1.
The instances created by ECS do not have patches that need to be applied; however, you should make sure your containers contain any important security updates.
2.
Refresh the cluster with instances built from the latest ECS AMI.
3.
ECS clusters do not use EC2 instances.
4.
You should not directly manipulate the EC2 instances created by ECS. AWS will automatically update these instances.
Q 11 / 81
1.
Redis 5
2.
Memcached
3.
Elasticsearch
4.
Redis 3
Q 12 / 81
1.
Artifact
2.
DocumentDB
3.
Print out the AWS Compliance summary and keep it with your required documentation for an audit.
4.
Secrets Manager
Q 13 / 81
1.
Use the billing dashboard to create a cost budget. Input the max amount you want to be charged each month. Any charges that occur over this amount will cause AWS to automatically suspend those resources
2.
Using the root AWS account, activate IAM access to the billing information for the account. Make sure your IAM users have the Billing FullAccessGroup policy. Then from the billing dashboard, check the accrued charges once a day.
3.
If you are using the AWS free tier, you will have to confirm the usage of any service that goes over the AWS free tier limits.
4.
Using the root AWS account enable Billing Alerts in the user preferences. Then use CloudWatch to create a billing alarm and set a threshold to a specific dollar amount for your estimated monthly charges.
Q 14 / 81
json { "title": "The Avengers", "year": 2012, "cast": ["Mark Ruffalo", "Robert Downey, Jr."], "genres": ["Action"] }
1.
The primary key should be a partition key of the title field.
2.
The primary key should be the title field and the partition key should be the genres field.
3.
The primary key should be a composite key comprised of a partition key on the title field and a sort key on the year field.
4.
The primary key should be created as a completely unique value, such a sequential numerical list of movie IDs. The partition key should be title field for fast lookup.
Q 15 / 81
1.
ORDS for Oracle
2.
Redshift
3.
Neptune
4.
DynamoDB
Q 16 / 81
1.
ORDS
2.
Aurora
3.
Redshift
4.
DynamoDB
Q 17 / 81
1.
OSMS text message
2.
push notification
3.
4.
automated phone call
Q 18 / 81
1.
Serverless web applications run within the web browser of the user, so you will need to store any data the user changes directly in a database.
2.
Lambda only allows you to write functions in JavaScript.
3.
Lambda does not use servers, so it can only return the same request to every user.
4.
Lambda is stateless, so it won't remember who a user is in between requests.
Q 19 / 81
1.
CloudTrail
2.
CloudFormation
3.
AWS Config
4.
AWS Service Catalog
Q 20 / 81
1.
Check the routing tables for the VPC.
2.
Verify that the assigned security groups allow TCP port 1433 traffic from your current IP address.
3.
Check the policies within Windows Firewall.
4.
Verify that you are connecting to the instance using a user that is not sa.
Q 21 / 81
![image](images/001.png)
1.
The rule that exposes TCP ports 3380-3390 would also publicly expose port 3389 (RDP) to the entire internet. Write separate rules to only expose the needed ports.
2.
The first security group rule allows all traffic into this instance. Exposing your entire instance to the whole internet leaves the server open to various attacks of the other services running on different port numbers.
3.
Verify that the AWS account owners actually control the entire CIDR C block for 12.228.11.0-255 and these are secured IPs for RDP access into this instance.
4.
There are no recommendations to make.
Q 22 / 81
Elastic IP addresses and allow all inbound HTTPS traffic.
1.
Assign Elastic IPs to all of the instances and create a group that allows all traffic to pass between each of the five
2.
Front-end web servers should allow HTTPS. Assign another group to all of the instances that allows all traffic to pass between instances using that group.
3.
Create a security group that allows inbound NFS, HTTP, and HTTPS traffic from all IP addresses. Apply this group to all of the servers.
4.
Create a security group that allows inbound HTTP and HTTPS traffic from all IP addresses and apply this to the web servers. Create a second security group for the NFS filestore that allows outbound NFS traffic to the private IP range of the front-end web servers.
Q 23 / 81
1.
Restore the instance from the last AMI image. System status checks indicate that the filesystem on the instance is corrupted.
2.
Stop and start the instance. This will move the instance to another host.
3.
Contact AWS support. Failing a system status check indicates a failure in the underlying hardware and must be addressed by an AWS representative.
4.
Reboot the instance. This will stop and start the instance and move it to another host.
Q 24 / 81
1.
