General

Question 1

What does AWS CloudHSM stand for?

Answer 1

AWS managed dedicated hardware security model (HSM) in AWS Cloud

Question 2

What is the primary function of AWS CloudHSM?

Answer 2

Enables you to securely generate, store, and manage your own cryptographic keys

Question 3

Which industry-standard APIs can integrate with AWS CloudHSM?

Answer 3

• PKCS#11
• Java Cryptography Extensions (JCE)
• Microsoft CryptoNG (CNG) libraries

Question 4

Fill in the blank: AWS CloudHSM allows you to store _______ key material in a custom key store.

Answer 4

non-extractable

Question 5

What is a use case for AWS CloudHSM?

Answer 5

Use KMS to create a CMKs in a custom key store and store non-extractable key material in AWS CloudHSM to get full control on encryption keys

Question 6

In AWS Systems Manager, was does Session Manager replace

Answer 6

The need for Bastions to access instances in private subnet

Question 7

What is AWS Shield?

Answer 7

Managed Distributed Denial of Service protection service

Question 8

What type of attacks does AWS Shield protect against?

Answer 8

Layer 3 and 4

Question 9

What are the tiers of service for AWS Shield

Answer 9

• Standard - automatic and free for CloudFront and Route 53
• Advanced - paid, enhanced DDoS protection for EC2, ELB, Cloudfront, and Route 53

Question 10

What is AWS WAF

Answer 10

Web application firewall, protects web applications against common web exploits

Question 11

What attacks does AWS WAF protect against

Answer 11

Layer 7, like SQL injection and Cross-site scripting

Question 12

Where can you deploy AWS WAF

Answer 12

• CloudFront
• Application Load Balancer
• API Gateway
• AWS AppSync

Question 13

What does AWS Firewall Manager do?

Answer 13

Centralizes configuration and management of AWS WAF rules, AWS Shield Advanced, Network Firewall rules, and Route 53 DNS firewall rules across accounts and resources in AWS Organization

Question 14

What is a use case for AWS Firewall Manager

Answer 14

Meet Gov regulations to deploy AWS WAF rule to block traffic from embargoed countries across acounts and resources

Question 15

What is AWS Guard Duty

Answer 15

• Read VPC Flow Logs, DNS Logs, and Cloudtrail Events, apply machine learning algorithms and anomaly detections to discover threats
• Can protect against Crypto Currency Attacks

Question 16

How is ECS with Fargate charged

Answer 16

On vCPU and memory resources that the container requests. Charged rounded up per the nearest second

Question 17

What is Babelfish

Answer 17

Allows Aurora PostgreSQL to understand T-SQL and SQL Server wire protocol, enabling applications to communicate with Aurora using SQL Server-style queries with minimal code changes

Question 18

Using an autoscaling group, how can you make sure 10 instances are up at a specific time of day/month

Answer 18

Setup a scheduled action that kicks off at the designated time and set the desired capacity of the instances to 10

Question 19

With Amazon API Gateway and Websocket APIs, which is Stateful and which is stateless

Answer 19

Gateway - Stateless
Websocket - Stateful

Question 20

By default, FIFO queues (SQS) support how many messages per second

Answer 20

300

Question 21

With SQS FIFO, what is the max number of messages you can batch per second

Answer 21

10

Question 22

How might you restrict traffic by country for an EC2

Answer 22

AWS web application firewall with ALB. Geo match Conditions in WAF can restrict traffic based on location

Question 23

T/F Cloudfront can have a custom origin pointing to the DNS record of a website on Route 53

Answer 23

False, It can have a custom origin pointing to on-premise servers

Question 24

In S3, when you apply a retention period to an object version, what do you specify

Answer 24

Retain Until Date

Question 25

You need to ensure exactly once message processing, what should you use

Answer 25

SQS FIFO

Question 26

What is the min storage duration for an object in S3 before it can be transitioned away from S3 Stanadard

Answer 26

30 days

Question 27

When using S3 Transfer Acceleration, if the upload occurred, but S3TA did not result in an accelerated transfer, what do you pay for in transfer charges

Answer 27

None. There is no transfer charges when data is transferred in from the internet, and you only pay for transfers that are accelerated

Question 28

What is Amazon FSx for Lustre

Answer 28

Allows you work with files on S3 using the Lustre file system. It provides the ability to process 'hot data' in a parallel and distributed fashion as well as store the 'cold data' on Amazon s3

Question 29

What is AWS Glue DataBrew

Answer 29

A way to build data workflows visually without code. It is fully managed by AWS and serverless

Question 30

How is replication setup with a RDS Multi-AZ deployment

Answer 30

Synchronous replication and spans at least two AZs within a single region.

