Untitled Quiz

Questions and Answers

What is the most cost-effective method to host a website that contains HTML, CSS, client-side JavaScript, and images?

• Containerize the website and host it in AWS Fargate.
• Configure an Application Load Balancer with an AWS Lambda target that uses the Express.js framework.
• Deploy a web server on an Amazon EC2 instance to host the website.
• Create an Amazon S3 bucket and host the website there. (correct)

Which AWS service can be used to periodically run API calls for checking resource tag allocations?

• Amazon S3
• Amazon CloudWatch (correct)
• Amazon EC2
• AWS CodePipeline

What is the best solution for sharing millions of financial transactions while ensuring sensitive data is removed before storage?

• Stream the transactions data into Amazon Kinesis Data Firehose and use Lambda.
• Store batched transactions data in Amazon S3 and process with AWS Lambda.
• Stream the transactions data into Amazon Kinesis Data Streams and use AWS Lambda. (correct)
• Store the transactions data into Amazon DynamoDB and use DynamoDB Streams.

Which service is NOT suitable for hosting a static website made up of HTML, CSS, and images?

AWS Lambda (A)

When processing financial transactions for sensitive data, which AWS service combination is most efficient?

Amazon Kinesis Data Streams with Lambda and DynamoDB. (D)

Which method will NOT effectively enable the removal of sensitive data during transaction processing?

Directly writing to Amazon S3. (D)

Which of the following is a key advantage of using Amazon S3 for hosting a website over an EC2 instance?

Simplified deployment with no server management. (C)

What is a requirement for the solution architect regarding the marketplace web application?

Transactions need to be processed for real-time latency. (C)

Which solution allows secure remote access to EC2 instances with the least operational overhead?

Attach an IAM role and use AWS Systems Manager Session Manager for SSH access. (A)

To reduce latency for users accessing a static website hosted on S3, which option is the most cost-effective?

Add an Amazon CloudFront distribution in front of the bucket. (B)

What is the primary purpose of configuring server-side encryption with AWS KMS keys for S3 buckets?

To enhance data security by encrypting content at rest. (C)

When maintaining a searchable repository in Amazon RDS for MySQL, what is important for managing over 10 million rows effectively?

Partitioning the database to simplify data retrieval. (A)

What must be configured to allow cross-region replication for S3 buckets?

Enable versioning on the source and destination buckets. (B)

Which approach for SSH access to EC2 instances involves higher management overhead?

Deploying a bastion host for secure access through a public subnet. (C)

Which solution is NOT a valid way to improve the performance of an S3-hosted static website?

Use Elastic Load Balancing to distribute traffic to the S3 bucket. (D)

Which AWS service provides an efficient way to manage application secrets in a secure manner?

AWS Secrets Manager. (D)

What is the primary benefit of using AWS Secrets Manager for credential rotation in this scenario?

It provides secure storage and automatic rotation of secrets. (A)

Which option correctly utilizes multi-Region capabilities for credential management?

Using multi-Region secret replication in AWS Secrets Manager. (D)

What is the first step needed to share dashboard access with the product manager?

Create an IAM user for the company's employees. (A)

How does using Amazon Aurora with Multi-AZ deployment ensure high availability?

By automatically failing over to a standby instance if the primary fails. (A)

What action should the product manager take to access the CloudWatch dashboard after receiving the login credentials?

Locate the dashboard by name in the Dashboards section. (D)

What kind of scaling is necessary for the e-commerce application's database based on its workload?

Read scaling to accommodate an increase in read requests. (B)

Which Amazon RDS configuration addresses both high availability and read workload demands effectively?

Multi-AZ deployment with read replicas. (C)

Which trust relationship is required for connecting on-premises Microsoft Active Directory with AWS SSO to meet user management needs?

A two-way forest trust. (C)

What AWS service can be used for a single sign-on solution while managing users in an on-premises directory?

AWS Directory Service. (D)

What action is necessary to maintain the database performance amidst unpredictable workload changes?

Automatically scale with Aurora Auto Scaling for read replicas. (A)

To achieve automated failover between Regions for a VoIP service, what is the recommended solution?

Deploy a Network Load Balancer and use Global Accelerator. (B)

Why is utilizing Amazon ElastiCache for Memcached not an ideal solution for the database's performance issues?

It does not improve the underlying database performance. (B)

Which Amazon service helps improve the caching of read-heavy workloads efficiently?

Amazon ElastiCache for caching frequently accessed data. (C)

What is the main benefit of using AWS Organizations for managing multiple accounts?

Centralized management of accounts and policies. (C)

When deploying a bastion server, what is critical to ensure regarding the browser on the server?

It should use cached AWS credentials with appropriate permissions. (C)

Which component is essential for routing VoIP users to the Region with lowest latency?

AWS Global Accelerator for optimizing performance. (A)

What is the primary purpose of using Amazon Macie in the context of file uploads containing PII?

To scan and identify personally identifiable information (PII) in the uploaded files. (C)

Which option can automate the removal of files identified to contain PII with minimal development effort?