Windows Server 2016 supports S3 as a target when using storage replicas.
2.
Use Storage Gateway.
3.
Sync files directly to S3 with the AWS CLI.
4.
Use the RDS console to force a reboot of the database instance so that the primary server becomes the master server again.
Q 25 / 81
1.
PostgreSQL cannot be replicated across regions. Restore the database backups from an S3 bucket and repoint your database connections to the new instance.
2.
Create Read Replicas in other AWS regions. You can designate a new master database from any of the read replicas until the regional failure is resolved.
3.
Verify that your instance is configured for Multi-AZ support. Database changes will be automatically synced to another region in the event of a failure and RDS will automatically select a new master until the regional failure is resolved.
4.
Create Read Replicas in other AWS regions. Ensure read operations against the database occur on an available Read Replica, and send write operations to another region if you need to promote a Read Replica to a standalone database if the master is down.
Q 26 / 81
1.
Create a security group rule that allows all traffic from 0.0.0.0/0. This will verify whether or not another rule is denying the traffic.
2.
Verify that the assigned security groups allow traffic from your IP address to port 5432. Verify that PostgreSQL is configured to listen to external traffic and is bound to the public interface.
3.
Make sure that you are using an Elastic IP and that it is included within the `postgresql.conf` configuration file.
4.
Stop and start the instance. New security group rules will only take effect after a restart.
Q 27 / 81
json { "Sid": "bucketpolicy1", "Effect": "Allow", "Principal": "*", "Action": "s3:GetObject", "Resource": "arn:aws:s3:::userreports/*", "Condition": { "IpAddress": { "aws:SourceIp": "68.249.108.0/24" }, "NotIpAddress": { "aws:SourceIp": "68.249.108.128/32" } } }
1.
bucketpolicy1 allows any user to perform any action on the objects in the userreports bucket, but limits the objects to read-only permissions for anyone coming from 68.249.108.0 to 68.249.108.255 - except 68.249.108.128.
2.
bucketpolicy1 allows any user coming from the IP range of 68.249.108.0 to access objects in the userreports bucket and denies access to 68.249.108.128.
3.
bucketpolicy1 allows any user to perform any action on the objects in the userreports bucket - except anyone coming from the IP of 68.249.108.128.
4.
bucketpolicy1 allows any user coming from the IP range of 68.249.108.0 to 68.249.108.255 to access objects in the userreports bucket-except anyone coming from the IP of 68.249.108.128.
Q 28 / 81
1.
Give the new developer the IAM login that is assigned to the development team. This IAM user should already include all of the policies that a developer would need.
2.
Create a IAM user for the new developer. Manually assign policies to the new IAM user account.
3.
Do not give the new developer access to the AWS console. Using the IAM user that is assigned to the development group, generate a new set of access keys and label these with the name of the developer.
4.
Create a IAM user for the new developer. Assign the new developer the a developer group you already created for the other developers.
Q 29 / 81
1.
Use the instance storage to serve temporary files that require low I/O latency.
2.
Use the instance storage to handle files uploaded by your users. Since it is more secure than an EBS volume, you can isolate any malicious files from infecting your server.
3.
Instance storage is faster than EBS volumes, so install the root of the operating system on this volume to speed up server performance.
4.
Instance storage is a deprecated option for storage and should not be used.
Q 30 / 81
1.
Use Sysprep to shut down the instance during a maintenance window. Create an AMI image and place both servers behind Application Load Balancer with sticky sessions.
2.
Launch a new EC2 with the latest version of Windows Server and install the application again. Use Application Load Balancer and sticky sessions to balance between both servers.
3.
Create a clone of the server using an AMI image and user Application Load Balancer to balance the traffic between both instances using sticky sessions.
4.
Horizontal scaling is not the best practice in this situation. Increase the size of the existing EC2 instance and vertically scale the application.
Q 31 / 81
yaml FlowLog: Type: AWS::EC2::FlowLog Properties: DeliverLogsPermissionArn: !GetAtt IamRole.Arn LogGroupName: FlowLogsGroup ResourceId: !Ref LogVpcId ResourceType: VPC TrafficType: ALL
1.
It writes the VPC network flow logs to the CloudWatch FlowLogsGroup log group. You could use this to inspect the network connections of your VPC.
2.
It logs all of the network traffic within a VPC except Instance IDs defined by LogVpcID and logs it to the CloudWatch FlowLogsGroup log group.
3.
