What does Amazon S3 stand for?
A Simple Storage Solution.
B Storage Storage Storage (triple redundancy Storage).
C Storage Server Solution.
D Simple Storage Service.

A.Simple Storage Service.
You must assign each server to at least _____ security group
A 3
B 2
C 4
D 1 -

A:1

Before I delete an EBS volume, what can I do if I want to recreate the volume later?
A Create a copy of the EBS volume (not a snapshot)
B Store a snapshot of the volume
C Download the content to an EC2 instance
D Back up the data in to a physical disk

A:Store a snapshot of the volume
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-deleting-volume.html

Select the most correct answer: The device name /dev/sda1 (within Amazon EC2 ) is _____
A Possible for EBS volumes
B Reserved for the root device
C Recommended for EBS volumes
D Recommended for instance store volumes

A:Reserved for the root device

If I want an instance to have a public IP address, which IP address should I use?
A Elastic IP Address
B Class B IP Address
C Class A IP Address
D Dynamic IP Address

A:Elastic IP Address
http://aws.amazon.com/articles/1346

What does RRS stand for when talking about S3?
A Redundancy Removal System
B Relational Rights Storage
C Regional Rights Standard
D Reduced Redundancy Storage

A:Reduced Redundancy Storage
http://aws.typepad.com/aws/2010/05/new-amazon-s3-reduced-redundancy-storage-rrs.html

All Amazon EC2 instances are assigned two IP addresses at launch, out of which one can only be reached from within the Amazon EC2 network?
A Multiple IP address
B Public IP address
C Private IP address
D Elastic IP Address

A:Private IP address

What does Amazon SWF stand for?
A Simple Web Flow
B Simple Work Flow
C Simple Wireless Forms
D Simple Web Form

A:Simple Work Flow

What is the Reduced Redundancy option in Amazon S3?
A Less redundancy for a lower cost.
B It doesn't exist in Amazon S3, but in Amazon EBS.
C It allows you to destroy any copy of your files outside a specific jurisdiction.
D It doesn't exist at all

Q:Less redundancy for a lower cost.

Fill in the blanks: Resources that are created in AWS are identified by a unique identifier called an _____
A Amazon Resource Number
B Amazon Resource Nametag
C Amazon Resource Name
D Amazon Reesource Namespace

A:Amazon Resource Name
http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html

If I write the below command, what does it do? ec2-run ami-e3a5408a -n 20 -g appserver
A Start twenty instances as members ofappservergroup.
B Creates 20 rules in the security group named appserver
C Terminate twenty instances as members ofappservergroup.
D Start 20 security groups

A:Start twenty instances as members ofappservergroup.
http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-RunInstances.html

While creating an Amazon RDS DB, your first task is to set up a DB ______ that controls what IP addresses or EC2 instances have access to your DB Instance.
A Security Pool
B Secure Zone
C Security Token Pool
D Security Group

A:Security Group
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html

When you run a DB Instance as a Multi-AZ deployment, the "_____" serves database writes and reads
A secondary
B backup
C stand by
D primary

A:primary

Every user you create in the IAM system starts with ______.
A partial permissions
B full permissions
C no permissions

A:no permissions

Can you create IAM security credentials for existing users?
A Yes, existing users can have security credentials associated with their account. --
B No, IAM requires that all users who have credentials set up are not existing users
C No, security credentials are created within GROUPS, and then users are associated to GROUPS at a later time.
D Yes, but only IAM credentials, not ordinary security credentials.

A:Yes, existing users can have security credentials associated with their account. -

What does Amazon EC2 provide?
A Virtual servers in the Cloud.
B A platform to run code (Java, PHP, Python), paying on an hourly basis.
C Computer Clusters in the Cloud.
D Physical servers, remotely managed by the customer.

A:Virtual servers in the Cloud.

Amazon SWF is designed to help users...
A ... Design graphical user interface interactions
B ... Manage user identification and authorisation
C ... Store Web content
D ... Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.

A:Coordinate synchronous and asynchronous tasks which are distributed and fault tolerant.

Can I control if and when MySQL based RDS Instance is upgraded to new supported versions?
A No
B Only in VPC
C Yes

A:Yes

If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect?
A No
B Yes

A: Yes

When you view the block device mapping for your instance, you can see only the EBS volumes, not the instance store volumes.
A Depends on the instance type
B FALSE
C Depends on whether you use API call
D TRUE
A:TRUE

By default, EBS volumes that are created and attached to an instance at launch are deleted when that instance is terminated. You can modify this behavior by changing the value of the flag_____ tofalsewhen you launch the instance
A DeleteOnTermination
B RemoveOnDeletion
C RemoveOnTermination
D TerminateOnDeletion

A:DeleteOnTermination

What are the initial settings of an user created security group?
A Allow all inbound traffic and Allow no outbound traffic
B Allow no inbound traffic and Allow no outbound traffic
C Allow no inbound traffic and Allow all outbound traffic
D Allow all inbound traffic and Allow all outbound traffic

A:Allow no inbound traffic and Allow all outbound traffic

Will my standby RDS instance be in the same Region as my primary?
A Only for Oracle RDS types
B Yes
C Only if configured at launch
D No

A: Yes

What does Amazon Elastic Beanstalk provide?
A A scalable storage appliance on top of Amazon Web Services.
B An application container on top of Amazon Web Services. --
C A service by this name doesn't exist.
D A scalable cluster of EC2 instances.

A:An application container on top of Amazon Web Services.

True or False: When using IAM to control access to your RDS resources, the key names that can be used are case sensitive. For example, aws:CurrentTime is NOT equivalent to AWS:currenttime.
A TRUE
B FALSE

A:TRUE

What will be the status of the snapshot until the snapshot is complete.
A running
B working
C progressing
D pending

A: pending

Can we attach an EBS volume to more than one EC2 instance at the same time?
A No
B Yes.
C Only EC2-optimized EBS volumes.
D Only in read mode.

A:No

True or False: Automated backups are enabled by default for a new DB Instance.
A TRUE
B FALSE

A:TRUE

What does the AWS Storage Gateway provide?
A It allows to integrate on-premises IT environments with Cloud Storage.
B A direct encrypted connection to Amazon S3.
C It's a backup solution that provides an on-premises Cloud storage.
D It provides an encrypted SSL endpoint for backups in the Cloud.

A:It allows to integrate on-premises IT environments with Cloud Storage. –

Amazon RDS automated backups and DB Snapshots are currently supported for only the ______ storage engine
A InnoDB
B MyISAM

A:InnoDB

How many relational database engines does RDS currently support?
A Three: MySQL, Oracle and Microsoft SQL Server.
B Just two: MySQL and Oracle.
C Five: MySQL, PostgreSQL, MongoDB, Cassandra and SQLite.
D Just one: MySQL.

A:Three: MySQL, Oracle and Microsoft SQL Server.

Fill in the blanks: The base URI for all requests for instance metadata is _____
A http://254.169.169.254/latest/
B http://169.169.254.254/latest/
C http://127.0.0.1/latest/
D http://169.254.169.254/latest/

A:http://169.254.169.254/latest/
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AESDG-chapter-instancedata.html

While creating the snapshots using the the command line tools, which command should I be using?
A ec2-deploy-snapshot
B ec2-fresh-snapshot
C ec2-create-snapshot
D ec2-new-snapshot

A: ec2-create-snapshot
http://docs.aws.amazon.com/AWSEC2/latest/CommandLineReference/ApiReference-cmd-CreateSnapshot.html

Typically, you want your application to check whether a request generated an error before you spend any time processing results. The easiest way to find out if an error occurred is to look for an______node in the response from the Amazon RDS API.
A Incorrect
B Error
C FALSE

A:Error

What are the two permission types used by AWS?
A Resource-based and Product-based
B Product-based and Service-based
C Service-based
D User-based and Resource-based

A:User-based and Resource-based

In the Amazon cloudwatch, which metric should I be checking to ensure that your DB Instance has enough free storage space?
A FreeStorage
B FreeStorageSpace
C FreeStorageVolume
D FreeDBStorageSpace

A:FreeStorageSpace

Amazon RDS DB snapshots and automated backups are stored in
A Amazon S3
B Amazon ECS Volume
C Amazon RDS
D Amazon EMR

A:Amazon S3

What is the maximum key length of a tag?
A 512 Unicode characters
B 64 Unicode characters
C 256 Unicode characters
D 128 Unicode characters --

A: 128 Unicode characters
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html

Groups can't _____.
A be nested more than 3 levels
B be nested at all --
C be nested more than 4 levels
D be nested more than 2 levels

A:be nested at all

You must increase storage size in increments of at least _____ %
A 40
B 20
C 50
D 10

A:10 --

Changes to the backup window take effect ______.
A from the next billing cycle
B after 30 minutes
C immediately
D after 24 hours

A:mmediately

Using Amazon CloudWatch's Free Tier, what is the frequency of metric updates which you receive?
A 5 minutes
B 500 milliseconds.
C 30 seconds
D 1 minute

A:5 minutes

Which is the default region in AWS?
A eu-west-1
B us-east-1
C us-east-2
D ap-southeast-1

us-east-1

What are the Amazon EC2 API tools?
A They don't exist. The Amazon EC2 AMI tools, instead, are used to manage permissions.
B Command-line tools to the Amazon EC2 web service.
C They are a set of graphical tools to manage EC2 instances.
D They don't exist. The Amazon API tools are a client interface to Amazon Web Services.

A:Command-line tools to the Amazon EC2 web service.

What are the two types of licensing options available for using Amazon RDS for Oracle?
A BYOL and Enterprise License
B BYOL and License Included
C Enterprise License and License Included
D Role based License and License Included

A:BYOL and License Included

BYOL: Under this model, you will continue to use your active Oracle support account and contact Oracle directly for Oracle Database specific service requests. If you have an active AWS Premium Support account, you can contact AWS Premium Support for Amazon RDS specific issues. Amazon Web Services and Oracle have multi-vendor support process for cases which require assistance from both organisations.

License Included: In this model, if you have an active AWS Premium Support account, you should contact AWS Premium Support for both Amazon RDS and Oracle Database specific service requests.