Use Amazon Inspector for scanning and Amazon S3 Lifecycle policy for removal. (C)

What happens if an uploaded file is scanned and determined to contain PII when using Amazon Macie?

Amazon SNS sends notifications to administrators to initiate manual removal. (C)

Which of the following tasks does not directly relate to the use of an Amazon S3 bucket as a secure transfer point?

Triggering emails based on file content analysis. (C)

What is a key benefit of using Amazon S3 Lifecycle policies in managing files containing PII?

They automate the deletion or transition of files based on predefined rules. (B)

What is the role of Amazon Inspector in the context described?

To analyze the contents of each uploaded file for potential threats. (C)

Why might a company prefer using Amazon SNS for notifications rather than an email solution like Amazon SES?

Amazon SNS can send notifications to multiple subscribers at once. (D)

What is the main function of an AWS Lambda function in the given scenario?

Scanning uploaded files and triggering notifications as needed. (D)

What is the first step required when setting up an Auto Scaling group to manage nodes based on the number of items in an Amazon SQS queue?

Create an Amazon SQS queue to hold the jobs. (A)

Which scaling policy is appropriate for an Auto Scaling group that is configured to use an Amazon SQS queue?

Add and remove nodes based on the number of items in the SQS queue. (D)

How can the security team be notified about certificate expirations 30 days in advance?

Use AWS Config along with EventBridge to monitor and alert on certificate expirations. (A)

What is a key step for an Auto Scaling group creation using a launch template?

Create an Amazon Machine Image (AMI) first. (A)

Which AWS service is recommended to send alerts for expiring certificates 30 days before they expire?

Amazon Simple Notification Service (SNS). (C)

What is NOT required when creating an Auto Scaling group using a launch template?

An Amazon SNS topic for processing jobs. (A)

To improve the performance of a dynamic website for European users launched from the U.S., what technique could be effective?

Use a global load balancer to distribute traffic. (C)

Which service should be configured to monitor certificates and alert on expiring ones?

AWS Config. (D)

Flashcards

AWS Single Sign-On (SSO)

A solution allowing single sign-on across AWS accounts.

AWS Organizations

A service that lets you manage multiple AWS accounts as a group.

Microsoft Active Directory

A directory service that manages users and groups.

Two-way forest trust

Connects two separate Active Directory forests allowing users to authenticate in either forest.

Network Load Balancer (NLB)

Distributes traffic to multiple targets based on routing rules.

Target Group

A collection of resources (like EC2 instances), defining rules on how traffic should be routed to them

Auto Scaling Group

Manages a group of EC2 instances, dynamically adjusting the available capacity based on demand.

Global Accelerator

A service that can improve the performance of applications by routing your users to the closest AWS Region.

AWS Secrets Manager for credential rotation

Storing credentials as secrets in AWS Secrets Manager, utilizing multi-region replication and scheduled rotation for efficient credential management.

Database performance degradation

A decrease in the speed or responsiveness of a database, often due to high volume of read requests and limitations of the database architecture, impacting application performance.

Scaling database read workloads

Automatically increasing the database's processing capacity to handle a surging number of read requests without impacting the availability and performance of the database.

Amazon Aurora Auto Scaling with Aurora Replicas

Utilizing Amazon Aurora's automatic scaling of read replicas to handle increasing read requests, maintaining high availability and performance.

Multi-AZ Deployment

A database deployment approach that ensures high availability by replicating the database across multiple Availability Zones.

Amazon Aurora

A fully managed, MySQL and PostgreSQL-compatible database service that offers high availability and scalability.

Amazon RDS

A fully managed relational database service that allows for high availability and ease of management.

Application Load Balancer

A load balancing service that distributes traffic across multiple Amazon EC2 instances behind it to improve application responsiveness and high availability

Amazon SQS Queue

A service for storing messages as they are received from applications, enabling decoupled communication and asynchronous processing.

SNS Topic

A publish/subscribe messaging system used to distribute messages to multiple subscribers.

Lambda Function

A serverless compute service that allows running code without managing servers.

PII (Personally Identifiable Information)

Information that can be used to identify a specific individual.

SFTP

Secure File Transfer Protocol for transferring files securely over a network.

AWS Lambda function for PII detection

A method where custom scanning by a Lambda function detects PII in uploaded files.

Amazon Macie

A service for automatically classifying and protecting data, allowing for easy detection of PII.

Amazon S3 Bucket

A scalable storage service that is used to store files securely, which in this case, is a secure transfer point for files.

Cost-effective website hosting

Storing a website in an Amazon S3 bucket is the most cost-effective option for hosting a website with HTML, CSS, JavaScript, and images.

Scalable transaction data sharing

A near real-time solution that needs to share transaction details with other applications while removing sensitive data before storage.

High volume transactions

Transactions that need to be processed at a high rate (hundreds of thousands of users during peak hours).

Sensitive data removal

Removing sensitive data from transactions before storing them to meet compliance requirements.

Near-real time data sharing

A data sharing method with near real-time requirements for data updates.

API calls for tag allocation

Calls to verify the correct allocation of tags across all resources.

