AWS CSA
  • Introduction
  • 1. AWS Overview
    • 1.1 AWS global Infrastructure
    • 1.2 Networking and Content Delivery
    • 1.3 Computing
    • 1.4 Storage
    • 1.5 Databases
    • 1.6 Migration Services
    • 1.7 Analytics
    • 1.8 Security and Identity
    • 1.9 Management Tools
    • 1.10 Application Services
    • 1.11 Developer Tools
    • 1.12 Mobile Services
    • 1.13 Desktop and App Streaming
    • 1.14 Artificial Intelligence
    • 1.15 Messaging
  • 2. IAM - Identity Access Management
    • 2.1 IAM Introduction
    • 2.2 IAM Labs
    • 2.3 Create a billing alart
    • 2.4 IAM Conclusion
  • 3. S3 - Simple Storage Service
    • 3.1 S3 Introduction
    • 3.2 S3 Labs
    • 3.3 Version Control Labs
    • 3.4 Cross Region Replication
    • 3.5 Life Cycle Management
    • 3.6 CloudFront
    • 3.7 CloudFront Labs
    • 3.8 S3 Security and Encryption
    • 3.9 Storage Gateway
    • 3.10 Snowball
    • 3.11 Snowball Labs
    • 3.12 S3 Transfer Acceleration
    • 3.13 Create a static web page using S3
    • 3.14 Storage Summary
  • 4. EC2 - Elastic Compute Cloud
    • 4.1 EC2 Introduction I
    • 4.2 EC2 Introduction II
    • 4.3 EC2 Lab 1
    • 4.4 EC2 Lab 2
    • 4.5 Security Groups Lab
    • 4.6 Upgrade EBS Volume Types - Lab1
    • 4.7 Upgrade EBS Volume Types - Lab2
    • 4.8 RAID, Volumes & Snapshots
    • 4.9 Create An AMI - Lab
    • 4.10 AMI's EBS Root Volumes vs. Instance Store
    • 4.11 Elastic Load Balancer & Health Check - Lab
    • 4.12 CloudWatch EC2 - Lab
    • 4.13 The AWS Command Line & EC2
    • 4.14 Using IAM Roles with EC2
    • 4.15 S3 CLI & Regions
    • 4.16 Using Bootstrap Scripts
    • 4.17 EC2 Instance Metadata
    • 4.18 Launch Configurations & Auto Scaling Groups
    • 4.19 EC2 Placement Groups - Exam Must Know
    • 4.20 Elastic File System (EFS) Lab
    • 4.21 Lambda Concepts
    • 4.22 Build A Serverless Webpage Using API Gateway & Lambda
    • 4.23 Use Polly to Pass Your Exam - Lab of a Serverless Application
    • 4.24 Use Polly to Pass Your Exam - Lab of a Serverless Application
    • 4.25 EC2 - Summary & Exam Tips
  • 5. Route53
    • 5.1 DNS 101
    • 5.2 Route53 - Register A Domain Name - Lab
    • 5.3 Setup Our EC2 Instances - Lab
    • 5.4 Routing Policies - Lab
  • 6. Databases on AWS
    • 6.1 Databases 101
    • 6.2 Launching an RDS Instance - Lab
    • 6.3 RDS - Backups, Multi-AZ & Read Replicas
    • 6.4 DynamoDB
    • 6.5 Redshift
    • 6.6 ElastiCache
    • 6.7 Aurora
    • 6.8 Database Summary
  • 7. VPC
    • 7.1 VPC Overview
    • 7.2 VPC Lab - Part 1
    • 7.3 VPC Lab - Part 2
    • 7.4 NAT Instances & NAT Gateways
    • 7.5 Network Access Control Lists vs. Security Groups
    • 7.6 Load Balancers & Custom VPCs
    • 7.7 VPC Flow Logs
    • 7.8 NATs vs. Bastions
    • 7.9 VPC End Points
    • 7.10 VPC Clean Up
    • 7.11 VPC Summary
  • 8. Application Services
    • 8.1 SQS - Simple Queue Service
    • 8.2 SWF - Simple Workflow Service
    • 8.3 SNS - Simple Notification Service
    • 8.4 Elastic Transcoder
    • 8.5 API Gateway
    • 8.6 Kinesis 101
    • 8.7 Kinesis Streams Lab
    • 8.8 Application Services Summary
  • 9. White Paper Reviews
    • 9.1 Overview of AWS
    • 9.2 Overview of Security Processes - Part 1
    • 9.3 Overview of Security Processes - Part 2
    • 9.4 Risk & Compliance Whitepaper
    • 9.5 Storage Options in the Cloud Whitepaper
    • 9.6 Architecting For The Cloud Best Practices Whitepaper
  • 10. Well Architected Framework
    • 10.1 Introduction of Well Architected Framework
    • 10.2 Pillar One - Security
    • 10.3 Pillar Two - Reliability
    • 10.4 Pillar Three - Performance
    • 10.5 Pillar Four - Cost Optimization
    • 10.6 Pillar Five - Operational Excellence
    • 10.7 Well Architected Framework - Summary
  • 11. Additional Exam Tips
    • 11.1 Exam Tips Based On Student Feedback
    • 11.2 Consolidated Billing
    • 11.3 AWS Organizations - Lab
    • 11.4 Cross Accounts Access
    • 11.5 Resource Groups & Tagging
    • 11.6 VPC Peering & ClassicLink
    • 11.7 Direct Connect
    • 11.8 Security Token Service
    • 11.9 Active Directory Integration
    • 11.10 Workspaces
    • 11.11 ECS - Part 1 - What is Docker
    • 11.12 ECS - Part 2 - What is ECS
    • 11.13 CloudFormation - A Brief Introduction
    • 11.14 Step Functions - A Brief Introduction
  • 12. Practice Tests Questions Summary
    • 12.1 Whizlabs - Free Test
    • 12.2 Whizlabs - Diagnosis Test
    • 12.3 Whizlabs - Practice Test I
    • 12.4 Whizlabs - Practice Test II
    • 12.5 Whizlabs - Practice Test III
    • 12.6 Whizlabs - Practice Test IV
    • 12.7 Whizlabs - Practice Test V
    • 12.8 Whizlabs - Practice Test VI
    • 12.9 Whizlabs - Practice Test VII
    • 12.10 Whizlabs - Section Tests - Part 1
    • 12.11 Whizlabs - Section Tests - Part 2
    • 12.12 Udemy - Final Quiz
  • 13. The Real World - Creating a fault tolerant Word Press Site
    • 13.1 Getting Setup
Powered by GitBook
On this page