What does a "Domain" refer to in Amazon SWF?
A A security group in which only tasks inside can communicate with each other
B A special type of worker
C A collection of related Workflows
D The DNS record for the Amazon SWF service

A: A collection of related Workflows

EBS Snapshots occur _____
A Asynchronously
B Synchronously
C Weekly

A:Asynchronously

Disabling automated backups ______ disable the point-in-time recovery.
A if configured to can
B will never
C will

A:will

Out of the stripping options available for the EBS volumes, which one has the following disadvantage : 'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.' ?
A Raid 0
B RAID 1+0 (RAID 10)
C Raid 1
D Raid 2

A:RAID 1+0 (RAID 10)

A:Error

Is creating a Read Replica of another Read Replica supported?
A Only in certain regions
B Only with MSSQL based RDS
C Only for Oracle RDS types
D No

A:No

Can Amazon S3 uploads resume on failure or do they need to restart?
A Restart from beginning
B You can resume them, if you flag the "resume on failure" option before uploading.
C Resume on failure
D Depends on the file size

A:Resume on failure
http://docs.aws.amazon.com/AmazonS3/latest/dev/uploadobjusingmpu.html

Which of the following cannot be used in Amazon EC2 to control who has access to specific Amazon EC2 instances?
A Security Groups
B IAM System
C SSH keys
D Windows passwords

B:IAM System

Fill in the blanks : _____ let you categorize your EC2 resources in different ways, for example, by purpose, owner, or environment.
A wildcards
B pointers
C Tags
D special filters

A:Tags

How can I change the security group membership for interfaces owned by other AWS, such as Elastic Load Balancing?
A By using the service specific console or API\CLI commands=--
B None of these
C Using Amazon EC2 API/CLI
D using all these methods

A:By using the service specific console or API\CLI commands

What is the maximum write throughput I can provision for a single DynamoDB table?
A 1,000 write capacity units
B 100,000 write capacity units
C DynamoDB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.---
D 10,000 write capacity units

A:DynamoDB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.

What does the following command do with respect to the Amazon EC2 security groups?
ec2-revoke RevokeSecurityGroupIngress
A Removes one or more security groups from a rule.
B Removes one or more security groups from an Amazon EC2 instance.
C Removes one or more rules from a security group.
D Removes a security group from our account.

A:Removes one or more rules from a security group.
http://docs.aws.amazon.com/AWSEC2/latest/APIReference/ApiReference-query-RevokeSecurityGroupIngress.html

Can a 'user' be associated with multiple AWS accounts?
A No
B Yes

A:No
AWS Identity and Access Management. Create multiple Users and manage the permissions for each of these Users within your AWS Account.

True or False: Manually created DB Snapshots are deleted after the DB Instance is deleted.
A TRUE
B FALSE

A:TRUE

Can I move a Reserved Instance from one Region to another?no
A No
B Only if they are moving into GovCloud
C Yes
D Only if they are moving to US East from another region

A:No

What is Amazon Glacier?
A You mean Amazon "Iceberg": it's a low-cost storage service.
B A security tool that allows to "freeze" an EBS volume and perform computer forensics on it.
C A low-cost storage service that provides secure and durable storage for data archiving and backup.
D It's a security tool that allows to "freeze" an EC2 instance and perform computer forensics on it.

A:A low-cost storage service that provides secure and durable storage for data archiving and backup.Infrequently accessed data and data archives.

What is the durability of S3 RRS?
A 99.99%
B 99.95%
C 99.995%
D 99.999999999%

A:99.99%

What does specifying the mapping /dev/sdc=none when launching an instance do?
A Prevents /dev/sdc from creating the instance.
B Prevents /dev/sdc from deleting the instance.
C Set the value of /dev/sdc to 'zero'.
D Prevents /dev/sdc from attaching to the instance.

Prevents /dev/sdc from attaching to the instance.

Is Federated Storage Engine currently supported by Amazon RDS for MySQL?
A Only for Oracle RDS instances
B No
C Yes
D Only in VPC

A:No

Is there a limit to how many groups a user can be in?
A Yes for all users
B Yes for all users except root
C No
D Yes unless special permission granted

A:Yes for all users

True or False: When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint.
A FALSE
B TRUE

A:TRUE

A/An _____ acts as a firewall that controls the traffic allowed to reach one or more instances.
A security group
B ACL
C IAM
D Private IP Addresses

A:security group

Will my standby RDS instance be in the same Availability Zone as my primary?
A Only for Oracle RDS types
B Yes
C Only if configured at launch
D No

A: No

While launching an RDS DB instance, on which page I can select the Availability Zone?
A REVIEW
B DB INSTANCE DETAILS
C MANAGEMENT OPTIONS
D ADDITIONAL CONFIGURATION

A:ADDITIONAL CONFIGURATION

What does the following command do with respect to the Amazon EC2 security groups?
ec2-create-group CreateSecurityGroup
A Groups the user created security groups in to a new group for easy access.
B Creates a new security group for use with your account.
C Creates a new group inside the security group.
D Creates a new rule inside the security group.

A:Creates a new security group for use with your account.

In the Launch Db Instance Wizard, where can I select the backup and maintennance options?
A Under DB INSTANCE DETAILS
B Under REVIEW
C Under MANAGEMENT OPTIONS
D Under ENGINE SELECTION

A:Under MANAGEMENT OPTIONS

What happens to the data on an instance if the instance reboots (intentionally or unintentionally)?
A Data will be lost
B Data persists
C Data may persist however cannot be sure
A: Data persists

How many types of block devices does Amazon EC2 support A
A 2
B 3
C 4
D 1

A:2

Provisioned IOPS Costs: you are charged for the IOPS and storage whether or not you use them in a given month. True or False?
A FALSE
B TRUE

A:TRUE

IAM provides several policy templates you can use to automatically assign permissions to the groups you create. The _____ policy template gives the Admins group permission to access all account resources,exceptyour AWS account information
A Read Only Access
B Power User Access
C AWS CloudFormation Read Only Access
D Administrator Access

A: Administrator Access

Can Amazon S3 uploads resume on failure or do they need to restart?
A Resume on failure
B You can resume them, if you flag the "resume on failure" option before uploading.
C Restart from beginning
D This question doesn't make sense

A: Resume on failure

While performing the volume status checks, if the status is insufficient-data, what does it mean?
A the checks may still be in progress on the volume
B the check has passed
C the check has failed

A:the checks may still be in progress on the volume

IAM's Policy Evaluation Logic always starts with a default ______ for every request, except for those that use the AWS account's root security credentials b
A Permit
B Deny
C Cancel

A: Deny

By default, when an EBS volume is attached to a Windows instance, it may show up as any drive letter on the instance. You can change the settings of the _____ Service to set the drive letters of the EBS volumes per your specifications.
A EBSConfig Service
B AMIConfig Service
C Ec2Config Service
D Ec2-AMIConfig Service

A:Ec2Config Service

For each DB Instance class, what is the maximum size of associated storage capacity?
A 5GB
B 1TB
C 2TB
D 500GB

A :1TB

SQL Server _____ store logins and passwords in the master database.
A can be configured to but by default does not
B doesn't
C does

A:does

What is Oracle SQL Developer?
A An AWS developer who is an expert in Amazon RDS using both the Oracle and SQL Server DB engines
B A graphical Java tool distributed without cost by Oracle.
C It is a variant of the SQL Server Management Studio designed by Microsoft to support Oracle DBMS functionalities
D A different DBMS released by Microsoft free of cost

A:A graphical Java tool distributed without cost by Oracle.

Does Amazon RDS allow direct host access via Telnet, Secure Shell (SSH), or Windows Remote Desktop Connection?
A Yes
B No
C Depends on if it is in VPC or not

A :No

To view information about an Amazon EBS volume, open the Amazon EC2 console at https://console.aws.amazon.com/ec2/, click _____ in the Navigation pane.
A EBS
B Describe
C Details
D Volumes

A:Volumes

You must increase storage size in increments of at least _____ %
A 40
B 30
C 10
D 20

A:10

Using Amazon IAM, can I give permission based on organizational groups?
A Yes but only in certain cases
B No
C Yes always

A : Yes always

While creating the snapshots using the API, which Action should I be using?
A MakeSnapShot
B FreshSnapshot
C DeploySnapshot
D CreateSnapshot

Provisioned IOPS Costs: you are charged for the IOPS and storage whether or not you use them in a given month. True or False?
A TRUE
B FALSE

A:TRUE

What is an isolated database environment running in the cloud (Amazon RDS) called?
A DB Instance
B DB Server
C DB Unit
D DB Volume

A:DB Instance

While signing in REST/ Query requests, for additional security, you should transmit your requests using Secure Sockets Layer (SSL) by using _____
A HTTP
B Internet Protocol Security(IPsec)
C TLS (Transport Layer Security)
D HTTPS

A :HTTPS

What happens to the I/O operations while you take a database snapshot?
A I/O operations to the database are suspended for a few minutes while the backup is in progress.
B I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is in progress.
C I/O operations will be functioning normally
D I/O operations to the database are suspended for an hour while the backup is in progress

A:I/O operations to the database are suspended for a few minutes while the backup is in progress.
Read Replicas require a transactional storage engine and are only supported for the _____ storage engine
A OracleISAM
B MSSQLDB
C InnoDB
D MyISAM

A:InnoDB

When running my DB Instance as a Multi-AZ deployment, can I use the standby for read or write operations?
A Yes
B Only with MSSQL based RDS
C Only for Oracle RDS instances
D No

A:No

When should I choose Provisioned IOPS over Standard RDS storage?
A If you have batch-oriented workloads
B If you use production online transaction processing (OLTP) workloads.
C If you have workloads that are not sensitive to consistent performance

A: If you use production online transaction processing (OLTP) workloads.

What is the maximum write throughput I can provision for a single DynamoDB table?
A DynamoDB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.
B 1,000 write capacity units
C 100,000 write capacity units
D 10,000 write capacity units

A:DynamoDB is designed to scale without limits, but if you go beyond 10,000 you have to contact AWS first.

In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send _____ minute metrics to Amazon CloudWatch.
A 3
B 1
C 5
D 2

A :1

What is the minimum charge for the data transferred between Amazon RDS and Amazon EC2 Instances in the same Availability Zone?
A USD 0.10 per GB
B No charge. It is free.
C USD 0.02 per GB
D USD 0.01 per GB

A:No charge. It is free.

Are Reserved Instances available for Multi-AZ Deployments?
A Only for Cluster Compute instances
B Yes for all instance types
C Only for M3 instance types
D No

A:Yes.

When you call the DescribeReservedDBInstancesOfferings API, simply look for the Multi-AZ options listed among the DB Instance configurations available for purchase. If you want to purchase a reservation for a DB Instance with synchronous replication across multiple Availability Zones, specify one of these offerings in your PurchaseReservedDBInstancesOffering call.

