AWS Questions EP 2

AWS Questions EP 2

Professional Development

7 Qs

quiz-placeholder

Similar activities

[Set 2] Architecting on AWS - Day 2

[Set 2] Architecting on AWS - Day 2

Professional Development

7 Qs

AWS Questions EP3

AWS Questions EP3

Professional Development

6 Qs

[Set 2] Architecting on AWS - Day 3

[Set 2] Architecting on AWS - Day 3

Professional Development

7 Qs

Quiz 02

Quiz 02

Professional Development

10 Qs

AWS Question EP4

AWS Question EP4

Professional Development

5 Qs

IAM - AWS

IAM - AWS

Professional Development

5 Qs

AWS Question

AWS Question

Professional Development

5 Qs

Big Data Strategies

Big Data Strategies

7th Grade - Professional Development

10 Qs

AWS Questions EP 2

AWS Questions EP 2

Assessment

Quiz

Science

Professional Development

Hard

Created by

vpmmff55s6 apple_user

Used 1+ times

FREE Resource

7 questions

Show all answers

1.

MULTIPLE CHOICE QUESTION

1 min • 5 pts

AWS Certified Solutions Architect Associate

Domain: Design High-Performing Architectures

A company is planning on moving its applications to the AWS Cloud. They have some large SQL data sets that need to be hosted in a data store on the cloud. The data store needs to have features that support client connections with many types of applications, including business intelligence (BI), reporting, data, and analytics tools. Which of the following service should be considered for this requirement?

A.

Amazon DynamoDB

B.

Amazon Redshift

C.

Amazon Kinesis

D.

Amazon Simple Queue Service

Answer explanation

Correct Answer: B

The AWS Documentation mentions the following.

Amazon Redshift is a fully managed, petabyte-scale data warehouse service in the cloud. You can start with just a few hundred gigabytes of data and scale to a petabyte or more. This enables you to use your data to acquire new insights for your business and customers.

Although Kinesis has capabilities for analyzing & transforming streaming data, the question refers to having a data store for storing data from different applications BI, Reporting …which is where a Data Lake or Data Warehouse solutions come into the picture. Kinesis would be more appropriate in situations where one needs to process streaming data.

Amazon Redshift supports client connections with many types of applications, including business intelligence (BI), reporting, data, and analytics tools.

  • Option A is incorrect since DynamoDB is used for NoSQL datastore.

  • Option C is incorrect since Kinesis is used for analyzing & transforming streaming data.

  • Option D is incorrect since SQS is a message queue service used by distributed applications to exchange messages through a polling mode.

For more information on AWS Redshift, please visit the below URL-

2.

MULTIPLE CHOICE QUESTION

1 min • 5 pts

AWS Certified Solutions Architect Associate

Domain: Design Secure Architectures

A startup company wants to launch an online learning portal on AWS using CloudFront and S3. They have different subscription models. One model where all the members will have access to basic content but another model where the company provides premium content that includes access to multiple private contents without changing their current links.

How should a Solution Architect design this solution to meet the requirements?

A.

Design the learning portal using CloudFront web distribution to deliver the premium private content using Signed Cookies.

B.

Design the learning portal using CloudFront web distribution to deliver the premium private content using Signed URLs.

C.

Design the learning portal using CloudFront web distribution to deliver the premium private content using S3 pre-signed URLs.

D.

Design the learning portal using CloudFront web distribution to deliver the premium private content using CloudFront geographic restrictions feature.

Answer explanation

Answer: A

Option A is CORRECT. Use signed cookies in the following cases to provide access to multiple restricted files. For example, all the files for a video in HLS format or all of the files in the subscribers' area of the website. You don't want to change your current URLs.

Option B is incorrect.CloudFront signed URLs and signed cookies provide the same basic functionality, and they allow users to control who can access the content.

Use signed URLs in the following cases.

  • You want to restrict access to individual files, for example, an installation download for your application-

  • Your users are using a client (for example, a custom HTTP client) that doesn't support cookies.

Option C is incorrect because S3 pre-signed URLs won’t provide access without changing current links.

Option D is incorrect because the CloudFront geographic restrictions feature is used to prevent users in specific countries from accessing your content, but there is no such requirement in the question.