It logs all the network traffic going to and from a single EC2 instance into the CloudWatch FlowLogsGroup log group. You could use this to inspect suspicious network traffic coming into an EC2 instance.
4.
It logs all of the DNS requests made by resources within a VPC and logs them to the CloudWatch FlowLogsGroup. Use this to diagnose DNS lookup errors within your environment.
Q 32 / 81
1.
The running container count for each service from within CloudWatch.
2.
The instance health of each EC2 instance in your cluster from within CloudWatch.
3.
Monitor the EC2 service dashboard. Watch for posted outages to the ECS service.
4.
The memory consumption of each EC2 instance in your cluster from within CloudWatch.
Q 33 / 81
1.
A request with a HTTP header of X-Requested-With: staging can be routed to a target group for an ECS service in your staging environment.
2.
Source IPs matching 192.0.2.0/24 on a listener port of 1433 can be routed to a target group for an RDS for SQL Server cluster.
3.
A path of /signup* can be routed to a target group for a Lambda function that processes new user registrations.
4.
An Http POST query string of ? action=createuser can be routed to a target group for an ECS service.
Q 34 / 81
1.
creates a cloud-based network to interconnect a set of virtual servers and appliances
2.
creates a secure tunnel between two networks
3.
creates a shared storage plane for application data to be shared across multiple instances.
4.
creates a private network that is completely isolated from the public internet.
Q 35 / 81
1.
Yes, you can lose it if you reboot the instance.
2.
Yes, you can lose it if you stop and start the instance.
3.
No, you will never lose the public IP address for your instance.
4.
Yes, you can lose it when you edit the instance properties and release the IP address.
Q 36 / 81
1.
an S3 bucket, synced with the database backups via a script that calls the AWS CLI
2.
EBS volume attached to the instance
3.
instance attached to the instance
4.
instance storage, with a script that replicates the database backups to another instance in a different availability zone.
Q 37 / 81
1.
You can have only 10 internet gateways per region on a new AWS account.
2.
You can have only 10 VPCs per region on a new AWS account
3.
You cannot create a CIDR block with a netmask larger than /16
4.
You can have only 10 subnets within a VPC
Q 38 / 81
1.
Issue another stop action via the EC2 console, and choose the option to forcefully stop the instance.
2.
Create an AMI image of the instance, and choose the option to take the image without restarting the instance.
3.
Edit the instance properties and increase the instance size.
4.
Contact AWS support. Any further actions could corrupt the file system.
Q 39 / 81
1.
AWS does not have a way to separate billing for compute costs, so you will need to design a way to split the budget between departments.
2.
New AWS accounts are limited to 20 on-demand EC2 instances. Submit a request to increase your rate limits before starting a migration.
Q 40 / 81
1.
ELK stack: Elasticsearch, Loggly, and Kibana
2.
PRTG
3.
New Relic
4.
Datadog
Q 41 / 81
1.
Turn on CloudWatch Auto Recovery and put monitors on the System Status and Instance Status checks for the instance to notify you when either is in alarm.
2.
Use CloudWatch to put monitors on the remaining CPU credits. If you run out of CPU credit the instance will be stopped.
Q 42 / 81
1.
EC2 Auto Scaling groups
2.
AWS Shield Advanced
3.
RDS Read Replicas
4.
all of these answers
Q 43 / 81
1.
Establish a connection with AWS Direct Connect.
2.
Use the AWS Client VPN.
3.
Install a OpenVPN server on an instance that is located within the subnet with an elastic IP.
4.
All of these options can establish a connection to a private subnet.
Q 44 / 81
aws ec2 disassociate-address --association-id eipassoc-2bebb712 aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a aws ec2 release-address --association-id eipassoc-2bebb712 aws ec2 assign-address --instance-id i-8b953 --allocation-id eipalloc-02d021a aws ec2 stop-instances --instance-ids i-8b953 wait 30 aws ec2 disassociate-address --association-id eipassoc-2bebb712 aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a aws ec2 start-instances --instance-ids i-8b953 aws ec2 release-address --association-id eipassoc-2bebb712 aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
1.
A
2.
B
3.
C
4.
D
Q 45 / 81
1.
Lightsail
2.
Elastic Container Service (ECS)
3.
Elastic Compute Cloud (EC2)
4.
All of these services can host a Docker container.
Q 46 / 81
![image](images/002.png)
1.
All objects within this bucket are assigned public access and could be readable or writable by anyone on the internet. Ensure no sensitive data is being publicly shared within this bucket.