Which service enables AWS customers to manage users and permissions in AWS?
A AWS Access Control Service (ACS)
B AWS Identity and Access Management (IAM)
C AWS Identity Manager (AIM)

A:AWS Identity and Access Management (IAM)

Which Amazon Storage behaves like raw, unformatted, external block devices that you can attach to your instances?
A None of these.
B Amazon Instance Storage
C Amazon EBS
D All of these

A:Amazon EBS

Which Amazon service can I use to define a virtual network that closely resembles a traditional data center?
A Amazon VPC
B Amazon ServiceBus
C Amazon EMR
D Amazon RDS

A Amazon VPC

Fill in the blanks : _____ let you categorize your EC2 resources in different ways, for example, by purpose, owner, or environment.
A Tags
B special filters
C pointers
D functions

A:Tags

Amazon RDS automated backups and DB Snapshots are currently supported for only the ______ storage engine
A MyISAM
B InnoDB

A:InnoDB

MySQL installations default to port _____.
A 3306
B 443
C 80
D 1158

A:3306

If you have chosen Multi-AZ deployment, in the event of a planned or unplanned outage of your primary DB Instance, Amazon RDS automatically switches to the standby replica. The automatic failover mechanism simply changes the ______ record of the main DB Instance to point to the standby DB Instance.
A DNAME
B CNAME
C TXT
D MX

A:CNAME

If I modify a DB Instance or the DB parameter group associated with the instance, should I reboot the instance for the changes to take effect?
A No
B Yes

A:Yes

If I want to run a database in an Amazon instance, which is the most recommended Amazon storage option?
A Amazon Instance Storage
B Amazon EBS
C You can't run a database inside an Amazon instance.
D Amazon S3

A:Amazon EBS

In regards to IAM you can edit user properties later, but you cannot use the console to change the _____.
A user name
B password
C default group

A:user name

Can I test my DB Instance against a new version before upgrading?
A No
B Yes
C Only in VPC

A:Yes

True or False: If you add a tag that has the same key as an existing tag on a DB Instance, the new value overwrites the old value.
A FALSE
B TRUE

A:TRUE

Can I use Provisioned IOPS with VPC?
A Only Oracle based RDS
B No
C Only with MSSQL based RDS
D Yes for all RDS instances

A:Yes for all RDS instances

Making your snapshot public shares all snapshot data with everyone. Can the snapshots with AWS Marketplace product codes be made public?
A No
B Yes

A:No

Fill in the blanks: "To ensure failover capabilities, consider using a _____ for incoming traffic on a network interface".
A primary public IP
B secondary private IP
C secondary public IP
D add on secondary IP

A:secondary private IP

If I have multiple Read Replicas for my master DB Instance and I promote one of them, what happens to the rest of the Read Replicas?
A The remaining Read Replicas will still replicate from the older master DB Instance
B The remaining Read Replicas will be deleted
C The remaining Read Replicas will be combined to one read replica

A:The remaining Read Replicas will still replicate from the older master DB Instance

What does Amazon CloudFormation provide?
A The ability to setup Autoscaling for Amazon EC2 instances.
B None of these.
C A templated resource creation for Amazon Web Services.
D A template to map network resources for Amazon Web Services.

A:A template resource creation for Amazon Web Services.

Can I encrypt connections between my application and my DB Instance using SSL?
A No
B Yes
C Only in VPC
D Only in certain regions

A: Yes

What are the four levels of AWS Premium Support?
A Basic, Developer, Business, Enterprise
B Basic, Startup, Business, Enterprise
C Free, Bronze, Silver, Gold
D All support is free

A:Basic, Developer, Business, Enterprise

What can I access by visiting the URL: http://status.aws.amazon.com/ ?
A Amazon Cloud Watch
B Status of the Amazon RDS DB
C AWS Service Health Dashboard
D AWS Cloud Monitor

A:AWS Service Health Dashboard

Please select the Amazon EC2 resource which cannot be tagged.
A images (AMIs, kernels, RAM disks)
B Amazon EBS volumes
C Elastic IP addresses
D VPCs

A:Elastic IP addresses

Can the string value of 'Key' be prefixed with :aws:"?
A Only in GovCloud
B Only for S3 not EC2
C Yes
D No

A:No

Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a _____ DB Instance.
A SQL Server
B MySQL
C Oracle

A:SQL Server

Through which of the following interfaces is AWS Identity and Access Management available? A) AWS Management Console; B) Command line interface (CLI); C) IAM Query API; D) Existing libraries
A Only through Command line interface (CLI)
B A, B and C
C A and C
D All of the above

A:All of the above

Select the incorrect statement
A In Amazon EC2, thie private IP addressis only returned to Amazon EC2 when the instance is stopped or terminated
B In Amazon VPC, an instance retains its private IP addresses when the instance is stopped.
C In Amazon VPC, an instance does NOT retain its private IP addresses when the instance is stopped.
D In Amazon EC2, the private IP address is associated exclusively with the instance for its lifetime

C In Amazon VPC, an instance does NOT retain its private IP addresses when the instance is stopped.—

How are the EBS snapshots saved on Amazon S3?
A Exponentially
B Incrementally
C EBS snapshots are not stored in the Amazon S3
D Decrementally

A:Incrementally

What is the type of monitoring data (for Amazon EBS volumes) which is available automatically in 5-minute periods at no charge called?
A Basic--
B Primary
C Detailed
D Local

A: Basic

The new DB Instance that is created when you promote a Read Replica retains the backup window period.
A TRUE
B FALSE

A:TRUE

What happens when you create a topic on Amazon SNS?
A The topic is created, and it has the name you specified for it.
B An ARN (Amazon Resource Name) is created.--
C You can create a topic on Amazon SQS, not on Amazon SNS.
D This question doesn't make sense.

A :An ARN (Amazon Resource Name) is created.

Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?
A Only via API
B Only via Console
C Yes
D No

A:Yes

Can I test my DB Instance against a new version before upgrading?
A Only in VPC
B No
C Yes

A:Yes

What is the maximum response time for a Business level Premium Support case?
A 120 seconds
B 1 hour
C 10 minutes
D 12 hours

B 1 hour

The _____ service is targeted at organizations with multiple users or systems that use AWS products such as Amazon EC2, Amazon SimpleDB, and the AWS Management Console.
A Amazon RDS
B AWS Integrity Management
C AWS Identity and Access Management
D Amazon EMR

A:AWS Identity and Access Management

True or False: Without IAM, you cannot control the tasks a particular user or system can do and what AWS resources they might use.
A FALSE
B TRUE

A:TRUE

When you use the AWS Management Console to delete an IAM user, IAM also deletes any signing certificates and any access keys belonging to the user. True or False?
A FALSE
B This is configurable
C TRUE

A:TRUE

When automatic failover occurs, Amazon RDS will emit a DB Instance event to inform you that automatic failover occurred. You can use the _____ to return information about events related to your DB Instance
A FetchFailure
B DescriveFailure
C DescribeEvents
D FetchEvents

A:DescribeEvents

What is the default maximum number of MFA devices in use per AWS account (at the root account level)?
A 1
B 5
C 15
D 10

A:1

Is there a limit to how many groups a user can be in?
A Yes for all users except root
B Yes unless special permission granted
C Yes for all users
D No

A:Yes for all users except root

Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance?
A Only if instructed to when created
B Yes-
C No

A:Yes

Can we attach an EBS volume to more than one EC2 instance at the same time?
A Yes.
B No--
C Only EC2-optimized EBS volumes.
D Only in read mode.

A:No.

Select the correct set of options. These are the initial settings for the default security group:
A Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other---
B Allow all inbound traffic, Allow no outbound traffic and Allow instances associated with this security group to talk to each other
C Allow no inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other
D Allow all inbound traffic, Allow all outbound traffic and Does NOT allow instances associated with this security group to talk to each other

A Allow no inbound traffic, Allow all outbound traffic and Allow instances associated with this security group to talk to each other

What does Amazon Route53 provide?
A A global Content Delivery Network.
B None of these.
C A scalable Domain Name System.--
D An SSH endpoint for Amazon EC2.

C A scalable Domain Name System.—

What does Amazon ElastiCache provide?
A A service by this name doesn't exist. Perhaps you mean Amazon CloudCache.
B A virtual server with a huge amount of memory.
C A managed In-memory cache service.--
D An Amazon EC2 instance with the Memcached software already pre-installed.

C A managed In-memory cache service.

How many Elastic IP by default in Amazon Account?
A 1 Elastic IP
B 3 Elastic IP
C 5 Elastic IP
D 0 Elastic IP--

D 0 Elastic IP

What is a Security Group?
A None of these.
B A list of users that can access Amazon EC2 instances.
C An Access Control List (ACL) for AWS resources.
D A firewall for inbound traffic, built-in around every Amazon EC2 instance.--

D A firewall for inbound traffic, built-in around every Amazon EC2 instance.

The one-time payment for Reserved Instances is _____ refundable if the reservation is cancelled.
A always
B in some circumstances
C never--

C never

Please select the Amazon EC2 resource which can be tagged.
A key pairs
B Elastic IP addresses
C placement groups
D Amazon EBS snapshots--

D Amazon EBS snapshots

What is Amazon Glacier?
A It's a security tool that allows to "freeze" an EC2 instance and perform computer forensics on it.
B A security tool that allows to "freeze" an EBS volume and perform computer forensics on it.
C A low-cost storage service that provides secure and durable storage for data archiving and backup.--
D You mean Amazon "Iceberg": it's a low-cost storage service.

C A low-cost storage service that provides secure and durable storage for data archiving and backup.

If an Amazon EBS volume is the root device of an instance, can I detach it without stopping the instance?
A Yes but only if Windows instance
B No--
C Yes
D Yes but only if a Linux instance

B No

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ebs-detaching-volume.html

If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines, you can scale the throughput of your database Instance by specifying the IOPS rate from _____ .
A 1,000 to 1,00,000
B 100 to 1,000
C 10,000 to 1,00,000
D 1,000 to 10,000--

D 1,000 to 10,000
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_PIOPS.html

Every user you create in the IAM system starts with ______.
A full permissions
B no permissions--
C partial permissions

B no permissions

After an Amazon VPC instance is launched, can I change the VPC security groups it belongs to?
A Only if the tag "VPC_Change_Group" is true
B Yes. You can.--
C No. You cannot.
D Only if the tag "VPC Change Group" is true

B Yes. You can.

A______- is an individual, system, or application that interacts with AWS programmatically.
A user---
B AWS Account
C Group
D Role

A user

Select the correct statement:
A You don't need not specify the resource identifier while stopping a resource
B You can terminate, stop, or delete a resource based solely on its tags
C You can't terminate, stop, or delete a resource based solely on its tags--
D You don't need to specify the resource identifier while terminating a resource

C You can't terminate, stop, or delete a resource based solely on its tags

Amazon EC2 has no Amazon Resource Names (ARNs) because you can't specify a particular Amazon EC2 resource in an IAM policy. True or False?
A TRUE--
B FALSE

A TRUE

Can I initiate a "forced failover" for my MySQL Multi-AZ DB Instance deployment?
A Only in certain regions
B Only in VPC
C Yes--
D No

C Yes

A group can contain many users. Can a user belong to multiple groups?
A Yes always--
B No
C Yes but only if they are using two factor authentication
D Yes but only in VPC

A Yes always

Is the encryption of connections between my application and my DB Instance using SSL for the MySQL server engines available?
A Yes--
B Only in VPC
C Only in certain regions
D No

A Yes

PROMPT> mysql -h myinstance.mydnsnameexample.rds.amazonaws.com --ssl_ca=cert-rds-ssl-ca.pem

Which AWS instance address has the following characteristics? :"If you stop an instance, its Elastic IP address is unmapped, and you must remap it when you restart the instance."
A Both A and B
B None of these
C VPC Addresses
D EC2 Addresses--

D EC2 Addresses

True or False: Common points of failures like generators and cooling equipment are shared across Availability Zones.
A TRUE
B FALSE--

B FALSE

Please select the most correct answer regarding the persistence of the Amazon Instance Store
A The data on an instance store volume persists only during the life of the associated Amazon EC2 instance---
B The data on an instance store volume is lost when the security group rule of the associated instance is changed.
C The data on an instance store volume persists even after associated Amazon EC2 instance is deleted

A The data on an instance store volume persists only during the life of the associated Amazon EC2 instance

Multi-AZ deployment _____ supported for Microsoft SQL Server DB Instances.
A is not currently--
B is as of 2013
C is planned to be in 2014
D will never be

A is not currently

Security groups act like a firewall at the instance level, whereas _____ are an additional layer of security that act at the subnet level.
A DB Security Groups
B VPC Security Groups
C network ACLs—

C network ACLs

Does AWS allow for the use of Multi Factor Authentication tockens?
A Yes, with both hardware or virtual MFA devices.--
B Yes, but it offers only virtual MFA devices.
C Yes, but it offers only physical (hardware) MFA devices.
D No.
A Yes, with both hardware or virtual MFA devices.

