12.3 Whizlabs - Practice Test I

1. ELB is the most ideal solution for adding elasticity to your application. Route53 with weighted routing policy is an alternate.

2. When you create a Provisioned IOPS volume, the max ratio of IOPS to volume size is 50 : 1.

3. Spot instances enable you to bid on unused EC2 instances, which can lower your EC2 costs significantly. Your spot instance runs whenever your bid exceeds the current market price. Spot instances are a cost-effective choice if you can be flexible about when your application run and if your applications can be interrupted.

4. If you want to ping a instance, the security group need to configured to ensure that ping commands can go through. The ICMP protocol needs to be allowed to ensure that the ping packets can be routed to the instances. There is not a specific port number for ICMP (0 - 65535). ICMP relies on TCP or UDP. Ping a port is a misnomer but you can check if a port is open.

5. The best way to move an EBS volume currently attached to an EC2 instance from one AZ to another is creating a snapshot of the volume and then create a volume from the snapshot in the other AZ. Moreover, the instance and volume have to be in the same AZ in order for the volume to be attached to the instance.

6. IAM roles are designed in such a way so that your applications can securely make API requests from your instances, without requiring you to manage the security credentials that the applications use.

7. Retrieve public IP addresses assigned to a running instance via the instance metadata: http://169.254.169.254/latest/meta-data/public-ipv4. Accessing all the instance metadata: http://169.254.169.254/latest/meta-data/

8. Amazon RDS Basic Operational Guidelines:

   1. Monitor your memory, CPU, and storage usage. Amazon CloudWatch can be setup to notify you.

   2. Scale up your DB instance when you are approaching storage capacity limits.

   3. Enable automatic backups and set the backup window to occur during the daily low in write IOPS.

   4. If your database workload requires more I/O than you have provisioned, recovery after a failover or database failure will be slow. So scale up your DB instances.

9. Best Practices for Working with MySQL Storage Engines: On a MySQL DB instance, observe the following table creation limits:

   1. You're limited to 10,000 tables if you are either using Provisioned IOPS storage, or using General Purpose storage and the instance is 200 GB or larger in size.

   2. You’re limited to 1000 tables if you are either using standard storage, or using General Purpose storage and the instance is less than 200 GB in size.

   On a MySQL DB instance, avoid tables in your database growing too large. Provisioned storage limits restrict the maximum size of a MySQL table file to 16 TB. Instead, partition your large tables so that file sizes are well under the 16 TB limit. This approach can also improve performance and recovery time.

10. The rules for DNS-compliant bucket names are as follows:

    1. Bucket names must be at least 3 and no more than 63 characters long.

    2. Bucket names must be a series of one or more labels. Adjacent labels are separated by a single period (.). Bucket names can contain lowercase letters, numbers, and hyphens. Each label must start and end with a lowercase letter or a number.

    3. Bucket names must not be formatted as an IP address (for example, 192.168.5.4).

11. Route53 performs three main features:

    1. Register domain names

    2. Route internet traffic to the resources for your domain

    3. Check the health of your resources

12. All of the endpoints created with the API Gateway are of HTTPS.

13. AWS Security Token Service (STS). You can authenticate users in your organization's network, and then provide those users access to AWS without creating new AWS identities for them and requiring them to sign in with a separate user name and password. This is known as the single sign-on (SSO) approach to temporary access. AWS STS supports open standards like Security Assertion Markup Language (SAML) 2.0.

14. Volume status check enable you to better understand, track, and manage potential inconsistencies in the data on the EBS volume. If the status check is insufficient-data, the checks may still be in progress on the volume.

15. "Golden Image" refers to an AMI that has been constructed from a customized Image.

16. For health checking, you should assess whether the web server instance can return a HTTP 200 response for some simple request. (healthcheck.html).

17. For AWS RDS Multi-AZ, the replication between the primary DB instance and the standby DB instance is synchronously. For the AWS RDS Read Replicas, the replication between the production database and the read-only replicas is asynchronously.