Question 31

How is replication setup with a RDS Read Replica

Answer 31

Asynchronous replication and can be within a AZ, Cross AZ, or Cross-Region

Question 32

What is AWS Outpost

Answer 32

It is an AWS physical rack that can be installed in the company's data center, bringing AWS services on-prem

Question 33

What storage solutions cannot be used as a boot volume on an EC2

Answer 33

Throughput Optimized Hard disk drive (St1) Cold Hard disk drive (sc1)

Question 34

What storage solutions can be used as a boot volume on EC2

Answer 34

Provisioned IOPS Solid State drive (io1,3) Instance Store General Purpose Solid State Drive (gp2,3)

Question 35

What does a RDS Proxy do for Aurora

Answer 35

It helps manage connection pooling and throttling, which are a common cause of timeouts in high-load scenarios. It maintains a pool of database connections and reuses them across clients. This can be paired with a scaling group of EC2s

Question 36

How can a EFS be access by another region

Answer 36

inter-region VPC peering connection

Question 37

What is needed for a High Performance Computing driven application with EC2s

Answer 37

They need to be deployed in a cluster placement group so that the underlying workload can benefit from low network latency and high network throughput.

Question 38

Does Amazon FsX for Luster support Microsoft's Distributed File System

Answer 38

No

Question 39

What happens when a AMI is copied from Region A to Region B?

Answer 39

A snapshot is automatically created because AMIS are based on the underlying snapshot

Question 40

What is the hierachy of S3 storage types

Answer 40

Standard > Standard IA > Intelligent-Tiering > One Zone IA > Glacier Instant Retrieval > Glacier Flexible Retrieval > Deep Archive Lifecycle transitions can only be made to go down, not up

Question 41

If a company wants to continue to use its own custom DNS service, Is Route 53 an option

Answer 41

No

Question 42

What is AWS Global Accelerator

Answer 42

AWS Global Accelerator uses the Amazon's network, improving performance by lowering first-byte latency and jitter, and increasing throughput compared to the public internet.

Question 43

Can you hook up EFS to lambda

Answer 43

Yes by using the EFS mount target and access points

Question 44

Using an autoscaling group, how would you trigger based on cpu utilization of 50%

Answer 44

Target tracking policy with CPU as target metric and target vakue of 50%

Question 45

What is the soft limit of concurrent executions for lambda per AWS Account per region

Answer 45

1000

Question 46

What is the order of operations when an instance has become unhealthy in a auto scaling group

Answer 46

A new scaling activty terminates the unhealthy instance and then a new scaling activity launches a new, replacement instance.

Question 47

Can GuardDuty monitor S3 for malicious activity

Answer 47

Yes

Question 48

What do you need to provide an encrypted connection between a data center and AWS cloud.

Answer 48

VPN usually paired with Direct Connect

Question 49

S3 can achieve 3,500 PUT/COPY/POST/DELETE and 5500 GET/HEAD per what

Answer 49

prefix

Question 50

On a EC2, what is the ideal storage for temporary information that changes frequently, such as buffers, caches, and scratch data

Answer 50

Instance Store

Question 51

How can you run Oracle in AWS

Answer 51

AWS RDS Custom for Oracle

Question 52

How can you hook up AWS to work with Active Directory

Answer 52

Use AWS Directory Service AD Connector to connect AWS to the on-premises Active Directory. Integrate AD Connector with AWS IAM Identity Center. Use permission sets to assign access to AWS accounts and resources based on Active Directory group membership

Question 53

What does suspending ReplaceUnhealthy on an Auto Scaling group do

Answer 53

It will not replace any unhealthy instances. You can use this time to do maintenance on an instance. Just set it back

Question 54

How long can you reserve an EC2 Reserved Instance

Answer 54

for 1 or 3 years only (NOT ANYTIME BETWEEN)

Question 55

If running an OLTP on an EC@ and you need to do thousands of requests per second, what ec2 type should you choose

Answer 55

Storage Optimized

Question 56

What are some examples of reasons you would use a compute optimized ec2 instance type

Answer 56

batch processing workloads media transcoding high performance web servers high performance computing scientific modeling and machine learning dedicated gaming servers

Question 57

What is some examples of reasons why to use a memory optimized ec2 instance

Answer 57

High performance relational/non-relational dbs Distributed web scale cache stores in memory dbs optimized for bi applications performing real time processing for big unstructured data

Question 58

What are some examples of reasons to use storage optimized ec2 instances

Answer 58

High Frequency OLTP systems Relational & NoSql dbs Cach for in memory dbs, redis Data warehouseing apps Distributed file systems

Question 59

What are the different type of placement groups

Answer 59

Cluster Spread Partition

Question 60

What is a cluster placement group

Answer 60

Clusters instances into a low latency group in a single az

Question 61

what is a spread placement group

Answer 61

spreads instances across underlying hardware, max 7 instances per group per az (critical apps)

Question 62

What is a partition placement group

Answer 62

Spreads instances across many different partitions (different sets of racks) within an AZ