What does Amazon SWF stand for?
A Simple Wireless Forms
B Simple Web Form
C Simple Work Flow--
D Simple Web Flow

C Simple Work Flow

What does Amazon Elastic Beanstalk provide?
A An application container on top of Amazon Web Services.--
B A scalable storage appliance on top of Amazon Web Services.
C A scalable cluster of EC2 instances.
D A service by this name doesn't exist.

A An application container on top of Amazon Web Services.

Is the SQL Server Audit feature supported in the Amazon RDS SQL Server engine?
A No--
B Yes

A No

Are you able to integrate a multi-factor token service with the AWS Platform?
A Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.--
B No, you cannot integrate multi-factor token devices with the AWS platform.
C Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.

A Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

My Read Replica appears "stuck" after a Multi-AZ failover and is unable to obtain or apply updates from the source DB Instance. What do I do?
A You will need to delete the Read Replica and create a new one to replace it.--
B You will need to disassociate the DB Engine and re associate it.
C The instance should be deployed to Single AZ and then moved to Multi- AZ once again
D You will need to delete the DB Instance and create a new one to replace it.

A You will need to delete the Read Replica and create a new one to replace it.

Which DNS name can only be resolved within Amazon EC2?
A Internal DNS name--
B External DNS name
C Global DNS name
D Private DNS name

A Internal DNS name

If your DB instance runs out of storage space or file system resources, its status will change to_____ and your DB Instance will no longer be available.
A storage-overflow
B storage-full--
C storage-exceed
D storage-overage

B storage-full

Is it possible to access your EBS snapshots?
A Yes, through the Amazon S3 APIs.
B Yes, through the Amazon EC2 APIs.---
C No, EBS snapshots cannot be accessed; they can only be used to create a new EBS volume.
D EBS doesn't provide snapshots.

B Yes, through the Amazon EC2 APIs.

Will my standby RDS instance be in the same Availability Zone as my primary?
A Only for Oracle RDS types
B Only if configured at launch
C Yes
D No---

D No

Does Amazon RDS for SQL Server currently support importing data into the msdb database?
A No--
B Yes

A No

Does Route 53 support MX Records?
A Yes.--
B It supports CNAME records, but not MX records.
C No
D Only Primary MX records. Secondary MX records are not supported.

A Yes.

Because of the extensibility limitations of striped storage attached to Windows Server, Amazon RDS does not currently support increasing storage on a _____ DB Instance.
A SQL Server--
B MySQL
C Oracle

A SQL Server—

How can I change the security group membership for interfaces owned by other AWS, such as Elastic Load Balancing?
A using all these methods
B By using the service specific console or API\CLI commands--
C None of these

B By using the service specific console or API\CLI commands

True or False: When you perform a restore operation to a point in time or from a DB Snapshot, a new DB Instance is created with a new endpoint.
A FALSE
B TRUE--

B TRUE

Which Amazon storage do you think is the best for my database-style applications that frequently encounter many random reads and writes across the dataset.
A None of these.
B Amazon Instance Storage
C Any of these
D Amazon EBS--

D Amazon EBS

In a management network scenario the which interface on the instance handles public-facing traffic?
A Primary network interface
B Subnet interface
C Secondary network interface—

C Secondary network interface

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Select the correct set of steps for exposing the snapshot only to specific AWS accounts
A Select public for all the accounts and check mark those accounts with whom you want to expose the snapshots and click save.
B SelectPrivate, enter the IDs of those AWS accounts, and clickSave.---
C SelectPublic, enter the IDs of those AWS accounts, and clickSave.
D SelectPublic, mark the IDs of those AWS accounts as private, and clickSave.

B SelectPrivate, enter the IDs of those AWS accounts, and clickSave

Is decreasing the storage size of a DB Instance permitted?
A Depends on the RDMS used
B Yes--
C No

B Yes

When should I choose Provisioned IOPS over Standard RDS storage?
A If you use production online transaction processing (OLTP) workloads.--
B If you have batch-oriented workloads
C If you have workloads that are not sensitive to consistent performance

A If you use production online transaction processing (OLTP) workloads.

In the context of MySQL, version numbers are organized as MySQL version = X.Y.Z. What does X denote here??
A release level
B minor version
C version number
D major version--

D major version

In the 'Detailed' monitoring data available for your Amazon EBS volumes, Provisioned IOPS volumes automatically send _____ minute metrics to Amazon CloudWatch.
A 5
B 2
C 1--
D 3

C 1

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-volume-status.html#using_cloudwatch_ebs
It is adviced that you watch the Amazon CloudWatch "_____" metric (available via the AWS Management Console or Amazon Cloud Watch APIs) carefully and recreate the Read Replica should it fall behind due to replication errors.
A Write Lag
B Read Replica
C Replica Lag--
D Single Replica

C Replica Lag

Can the string value of 'Key' be prefixed with :aws:"?
A No--
B Only for EC2 not S3
C Yes
D Only for S3 not EC2

A No

By default what are ENIs that are automatically created and attached to instances using the EC2 console set to do when the attached instance terminates?
A Remain as is
B Terminate
C Hybernate
D Pause

B Terminate

Are you able to integrate a multi-factor token service with the AWS Platform?
A Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.
B No, you cannot integrate multi-factor token devices with the AWS platform.
C Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.--

C Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

You can use _____ and _____ to help secure the instances in your VPC.
A security groups and multi-factor authentication
B security groups and 2-Factor authentication
C security groups and biometric authentication
D security groups and network ACLs

D security groups and network ACLs

Fill in the blanks: _____ is a durable, block-level storage volume that you can attach to a single, running Amazon EC2 instance.
A Amazon S3
B Amazon EBS
C None of these.
D All of these

B Amazon EBS

Do the Amazon EBS volumes persist independently from the running life of an Amazon EC2 instance?
A No
B Only if instructed to when created
C Yes

C Yes

If I want my instance to run on a signle-tenant hardware, which value do I have to set the instance's tenancy attribute to?
A dedicated
B isolated
C one
D reserved

A dedicated

What does Amazon RDS stand for?
A Regional Data Server.
B Relational Database Service.
C Nothing.
D Regional Database Service.

B Relational Database Service.

What does the following command do with respect to the Amazon EC2 security groups?
ec2-create-group CreateSecurityGroup
A Creates a new rule inside the security group.
B Creates a new security group for use with your account.
C Creates a new group inside the security group.
D Groups the user created security groups in to a new group for easy access.

B Creates a new security group for use with your account.

EC2-Classic: You can have up to 500 security groups.
EC2-VPC: You can create up to 100 security groups per VPC.

What is the maximum response time for a Business level Premium Support case?
A 30 minutes
B You always get instant responses (within a few seconds).
C 10 minutes
D 1 hour

D 1 hour

What does Amazon ELB stand for?
A Elastic Linux Box.
B Encrypted Linux Box.
C Encrypted Load Balancing.
D Elastic Load Balancing.

D Elastic Load Balancing.

What does Amazon CloudFormation provide?
A None of these.
B The ability to setup Autoscaling for Amazon EC2 instances.
C A template to map network resources for Amazon Web Services.
D A templated resource creation for Amazon Web Services.---

D A template resource creation for Amazon Web Services.

Is there a limit to the number of groups you can have?
A Yes for all users except root
B No
C Yes unless special permission granted
D Yes for all users-

D Yes for all users

Location of Instances are _____
A Regional
B based on Availability Zone
C Global

B based on Availability Zone

Is there any way to own a direct connection to Amazon Web Services?
A You can create an encrypted tunnel to VPC, but you don't own the connection.
B Yes, it's called Amazon Dedicated Connection.
C No, AWS only allows access from the public Internet.
D Yes, it's called Direct Connect.

D Yes, it's called Direct Connect.

What is the maximum response time for a Business level Premium Support case?
A 30 minutes
B 1 hour
C 12 hours
D 10 minutes

B 1 hour
You must assign each server to at least _____ security group
A 4
B 3
C 1
D 2

C 1

Does DynamoDB support in-place atomic updates?
A It is not defined
B No
C Yes
D It does support in-place non-atomic updates

C Yes

Is there a method in the IAM system to allow or deny access to a specific instance?
A Only for VPC based instances
B Yes
C No

C No

What is an isolated database environment running in the cloud (Amazon RDS) called?
A DB Instance
B DB Unit
C DB Server
D DB Volume

A DB Instance

What does Amazon SES stand for?
A Simple Elastic Server.
B Simple Email Service.
C Software Email Solution.
D Software Enabled Server.

B Simple Email Service.

Amazon S3 doesn't automatically give a user who creates _____ permission to perform other actions on that bucket or object.
A a file
B a bucket or object
C a bucket or file
D a object or file

B a bucket or object

Can I attach more than one policy to a particular entity?
A Yes always
B Only if within GovCloud
C No
D Only if within VPC

A Yes always

Fill in the blanks: A_____ is a storage device that moves data in sequences of bytes or bits (blocks). Hint: These devices support random access and generally use buffered I/O.
A block map
B storage block
C mapping device
D block device

D block device

Can I detach the primary (eth0) network interface when the instance is running or stopped?
A Yes. You can.
B No. You cannot
C Depends on the state of the interface at the time

B No. You cannot.

What's an ECU?
A Extended Cluster User.
B None of these.
C Elastic Computer Usage.
D Elastic Compute Unit.

D Elastic Compute Unit.

REST or Query requests are HTTP or HTTPS requests that use an HTTP verb (such as GET or POST) and a parameter named Action or Operation that specifies the API you are calling.
A FALSE
B TRUE

What is the charge for the data transfer incurred in replicating data between your primary and standby?
A No charge. It is free.
B Double the standard data transfer charge
C Same as the standard data transfer charge
D Half of the standard data transfer charge

A No charge. It is free.

Does AWS Direct Connect allow you access to all Availabilities Zones within a Region?
A Depends on the type of connection
B No
C Yes
D Only when there's just one availability zone in a region. If there are more than one, only one availability zone can be accessed directly.