18. ELB and EC2 instances get set up for highly availability. You have the ELB placed in front of the instances and the instances are placed in different AZs.

    

19. SQS message retention period default is 4 days, min is 1 minute, max is 14 days.

20. Message Lifecycle in SQS.

    1. Producer sends Message A to a queue, and the message is distributed across the Amazon SQS servers redundantly.

    2. When Consumer is ready to process a message, it consumes messages from the queue, and Message A is returned. While Message A is being processed, it remains in the queue and isn't returned to subsequent receive requests for the duration of the visibility timeout. (i.e. the message is remained in the queue, but not visible to other consumers).

    3. When the job is done, Consumer deletes Message A from the queue to prevent the message from being received and processed again when the visibility timeout expires. Otherwise, the message will be visible again and be consumed by other consumers again.

21. Only when the DNS Hostnames option of the VPC is set to "Yes", the instances launched in the subnets will get DNS Names. Only VPC configuration has the effect on the DNS Hostnames.

22. Route Tables of VPC. Each subnet in your VPC must be associated with a route table; the table controls the routing for the subnet. A subnet can only be associated with one route table at a time, but you can associate multiple subnets with the same route table. See the docs about Route Tables of VPC: https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Route_Tables.html

23. An EBS volume can be attached to only one instance at a time within the same AZ (guarantee that the volume appears as a native block device similar to a local hard drive). However, multiple volumes can be attached to a single instance. EBS volumes are automatically replicated within that AZ to prevent data loss due to failure of any single hardware component.

24. Some systems for setting up firewalls let you filter on source ports. Security Group let your filter only on destination ports. When you add or remove rules, they are automatically applied to all instances associated with the security group immediately.

25. For the cost of CloudFormation, you only get charged for the underlying resources created using CloudFormation templates.

26. A point-in-time snapshots of an EBS volume, can be used as a baseline for new volumes or for data backup. If you make periodic snapshots of a volume, the snapshots are incremental -- only the blocks on the device that have changed after your last snapshot are saved in the new snapshot. Even though snapshots are saved incrementally, the snapshot deletion process is designed so that you need to retain only the most recent snapshot in order to restore the entire volume. You can create a snapshot via the CLI command: create-snapshot.

    Cron job - The software utility cron is a time-based job scheduler in Unix-like computer operating systems. People who set up and maintain software environments use cron to schedule jobs (commands or shell scripts) to run periodically at fixed times, dates, or intervals. It typically automates system maintenance or administration

27. AWS Lambda Resource Limits per Invocation:

    1. 

28. For a video uploading website, the best practice to design the SQS: using two SQS, one for premium, one for free members. EC2 instance poll the premium queue first and if empty, poll free members queue.

29. S3 (Glacier, Storage Gateway, etc) has both of at rest (server-side) encryption and in transit encryption.

30. AWS Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices, and it is an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. Even though AWS CloudWatch can monitor resources, it cannot be checked against the service limits.

31. AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and AWS CloudFormation takes care of provisioning and configuring those resources for you.

32. A bastion is a special purpose server instance that is designed to be the primary access point from the Internet and acts as a proxy to your other EC2 instances.

33. The Reserved Instance Marketplace is a platform that supports the sale of third-party and AWS customers' unused Standard Reserved Instances, which vary in term lengths and pricing options. For example, you may want to sell Reserved Instances after moving instances to a new AWS region, changing to a new instance type, ending projects before the term expiration, when your business needs change, or if you have unneeded capacity.

34. You can copy an Amazon Machine Image (AMI) within or across an AWS region using the AWS Management Console, the AWS command line tools or SDKs, or the Amazon EC2 API, all of which support the CopyImage action. You can copy both Amazon EBS-backed AMIs and instance store-backed AMIs. You can copy encrypted AMIs and AMIs with encrypted snapshots.

