Your entire AWS infrastructure lives inside of one Amazon VPC. You have an Infrastructure monitoring application running on an Amazon instance in Availability
Zone (AZ) A of the region, and another application instance running in AZ B. The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application.
Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoring instance to the application instance and nothing else? If so how?
C
Even though ICMP is not a connection-oriented protocol, Security Groups are stateful. ג€Security groups are stateful ג€" responses to allowed inbound traffic are allowed to flow outbound regardless of outbound rules, and vice versaג€.
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html
You have two Elastic Compute Cloud (EC2) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets. One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly.
Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside the VPC? (Choose two.)
AD
Which services allow the customer to retain full administrative privileges of the underlying EC2 instances? (Choose two.)
AC
Only the below services provide Root level access
- EC2
- Elastic Beanstalk
- Elastic MapReduce ג€" Master Node
- Opswork
You have a web-style application with a stateless but CPU and memory-intensive web tier running on a cc2 8xlarge EC2 instance inside of a VPC The instance when under load is having problems returning requests within the SLA as defined by your business The application maintains its state in a DynamoDB table, but the data tier is properly provisioned and responses are consistently fast.
How can you best resolve the issue of the application responses not meeting your SLA?
A
DynamoDB is automatically available across three facilities in an AWS Region. So moving in to a same AZ is not possible / necessary.
In this case the DB layer is not the issue, the EC2 8xlarge is the issue; so add another one with a ELB in-front of it.
Reference:
https://aws.amazon.com/dynamodb/faqs/
You are managing a legacy application Inside VPC with hard coded IP addresses in its configuration.
Which two mechanisms will allow the application to failover to new instances without the need for reconfiguration? (Choose two.)
BD
You are designing a system that has a Bastion host. This component needs to be highly available without human intervention.
Which of the following approaches would you select?
C
Which of the following statements about this S3 bucket policy is true?
B
http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements.html http://docs.aws.amazon.com/AmazonS3/latest/dev/amazon-s3-policy-keys.html
Which of the following requires a custom CloudWatch metric to monitor?
C
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/ec2-metricscollected.html
CPU, Disk I/O, Data Transfer are default metrics. Memory is not mentioned.
You run a web application where web servers on EC2 Instances are in an Auto Scaling group. Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum load During the day up to 12 servers are needed five to six days per year, the number of web servers required might go up to
15.
What would you recommend to minimize costs while being able to provide hill availability?
B
You have been asked to propose a multi-region deployment of a web-facing application where a controlled portion of your traffic is being processed by an alternate region.
Which configuration would achieve that goal?
A
Reference:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html