References:

3.

MULTIPLE CHOICE QUESTION

1 min • 3 pts

Amazon EKS Knowledge Badge Assessment

The development team recently launched a new application and wants a simple way to understand the Docker Container running process information for CPU, Memory, and Swap usage.

What command would you run from the Docker host to return this information?

docker top

docker logs

docker stats

docker port

Answer explanation

docker stats displays a live stream of container/s resource usage statistics

4.

MULTIPLE CHOICE QUESTION

1 min • 4 pts

Amazon EKS Knowledge Badge Assessment

Your team is tasked with ensuring no downtime during application updates on EKS. You are responsible for rolling out frequent updates as soon as the development team releases newer container images for the application.

Which Kubernetes resource is MOST suitable for this purpose?

Pods

Daemonsets

Deployments

Replicasets

5.

MULTIPLE CHOICE QUESTION

1 min • 5 pts

Amazon EKS Knowledge Badge Assessment

A company's security team needs to be able to detect whenever production containers attempt to communicate with known IP addresses associated with cryptocurrency-related activity. Automated vulnerability scanning of container images is performed in the CI/CD pipeline before deployment into managed node groups in EKS.

Which solution should the security team leverage to meet their requirement?

Configure the deployments to run on AWS Fargate instead since access to the underlying host is restricted.

Enable EKS control plane logging to send the Kubernetes API server logs to CloudWatch Logs and query for events using CloudWatch Logs Insights.

Enable EKS Runtime Monitoring with GuardDuty.

Vulnerability scanning is already performed on the container images in the CI/CD pipeline so no other solution is required.

Answer explanation

Enable EKS Runtime Monitoring with GuardDuty.

Comments: This scenario requires a runtime monitoring solution to detect malicious activity while the containers are running in which GuardDuty's EKS Runtime Monitoring solution can be leveraged.

6.

MULTIPLE SELECT QUESTION

1 min • 8 pts

Amazon EKS Knowledge Badge Assessment

A customer wants to expose tothe internet an application running on multiple pods on EKS.

What options does the customer have? (Select TWO)

Do nothing. The application is automatically exposed to the internet

Use a Kubernetes service of type LoadBalancer. The AWS Load Balancer Controller will provision a classic Load Balancer and expose the application to the internet

Manually configure a Load Balancer in front of the EKS cluster

Configure a kubernetes ingress object. The application is exposed to the internet through the ingress controller

Use a kubernetes service of type ClusterIP. The AWS Load Balancer Controller will provision a Network Load Balancer and expose the application to the internet

Answer explanation

Comments: AWS Load Balancer Controller can only provision Application LoadBalancers from ingresses, and Network Load Balancers from Services

Comments: The Ingress Controller is responsible to provide external access to the cluster. Provide an ingress object with the right routing configuration (path/host)

7.

MULTIPLE CHOICE QUESTION

2 mins • 10 pts

AWS Certified DevOps Engineer Professional

Domain: SDLC Automation

The company you work for has a huge amount of infrastructure built on AWS. However, there have been some concerns recently about the security of this infrastructure. An external auditor has been given the task of running a thorough check of all of your company's AWS assets. The auditor will be in the USA while your company's infrastructure resides in the Asia Pacific (Sydney) region on AWS. Initially, he needs to check all of your VPC assets, specifically security groups and NACLs You have been assigned the task of providing the auditor with a login to be able to do this. Which of the following would be the best and most secure solution to provide the auditor to begin his initial investigations? Choose the correct answer from the options below.

A.

Create an IAM user tied to an administrator role. Also, provide an additional level of security with MFA

B.

Give him root access to your AWS Infrastructure. Because he is an auditor; he will need access to every service

C.

Create an IAM user who will have read-only access to your AWS VPC infrastructure and provide the auditor with those credentials

D.

Create an IAM user with full VPC access but set a condition that will not allow him to modify anything if the request is from any IP other than his own

Answer explanation

Correct Answer: C

Generally, you should refrain from giving high-level permissions and give only the required permissions. In this case, option C fits well by just providing the relevant access which is required.

For more information on IAM, please see the below link: