Which of the following are characteristics of Amazon VPC subnets? (Choose two.)
AD
ג€Each subnet must reside entirely within one Availability Zone and cannot span zones.ג€
ג€Every subnet that you create is automatically associated with the main route table for the VPC.ג€
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Subnets.html
You are creating an Auto Scaling group whose Instances need to insert a custom metric into CloudWatch.
Which method would be the best way to authenticate your CloudWatch PUT request?
A
Creates an IAM role is always the best practice to give permissions to EC2 instances in order to interact with other AWS services
When an EC2 instance that is backed by an S3-based AMI Is terminated, what happens to the data on me root volume?
C
We recommend that you use AMIs backed by Amazon EBS, because they launch faster and use persistent storage.
Reference:
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html#choose-an-ami-by-root-device
You have a web application leveraging an Elastic Load Balancer (ELB) In front of the web servers deployed using an Auto Scaling Group Your database is running on Relational Database Service (RDS) The application serves out technical articles and responses to them in general there are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant traffic Increases that causes the site to go down.
What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events? (Choose three.)
ABC
The majority of your Infrastructure is on premises and you have a small footprint on AWS Your company has decided to roll out a new application that is heavily dependent on low latency connectivity to LOAP for authentication Your security policy requires minimal changes to the company's existing application user management processes.
What option would you implement to successfully launch this application1?
C
Create read replica(RODC) of main LDAP server so that LDAP read replica or RODC can authenticate with application locally.
Creating new domain and trust relationship would require lot of work and changes in exiting ldap configuration so D cannot be answer here.
You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB). a fleet of web/application servers, and an RDS database. The entire Infrastructure must be distributed over 2 availability zones.
Which VPC configuration works while assuring the database is not available from the Internet?
C
While using ELB for web applications, ensure that you place all other EC2 instances in private subnets wherever possible. Except where there is an explicit requirement for instances requiring outside world access and Elastic IP attached, place all the instances in private subnets only. In the Amazon VPC environment, only ELBs must be in the public subnet as secure practice.
You will need to select a Subnet for each Availability Zone where you wish traffic to be routed by your load balancer. If you have instances in only one Availability
Zone, please select at least two Subnets in different Availability Zones to provide higher availability for your load balance
An application that you are managing has EC2 instances & Dynamo OB tables deployed to several AWS Regions in order to monitor the performance of the application globally, you would like to see two graphs:
1) Avg CPU Utilization across all EC2 instances
2) Number of Throttled Requests for all DynamoDB tables.
How can you accomplish this?
B
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Tools.CLI.html
When assessing an organization s use of AWS API access credentials which of the following three credentials should be evaluated? (Choose three.)
BCD
AWS provides a number of authentication mechanisms including a console, account IDs and secret keys, X.509 certificates, and MFA devices to control access to
AWS APIs. Console authentication is the most appropriate for administrative or manual activities, account IDs and secret keys for accessing REST-based interfaces or tools, and X.509 certificates for SOAP-based interfaces and tools.
Your organization should consider the circumstances under which it will leverage access keys, x.509certificates, console passwords, or MFA devices
You have a Linux EC2 web server instance running inside a VPC The instance is In a public subnet and has an EIP associated with it so you can connect to It over the Internet via HTTP or SSH The instance was also fully accessible when you last logged in via SSH. and was also serving web requests on port 80.
Now you are not able to SSH into the host nor does it respond to web requests on port 80 that were working fine last time you checked You have double-checked that all networking configuration parameters (security groups route tables. IGW'EIP. NACLs etc) are properly configured {and you haven't made any changes to those anyway since you were last able to reach the Instance). You look at the EC2 console and notice that system status check shows "impaired."
Which should be your next step in troubleshooting and attempting to get the instance back to a healthy state so that you can log in again?
A
What is a placement group?
B