2.
All objects within this bucket are writable, which means that the public internet has the ability to upload any file directly to your S3 bucket. Your S3 bucket could be used to serve malware.
3.
Some objects within this bucket are assigned public access. Verify that any publicly shared objects within this bucket contain no sensitive data.
4.
Objects within this bucket can be made public, if the ACL on that object is set to allow everyone access. Private buckets do not allow you to set public permissions on any object.
Q 47 / 81
1.
Revoke the AdministratorAccess role or grant it to another IAM user.
2.
Create a new hosted zone in Route 53.
3.
Delete the AWS account.
4.
Modify the billing details.
Q 48 / 81
1.
Configure SES to send all bounce events to an SNS topic. Create a Lambda function that processes each hard bounce event and automatically flags that account as a bounce in your application to prevent further sending attempts.
2.
Configure SES to no longer send to email addresses that are on your bounce list.
3.
Configure SES to send the logs of all delivery attempts through Kinesis Firehose. Process each event and look for bounce types and remove these emails from your list.
4.
Send all emails through SES with a custom reply-to header. Configure SES to listen for events on this email address and flag any email address that replies to this account as a bounced message and remove it from your email list.
Q 49 / 81
1.
Use Web Application Firewall and create a geo match condition to drop all requests from countries that aren't on your allow list.
2.
Use Application Load Balancer to create a new routing rule that looks at source IP address. Add an IP block for the countries that have access.
3.
Host the front end of your website in CloudFront and configure a geo restriction on the distribution.
4.
Use CloudTrail to monitor the IP addresses of the bad requests. Use Lambda to add these IP addresses to an Application Load Balancer rule that blocks the IPs.
Q 50 / 81
1.
Turn on auto update in Windows Update on each EC2 that is launched, or create your own AMI with this feature enabled and launch all of your EC2 instances from this AMI.
2.
Create a maintenance schedule that an employee must fill out each week confirming a visual inspection of each instance was conducted and which patches were applied.
3.
Use AWS Systems Manager Patch Manager to find an patch instances that require updates during a set maintenance window.
4.
Install Window Server Update Services on your primary Active Directory controller.
Q 51 / 81
1.
Chef
2.
Ansible
3.
Puppet
4.
Vagrant
Q 52 / 81
1.
RDS will automatically increase the allocated space by 10% and will send the AWS root account an email with resolution steps. Allocate more space to avoid overage charges.
2.
The database instance will report a STORAGE_FULL status and become inaccessible if the instance does not have enough remaining storage to operate. Allocate more space to the instance.
3.
SQL Server will close all existing connections to the databases and attempt to shrink its log files to reclaim storage space.
4.
RDS will automatically increase the allocated space by 5% and will continue to allocate new space up to 50% of the orginal allocated space. When storage space has increase 50%, RDS will automatically stop the instance to preserve data integrity.
Q 53 / 81
1.
Use a Network Load Balancer to distribute the traffic across your servers. Use UDP health checks to determine if the server is available to receive traffic.
2.
Use Route 53 with HTTP health checks. Create an application on the server to report the readiness status of the vendor-provided server software to Route 53 via HTTP.
3.
Use Route 53 with UDP health checks. As you scale up, Route 53 wiwll route the traffic to the new servers if they pass the health checks.
4.
Use Application Load Balancer to distribute the traffic across your servers.
Q 54 / 81
![image](https://user-images.githubusercontent.com/8637045/112515574-c077e780-8d6c-11eb-96a6-11f27a0547cf.png)
1.
The outbound rules block UDP port 53, so the server will not be able to resolve any DNS lookups.
2.
The outbound rules do not allow for HTTP traffic to leave the instance, so inbound HTTP requests will fail because the clients will never get HTTP responses.
3.
The incoming SSH port should not be open to the public. Limit SSH to a single IP address or IP range of controlled addressed, or use a VPN to access the VPC for this server.
4.
The all incoming TCP ports are exposed, which overrides the HTTP and SSH rules and exposes all TCP ports to the public internet.
Q 55 / 81
1.
CloudWatch
2.
GuardDuty
3.
Shield
4.
Security Advisor
Q 56 / 81
1.
CloudFront
2.
An EC2 instance launched from the official WordPress AMI
3.
S3
4.
Lightsail
Q 57 / 81
1.
S3 Standard
2.
S3 Intelligent-Tiering
3.
S3 Glacier
4.
