AWS Solution Architect Associate – Exercise Questions – Part 2

Please comment on this page, if you need any explanation regarding these questions. Check correct answers in Bold & Italic font.

1. You run a successful multi-tier web application on AWS and your marketing department has asked you to add a reporting tier to the application. The reporting tier will aggregate and publish status reports every 30 minutes from user-generated information that is being stored in your web applications database. You are currently running a Multi-AZ RDS MySQL instance for the database tier. You have implemented ElastiCache as a database caching layer between the application tier and database tier. Identify the option that will allow you to successfully implement the reporting tier with as little impact as possible to your database.

SELECT THE CORRECT ANSWER

  1. Continually send transaction logs from your master database to an S3 bucket and generate the reports of the S3 bucket using S3 byte-range requests.
  2. Generate the reports by querying the synchronously replicated stand by RDS MySQL instance maintained through Multi-AZ.
  3. Launch an RDS Read Replica connected to your Multi-AZ master database and generate the reports by querying the Read Replica.
  4. Generate the reports by querying the ElastiCache database caching tier.

2. If an IP address range is specified using a CIDR (Classless Inter Domain Routing) notation such as: 10.10.1.32/18, without using the standard IP address classes, like Class A, Class B, or Class C, how many bits will be available to specify the host addresses?

SELECT THE CORRECT ANSWER

  1. 14
  2. 10
  3. 32
  4. 18

3. Your firm has uploaded a large amount of aerial image data to S3. In the past, in your on-premises environment, you used a dedicated group of servers to often process this data and used Rabbit MO – an open source messaging system to get job information to the servers. Once processed, the data would go to tape and be shipped offsite. Your manager told you to stay with the current design and leverage AWS archival storage and messaging services to minimize cost. Which of the AWS storage archival options would you use?

SELECT THE CORRECT ANSWER

  1. Use SQS for passing job messages, use Cloud Watch alarms to terminate EC2 worker instances when they become idle. Once data is processed, change the storage class of the S3 objects to Reduced Redundancy Storage.
  2. Set up Auto-Scaled workers triggered by queue depth that use spot instances to process messages in SQS. Once data is processed, change the storage class of the S3 objects to Reduced Redundancy Storage.
  3. Set up Auto-Scaled workers triggered by queue depth that use spot instances to process messages in SQS. Once data is processed, change the storage class of the S3 objects to Glacier.
  4. Use SNS to pass job messages use CloudWatch alarms to terminate spot worker instances when they become idle. Once data is processed, change the storage class of the S3 object to Glacier.

4. You run a nightly Elastic Map reduce (EMR) job that processes a single 2TB file which is stored on S3. The EMR jobs run on two on-demand core nodes and three on-demand task nodes. Which of the following options can help you achieve a reduction in the EMR job completion time?

SELECT THE CORRECT ANSWER

  1. Use three spot instances for the task nodes rather than three on-demand instances.
  2. Change the input split size in the map, reduce the job configuration and adjust the number of simultaneous mapper tasks.
  3. Present an S3 bucket as a local file system using a bootstrap script.
  4. You can do nothing on your part to reduce the EMR job completion time.

5. A corporate web application is deployed within an Amazon Virtual Private Cloud (VPC) and is connected to the corporate data center via an IPsec VPN. The application must authenticate against the on-premises LDAP server. After authentication, each logged-in user can only access an Amazon Simple Storage Space (S3) key space specific to that user. Identify an approach that can satisfy this objective. Select all that apply.

SELECT THE CORRECT ANSWER

  1. Develop an identity broker that authenticates against IAM security Token service to assume an IAM role to get temporary AWS security credentials. The application calls the identity broker to get AWS temporary security credentials with access to the appropriate S3 bucket.
  2. The application authenticates against LDAP and retrieves the name of an IAM role associated with the user. The application then calls the IAM Security Token Service to assume that IAM role. The application can use the temporary credentials to access the appropriate S3 bucket.
  3. Develop an identity broker that authenticates against LDAP and then calls IAM Security Token Service to get IAM federated user credentials. The application calls the identity broker to get IAM federated user credentials with access to the appropriate S3 bucket.
  4. The application authenticates against LDAP and then calls the AWS Identity and Access Management (IAM) Security services to log in to IAM using the LDAP credentials. The application can use the IAM temporary credentials to access the appropriate S3 bucket.
  5. The application authenticates against IAM Security Token Service using the LDAP credentials. The application then uses those temporary AWS Security credentials to access the appropriate S3 bucket.

