AWS Sysops AA - ver 3

Question

A customer is using AWS for Dev and Test. The customer wants to setup the Dev environment with Cloudformation. Which of the below mentioned steps are not required while using Cloudformation?

Answer 1

Create a stack

Answer 2

Configure a service

Answer 3

Create and upload the template

Answer 4

Provide the parameters configured as part of the template

Answer 5

The user should select all objects from the console and apply a single policy to mark them public

Answer 6

The user can write a program which programmatically makes all objects public using S3 SDK

Answer 7

Set the AWS bucket policy which marks all objects as public

Answer 8

Make the bucket ACL as public so it will also mark all objects as public

Answer 9

Stop one of the instances and change the availability zone

Answer 10

The zone can only be modified using the AWS CLI

Answer 11

From the AWS EC2 console, select the Actions – > Change zones and specify new zone

Answer 12

Create an AMI of the running instance and launch the instance in a separate AZ

Answer 13

ELB sends data to CloudWatch every minute only and does not charge the user

Answer 14

ELB will send data every minute and will charge the user extra

Answer 15

ELB is not supported by CloudWatch

Answer 16

It is not possible to setup detailed monitoring for ELB

Answer 17

The user should not use RI; instead only go with the on-demand pricing

Answer 18

The user should use the AWS high utilized RI

Answer 19

The user should use the AWS medium utilized RI

Answer 20

The user should use the AWS low utilized RI

Answer 21

The root account owner should create a bucket policy which allows the IAM users to upload the object

Answer 22

The root account owner should create the bucket policy which allows the other account owners to set the object policy of that bucket

Answer 23

The root account should use ACL with the bucket to allow everyone to upload the object

Answer 24

The root account should create the IAM users and provide them the permission to upload content to the bucket

Answer 25

AWS Mechanical Turk

Answer 26

Auto Scaling

Answer 27

The user can set the alarm state to `Alarm’ using CLI

Answer 28

Run the SNS action manually

Answer 29

From the AWS console change the state to `Alarm’

Answer 30

Run activities on the CPU such that its utilization reaches above 75%

Answer 31

AWS S3 with 1 GB of storage

Answer 32

AWS micro instance running 24 hours daily

Answer 33

AWS ELB running 24 hours a day

Answer 34

AWS PIOPS volume of 10 GB size

Answer 35

Delete the unutilized EBS volumes once the instance is terminated

Answer 36

Delete the AutoScaling launch configuration after the instances are terminated

Answer 37

Release the elastic IP if not required once the instance is terminated

Answer 38

Delete the AWS ELB after the instances are terminated

Answer 39

Allow Inbound traffic on port 22 from the user’s network

Answer 40

The user has to create an instance in EC2 Classic with an elastic IP and configure the security group of a private subnet to allow SSH from that elastic IP

Answer 41

The user can connect to a instance in a private subnet using the NAT instance

Answer 42

Allow Inbound traffic on port 80 and 22 to allow the user to connect to a private subnet over the Internet

Answer 43

Increase the number of nodes in your cluster

Answer 44

Tweak the max-item-size parameter

Answer 45

Shrink the number of nodes in your cluster

Answer 46

Increase the size of the nodes in the duster

Answer 47

Reduces the latency by splitting the workload across multiple AZs

Answer 48

A simple web services interface to create and store multiple data sets, query your data easily, and return the results

Answer 49

Offload the read traffic from your database in order to reduce latency caused by read-heavy workload

Answer 50

Managed service that makes it easy to set up, operate and scale a relational database in the cloud

Answer 51

The user can find the data by giving the exact values in the time Tab under CloudWatch metrics.

Answer 52

The user can find the data by filtering values of the last 1 week for a 1 hour period in the Relative tab under CloudWatch metrics.

Answer 53

It is not possible to find the exact time from the console. The user has to use CLI to provide the specific time.

Answer 54

The user can find the data by giving the exact values in the Absolute tab under CloudWatch metrics.