S3 One Zone-Infrequent Access
Q 58 / 81
1.
Neptune
2.
Aurora
3.
RDS for SQL Server
4.
Redshift
Q 59 / 81
1.
scale based on a schedule
2.
manual scaling
3.
scale based on demand
4.
maintain current levels at all times
Q 60 / 81
1.
Rewrite the parts of your application that use RabbitMQ to use SQS.
2.
Launch a RabbitMQ cluster with EC2 instances using a supported AMI.
3.
Rewrite the parts of your application that use RabbitMQ to use Kinesis.
4.
Rewrite the parts of your application that use RabbitMQ to use Amazon MQ.
Q 61 / 81
1.
replicates backups of your database to S3 and makes them available across regions to prevent against any data loss
2.
creates a second passive database instance within the same region that will become the primary database during a failover
3.
creates a highly available database cluster that will host your database cluster in at least two regions
4.
creates another database instance in another region and keeps a hot standby active to failover to during regional failures
Q 62 / 81
1.
C5
2.
T2
3.
R5
4.
H1
Q 63 / 81
aws ec2 stop-instances --instance-ids i-0b263919b6498b123 aws ec2 start-instances --instance-ids i-0b263919b6498b123 aws ec2 reboot-instances --instance-ids i-0b263919b6498b123 aws ec2 reboot-instances --instance-ids i-0b263919b6498b123 wait 30 aws ec2 start-instance --instance-ids i-0b263919b6498b123 aws ec2 reboot-instances --instance-ids i-0b263919b6498b123 aws ec2 start-instances --instance-ids i-0b263919b6498b123
1.
A
2.
B
3.
C
4.
D
Q 64 / 81
Add another rule that allows for SSH access from a secured source, such as a single IP or a range of managed IP addresses. secured, this rule allows all traffic to pass through that is also assigned security group sg-269afc5e. overwrites the incoming HTTP rule.
1.
All traffic on all ports is being denied into this instance, which overwrites the HTTP rule and makes it redundant.
2.
The instance was launched with the default security group, but there is no way for an administrator to SSH into the instance.
3.
There is nothing wrong with this security group rule. Assuming that sg-269afc5e is applied to other resources that are properly
4.
?> All traffic on all ports are allowed into this instance. This exposes the instance to all public internet traffic and
Q 65 / 81
![image](images/003.png) Destination 1: 10.0.0.0/16, Target 1: local; Destination 2: 0.0.0.0/0, Target 2: nat-09b4832 Destination 1: 10.0.0.0/24, Target 1: local; Destination 2: 0.0.0.0/0, Target 2: igw-b2ff47d6 Destination 1: 10.0.0.0/24, Target 1: subnet-1948ba2; Destination 2: 0.0.0.0/0, Target 2: nat-09b4832 Destination 1: 10.0.0.0/16, Target 1: vpc-12bd09ac2; Destination 2: 0.0.0.0/0, Target 2: igw-b2ff47d6
1.
A
2.
B
3.
C
4.
D
Q 66 / 81
1.
CloudTrail
2.
CloudWatch
3.
AWS Audit and Compliance Tool
4.
GuardDuty
Q 67 / 81
the report with a link to download it. What is the best practice for storing the report data in S3? folder names and place the file within the deepest subfolder. Set the retention policy on the object to one hour and email this link to the user. The link will be active for one hour. unique object name. Email this link to the user and have a scheduled task run within your application to remove objects that are older than seven days. session or force the user to log in. After verifying the user has rights to access this file, have the application retrieve the object from S3 and return it in the HTTP response. Delete the file from the S3 bucket after the request is completed. session or force the user to log in. Set the report object in S3 to public. Show the user a "Download" button in the browser that links to the public object.
1.
Create a public S3 bucket. When your application creates the report object in S3, generate two randomly generated long
2.
Create a public S3 bucket. Use a hash of the user's email address and the date and time the report was requested to generate a
3.
Create a private S3 bucket. The link in the email should take the user to your application, where you can verify the active user
4.
Create a private S3 bucket. The link in the email should take the user to your application, where you can verify the active user
Q 68 / 81
1.
your complaint and bounce rates
2.
opens and clicks
3.
clicks and deliveries
4.
sending volume over the past 15 minutes and over one day to watch for billing spikes
Q 69 / 81
scaling or database administration tasks?
1.
Launch an AMI image from the marketplace containing a preconfigured MySQL server.
2.
Aurora
3.