Was this helpful?

  1. 12. Practice Tests Questions Summary

12.12 Udemy - Final Quiz

  1. By default how many VPCs can you have per region in your AWS account? 5.

  2. Which of the following is not a responsibility of Amazon’s under the shared responsibility model? OS level patching for EC2 (not RDS).

  3. You are creating a new VPC with 3 subnets in 3 separate availability zones. You require instances in each subnet to be able to communicate to each other by default. What additional steps should you take in order to achieve this objective. You don't need to do anything, by default all subnets can communicate with each other using the main route table.

  4. You are an AWS architect and you require encryption at rest for additional volumes attached to your EC2 instance. What is the quickest and most efficient way to achieve this? Configure encryption when creating the EBS volume. You could use the OS to encrypt a new volume after mounting it to an EC2 instance, however the quickest and most efficient way would be to encrypt the volume when you first provision it.

  5. DynamoDB is automatically redundant across multiple availability zones.

  6. The AWS platform does not provide you much protection against Social Engineering attacks. But AWS will give you protection from Port Scanning, IP spoofing, Packet Sniffing, Man In The Middle Attack.

  7. Availability Zone names are unique per account and do not represent a specific set of physical resources.

  8. Random prefix to write to S3 buckets when the operations of read/write requests is fast.

  9. Amazon Snowball has replaced the older AWS Import/Export Disk service.

  10. What is the maximum VisibilityTimeout of an SQS message in a FIFO queue? 12 hours.

  11. A client who is using EC2 believes that someone other than approved administrators is trying to gain access to her Linux web app instances, and she asks what sort of network access logging can be added to the system. Which of the following might you recommend? You should make use of an OS level logging tools such as iptables and log events to CloudWatch or S3.

  12. You have a MySQl database running on an EC2 instance in a private subnet. You can connect via SSH, but you are unable to apply updates to the database server via the NAT instance. What might you do to remedy this problem? Ensure that "Source/Destination Checks" is disabled on the NAT instance. With NAT instances, the most common oversight is forgetting to disable Source/Destination Checks.

