Читать книгу AWS Certified Solutions Architect Study Guide - Ben Piper, David Higby Clinton - Страница 108
Review Questions
Оглавление
1 You need to deploy multiple EC2 Linux instances that will provide your company with virtual private networks (VPNs) using software called OpenVPN. Which of the following will be the most efficient solutions? (Choose two.)Select a regular Linux AMI and bootstrap it using user data that will install and configure the OpenVPN package on the instance and use it for your VPN instances.Search the community AMIs for an official AMI provided and supported by the OpenVPN company.Search the AWS Marketplace to see whether there's an official AMI provided and supported by the OpenVPN company.Select a regular Linux AMI and SSH to manually install and configure the OpenVPN package.Create a Site‐to‐Site VPN Connection from the wizard in the AWS VPC dashboard.
2 As part of your company's long‐term cloud migration strategy, you have a VMware virtual machine in your local infrastructure that you'd like to copy to your AWS account and run as an EC2 instance. Which of the following will be necessary steps? (Choose two.)Import the virtual machine to your AWS region using a secure SSH tunnel.Import the virtual machine using VM Import/Export.Select the imported VM from among your private AMIs and launch an instance.Select the imported VM from the AWS Marketplace AMIs and launch an instance.Use the AWS CLI to securely copy your virtual machine image to an S3 bucket within the AWS region you'll be using.
3 Your AWS CLI command to launch an AMI as an EC2 instance has failed, giving you an error message that includes InvalidAMIID.NotFound. What of the following is the most likely cause?You haven't properly configured the ~/.aws/config file.The AMI is being updated and is temporarily unavailable.Your key pair file has been given the wrong (overly permissive) permissions.The AMI you specified exists in a different region than the one you've currently specified.
4 The sensitivity of the data your company works with means that the instances you run must be secured through complete physical isolation. What should you specify as you configure a new instance?Dedicated Host tenancyShared tenancyDedicated Instance tenancyIsolated tenancy
5 Normally, two instances running m5.large instance types can handle the traffic accessing your online e‐commerce site, but you know that you will face short, unpredictable periods of high demand. Which of the following choices should you implement? (Choose two.)Configure autoscaling.Configure load balancing.Purchase two m5.large instances on the spot market and as many on‐demand instances as necessary.Shut down your m5.large instances and purchase instances using a more robust instance type to replace them.Purchase two m5.large reserve instances and as many on‐demand instances as necessary.
6 Which of the following use cases would be most cost effective if run using spot market instances?Your e‐commerce website is built using a publicly available AMI.You provide high‐end video rendering services using a fault‐tolerant process that can easily manage a job that was unexpectedly interrupted.You're running a backend database that must be reliably updated to keep track of critical transactions.Your deployment runs as a static website on S3.
7 In the course of a routine infrastructure audit, your organization discovers that some of your running EC2 instances are not configured properly and must be updated. Which of the following configuration details cannot be changed on an existing EC2 instance?AMIInstance typeSecurity groupPublic IP address
8 For an account with multiple resources running as part of multiple projects, which of the following key/value combination examples would make for the most effective identification convention for resource tags?servers:server1project1:server1EC2:project1:server1server1:project1
9 Which of the following EBS options will you need to keep your data‐hungry application that requires up to 20,000 IOPS happy?Cold HDDGeneral‐purpose SSDThroughput‐optimized HDDProvisioned‐IOPS SSD
10 Your organization needs to introduce Auto Scaling to its infrastructure and needs to generate a “golden image” AMI from an existing EBS volume. This image will need to be shared among multiple AWS accounts belonging to your organization. Which of the following steps will get you there? (Choose three.)Create an image from a detached EBS volume, use it to create a snapshot, select your new AMI from your private collection, and use it for your launch configuration.Create a snapshot of the EBS root volume you need, use it to create an image, select your new AMI from your private collection, and use it for your launch configuration.Create an image from the EBS volume attached to the instance, select your new AMI from your private collection, and use it for your launch configuration.Search the AWS Marketplace for the appropriate image and use it for your launch configuration.Import the snapshot of an EBS root volume from a different AWS account, use it to create an image, select your new AMI from your private collection, and use it for your launch configuration.