RDS for MySQL
4.
Redshift
Q 70 / 81
![image](images/004.png) IF (all match) Path is /signup* Query string is signup:new Then Forward to ecs-cluse-service <there is a typo - yes! IF (all match) Path is /sign/new/& Query request method is POST Then Forward to ecs-cluse-service
1.
A
2.
B
3.
C ...One more with POST
4.
D ...Only one with Get
Q 71 / 81
1.
S3
2.
Elastic BeanStalk
3.
ElasticCache
4.
CloudFront
Q 72 / 81
aws ecs create-service --cluster production --service-name rest-api --task-definition rest-api:1 --desired-count 2 --launch-type "FARGATE" --network-configuration "awsvpcConfiguration={subnets=[subnet-0b29129ab],securityGroups=[sg-0b29129ab]}"
1.
changes the security groups of the running **rest-api** task
2.
creates a cluster called **production** and launches two containers into Fargate with the **rest-api** task definition
3.
launches two containers onto Fargate into the existing **production** cluster using the **rest-api** task definition
4.
creates a service definition for the **rest-api** task; put two containers on the production cluster when launched **ecs-cli** up command
Q 73 / 81
1.
Create a single API gateway endpoint in a central region.
2.
Create a private API gateway endpoint for each region.
3.
Create a regional API gateway endpoint for each region.
4.
Create edge-optimized API gateway endpoints and deploy them to a CloudFront network.
Q 74 / 81
1.
Amazon DynamoDB
2.
AWS Lake Formation
3.
Amazon Redshift
4.
Amazon Aurora
Q 75 / 81
1.
Use a Classic Load Balancer, not Application Load Balancer.
2.
Application Load Balancer does not preserve the original source IP address. The analytics software needs to be configured to look at the 'X-Forwarded-For' HTTP request header for the correct source IP address.
3.
Application Load Balencer has to be configured to retain the source IP address of the traffic it is forwarding. Create a policy that enables ProxyProtocol support and attach it to the ALB using the AWS CLI.
4.
Configure the web server EC2 instances to only have private IP addresses. The public IP addresses of the instances are being recorded into the web server logs, bug only ALB should have a public interface and it will route traffic to instances via the private interface.
Q 76 / 81
1.
ubuntu
2.
system-user
3.
ec2-user
4.
admin
Q 77 / 81
1.
Use Route 53 with geolocation lookups to direct traffic between the two regions.
2.
Create a WAF redirection rule that redirects traffic at the EU data center if the source IP comes from certain countries.
3.
Purchase a country domain extension and direct your users to the correct site, such as example.com and example.co
4.
Have your front-end application test the latency between each data center and use the data center that is responding the fastest.
Q 78 / 81
1.
Replicate your infrastructure across two regions. You will harden the application to a regional failure and you will double your capacity.
2.
Take an AMI image of a front-end server to save your configuration and then add more servers to your cluster pror to the conference. Remove the servers from the cluster after the spike from the conference.
3.
Test to determine your throughput and how many users you can support. Develop a scaling plan for your front end, microservices, and database based on CloudWatch metrics that align with the tested bottlenecks.
4.
Use Auto Scaling groups to create more front-end servers when the CloudWatch metrics for CPU usage on a single instance rise above 80% for five minutes.
Q 79 / 81
1.
Stop the instance and create an AMI image. Launch the image using a new key pair.
2.
Contact AWS support. A support specialist can remotely restore access to your instance and send you a new key pair.
3.
You can not connect to this EC2 instance. The key pair is displayed only one time. If you lose it, you have lost all access to this instance. Connect the EBS volume to another instance to recover your files.
4.
Attach the EBS volume to a temporary instance launched with a new key pair, and overwrite ~/.ssh.authorized_keys using the same file from the new instance.
Q 80 / 81
![image](images/Q80.png)
1.
Establish a connection between your two data centers and connect the second data center to the first through a private tunnel. Traffic will flow from the second data center and then through the first data, and then into AWS.
2.
Create a second customer gateway and configure your VPN client at your second data center to connect to the virtual private gateway.
3.
Create a second virtual private gateway (VPG) and attach it to the VPC. Create a customer gateway for the new virtual private gateway and use your VPN client at your second data center to establish a connection to the VPG.
4.
You can not have more than one customer gateway per VPC, so the proposed solution will not work. Create a second VPC with a virtual private gateway and a customer gateway. Bridge the two VPCs using VPC peering.
Q 81 / 81