Answer 55

No, copy AMI does not copy the permission

Answer 56

It is not possible to share the AMI with a specific account

Answer 57

Yes, since copy AMI copies all private account sharing permissions

Answer 58

Yes, since copy AMI copies all the permissions attached with the AMI

Answer 59

Copy the running instance using the “Instance Copy” command to the EU region

Answer 60

Create an AMI of the instance and copy the AMI to the EU region. Then launch the instance from the EU AMI

Answer 61

Copy the instance from the US East region to the EU region

Answer 62

Use the “Launch more like this” option to copy the instance from one region to another

Answer 63

It is not possible to setup detailed monitoring for Auto Scaling

Answer 64

In this case, Auto Scaling will send data every minute and will charge the user extra

Answer 65

Detailed monitoring will send data every minute without additional charges

Answer 66

Auto Scaling sends data every minute only and does not charge the user

Answer 67

Auto Scaling will execute both processes but will add just one instance on the 1st

Answer 68

Auto Scaling will add two instances on the 1st of the month

Answer 69

Auto Scaling will schedule both the processes but execute only one process randomly

Answer 70

Auto Scaling will throw an error since there is a conflict in the schedule of two separate Auto Scaling Processes

Answer 71

It is not possible to get the notifications on a change in the security group

Answer 72

Configure SNS to monitor security group changes

Answer 73

Configure event notification on the DB security group

Answer 74

Configure the CloudWatch alarm on the DB for a change in the security group

Answer 75

The user should create a separate IAM user for each employee and provide access to them as per the policy

Answer 76

The user should create an IAM role and attach STS with the role. The user should attach that role to the EC2 instance and setup AWS authentication on that server

Answer 77

The user should create IAM groups as per the organization’s departments and add each user to the group for better access control

Answer 78

Attach an IAM role with the organization’s authentication service to authorize each user for various AWS services

Answer 79

Notify the Auto Scaling launch config to scale up

Answer 80

Send an SMS using SNS

Answer 81

Notify the Auto Scaling group to scale down

Answer 82

Stop the EC2 instance

Answer 83

There is no need for a security group modification as all the instances can communicate with each other inside the same subnet

Answer 84

Configure the subnet as the source in the security group and allow traffic on all the protocols and ports

Answer 85

Configure the security group itself as the source and allow traffic on all the protocols and ports

Answer 86

The user has to use VPC peering to configure this

Answer 87

Increase the desired capacity of the Auto Scaling group

Answer 88

Increase the maximum limit of the Auto Scaling group

Answer 89

Launch an instance manually and register it with ELB on the fly

Answer 90

Decrease the minimum limit of the Auto Scaling grou

Answer 91

Only the account that has purchased the RI will get the advantage of RI pricing

Answer 92

One instance of a small size and running in the US-East-1a zone of each AWS account will get the benefit of RI pricing

Answer 93

Any single instance from all the three accounts can get the benefit of AWS RI pricing if they are running in the same zone and are of the same size

Answer 94

If there are more than one instances of a small size running across multiple accounts in the same zone no one will get the benefit of RI

Answer 95

View the Auto Scaling CPU metrics

Answer 96

Aggregate the data over the instance AMI ID

Answer 97

The user has to use the CloudWatchanalyser to find the average data across instances

Answer 98

It is not possible to see the average CPU utilization of the same AMI ID since the instance ID is different

Answer 99

AWS Glacier

Answer 100

Setting up a NAT with the proxy protocol and configure that the public subnet receives traffic from NAT

Answer 101

Settin up a proxy policy in the internet gateway connected with the public subnet

Answer 102

It is not possible to setup the proxy policy for a public subnet

Answer 103

Setting the route table and security group of the public subnet which receives traffic from a virtual private gateway

Answer 104

In a Multi AZ, AWS runs two DBs in parallel and copies the data asynchronously to the replica copy

Answer 105

In a Multi AZ, AWS runs two DBs in parallel and copies the data synchronously to the replica copy

Answer 106

In a Multi AZ, AWS runs just one DB but copies the data synchronously to the standby replica copy

Answer 107

AWS MS SQL does not support the Multi AZ feature

Answer 108

ELB sticky session

Answer 109

ELB deregistration check

Answer 110

ELB connection draining

Answer 111

ELB auto registration Off

Answer 112

AWS Simple Notification Service

Answer 113

AWS Simple Workflow

Answer 114

AWS Simple Queue Service

Answer 115

AWS Simple Query Service

Answer 116

The user needs to use AWS CLI or API to upload the data

Answer 117

The user can use the AWS Import Export facility to import data to CloudWatch

Answer 118

The user will upload data from the AWS console

Answer 119

The user cannot upload data to CloudWatch since it is not an AWS service metric

Answer 120

ELB will ask the user whether to delete the instances or not

Answer 121

Instances will be terminated

Answer 122

ELB cannot be deleted if it has running instances registered with it

Answer 123

Instances will keep running

Answer 124

Use the IAM groups and add users as per their role to different groups and apply policy to group

Answer 125

The user can create a policy and apply it to multiple users in a single go with the AWS CLI

Answer 126

Add each user to the IAM role as per their organization role to achieve effective policy setupAdd each user to the IAM role as per their organization role to achieve effective policy setup