35. Columnar storage for database tables is an important factor in optimizing analytic query performance because it drastically reduces the overall disk IO requirements and reduces the amount of data you need to load from disk. Typical database block sizes range from 2KB to 32KB. Amazon Redshift uses a block size of 1024KB for its columnar storage, which is more efficient and further reduces the number of IO requests needed to perform any database loading or other operations that are part of query execution. (BTW, in HDFS, the block size for storing the batch data is 512KB.)

36. Row-wise storage database (Traditional relational database) vs. Columnar storage database (column-based NoSQL database). https://docs.aws.amazon.com/redshift/latest/dg/c_columnar_storage_disk_mem_mgmnt.html

37. When you look at your CloudWatch metric dashboard, you can see metrics for CPU usage, Disk read/write, Disk read/write opreations and Network in/out. You need to add a custom metric for Memory Usage.

38. In order for an EC2 instance to be accessed from the Internet, the following are required:

    1. An Internet Gateway attached to the VPC.

    2. A public IP address attached to the instance (configure in Subnet) or elastic IP address.

    3. A route entry to the Internet Gateway in the Route Table (0.0.0.0/0->IGW-ID).

    4. Ensure that your network access control and security group rules allow the relevant traffic to flow to and from your instance.

39. The retention period of Kinesis. An Kinesis stream stores records from 24 hours by default, up to 168 hours.

40. Server Access Logging. To track requests for access to your S3 bucket, you can enable access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. Access log information can be useful in security and access audits. It can also help you learn about your customer base and understand your Amazon S3 bill.

41. Creating an Amazon EBS Snapshot. You can take a snapshot of an attached volume that is in use. However, snapshots only capture data that has been written to your Amazon EBS volume at the time the snapshot command is issued. This might exclude any data that has been cached by any applications or the operating system. If you can pause any file writes to the volume long enough to take a snapshot, your snapshot should be complete. However, if you can't pause all file writes to the volume, you should unmount the volume from within the instance, issue the snapshot command, and then remount the volume to ensure a consistent and complete snapshot. You can remount and use your volume while the snapshot status is pending.

    Create a snapshot of an Amazon EBS RAID array. When you take a snapshot of an attached Amazon EBS volume that is in use, the snapshot excludes data cached by applications or the operating system. For a single EBS volume, this is often not a problem. However, when cached data is excluded from snapshots of multiple EBS volumes in a RAID array, restoring the volumes from the snapshots can degrade the integrity of the array. When creating snapshots of EBS volumes that are configured in a RAID array, it is critical that there is no data I/O to or from the volumes when the snapshots are created. RAID arrays introduce data interdependencies and a level of complexity not present in a single EBS volume configuration. So the steps should be: 1. Suspend disk IO. 2. Start EBS snapshot of volumes. 3. Wait for snapshots to complete. 4. Resume disk.

42. In the industry, RDS has been used to store session data. ElastiCache and DynamoDB can also do this.

43. AWS Support Plans.

    Basic, Developer support plan:

    1. Access to 6 core Trusted Advisor checks only.

    2. No 24*7 support.

    Business, Enterprise support plan:

    1. Access full set of Trusted Advisor checks

    2. 24*7 access to customer service, docs, whitepapers and support forums

    3. 24*7 access to Cloud Support Engineers via emails, chat & phone.

    Prices: Basic < Developer < Business < Enterprise.

44. Amazon EC2 Supported Platforms. Amazon EC2 supports the following platforms:

    

    Amazon EC2 Instance IP Addressing. We provide your instances with IP addresses and IPv4 DNS hostnames. These can vary depending on whether you launched the instance in the EC2-Classic platform or in a virtual private cloud (VPC).

    1. For instances launched in a VPC, a private IPv4 address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated.

    2. For instances launched in EC2-Classic, we release the private IPv4 address when the instance is stopped or terminated. If you restart your stopped instance, it receives a new private IPv4 address.

45. Amazon SWF with EC2 instances use cases:

    1. Managing a multi-step and multi-decision checkout process of an e-commerce website

    2. Orchestrating the execution of distributed and auditable business processes

    3. etc...