C Yes

How many types of block devices does Amazon EC2 support
A 2
B 4
C 3
D 1

A 2

What does the "Server Side Encryption" option on Amazon S3 provide?
A It provides an encrypted virtual disk in the Cloud.
B It doesn't exist for Amazon S3, but only for Amazon EC2.
C It encrypts the files that you send to Amazon S3, on the server side.
D It allows to upload files using an SSL endpoint, for a secure transfer.

C It encrypts the files that you send to Amazon S3, on the server side.

What does Amazon EBS stand for?
A Elastic Block Storage.
B Elastic Business Server.
C Elastic Blade Server.
D Elastic Block Store.

A Elastic Block Storage.

Within the IAM service a GROUP is regarded as a:
A A collection of AWS accounts
B It's the group of EC2 machines that gain the permissions specified in the GROUP.
C There's no GROUP in IAM, but only USERS and RESOURCES.
D A collection of users.

D A collection of users.

A_____is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources.
A user
B AWS Account
C resource
D permission

D permission

After an Amazon VPC instance is launched, can I change the VPC security groups it belongs to?
A No. You cannot.
B Yes. You can.
C Only if you are the root user
D Only if the tag "VPC_Change_Group" is true

B Yes. You can.

Do the system resources on the Micro instance meet the recommended configuration for Oracle?
A Yes completely
B Yes but only for certain situations
C Not in any circumstance

C Not in any circumstance

Will I be charged if the DB instance is idle?
A No
B Yes--
C Only is running in GovCloud
D Only if running in VPC

B Yes

If I write the below command, what does it do? ec2-run ami-e3a5408a -n 20 -g appserver
A Creates 20 rules in the security group named appserver
B Start twenty instances as members ofappservergroup.
C Start 20 security groups
D Terminate twenty instances as members ofappservergroup.

B Start twenty instances as members of appserver group.

Can I move a Reserved Instance from one Region to another?
A No
B Yes
C Only if they are moving into GovCloud
D Only if they are moving to US East from another region

A No

To help you manage your Amazon EC2 instances, images, and other Amazon EC2 resources, you can assign your own metadata to each resource in the form of_____
A special filters
B functions
C tags
D wildcards

C tags

Are you able to integrate a multi-factor token service with the AWS Platform?
A No, you cannot integrate multi-factor token devices with the AWS platform.
B Yes, you can integrate private multi-factor token devices to authenticate users to the AWS platform.
C Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

C Yes, using the AWS multi-factor token devices to authenticate users on the AWS platform.

True or False: When you add a rule to a DB security group, you do not need to specify port number or protocol.
A Depends on the RDMS used
B TRUE
C FALSE

B TRUE

Is there a limit to the number of groups you can have?
A Yes for all users
B Yes for all users except root
C No
D Yes unless special permission granted

A Yes for all users

Can I initiate a "forced failover" for my Oracle Multi-AZ DB Instance deployment?
A Yes
B Only in certain regions
C Only in VPC
D No

A Yes

http://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html

Amazon EC2 provides a repository of public data sets that can be seamlessly integrated into AWS cloud-based applications.What is the monthly charge for using the public data sets?
A A 1 time charge of 10$ for all the datasets.
B 1$ per dataset per month
C 10$ per month for all the datasets
D There is no charge for using the public data sets

D There is no charge for using the public data sets

In the Amazon RDS Oracle DB engine, the Database Diagnostic Pack and the Database Tuning Pack are only available with _____
A Oracle Standard Edition
B Oracle Express Edition
C Oracle Enterprise Edition
D None of these

C Oracle Enterprise Edition

Without _____, you must either create multiple AWS accounts-each with its own billing and subscriptions to AWS products-or your employees must share the security credentials of a single AWS account.
A Amazon RDS
B Amazon Glacier
C Amazon EMR
D Amazon IAM

D Amazon IAM

Amazon RDS supports SOAP only through _____.
A HTTP or HTTPS
B TCP/IP
C HTTP
D HTTPS

D HTTPS

The Amazon EC2 web service can be accessed using the _____ web services messaging protocol. This interface is described by a Web Services Description Language (WSDL) document.
A SOAP
B DCOM
C CORBA
D XML-RPC

A SOAP

Is creating a Read Replica of another Read Replica supported?
A Only in VPC
B Yes
C Only in certain regions
D No

D No

HTTP Query-based requests are HTTP requests that use the HTTP verb GET or POST and a Query parameter named_____.
A Action
B Value
C Reset
D Retrieve

A Action

What happens to the I/O operations while you take a database snapshot?
A I/O operations to the database are suspended for an hour while the backup is in progress.
B I/O operations to the database are sent to a Replica (if available) for a few minutes while the backup is in progress.
C I/O operations will be functioning normally
D I/O operations to the database are suspended for a few minutes while the backup is in progress.

D I/O operations to the database are suspended for a few minutes while the backup is in progress.

Amazon RDS creates an SSL certificate and installs the certificate on the DB Instance when Amazon RDS provisions the instance. These certificates are signed by a certificate authority. The _____ is stored athttps://rds.amazonaws.com/doc/rds-ssl-ca-cert.pem.
A private key
B foreign key
C public key
D protected key

A private key

_____ embodies the "share-nothing" architecture and essentially involves breaking a large database into several smaller databases. Common ways to split a database include 1)splitting tables that are not joined in the same query onto different hosts or 2)duplicating a table across multiple hosts and then using a hashing algorithm to determine which host receives a given update.
A Sharding
B Failure recovery
C Federation
D DDL operations

A Sharding

What is the name of licensing model in which I can use your existing Oracle Database licenses to run Oracle deployments on Amazon RDS?
A Bring Your Own License
B Role Bases License
C Enterprise License
D License Included

A Bring Your Own License

When you resize the Amazon RDS DB instance, Amazon RDS will perform the upgrade during the next maintenance window. If you want the upgrade to be performed now, rather than waiting for the maintenance window, specify the _____ option.
A ApplyNow
B ApplySoon
C ApplyThis
D ApplyImmediately

D ApplyImmediately

Does Amazon Route 53 support NS Records?
A Yes, it supports Name Service records.
B No
C It supports only MX records.
D Yes, it supports Name Server records.

D Yes, it supports Name Server records.

The SQL Server _____ feature is an efficient means of copying data from a source database to your DB Instance. It writes the data that you specify to a data file, such as an ASCII file.
A bulk copy--
B group copy
C dual copy
D mass copy

A bulk copy

In the Amazon cloudwatch, which metric should I be checking to ensure that your DB Instance has enough free storage space?
A FreeStorage
B FreeStorageVolume
C FreeStorageSpace
D FreeStorageAllocation

B FreeStorageVolume

When using consolidated billing there are two account types. What are they?
A Paying account and Linked account
B Parent account and Child account
C Main account and Sub account.
D Main account and Secondary account.

A Paying account and Linked account

A_____is a document that provides a formal statement of one or more permissions.
A policy
B permission
C Role
D resource

A policy

In the Amazon RDS which uses the SQL Server engine, what is the maximum size for a Microsoft SQL Server DB Instance with SQL Server Express edition?
A 10 GB per DB
B 100 GB per DB
C 2 TB per DB
D 1TB per DB

A 10 GB per DB

Regarding the attaching of ENI to an instance, what does 'warm attach' refer to?
A Attaching an ENI to an instance when it is stopped.--
B This question doesn't make sense.
C Attaching an ENI to an instance when it is running
D Attaching an ENI to an instance during the launch process

A Attaching an ENI to an instance when it is stopped.

If I scale the storage capacity provisioned to my DB Instance by mid of a billing month, how will I be charged?
A you will be charged for the highest storage capacity you have used
B on a proration basis
C you will be charged for the lowest storage capacity you have used

B on a proration basis

You can modify the backup retention period; valid values are 0 (for no backup retention) to a maximum of _____ days.
A 45
B 35
C 15
D 5

B 35

A Provisioned IOPS volume must be at least _____ GB in size
A 1
B 50
C 20
D 10

D 10

Will I be alerted when automatic failover occurs?
A Only if SNS configured
B No
C Yes
D Only if Cloudwatch configured

C Yes-

You configured ELB to perform health checks on these EC2 instances. If an instance fails to pass health checks, which statement will be true?

· A. The instance is replaced automatically by the ELB.

· B. The instance gets terminated automatically by the ELB.

· C. The ELB stops sending traffic to the instance that failed its health check.

· D. The instance gets quarantined by the ELB for root cause analysis.

Answer: C. The ELB stops sending traffic to the instance that failed its health check.

This question tests that you properly understand how auto-scaling works. If you don’t, you might take a guess that load balancers take the more helpful sounding option A, i.e. automatically replacing a failed server.

The fact is, an elastic load balancer is still just a load balancer. Arguably when you ignore the elastic part, it is quite a simple load balancer in that (currently) it only supports round robin routing as opposed to anything more clever (perhaps balancing that takes into account the load on each instance).

The elastic part just means that when new servers are added to an “auto-scaling group”, the load balancer recognises them and starts sending them traffic. In fact to make answer A above, you need the following:

· A launch configuration This tells AWS how to stand up a bootstrapped server that once up is ready to do work without any human intervention

· An auto-scaling group This tells AWS where it can create servers (could be subnets in different Availability Zones in one region (NB. subnets can’t span AZ’s), but not across multiple regions). Also: which launch configuration to use, the minimum and maximum allowed servers in the group, and how to scale up and down. By how to scale up and down, it means for example 1 at a time, 10% more and various other things. With both of these configured, the when an instance fails the heath checks (presumably because it is down), it is the auto scaling group that will decide whether we now need to add another server t to compensate.

Just to complete the story about auto scaling, it is worth mentioning the CloudWatch service. This is the name for the monitoring service in AWS. You can add custom checks and use these to trigger scaling policies to expand or contract your group of servers (and of course the ELB keeps up and routes traffic appropriately).

Wrong answers:

A. The instance is replaced automatically by the ELB.

As described above, you need an Auto Scaling group to handle replacements.

B. The instance gets terminated automatically by the ELB.

As discussed above, load balancers aren’t capable of manipulating EC2 like this.

D. The instance gets quarantined by the ELB for root cause analysis.

There is no concept of quarantining.

You are building a system to distribute confidential training videos to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publically accessible from S3 directly?

· A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.

· B. Add the CloudFront account security group “amazon-cf/amazon-cf-sg” to the appropriate S3 bucket policy.

· C. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User.

· D. Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN).

Answer: A. Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.

An Origin Access Identity is a special user that you will set up the CloudFront service to use to access you restricted content, see here.

Wrong Answers:

B. Add the CloudFront account security group “amazon-cf/amazon-cf-sg” to the appropriate S3 bucket policy.

The CloudFront OAI solution is more tightly integrated with S3 and you don’t need to know implementation level details like the actual user name as that gets handled under the covers by the service.

C. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM User.

IAM is the service for controlling who can do what within your AWS account. The fact is that an AWS account is so incredibly powerful, that it would be far too dangerous to have many people in a company with full access to create servers, remove storage, etc. etc.

IAMs allows you to create that fine grained access to use of services. It doesn’t work down to the level suggested in this answer of specific objects. IAMs could stop a user accessing S3 admin functions, but not specific objects.