Answer 127

Use the IAM role and implement access at the role level

Answer 128

The user can use the CloudWatch Import tool

Answer 129

The user should be able to see the data in the console after around 15 minutes

Answer 130

If the user is uploading the custom data, the user must supply the namespace, timezone, and metric name as part of the command

Answer 131

The user can view as well as upload data using the console, CLI and APIs

Answer 132

The user should send only the data of the 60th second as CloudWatch will map the receive data timezone with the sent data timezone

Answer 133

It is not possible to send the custom metric to CloudWatch every minute

Answer 134

Give CloudWatch the Min, Max, Sum, and SampleCount of a number of every minute

Answer 135

Calculate the average of one minute and send the data to CloudWatch

Answer 136

http://sqs.us-east-1.amazonaws.com/123456789012/myqueue

Answer 137

http://sqs.amazonaws.com/123456789012/myqueue

Answer 138

http://sqs.123456789012.us-east-1.amazonaws.com/myqueue

Answer 139

http://123456789012.sqs.us-east-1.amazonaws.com/myqueue

Answer 140

RDS will have an internal IP which will redirect all requests to the new DB

Answer 141

RDS uses DNS to switch over to stand by replica for seamless transition

Answer 142

The switch over changes Hardware so RDS does not need to worry about access

Answer 143

RDS will have both the DBs running independently and the user has to manually switch over

Answer 144

Cloudformation follows the DevOps model for the creation of Dev & Test.

Answer 145

AWS Cloudfromation does not charge the user for its service but only charges for the AWS resources created with it.

Answer 146

Cloudformation works with a wide variety of AWS services, such as EC2, EBS, VPC, IAM, S3, RDS, ELB, etc.

Answer 147

CloudFormation provides a set of application bootstrapping scripts which enables the user to install Software.

Answer 148

Create a new stack within Opsworks add the appropriate layers to the stack and deploy the application.

Answer 149

Create a new application within Elastic Beanstalk and deploy this application to a new environment.

Answer 150

Launch a Mode JS server from a community AMI and manually deploy the application to the launched EC2 instance.

Answer 151

Launch and configure Chef Server on an EC2 instance and leverage the AWS CLI to launch application servers and configure those instances using Chef.

Answer 152

Denies the server with the IP address 192 168 100 0 full access to the “mybucket” bucket

Answer 153

Denies the server with the IP address 192 168 100 188 full access to the “mybucket” bucket

Answer 154

Grants all the servers within the 192 168 100 0/24 subnet full access to the “mybucket” bucket

Answer 155

Grants all the servers within the 192 168 100 188/32 subnet full access to the “mybucket” bucket

Answer 156

Amazon RDS

Answer 157

Amazon EBS

Answer 158

Amazon Red shift

Answer 159

The IP of the primary DB instance is switched to the standby OB instance

Answer 160

The RDS (Relational Database Service) DB instance reboots

Answer 161

A new DB instance is created in the standby availability zone

Answer 162

The canonical name record (CNAME) is changed from primary to standby

Answer 163

Enable versioning on your S3 Buckets

Answer 164

Configure your S3 Buckets with MFA delete

Answer 165

Create a Bucket policy and only allow read only permissions to all users at the bucket level

Answer 166

Enable object life cycle policies and configure the data older than 3 months to be archived in Glacier

Answer 167

Tag your resources with the application name, and select the tag name as the dimension in the Cloudwatch Management console to view the respective graphs.

Answer 168

Use the Cloud Watch CLI tools to pull the respective metrics from each regional .endpointAggregate the data offline & store it for graphing in CloudWatch.

Answer 169

Add SNMP traps to each instance and DynamoDB table. Leverage a central monitoring server to capture data from each instance and table. Put the aggregate data into Cloud Watch for graphing.

Answer 170

When configuring the agent set the appropriate application name & view the graphs in CloudWatch.

Answer 171

The configuration of a MAT instance

Answer 172

The configuration of the Routing Table

Answer 173

The configuration of the internet Gateway (IGW)

Answer 174

The configuration of SRC’DST checking

Answer 175

Data transfer of an EC2 instance

Answer 176

Disk usage activity of an EC2 instance

Answer 177

Memory Utilization of an EC2 instance

Answer 178

CPU Utilization of an EC2mstance

Answer 179

ELB’s normal behavior sends requests from the same user to the same backend instance.

Answer 180

ELB’s behavior when sticky sessions are enabled causes ELB to send requests in the same session to the same backend instance.

Answer 181

A faulty browser is not honoring the TTL of the ELB DNS name.

Answer 182

The web application uses long polling such as comet or websockets. Thereby keeping a connection open to a web server for a long time.