Question 63

What are some use cases for cluster placement groups

Answer 63

Big data jobs that need to complete fast apps that need extreme low latency and high network throughput

Question 64

When would you use a partition placement group

Answer 64

Partition aware apps like HDFS, HBase, Cassandra, Kafka

Question 65

Elastic Network Interface (ENI) can be attached to EC2 instances in another AZ. (T/F)

Answer 65

False, ENI are bounded to a specific AZ

Question 66

For EC2 hibernate, what does the root volume need to be

Answer 66

an EBS volume

Question 67

For EC2 hibernate, RAM must be less than what

Answer 67

150 GB

Question 68

What EC2 types support hibernate

Answer 68

On Demand and Reserved

Question 69

How many instances can an EBS volume be attached to at a time

Answer 69

1

Question 70

What is the default behavior for delete on termination for the root ebs volume vs other ebs volumes

Answer 70

the root is deleted, others are kept

Question 71

When moving an ebs snapshot to an archive, how long can it take to restore

Answer 71

24 to 72 hours

Question 72

How long can you set the recycle bin for an EBS snapshot

Answer 72

1 day to 1 year

Question 73

What is an EC2 Instance Store

Answer 73

High performance hardware disk attached to an ec2

Question 74

What happens to an EC2 instance store if it they are stopped

Answer 74

they lose their storage

Question 75

What type of EBS volume should you use for database workloads

Answer 75

Provisioned IOPS

Question 76

What is EBS Multi Attach

Answer 76

Allows you attach ebs to multiple ec2s but it is only available for io1/io2 family volumes

Question 77

What are the different throughput modes for EFS

Answer 77

Bursting Performance Mode Throughput Mode

Question 78

What are the different Storage Tiers for EFS

Answer 78

Standard Infrequent Access Archive

Question 79

With EBS gp2, what happens when IO increases

Answer 79

the disk size increases

Question 80

With EBS gp3 and Io1, what happens when IO increases

Answer 80

nothing, the IO and disk are independent

Question 81

EFS is only for Linux Systems (T/F)

Answer 81

true

Question 82

AMIs are region specific (t/f)

Answer 82

True, but you can copy it to the other region

Question 83

IAM User Groups can contain IAM Users and other User Groups. (t/f)

Answer 83

false

Question 84

What traffic does a Network Load Balancer handle

Answer 84

TCP and UDP

Question 85

A NLB is ultra low latency (t/f)

Answer 85

true

Question 86

How many static ips per az does a nlb have

Answer 86

one, and supports assigning elastic ip

Question 87

What type of health checks are supported by nlb

Answer 87

TCP, HTTP, and HTTPS

Question 88

If you want to use the GENEVE protocol on port 6081, which load balancer do you need

Answer 88

Gateway load balancer

Question 89

Which load balancer type only supplies a dns name

Answer 89

An elastic load balancer or application load balancer

Question 90

Which load balancer supplies a DNS name and a static ip

Answer 90

A network load balancer

Question 91

ALBs suppurt TCP (T/F)

Answer 91

False

Question 92

ALBs can route traffic based on geography (t/f)

Answer 92

False

Question 93

Network Load Balancer can be a registered target in an alb target group (t/f)

Answer 93

false

Question 94

Lambda functions can be registered targets in an alb target group (t/f)

Answer 94

true

Question 95

Can you attach an Elastic IP to an ALB

Answer 95

No

Question 96

What are the RDS database that can be managed by AWS

Answer 96

Postgres MySql MariaDB Oracle (Custom) Microsoft SQL Server (Custom) IDM DB2 Aurora

Question 97

Read Replicas can be within AZ, Cross AZ, or Cross Region (t/f)

Answer 97

True

Question 98

Replication is SYNC (t/f)

Answer 98

false, they are sync, eventually consistent

Question 99

Which manged dbs do you have access to the underlying os

Answer 99

Custom (oracle, msql)

Question 100

Why would you use Global Aurora

Answer 100

When you need to support reads to other (multiple regions) and need to to recover to another region in less than a minute

Question 101

What RDS supports RDS Proxy

Answer 101

MySql, Postges, Mariadb, MS Sql Server, Aurora

Question 102

Which version of Elastic cache guarantees both uniqueness and element ordering

Answer 102

Redis (sorted sets)

Question 103

Multi-AZ keeps the same connection string regardless of which database is up (t/f)

Answer 103

true

Question 104

Which works for root doman and non root domain alias or cname

Answer 104

alias

Question 105

EC2 DNS names can be the target if an alias record (t/f)

Answer 105

false

Question 106

What are the routing policies supported by Route 53

Answer 106

simple weighted failover latency based geolocation multi value geoproximity

Question 107

Can simple routing policies be associated with health checks

Answer 107

No

Question 108

Can weighted routing polices be associated with health checks

Answer 108

Yes

Question 109

With a weighted routing policy, what happens when all weights are set to 0?

Answer 109

All records are returned equally