D. Create a S3 bucket policy that lists the CloudFront distribution ID as the Principal and the target bucket as the Amazon Resource Name (ARN). When configuring Bucket policies, a Principal is one or more named individuals in receipt of a particular policy statement. For example, you could be listed as a principal so that you can be denied access to delete objects in an S3 bucket. So the terminology is misused.

Which of the following will occur when an EC2 instance in a VPC (Virtual Private Cloud) with an associated Elastic IP is stopped and started? (Choose 2 answers)

· A. The Elastic IP will be dissociated from the instance

· B. All data on instance-store devices will be lost

· C. All data on EBS (Elastic Block Store) devices will be lost

· D. The ENI (Elastic Network Interface) is detached

· E. The underlying host for the instance is changed

Answers: B. All data on instance-store devices will be lost

(See storage explanations above)

E. The underlying host for the instance is changed

Not a great answer here. You are completely abstracted from underlying hosts. So you have no way of knowing this. But by elimination, I picked this.

Wrong Answers:

A. The Elastic IP will be dissociated from the instance

This is the opposite of the truth. Elastic IPs are sticky until re-assigned for a good reason (such as the instance has been terminated i.e. it is never coming back).

C. All data on EBS (Elastic Block Store) devices will be lost

EBS devices are independent of EC2 instances and by default outlive them (unless configured otherwise). All data on Instance storage however will be lost and also on the root (/dev/sda1) partition of S3 backed servers.

D. The ENI (Elastic Network Interface) is detached

As far as I know, just as silly answer!

In the basic monitoring package for EC2, Amazon CloudWatch provides the following metrics:

· A. web server visible metrics such as number failed transaction requests

· B. operating system visible metrics such as memory utilization

· C. database visible metrics such as number of connections

· D. hypervisor visible metrics such as CPU utilization

Answer: D. hypervisor visible metrics such as CPU utilization

Amazon needs to know this anyway to provide IaaS, so it seems natural that they share it.

Wrong Answers:

A. web server visible metrics such as number failed transaction requests

Too detailed for EC2 – Amazon don’t even want to know whether you have or haven’t even installed a web server.

B. operating system visible metrics such as memory utilization

Too detailed for EC2 – Amazon don’t want to interact with your operating system.

C. database visible metrics such as number of connections

Too detailed for EC2 – Amazon don’t even want to know whether you have or haven’t even installed a web server. NB. the question states Ec2 monitoring, RDS monitoring does include this.

Which is an operational process performed by AWS for data security?

· A. AES-256 encryption of data stored on any shared storage device

· B. Decommissioning of storage devices using industry-standard practices

· C. Background virus scans of EBS volumes and EBS snapshots

· D. Replication of data across multiple AWS Regions E. Secure wiping of EBS data when an EBS volume is un-mounted

Answer: B. Decommissioning of storage devices using industry-standard practices

Clearly there is no way you could do this, so AWS take care.

Wrong Answers:

A. AES-256 encryption of data stored on any shared storage device

Encryption of storage devices (EBS) is your concern.

C. Background virus scans of EBS volumes and EBS snapshots

Too detailed for EC2 – Amazon don’t want to interact with your data.

D. Replication of data across multiple AWS Regions

No, you have to do this yourself.

E. Secure wiping of EBS data when an EBS volume is un-mounted

An un-mount doesn’t cause an EBS volume to be wiped.

To protect S3 data from both accidental deletion and accidental overwriting, you should:

· A. enable S3 versioning on the bucket

· B. access S3 data using only signed URLs

· C. disable S3 delete using an IAM bucket policy

· D. enable S3 Reduced Redundancy Storage

· E. enable Multi-Factor Authentication (MFA) protected access

Answer: A. enable S3 versioning on the bucket

As the name suggests, S3 versioning means that all versions of a file are kept and retrievable at a later date (by making a request to the bucket, using the object ID and also the version number). The only charge for having this enabled is from the fact that you will incur more storage. When an object is deleted, it will still be accessible just not visible.

Wrong Answers:

B. access S3 data using only signed URLs

Signed URLs are actually part of CloudFront which as I mentioned earlier is the content distribution service. These protect content from un-authorised access.

C. disable S3 delete using an IAM bucket policy

No such thing as an IAM bucket policy. There are IAM policies and there are Bucket policies.

D. enable S3 Reduced Redundancy

Reduced Redundancy Storage RRS is a way of storing something on S3 with a lower durability, i.e. a lower assurance from Amazon that they won’t lose the data on your behalf. Obviously this lower standard of service comes at a lower price. RRC is designed for things that you need to store for convenience e.g. software binaries, but if they got deleted you could recreate (or re-download). So with this in mind enabling RRC reduces the level of protection rather than increases it. It is worth noticing the incredible level of durance that S3 provides. Without RRC enabled, durability is 11 9s, which equates to

“If you store 10,000 objects with us, on average we may lose one of them every 10 million years or so. This storage is designed in such a way that we can sustain the concurrent loss of data in two separate storage facilities.”

(see here, thanks to here).

With RRC, this drops to 4 9s which is still probably probably better than most IT departments can offer.

E. enable Multi-Factor Authentication (MFA) protected access

This answer is of little relevance. As I mentioned accounts on AWS are incredibly powerful due to the logical nature of what they control. In the physical world it isn’t possible for someone to press a button and delete an entire data centre (servers, storage, backups and all). In AWS, you could press a few buttons and do that, not just in one data center, but in ever data centre you’ve used globally. So MFA is a mechanism for increasing security over people accessing your AWS account. As I mentioned earlier IAMS is the mechanism for further restricting what authenticated people are authorized to do.

What is the difference between scalability and elasticity?

Scalability is the ability of a system to increase the workload on its current hardware resources to handle variability in demand. Elasticity is the ability of a system to increase the workload on its current and additional hardware resources, thereby enabling businesses to meet demand without investing in infrastructure up-front.

What are the different layers of cloud computing?

The three layers are:

Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)

How to secure your data for transport in cloud?

Ensure that no one can intercept the data as it moves from point A to point B in the cloud and also check that there are no data leaks with the encryption key from any storage in the cloud. You can also segregate your data from other companies’ data and then encrypt it by using an approved method. In addition you can ensure the security of older data that remains with a cloud vendor after you have no use for it.

List out different layers which define cloud architecture?

There are five layers:

Cloud Controller (CLC)
Walrus
Cluster Controller
Storage Controller (SC)
Node Controller (NC)

What are the security laws which are implemented to secure data in a cloud?

The security laws which are implemented to secure data in cloud are:

Processing
File
Output reconciliation
Input Validation
Security and Backup

What uses do API’s have in cloud services?

Application Programming Interface (API) has the following uses:

It eliminates the need to write fully fledged programs
It provides the instructions to set up communication between one or more applications
It allows easy creation of applications and links the cloud services with other systems

How many data centers are deployed for cloud computing? What are they?

There are two datacenters in cloud computing:

Containerized Datacenters
Low Density Datacenters

What is S3? What is it used for? Should encryption be used in S3?

According to Amazon, S3 is storage for the Internet. They define it as a, “simple storage service that offers software developers a highly-scalable, reliable, and low-latency data storage infrastructure at very low costs”.

Amazon S3 provides a simple web service interface which you can use to store and retrieve any amount of data, at any time, from anywhere on the web. Using this web service, developers can easily build applications that make use of Internet storage.

Encryption should be considered for sensitive data, as S3 is a proprietary technology developed by Amazon themselves, and yet to be proven from a security standpoint.

What is Amazon EC2 service?

Amazon describes Elastic Compute Cloud (Amazon EC2) as a web service that provides resizable compute capacity in the cloud. It is designed to make web-scale cloud computing easier for developers. Amazon EC2’s simple web service interface allows developers to obtain and configure capacity with minimal friction.

What is an AMI?

An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need. Source: http://docs.aws.amazon.com

An AMI includes the following:

A template for the root volume for the instance ( such as an operating system, an application server, and applications)
Launch permissions that control which AWS accounts can use the AMI to launch instances
A block device mapping that specifies the volumes to attach to the instance when it’s launched

What is the relation between Instance and AMI?

An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). From an AMI, you launch an instance, which is a copy of the AMI running as a virtual server in the cloud.

You can launch different types of instances from a single AMI. An instance type determines the hardware of the host computer used for your instance. Each instance type offers different compute and memory capabilities.

What automation tools can you use to spinup servers?

Any of the following tools can be used:

Roll-your-own scripts, and use the AWS API tools. Such scripts could be written in bash, perl or other language or your choice.
Use a configuration management and provisioning tool like puppet or its successor Opscode Chef. You can also use a tool like Scalr.
Use a managed solution such as Rightscale.

What are the different deployment models for Cloud?

The different models are:

Private Cloud
Public Cloud
Hybrid Clouds

What is auto-scaling? How does it work?

Autoscaling is a feature of AWS which allows you to configure and automatically provision and spinup new instances without the need for your intervention. You can do this by setting thresholds and metrics to monitor. When those thresholds are crossed, a new instance of your choosing will be spun up, configured, and rolled into the load balancer pool.

What are the Security Best Practices for Amazon EC2?

There are several best practices for secure Amazon EC2. A few of them are given below:

Use AWS Identity and Access Management (IAM) to control access to your AWS resources.
Restrict access by only allowing trusted hosts or networks to access ports on your instance.
Review the rules in your security groups regularly, and ensure that you apply the principle of least
Privilege – only open up permissions that you require.
Disable password-based logins for instances launched from your AMI. Passwords can be found or cracked, and are a security risk.

How is buffer used in Amazon web services?

Buffer is used to make the system more resilient to burst of traffic or load by synchronizing different components. The components always receive and process the requests in an unbalanced way. Buffer keeps the balance between different components and makes them work at the same speed to provide faster services.

What is the function of Amazon Elastic Compute Cloud?

Amazon Elastic compute cloud also known as Amazon EC2 is an Amazon web service that provides scalable resources and makes the computing easier for developers. The main functions of Amazon EC2 are:

It provides easy configurable options and allow user to configure the capacity.
It provides the complete control of computing resources and let the user run the computing environment according to his requirements.
It provides a fast way to run the instances and quickly book the system hence reducing the overall time.
It provides scalability to the resources and changes its environment according to the requirement of the user.
It provides varieties of tools to the developers to build failure resilient applications.

What are the different components used in AWS?

The components that are used in AWS are:

Amazon S3: it is used to retrieve input data sets that are involved in making a cloud architecture and also used to store the output data sets that is the result of the input.
Amazon SQS: it is used for buffering requests that is received by the controller of the Amazon. It is the component that is used for communication between different controllers.
Amazon SimpleDB: it is used to store intermediate status log and the tasks that are performed by the user/
Amazon EC2: it is used to run a large distributed processing on the Hadoop cluster. It provides automatic parallelization and job scheduling.

Explain Stopping, Starting, and Terminating an Amazon EC2 instance?