Answer 183

Ensure the application instances are properly configured with an Elastic Load Balancer

Answer 184

Ensure the application instances are launched in private subnets with the EBS-optimized option enabled

Answer 185

Ensure the application instances are launched in public subnets with the associate-public-IP address=true option enabled

Answer 186

Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size

Answer 187

Route53 record sets with weighted routing policy

Answer 188

Route53 record sets with latency based routing policy

Answer 189

Auto Scaling with scheduled scaling actions set

Answer 190

Elastic Load Balancing with health checks enabled

Answer 191

Use the S3 copy API to replicate data between two S3 buckets in different regions

Answer 192

You do not need to implement anything since S3 data is automatically replicated between regions

Answer 193

Use the S3 copy API to replicate data between two S3 buckets in different facilities within an AWS Region

Answer 194

You do not need to implement anything since S3 data is automatically replicated between multiple facilities within an AWS Region

Answer 195

Create a second, independent LOAP server in AWS for your application to use for authentication

Answer 196

Establish a VPN connection so your applications can authenticate against your existing on-premises LDAP servers

Answer 197

Establish a VPN connection between your data center and AWS create a LDAP replica on AWS and configure your application to use the LDAP replica for authentication

Answer 198

Create a second LDAP domain on AWS establish a VPN connection to establish a trust relationship between your new and existing domains and use the new domain for authentication

Answer 199

Gather evidence of your IT operational controls

Answer 200

Request and obtain applicable third-party audited AWS compliance reports and certifications

Answer 201

Request and obtain a compliance and security tour of an AWS data center for a pre-assessment security review

Answer 202

Request and obtain approval from AWS to perform relevant network scans and in-depth penetration tests of your system’s Instances and endpoints

Answer 203

Schedule meetings with AWS’s third-party auditors to provide evidence of AWS compliance that maps to your control objectives

Answer 204

Consolidate your accounts so you have a single bill for all accounts and projects.

Answer 205

Set up auto scaling with CloudWatch alarms using SNS to notify you when you are running too many Instances in a given account.

Answer 206

Set up CloudWatch billing alerts for all AWS resources used by each project, with a notification occurring when the amount for each resource tagged to a particular project matches the budget allocated to the project.

Answer 207

Set up CloudWatch billing alerts for all AWS resources used by each account, with email notifications when it hits 50%. 80% and 90% of its budgeted monthly spend.

Answer 208

Create an IAM role with the Put MetricData permission and modify the Auto Scaling launch configuration to launch instances in that role

Answer 209

Create an IAM user with the PutMetricData permission and modify the Auto Scaling launch configuration to inject the userscredentials into the instance User Data

Answer 210

Modify the appropriate Cloud Watch metric policies to allow the Put MetricData permission to instances from the Auto Scaling group

Answer 211

Create an IAM user with the PutMetricData permission and put the credentials in a private repository and have applications on the server pull the credentials as needed

Answer 212

Configure multi-factor authentication for privileged 1AM users

Answer 213

Create IAM users for privileged accounts

Answer 214

Implement identity federation between your organization’s Identity provider leveraging the 1AM Security Token Service

Answer 215

Enable the IAM single-use password policy option for privileged users

Answer 216

Each tag will have a key and value

Answer 217

The user can apply tags to the S3 bucket

Answer 218

The maximum value of the tag key length is 64 unicode characters

Answer 219

AWS tags are used to find the cost distribution of various resources

Answer 220

Programmatic access

Answer 221

AWS bucket to hold the billing report

Answer 222

AWS billing alerts

Answer 223

Monthly Billing report

Answer 224

SendMessageBatch

Answer 225

DeleteMessageBatch

Answer 226

CreateQueue

Answer 227

DeleteMessageQueue

	Created by Linh Phan Van over 6 years ago

Next up

AWS Sysops AA - ver 3

Description

Resource summary

Question 1

Question 2

Question 3

Question 4

Question 5

Question 6

Question 7

Question 8

Question 9

Question 10

Question 11

Question 12

Question 13

Question 14

Question 15

Question 16

Question 17

Question 18

Question 19

Question 20

Question 21

Question 22

Question 23

Question 24

Question 25

Question 26

Question 27

Question 28

Question 29

Question 30

Question 31

Question 32

Question 33

Question 34

Question 35

Question 36

Question 37

Question 38

Question 39

Question 40

Question 41

Question 42

Question 43

Question 44

Question 45

Question 46

Question 47

Question 48

Question 49

Question 50

Question 51

Question 52

Question 53

Question 54

Question 55

Question 56

Question 57

Question 58

Question 59

Question 60

Similar