AWS Solutions Architect Associate
TODOs
Assessment
Assessment Questions:
- 1:
- selection: B
- correct: B
- note: Business Plan does provide support API, Developer Plan doesn't.
- 2:
- selection: B
- correct: B
- 3:
- selection: C
- correct: C
- 4:
- selection: A
- correct: A
- note: The dedicated host option lets you see the number of physical CPU
sockets and cores on a host.
- 5:
- selection: A
- correct: B
- note: An elastic IP address will not change; A public IP address attached
to an instance will change if the instance is stopped, as would happen
when changing the instance type.
- 6:
- selection: A
- correct: A
- 7:
- selection: C
- correct: D
- notes: With SSE-C you provide your own keys for Amazon to use to decrypt
and encrypt your data. AWS doesn't persistently store the keys.
- 8:
- selection: A
- correct: A
- notes: *Durability* corresponds to an average annual expected loss of
objects stored on S3, not including objects you delete. *Availability*
measures the amount of time S3 will be available to let you retrieve
those objects.
- 9:
- selection: B
- correct: B
- notes: S3 uses a *read-after-write* consistency model for new objects, so
once you upload an object to S3 it's immediately available.
- 10:
- selection: D
- correct: C
- notes: You can't change the primary CIDR for a VPC, so you must create a
new one to connect it to your internal network.
- 11:
- selection: B
- correct: B
- notes: An EC2 instance can access the internet from a private subnet
provided it uses a NAT gateway or NAT instance.
- 12:
- selection: B
- correct: A
- The definition of a *public subnet* is a subnet that has a default route
pointing to an Internet gateway. Otherwise, it would be a *private
subnet*.
- 13:
- selection: D
- correct: C
- notes: DynamoDB is a key-value NoSQL database (store) that can be used to
store items up to 400 KB in size.
- 14:
- selection: B
- correct: A
- notes: You can create a global secondary index for an existing table at
any time. You can only create a local secondary index when you first
create the table.
- 15:
- selection: B
- correct: A
- notes: Enabling *point-in-time recovery* gives you an RPO of about five
minutes. The *recover time objecive* (RTO) depends on the amount of data
to restore.
- 16:
- selection: B
- correct: B
- 17:
- selection: A
- correct: C
- notes: KMS can be used to encrypt Elastic Block Store (EBS) volumes that
store an instance's operating system.
- 18:
- selection: D
- correct: D
- notes: STS tokens expire and IAM access keys do not. An STS token can be
used more than once. IAM access keys and STS tokens are both unique. An
IAM principal can use an STS token.
- 19:
- selection: A
- correct: B
- notes: EC2 doesn't track instance memory utilization. You would need to
install a CloudWatch Agent into the EC2 instance to monitor the memory
utilization of that instance.
- 20:
- selection: A
- correct: C
- notes: The transition to the **ALARM** state simply implies that the
metric crossed a threshold but doesn't tell you what the threshold is.
Newly created alarms start out in the **INSUFFICIENT_DATA** state.
- 21:
- selection: B
- correct: A
- notes: Both store their logs in S3 buckets.
- 22:
- selection: B
- correct: A
- notes: An EC2 instance in a private subnet still has access to Amazon's
private DNS servers, which can resolve records stored in public hosted
zones.
- 23:
- selection: B
- correct: C
- notes: *Geoproximity routing* routes users to the location closest to
them. *Geolocation routing* requires you to create records for specific
locations or create a default record.
- 24:
- selection: A
- correct: A
- 25:
- selection: B
- correct: B
- 26:
- selection: C
- correct: A
- notes: A *simple scaling policy* changes the group size and then has a
cooldown period before doing so again. *Step* scaling policies don't have
cooldown periods. *Target tracking* policies attempt to keep a metric at
a set value. *PercentChangeInCapacity* is a simple scaling adjustment
type, not a scaling policy.
- 27:
- selection: A
- correct: A
- 28:
- selection: D
- correct: D
- 29:
- selection: B
- correct: B
- notes: *Puppet* is a configuration management platform that AWS offers
via *OpsWorks* but is not itself an AWS service.
- 30:
- selection: A
- correct: B
- notes: S3 *cross-region replication* transfers objects between different
buckets. *Transfer acceleration* uses a CloudFront edge location to speed
up transfers between S3 and the Internet.
- 31:
- selection: A
- correct: A
- notes: You can deactivate STS for all regions except US East.
- 32:
- selection: A
- correct: A
- notes: *GuardDuty* looks for potentially malicious activity. *Inspector*
looks for vulnerabilities that may result in compromise. *Shield* and *Web
Application Firewall* protect applications from attack.
- 33:
- selection: A
- correct: A
- 34:
- selection: B
- correct: C
- notes: *On-Demand* instance will continue to run and incur costs.
*Rseerved* instances cost the same whether they're running or stopped.
*Spot* instances will be terminated when the spot price exceeds your bid
price.
- 35:
- selection: A
- correct: A
- The *EBS Lifecycle Manager* can take scheduled snapshots of any EBS
volume, regardless of attachment state.
- 36:
- selection: A
- correct: C
- notes: *Elastic Contanire Service* lets you run containers that can
launch in a matter of seconds. EC2 instances take longest. Lambda is
"serverless", so you can't use it to run a web server. CloudFront
provides caching but isn't a web server.
- 37:
- selection: A
- correct: A
- notes: Almost everything in CloudFormation is case sensitive.
- Score: '20/37=0.54 FAIL'