6. You are implementing AWS Direct connect. You intend to use AWS public service end points, such as Amazon S3, across the AWS Direct connect link. You want other Internet traffic to use your existing link to an Internet Service Provider. What is the correct way to configure AWS Direct connect to access services such as Amazon S3?

SELECT THE CORRECT ANSWER

  1. Configure a public interface on your AWS Direct Connect link. Configure a static route via your AWS Direct Connect Link that points to Amazon S3. Advertise a default route to AWS using BGP.
  2. Create a private interface on your AWS Direct Connect link. Configure a static route via your AWS Direct Connect Link that points to Amazon S3. Configure Specific routes to your network in your VPC.
  3. Create a public interface on your AWS Direct Connect link. Redistribute BGP routes into your existing routing infrastructure. Advertise specific routes for your network to AWS.
  4. Create a private interface on your AWS Direct Connect link. Redistribute BGP routes into your existing routing infrastructure. Advertise a default route to AWS.

7. An administrator uses Amazon CloudFormation to deploy a three-tier web application that consists of a web tier and application tier that will utilize Amazon DynamoDB for Storage when creating the CloudFormation template. Which of the following would allow the application instance access to the DynamoDB tables without exposing API credentials?

SELECT THE CORRECT ANSWER

  1. Create an IAM Role that has the required permissions to read and write from the required DynamoDB table and associate the role to the application instances by referencing an instance profile.
  2. Use the Parameter section in the CloudFormation template to have the user input access and secret keys from an already created IAM user that has the permissions required to read and write from the required DynamoDB table.
  3. Create an IAM Role that has the required permissions to read and write from the required DynamoDB table and reference the role in the instance profile property of the application instance.
  4. Create an IAM user in the CloudFormation template that has permissions required to read and write from the required DynamoDB table, use the GetAtt function to retrieve the Access and Secret keys and pass them to the application instance through user-data.

8. Assume there is a Windows XP client that has port ranges of 1025 to 5000 as ephemeral and a request comes to a web server in your VPC from this client on the Internet. Which of the following statements is accurate in this context?

SELECT THE CORRECT ANSWER

  1. Your network ACL must have an outbound rule to enable traffic destined for ports 1025 to 5000.
  2. Your network ACL must have an inbound rule to enable traffic destined for ports 1025 to 5000.
  3. Your network ACL must have an inbound and an outbound rule to enable traffic destined for ports 1025 to 5000.
  4. Your network ACL must have default inbound rules.

9. Your company has an on-premises multi-tier PHP web application which recently experienced downtime due to a large burst in web traffic caused by a company announcement. In the coming days, you are expecting similar announcements to drive similar unpredictable bursts and are looking for ways to quickly improve your infrastructural ability to handle such unexpected increases in traffic. The application currently consists of two tiers: a web tier which consists of a load balancer and several Linux Apache web servers and a database tier which hosts a Linux server hosting a MySQL database. Which of the following scenarios will provide full functionality for the site while helping to improve the ability of your application in the short timeframe required?

SELECT THE CORRECT ANSWER

  1. Offload traffic from the on-premises environment. Set up a CloudFront distribution and configure CloudFront to cache objects from a custom origin. Choose to customize your object cache behavior, and select a TTL that objects should exist in cache.
  2. Migrate to AWS. Use VM Import Export to quickly convert an on-premise web server to an AMI. Create an Auto Scaling group, which uses the imported AMI to scale the web tier based on incoming traffic. Set up replication between the RDS instance and on-premise MySQL server to migrate the database; also create an RDS Read Replica.
  3. Create an S3 bucket and configure it for website hosting. Migrate your DNS to Route53 using Zone and leverage Route53 DNS failover to the S3 hosted website.
  4. Create an AMI which can be used to launch web servers in EC2. Create an Auto Scaling group that uses the AMI to scale the web tier based on incoming traffic. Leverage Elastic Load Balancing to balance traffic between on-premise web servers and those hosted in AWS.

10. If you are using a DB instance that uses Provisioned IOPS storage, will you be charged for I/Os as well?

SELECT THE CORRECT ANSWER

  1. Only above 1 million/week
  2. Only above 1 billion/month
  3. No separate charge for I/Os
  4. For each I/O