  13. Amazon SQS keeps track of all tasks and events in an application. False. With SQS, you must implement your own application-level tracking, especially if your application uses multiple queues.

  14. When editing permissions (policies and ACLs), to whom does the concept of the "Owner" refer? The "Owner" refers to the identity and email address used to create the account AWS account.​​

  15. Your company provides an online image recognition service and uses SQS to decouple system components. Your EC2 instances poll the image queue as often as possible to keep end-to-end throughput as high as possible, but you realize that all this polling is resulting in both a large number of CPU cycles and skyrocketing costs. How can you reduce cost without compromising service? Enable long polling by setting the ReceiveMessageWaitTimeSeconds to a number > 0 (Note: it is seconds).

  16. Your company provides an online image recognition service and uses SQS to decouple system components. Your EC2 instances poll the image queue as often as possible to keep end-to-end throughput as high as possible, but you realize that all this polling is resulting in both a large number of CPU cycles and skyrocketing costs. How can you reduce cost without compromising service? Proactive Cyclic Scaling allows you to scale during the desired time window. (Scheduled scheduling)

  17. Following advice from your consultant, you have configured your VPC to use Dedicated hosting tenancy. A subsequent change to your application has rendered the performance gains from dedicated tenancy superfluous, and you would now like to recoup some of these greater costs. How do you revert to Default hosting tenancy? Once a VPC is set to Dedicated hosting, it is not possible to change the VPC or the instances to Default hosting. You must re-create the VPC. So create AMIs of all your instances, and create a new VPC with Default as the hosting tenancy attribute, and use them to create new instances using Default tenancy.

  18. You are developing a web application, and you are maintaining separate sets of resources for your alpha, beta, and release environments. Each version runs on Amazon EC2 with an EBS volume. You use Elastic Load Balancing to manage traffic and Amazon Route 53 to manage your domain. What's the best way to check the health and status of all three groups of services simultaneously? Create a resource group containing each set of resources and view all three environment from a single, group dashboard. With the Resource Groups tool, you use a single page to view and manage your resources.

  19. Your company has just purchased another company. As part of the merger, your team has been instructed to cross connect the corporate networks. You run all your confidential corporate services and Internal DNS in a VPC. The merged company has all their confidential corporate services and Internal DNS on-premises. After establishing a Direct-Connect service between your VPC and their on-premise network, and confirming all the routing, firewalls, and authentication, you find that while you can resolve names against their DNS, the other company services is unable to resolve names against your DNS servers. Why might this be? By design, AWS DNS does not respond to requests originating from outside the VPC. Route53 has a security feature that prevents internal DNS from being read by external sources. The work around is to create a EC2 hosted DNS instance that does zone transfers from the internal DNS, and allows itself to be queried by external servers.

  20. How is the Public IP address managed in an instance session via the instance GUI/RDP or Terminal/SSH session? The public IP address is not managed on the instance; it is, instead, an alias applied as a network address translation of the private IP address.

  21. You have been engaged by a company to design and lead a migration to an AWS environment. The team is concerned about the capabilities of the new environment, especially when it comes to avoiding bottlenecks. The design calls for about 20 instances (C3.2xLarge) pulling jobs/messages from SQS. Network traffic per instance is estimated to be around 500 Mbps at the beginning and end of each job. Which network configuration should you plan on deploying? When considering network traffic, you need to understand the difference between storage traffic and general network traffic, and the ways to address each. The 10Gbps is a red-herring, in that the 500Mbps only occurs for short intervals, and therefore your sustained throughput is not 10Gpbs. Whereever possible, use simple solutions such as spreading the load out rather than expensive high tech solutions. So your answer should be: spread the instances over multiple AZs to minimize the traffic concentration and maximize the fault tolerance.

  22. You are a consultant planning to deploy DynamoDB across three AZs. Your lead DBA is concerned about data consistency. Which of the following do you advise the lead DBA to do? To ask development team to code for strongly consistent reads.

  23. DynamoDB allows for the storage of large text and binary objects, but there is a limit of 400 KB.

Previous12.11 Whizlabs - Section Tests - Part 2Next13. The Real World - Creating a fault tolerant Word Press Site

Last updated 5 years ago

Was this helpful?