Question #16
You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB). a fleet of web/ application servers, and an RDS database. The entire Infrastructure must be distributed over 2 availability zones.
Which VPC configuration works while assuring the database is not available from the Internet?
- A. One public subnet for ELB one public subnet for the web-servers, and one private subnet for the database
- B. One public subnet for ELB two private subnets for the web-servers, two private subnets for RDS
- C. Two public subnets for ELB two private subnets for the web-servers and two private subnets for RDS
- D. Two public subnets for ELB two public subnets for the web-servers, and two public subnets for RDS
Correct Answer: C
While using ELB for web applications, ensure that you place all other EC2 instances in private subnets wherever possible. Except where there is an explicit requirement for instances requiring outside world access and Elastic IP attached, place all the instances in private subnets only. In the Amazon VPC environment, only
ELBs must be in the public subnet as secure practice.
You will need to select a Subnet for each Availability Zone where you wish traffic to be routed by your load balancer. If you have instances in only one Availability Zone, please select at least two Subnets in different
Availability Zones to provide higher availability for your load balance
Question #17
An application that you are managing has EC2 instances & Dynamo OB tables deployed to several AWS
Regions in order to monitor the performance of the application globally, you would like to see two graphs:
1) Avg CPU Utilization across all EC2 instances
2) Number of Throttled Requests for all DynamoDB tables.
How can you accomplish this?
- A. Tag your resources with the application name, and select the tag name as the dimension in the Cloudwatch Management console to view the respective graphs
- B. Use the Cloud Watch CLI tools to pull the respective metrics from each regional endpoint Aggregate the data offline & store it for graphing in CloudWatch.
- C. Add SNMP traps to each instance and DynamoDB table Leverage a central monitoring server to capture data from each instance and table Put the aggregate data into Cloud Watch for graphing.
- D. Add a CloudWatch agent to each instance and attach one to each DynamoDB table. When configuring the
Correct Answer: B
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tools.CLI.htmlQuestion #18
When assessing an organization s use of AWS API access credentials which of the following three credentials should be evaluated? (Choose three.)
- A. Key pairs
- B. Console passwords
- C. Access keys
- D. Signing certificates
- E. Security Group memberships
Correct Answer: BCD
AWS provides a number of authentication mechanisms including a console, account IDs and secret keys,
X.509 certificates, and MFA devices to control access to AWS APIs. Console authentication is the most appropriate for administrative or manual activities, account IDs and secret keys for accessing REST-based interfaces or tools, and X.509 certificates for SOAP-based interfaces and tools.
Your organization should consider the circumstances under which it will leverage access keys, x.509certificates, console passwords, or MFA devicesQuestion #19
You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH. and was also serving web requests on port 80.
Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables. IGW’EIP. NACLs etc) are properly configured {and you havent made any changes to those anyway since you were last able to reach the Instance). You look at the EC2 console and notice that system status check shows “impaired.”
Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?
- A. Stop and start the instance so that it will be able to be redeployed on a healthy host system that most likely will fix the “impaired” system status
- B. Reboot your instance so that the operating system will have a chance to boot in a clean healthy state that most likely will fix the ‘impaired” system status
- C. Add another dynamic private IP address to me instance and try to connect via mat new path, since the networking stack of the OS may be locked up causing the “impaired” system status.
- D. Add another Elastic Network Interface to the instance and try to connect via that new path since the networking stack of the OS may be locked up causing the “impaired” system status
- E. un-map and then re-map the EIP to the instance, since the IGWVNAT gateway may not be working
Correct Answer: A
Question #20
What is a placement group?
- A. A collection of Auto Scaling groups in the same Region
- B. Feature that enables EC2 instances to interact with each other via nigh bandwidth, low latency connections
- C. A collection of Elastic Load Balancers in the same Region or Availability Zone
- D. A collection of authorized Cloud Front edge locations for a distribution
Correct Answer: C
A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gigabits per second (Gbps) network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html