Stopping and Starting an instance: When an instance is stopped, the instance performs a normal shutdown and then transitions to a stopped state. All of its Amazon EBS volumes remain attached, and you can start the instance again at a later time. You are not charged for additional instance hours while the instance is in a stopped state.
Terminating an instance: When an instance is terminated, the instance performs a normal shutdown, then the attached Amazon EBS volumes are deleted unless the volume’s deleteOnTermination attribute is set to false. The instance itself is also deleted, and you can’t start the instance again at a later time.

Explain BGP Border Gateway Protocol
Denial Service Attack
Proxy versus Reverse Proxy
Types of Loadbalancer
Which algorithm does an Elastic Load Balancer use?
HAPROXY VS NGINX (Comparing Load Balancing Options: Nginx vs. HAProxy vs. AWS ELB - See more at: http://www.mervine.net/compari...
MYSql Storage Engine
MySQL Architecture
Hadoop Acrchitecture & HDFS, Named Node, Data Node, MapReduce
Web 3 tier Architecture
RPO & RTO in disaster Recovery
Bandwidth Throughput Latency
Bandwidth MTU
OLAP and OLTP
Difference between SAN & NAS
Blue Green Deployment
Replication technologies available
Difference between XML & JSON
What is CI(continuous integration) tool and example
Docker
Container
Difference between Docker & Container
What is Memcache
Details of VLAN
Content Delivery/Distribution Network(CDN)
MS SQL to Oracle Migration
Platforms (Power, Sparc, Intel X86)
How do you perform caching?
Do you know EMR and Redshift?
What is the biggest mistake you have made?
What is EBS?
How do you architect a design that is fault tolerant?
What are the services you have used in AWS?
What are some web protocols?
What is TCP and UDP?

What is Amazon EC2 service?

Amazon Elastic Compute Cloud (Amazon EC2) is a web service that provides resizable (scalable) computing capacity in the cloud. You can use Amazon EC2 to launch as many virtual servers you need. In Amazon EC2 you can configure security and networking, and manage storage.

What are the features of Amazon EC2 service?

As Amazon EC2 service is a cloud service so it has all the cloud features. Amazon EC2 provides the following features:

Virtual computing environment (known as instances)
Pre-configured templates for your instances (known as Amazon Machine Images – AMIs)
Amazon Machine Images (AMIs) is package that you need for your server (including the operating system and additional software)
Amazon EC2 provides various configuration of CPU, memory, storage and networking capacity for your instances (known as instance type)
Secure login information for your instances using key pairs (AWS stores the public key and you store the private key in a secure place)
Storage volumes for temporary data that’s deleted when you stop or terminate your instance (known as instance store volumes)
Amazon EC2 provides persistent storage volumes (using Amazon Elastic Block Store – EBS)
A firewall that enables you to specify the protocols, ports, and source IP ranges that can reach your instances using security groups
Static IP addresses for dynamic cloud computing (known as Elastic IP address)
Amazon EC2 provides metadata (known as tags)
Amazon EC2 provides virtual networks that are logically isolated from the rest of the AWS cloud, and that you can optionally connect to your own network (known as virtual private clouds – VPCs)

What is Amazon Machine Image and what is the relation between Instance and AMI?

Amazon Web Services provides several ways to access Amazon EC2, like web-based interface, AWS Command Line Interface (CLI) and Amazon Tools for Windows Powershell. First you need to signed up for an AWS account and you can access Amazon EC2.

Amazon EC2 provides a Query API. These requests are HTTP or HTTPS requests that use the HTTP verbs GET or POST and a Query parameter named Action.

What is Amazon Machine Image (AMI)?

An Amazon Machine Image (AMI) is a template that contains a software configuration (for example, an operating system, an application server, and applications). From an AMI, we launch an instance, which is a copy of the AMI running as a virtual server in the cloud. We can launch multiple instances of an AMI.

What is the relation between Instance and AMI?

We can launch different types of instances from a single AMI. An instance type essentially determines the hardware of the host computer used for your instance. Each instance type offers different compute and memory capabilities.

After we launch an instance, it looks like a traditional host, and we can interact with it as we would any computer. We have complete control of our instances; we can use sudo to run commands that require root privileges.

Explain storage for Amazon EC2 instance.

Amazon EC2 provides many data storage options for your instances. Each option has a unique combination of performance and durability. These storage can be used independently or in combination to suit your requirements.

There are mainly four types of storage provided by AWS.

Amazon EBS: Its durable, block-level storage volumes that you can attach to a running Amazon EC2 instance. The Amazon EBS volume persists independently from the running life of an Amazon EC2 instance. After an EBS volume is attached to an instance, you can use it like any other physical hard drive. Amazon EBS encryption feature supports encryption feature.
Amazon EC2 Instance Store: Storage disk that is attached to the host computer is referred to as instance store. Instance storage provides temporary block-level storage for Amazon EC2 instances. The data on an instance store volume persists only during the life of the associated Amazon EC2 instance; if you stop or terminate an instance, any data on instance store volumes is lost.
Amazon S3: Amazon S3 provides access to reliable and inexpensive data storage infrastructure. It is designed to make web-scale computing easier by enabling you to store and retrieve any amount of data, at any time, from within Amazon EC2 or anywhere on the web.
Adding Storage: Every time you launch an instance from an AMI, a root storage device is created for that instance. The root storage device contains all the information necessary to boot the instance. You can specify storage volumes in addition to the root device volume when you create an AMI or launch an instance using block device mapping.

What are the Security Best Practices for Amazon EC2?

There are several best practices for secure Amazon EC2. Following are few of them.

Use AWS Identity and Access Management (IAM) to control access to your AWS resources.
Restrict access by only allowing trusted hosts or networks to access ports on your instance.
Review the rules in your security groups regularly, and ensure that you apply the principle of least
Privilege — only open up permissions that you require.
Disable password-based logins for instances launched from your AMI. Passwords can be found or cracked, and are a security risk.

Explain Stopping, Starting, and Terminating an Amazon EC2 instance?

Stopping and Starting an instance: When an instance is stopped, the instance performs a normal shutdown and then transitions to a stopped state. All of its Amazon EBS volumes remain attached, and you can start the instance again at a later time. You are not charged for additional instance hours while the instance is in a stopped state.
Terminating an instance: When an instance is terminated, the instance performs a normal shutdown, then the attached Amazon EBS volumes are deleted unless the volume’s deleteOnTermination attribute is set to false. The instance itself is also deleted, and you can’t start the instance again at a later time.

WHAT IS VPC ?

A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. You can configure or create your VPC as per requirement like select region, create subnets (IP- CIDR), configure route tables, security groups, Internet gateway etc to your AWS account By which you can launch your AWS resources, such as Amazon EC2, RDS instances etc, into your VPC.

So basically you can say that Amazon VPC is the networking layer for AWS Infrastructure.

WHAT IS VPC PEERING?

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IP addresses. And instances which is in VPC can communicate with each other as if they are within the same network.

You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account within a single region.

If you have more than one AWS account within a same region and wants to share or transfer the data, you can peer the VPCs across those accounts to create a file sharing network. You can also use a VPC peering connection to allow other VPCs to access resources you have in one of your VPCs.

A VPC peering connection can help you to facilitate the transfer of data.

WHAT IS VPC ENDPOINTS?

A VPC endpoint enables you to create a private connection between your VPC with another AWS service without requiring access over the Internet, through a NAT device, a VPN connection, or AWS Direct Connect. They are horizontally scaled, redundant, and highly available VPC components that allow communication between instances in your VPC and AWS services without imposing availability risks or bandwidth constraints on your network traffic.

An endpoint enables instances in your VPC to use their private IP addresses to communicate with resources in other services. Don’t require public IP addresses to your instances, and you don’t need an Internet gateway, a NAT device, or a virtual private gateway in your VPC.

WHAT IS EBS (ELASTIC BLOCK STORAGE)? WHAT TYPE OF PERFORMANCE CAN YOU EXPECT? HOW DO YOU BACK IT UP? HOW DO YOU IMPROVE PERFORMANCE?

AMAZON ELASTIC BLOCK STORAGE

EBS is a virtualized SAN or storage area network. Elastic Block Store (Amazon EBS) provides persistence block level storage volumes for use with EC2 instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance that is in the same Availability Zone.

Performance that we can expect: Performance on EBS can exhibit variability. That is it can go above the SLA performance level, then drop below it. The SLA provides you with an average disk I/O rate you can expect. This can frustrate some folks especially performance experts who expect reliable and consistent disk throughput on a server. Traditional physically hosted servers behave that way. Virtual AWS instances do not.

Amazon EBS offering high avialibilty & durability. And it offers the consistent & low-latency performence needed to run your workloads.

EBS Magnetic volumes : You can create EBS Magnetic volumes from 1 GiB to 1 TiB in size

EBS General Purpose SSD (gp2) : You can create EBS General Purpose SSD (1 GiB – 16 TiB )

Provisioned IOPS SSD (io1): Highest-performance SSD volume designed for mission-critical applications (4 GiB – 16 TiB )

Cold HDD (sc1): Lowest cost HDD volume designed for less frequently accessed workloads (500 GiB – 16 TiB )

Amazon EBS Encryption: You can use encrypted EBS volumes to meet a wide range of data-at-rest encryption requirements for regulated/audited data and applications.

Amazon EBS Snapshots: You can create point-in-time snapshots of EBS volumes, which are persisted to Amazon S3. Snapshots protect data for long-term durability, and they can be used as the starting point for new EBS volumes. The same snapshot can be used to instantiate as many volumes as you wish. These snapshots can be copied across AWS regions.

Performance metrics, such as bandwidth, throughput, latency, and average queue length, are available through the AWS Management Console. These metrics, provided by AmazonCloudWatch, allow you to monitor the performance of your volumes to make sure that you are providing enough performance for your applications without paying for resources you don’t need.

WHAT IS S3? WHAT IS IT USED FOR? SHOULD ENCRYPTION BE USED IN S3?

Amazon S3 is stand for Simple storage service that is storage for the Internet. It as a, “simple storage service that offers software developers a highly-scalable, reliable, and low-latency data storage infrastructure at very low costs”.

You can think of it like ftp storage, where you can move files to and from there, but not mount it like a file system. AWS automatically puts your snapshots there, as well as AMIs there. Encryption should be considered for sensitive data, as S3 is a proprietary technology developed by Amazon themselves, and as yet unproven vis-a-vis a security standpoint.

Encryption should be considered for sensitive data, as S3 is a proprietary technology developed by Amazon themselves, and yet to be proven from a security standpoint.

WHAT IS AN AMI?

AMI stands for Amazon Machine Image. It is effectively a snapshot of the root filesystem. AWS AMI provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.

An AMI includes the following:

A template for the root volume for the instance ( such as an operating system, an application server, and applications)
Launch permissions that control which AWS accounts can use the AMI to launch instances
A block device mapping that specifies the volumes to attach to the instance when it’s launched

Build a new AMI by first spinning up and instance from a trusted AMI. Then adding packages and components as required. Be wary of putting sensitive data onto an AMI. For instance your access credentials should be added to an instance after spinup. With a database, mount an outside volume that holds your MySQL data after spinup as well.