AWS Lambda Function Scheduling

Scheduling AWS Lambda functions for periodic executions using CloudWatch.

Document database retrieval

Storing pre-processed transaction data in a document database for low-latency retrieval.

Remote EC2 Instance Administration

A repeatable method to access and manage EC2 instances securely and with least operational overhead.

Static website latency

Reducing the time it takes for users around the world to access a static website hosted on S3 and routed via Route 53.

S3 Bucket Replication

Creating multiple copies of an S3 bucket in various AWS regions for faster access by users.

S3 Transfer Acceleration

A service accelerating data transfer between S3 and clients.

AWS KMS SSE Encryption

Server-side encryption of S3 buckets using keys managed by AWS Key Management Service (KMS).

IAM role for EC2 instance

Security credentials attached to an EC2 instance to define permissions and access control.

Scalable Database

Databases that can handle growing amounts of data, as needed.

CloudFront Distribution

A content delivery network service used to deliver static content, such as websites, more quickly to end users.

Scaling policy

Set of rules for Auto Scaling to decide when to add or remove instances.

Amazon Machine Image (AMI)

A template of an operating system with applications preinstalled.

Launch Template

Allows you to define the settings for EC2 instances to use for launching instances while using the same configurations, in order to ensure uniformity.

AWS Certificate Manager (ACM)

Manages TLS/SSL certificates used to secure web traffic.

Amazon Simple Notification Service (Amazon SNS)

Publishes messages to multiple subscribers. A messaging service used for notifications across different systems.

AWS Config

A service to record changes made to AWS resources.

Study Notes

AWS Solutions for Various Use Cases

• Credential Rotation (Question #13): Store credentials as secrets in AWS Secrets Manager, utilize multi-region secret replication, and configure Secrets Manager for scheduled rotation. This method minimizes operational overhead.

• Database Scaling (Question #14): Use Amazon Aurora with Multi-AZ deployment and Aurora Auto Scaling with Aurora Replicas for automatic scaling of read workloads and high availability.

• Product Manager Access (Question #27): Create an IAM user with the ViewOnlyAccess managed policy, share login credentials, and direct the product manager to locate the CloudWatch dashboard by name.

• SSO Across Accounts (Question #28): Use AWS Single Sign-On (AWS SSO) and create a one-way forest trust or a one-way domain trust to connect the on-premises Microsoft Active Directory with AWS SSO using AWS Directory Service for Microsoft Active Directory.

• VoIP Service with Failover (Question #29): Deploy a Network Load Balancer (NLB) with an associated target group, associating the target group with the Auto Scaling group, and employing the NLB as an AWS Global Accelerator endpoint in each region. This provides low latency routing and automated failover to the region with the lowest latency.

• Least Cost Effective Website Hosting (Question #32): Hosting a static website in an Amazon S3 bucket is the most cost-effective method.

• Scalable Transaction Processing (Question #33): Stream transactions to Amazon Kinesis Data Firehose, storing data in Amazon DynamoDB and S3, and use Lambda integration with Kinesis Data Firehose to remove sensitive data. This lets other applications consume the data stored in Amazon S3.

• Remote Instance Administration (Question #37): Utilize AWS Systems Manager Session Manager to create an SSH session; this method adheres to the AWS Well-Architected Framework and minimizes operational overhead

• Static Website Latency Optimization (Question #38): Deploy an Amazon CloudFront distribution in front of the S3 bucket. This solution addresses latency issues and optimizes cost-effectively.

• Searchable Repository (Question #39): To improve the performance of a repository with 10 million rows and 2 TB of data in an Amazon RDS for MySQL database, consider additional actions like indexing, query optimization, or using a more appropriate database for analytical purposes. This question lacks a clearly optimal solution.

• PII Detection and Remediation (Question #46): Use Amazon Macie to scan objects in an Amazon S3 bucket for personally identifiable information (PII). If PII is detected, Amazon SNS triggers a notification and directs administrators to remove the data or implement further remediation steps.

• Scalable Job Processing (Question #81): Utilize an Amazon SQS queue to hold jobs that need processing. Using an Auto Scaling group scales based on the queue length.

• Certificate Expiration Notifications (Question #82): Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that detects certificates expiring in 30 days. This rule invokes an AWS Lambda function, sending a notification via Amazon Simple Notification Service (Amazon SNS).

Key Concepts for AWS Solutions

• IAM Roles: Attaching appropriate IAM roles to instances for secure administration.
• Secrets Manager: Securely storing and managing sensitive credentials.
• Multi-AZ Deployments: Enhanced availability via multiple Availability Zones.
• Scalability: Architecting for increasing workloads, such as with Auto Scaling.
• Monitoring: Utilizing services for collecting and analyzing data (e.g., CloudWatch).
• Security: Procedures for protecting sensitive data (e.g., encryption of data).
• Cost optimization: Strategies to make the system cost-effective and efficient.
• High Availability: Setting up systems to continue functioning even with failures.
• Fault tolerance: Restoring a failing system, ensuring business continuity.