11 Which of the following are benefits of instance store volumes? (Choose two.)Instance volumes are physically attached to the server that's hosting your instance, allowing faster data access.Instance volumes can be used to store data even after the instance is shut down.The use of instance volumes does not incur costs (beyond those for the instance itself).You can set termination protection so that an instance volume can't be accidentally shut down.Instance volumes are commonly used as a base for the creation of AMIs.
12 According to default behavior (and AWS recommendations), which of the following IP addresses could be assigned as the private IP for an EC2 instance? (Choose two.)54.61.211.9823.176.92.3172.17.23.4310.0.32.176192.140.2.118
13 You need to restrict access to your EC2 instance‐based application to only certain clients and only certain targets. Which three attributes of an incoming data packet are used by a security group to determine whether it should be allowed through? (Choose three.)Network portSource addressDatagram header sizeNetwork protocolDestination address
14 How are IAM roles commonly used to ensure secure resource access in relation to EC2 instances? (Choose two.)A role can assign processes running on the EC2 instance itself permission to access other AWS resources.A user can be given permission to authenticate as a role and access all associated resources.A role can be associated with individual instance‐based processes (Linux instances only), giving them permission to access other AWS resources.A role can give users and resources permission to access the EC2 instance.
15 You have an instance running within a private subnet that needs external network access to receive software updates and patches. Which of the following can securely provide that access from a public subnet within the same VPC? (Choose two.)Internet gatewayNAT instanceVirtual private gatewayNAT gatewayVPN
16 What do you have to do to securely authenticate to the GUI console of a Windows EC2 session?Use the private key of your key pair to initiate an SSH tunnel session.Use the public key of your key pair to initiate an SSH tunnel session.Use the public key of your key pair to retrieve the password you'll use to log in.Use the private key of your key pair to retrieve the password you'll use to log in.
17 Your application deployment includes multiple EC2 instances that need low‐latency connections to each other. Which of the following AWS tools will allow you to locate EC2 instances closer to each other to reduce network latency?Load balancingPlacement groupsAWS Systems ManagerAWS Fargate
18 To save configuration time and money, you want your application to run only when network events trigger it but shut down immediately after. Which of the following will do that for you?AWS LambdaAWS Elastic BeanstalkAmazon Elastic Container Service (ECS)Auto Scaling
19 Which of the following will allow you to quickly copy a virtual machine image from your local infrastructure to your AWS VPC?AWS Simple Storage Service (S3)AWS SnowballVM Import/ExportAWS Direct Connect
20 You've configured an EC2 Auto Scaling group to use a launch configuration to provision and install an application on several instances. You now need to reconfigure Auto Scaling to install an additional application on new instances. Which of the following should you do?Modify the launch configuration.Create a launch template and configure the Auto Scaling group to use it.Modify the launch template.Modify the CloudFormation template.
21 You create an Auto Scaling group with a minimum group size of 3, a maximum group size of 10, and a desired capacity of 5. You then manually terminate two instances in the group. Which of the following will Auto Scaling do?Create two new instancesReduce the desired capacity to 3NothingIncrement the minimum group size to 5
22 You're running an application that receives a spike in traffic on the first day of every month. You want to configure Auto Scaling to add more instances before the spike begins and then add additional instances in proportion to the CPU utilization of each instance. Which of the following should you implement? (Choose all that apply.)Target tracking policiesScheduled actionsStep scaling policiesSimple scaling policiesLoad balancing
23 As part of your new data backup protocols, you need to manually take EBS snapshots of several hundred volumes. Which type of Systems Manager document enables you to do this?CommandAutomationPolicyManual