Ref: http://docs.aws.amazon.com

WHAT IS THE RELATION BETWEEN INSTANCE AND AMI?

WHAT AUTOMATION TOOLS CAN YOU USE TO SPINUP SERVERS?

Here below many types tools given any of the following tools can be used:

Roll-your-own scripts, and use the AWS API tools. Such scripts could be written in bash, perl or other language or your choice.
Use a configuration management and provisioning tool like Ansible, puppet or its successor Opscode Chef etc.
You might also look towards a tool like Scalr. Lastly you can go with a managed solution such as Rightscale.

WHAT ARE THE DIFFERENT DEPLOYMENT MODELS FOR CLOUD?

The different models are:

Private Cloud
Public Cloud
Hybrid Clouds

WHAT IS AUTO-SCALING? HOW DOES IT WORK?

Horizontally Scaling
Vertically Scaling

Auto scaling is a feature of AWS which allows you to configure and automatically provision and spinup new instances without the need for your intervention. You can do this by setting thresholds and metrics to monitor. When those thresholds are crossed, a new instance of your choosing will be spun up, configured, and rolled into the load balancer pool. You’ve scaled horizontally without any operator intervention!

Vertically Scaling: This is an incredible feature of AWS and cloud virtualization. Spinup a new larger instance than the one you are currently running. Pause that instance and detach the root ebs volume from this server and discard. Then stop your live instance, detach its root volume. Note the unique device ID and attach that root volume to your new server. And the start it again. You have scaled vertically in-place!!

WHAT IS THE DIFFERENCE BETWEEN SCALABILITY AND ELASTICITY?

Scalability is the ability of a system to increase the workload on its current hardware resources to handle variability in demand.

Elasticity is the ability of a system to increase the workload on its current and additional hardware resources, thereby enabling businesses to meet demand without investing in infrastructure up-front.

LIST OUT DIFFERENT LAYERS WHICH DEFINE CLOUD ARCHITECTURE?

There are five layers:

Cloud Controller (CLC)
Walrus
Cluster Controller
Storage Controller (SC)
Node Controller (NC)

WHAT ARE THE SECURITY LAWS WHICH ARE IMPLEMENTED TO SECURE DATA IN A CLOUD?

The security laws which are implemented to secure data in cloud are:

Processing
File
Output reconciliation
Input Validation
Security and Backup

WHY API’S HAVE IN CLOUD SERVICES?

Application Programming Interface (API) has the following uses:

It eliminates the need to write fully fledged programs
It provides the instructions to set up communication between one or more applications
It allows easy creation of applications and links the cloud services with other systems

HOW MANY DATA CENTERS ARE DEPLOYED FOR CLOUD COMPUTING? WHAT ARE THEY?

There are two data centers in cloud computing:

Containerized Data centers
Low Density Data centers

WHAT ARE THE SECURITY FOR AMAZON EC2?

There are several best practices for secure Amazon EC2. A few of them are given below:

Use AWS Identity and Access Management (IAM) to control access to your AWS resources.
Restrict access by only allowing trusted hosts or networks to access ports on your instance.
Review the rules in your security groups regularly, and ensure that you apply the principle of least
Privilege – only open up permissions that you require.
Disable password-based logins for instances launched from your AMI. Passwords can be found or cracked, and are a security risk.

HOW YOU WOULD SIMULATE PERIMETER SECURITY USING AMAZON WEB SERVICES MODEL?

Traditional perimeter security that we’re already familiar with using firewalls and so forth is not supported in the Amazon EC2 world.

AWS supports security groups. One can create a security group for a jump box with ssh access – only port 22 open. From there a web server group and database group are created.

The web server group allows 80 and 443 from the world, but port 22 only from the jump box group. Further the database group allows port 3306 from the web server group and port 22 from the jump box group. Add any machines to the web server group and they can all hit the database.

No one from the world can, and no one can directly ssh to any of your boxes.

Want to further lock this configuration down? Only allow ssh access from specific IP addresses on your network, or allow just your subnet.

HOW IS BUFFER USED IN AMAZON WEB SERVICES?

WHAT IS THE FUNCTION OF AMAZON ELASTIC COMPUTE CLOUD?

Amazon Elastic compute cloud also known as Amazon EC2 is an Amazon web service that provides scalable resources and makes the computing easier for developers. The main functions of Amazon EC2 are:

It provides easy configurable options and allow user to configure the capacity.
It provides the complete control of computing resources and let the user run the computing environment according to his requirements.
It provides a fast way to run the instances and quickly book the system hence reducing the overall time.
It provides scalability to the resources and changes its environment according to the requirement of the user.
It provides varieties of tools to the developers to build failure resilient applications.

WHAT ARE THE DIFFERENT COMPONENTS USED IN AWS?

The components that are used in AWS are:

Amazon S3: it is used to retrieve input data sets that are involved in making a cloud architecture and also used to store the output data sets that is the result of the input.
Amazon SQS: it is used for buffering requests that is received by the controller of the Amazon. It is the component that is used for communication between different controllers.
Amazon Simple DB: it is used to store intermediate status log and the tasks that are performed by the user/
Amazon EC2: it is used to run a large distributed processing on the Hadoop cluster. It provides automatic parallelization and job scheduling.

EXPLAIN THE FUNCTION OF AN AMAZON EC2 INSTANCE LIKE STOPPING, STARTING AND TERMINATING?

Stopping and Starting an instance: When an instance is stopped, the instance performs a normal shutdown and then transitions to a stopped state. All of its Amazon EBS volumes remain attached, and you can start the instance again at a later time. You are not charged for additional instance hours while the instance is in a stopped state.
Terminating an instance: When an instance is terminated, the instance performs a normal shutdown, then the attached Amazon EBS volumes are deleted unless the volume’s delete OnTermination attribute is set to false. The instance itself is also deleted, and you can’t start the instance again at a later time.

What are regions and availability zones in Amazon EC2? Explain in brief.

Explain how to Launch EC2 instance in an Availability Zone?

How to Migrate an Instance to another Availability Zone?

What is Amazon EC2 Root Device Volume?

How to persist Root Device Volume in Amazon EC2 Instance?

What is Key Pair?

How to create Key Pair?

What is the use of Key Pair?

What is Security Group in Amazon EC2?

What are the features of Security Group in Amazon EC2?

How to create Security Group in Amazon EC2?

How to connect to your Amazon EC2 Instance?

How to add a Volume to your Amazon EC2 Instance?

How to clean up your Amazon EC2 Instance and Volume?

What are the best practices for Amazon EC2?

How to create your own Amazon Machine Image (AMI)?

Explain types of storage for the Root Device and difference between them?

How to determine the Root Device type of your AMI?

What is the size limit for Amazon EC2 instance store-backed AMIs and Amazon EBS-backed AMIs?

How you’re charged in Amazon EC2? Explain in detail.

What is shared AMI?

How to update AMI tools at Boot Time?

How to disable Password-Based Logins for Root in Amazon EC2 Instance?

What is Public Key Credentials and how to install it?

What is sshd DNS Checks and how to disable it?

What is paid AMI and how to use them?

How to sell your AMI?

How to create an Amazon EBS-Backed Linux AMI?

How to create an AMI from an Instance?

How to create an AMI from a Snapshot?

How to create an Instance Store-Backed Linux AMI?

How to convert your Instance Store-Backed AMI to an Amazon EBS-Backed AMI?

How to copy an Amazon EC2 AMI from one Region to another Region?

What is Amazon EBS-Optimized Instances?

How to resize your Amazon EC2 Instance?

What is Spot Instances and what are the advantages of them?

How do you access the AWS Console?

http://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html

What does EC2 mean and why is it used?

Which are the most common areas you have used EC2 for?

How can I enable instance creation and deletion automatically?

Can I keep a minimum of X and maximum of Y instances under a ELB? How can I achieve this configuration?

What was the challenging aspect in AWS ?

If you are given a task to design a project from scratch in AWS, how would you go about it?

What are the other options (other than EC2) that you have used in AWS?

Can you make my AWS console access password-less?

Can I have a security group shared across various accounts?

Thursday, October 19, 2017

AWS Q & A

What is the difference between scalability and elasticity?

What are the different layers of cloud computing?

How to secure your data for transport in cloud?

List out different layers which define cloud architecture?

What are the security laws which are implemented to secure data in a cloud?

What uses do API’s have in cloud services?

How many data centers are deployed for cloud computing? What are they?

What is S3? What is it used for? Should encryption be used in S3?

What is Amazon EC2 service?

What is an AMI?

What is the relation between Instance and AMI?

What automation tools can you use to spinup servers?

What are the different deployment models for Cloud?

What is auto-scaling? How does it work?

What are the Security Best Practices for Amazon EC2?

How is buffer used in Amazon web services?

What is the function of Amazon Elastic Compute Cloud?

What are the different components used in AWS?

Explain Stopping, Starting, and Terminating an Amazon EC2 instance?

WHAT IS VPC ?

WHAT IS VPC PEERING?

WHAT IS VPC ENDPOINTS?

WHAT IS EBS (ELASTIC BLOCK STORAGE)? WHAT TYPE OF PERFORMANCE CAN YOU EXPECT? HOW DO YOU BACK IT UP? HOW DO YOU IMPROVE PERFORMANCE?

AMAZON ELASTIC BLOCK STORAGE

WHAT IS S3? WHAT IS IT USED FOR? SHOULD ENCRYPTION BE USED IN S3?

WHAT IS AN AMI?

WHAT IS THE RELATION BETWEEN INSTANCE AND AMI?

WHAT AUTOMATION TOOLS CAN YOU USE TO SPINUP SERVERS?

WHAT ARE THE DIFFERENT DEPLOYMENT MODELS FOR CLOUD?

WHAT IS AUTO-SCALING? HOW DOES IT WORK?

WHAT IS THE DIFFERENCE BETWEEN SCALABILITY AND ELASTICITY?

LIST OUT DIFFERENT LAYERS WHICH DEFINE CLOUD ARCHITECTURE?

WHAT ARE THE SECURITY LAWS WHICH ARE IMPLEMENTED TO SECURE DATA IN A CLOUD?

WHY API’S HAVE IN CLOUD SERVICES?

HOW MANY DATA CENTERS ARE DEPLOYED FOR CLOUD COMPUTING? WHAT ARE THEY?

WHAT ARE THE SECURITY FOR AMAZON EC2?

HOW YOU WOULD SIMULATE PERIMETER SECURITY USING AMAZON WEB SERVICES MODEL?

HOW IS BUFFER USED IN AMAZON WEB SERVICES?

WHAT IS THE FUNCTION OF AMAZON ELASTIC COMPUTE CLOUD?

WHAT ARE THE DIFFERENT COMPONENTS USED IN AWS?

EXPLAIN THE FUNCTION OF AN AMAZON EC2 INSTANCE LIKE STOPPING, STARTING AND TERMINATING?

No comments:

Post a Comment