LinkedIn: AWS | Skill Assessment Quiz Solutions-2 | APDaga Tech

▸ AWS | LinkedIn Skill Assessment Quiz Solutions-1

LinkedIn: AWS | Skill Assessment Quiz Solutions-2 | APDaga Tech


  1. What is the best practice for creating a highly available PostgreSQL database in RDS that can sustain the loss of a single AWS region?

    • PostgreSQL cannot be replicated across regions. Restore the database backups from an S3 bucket and repoint your database connections to the new instance.
    • Create Read Replicas in other AWS regions. You can designate a new master database from any of the read replicas until the regional failure is resolved.
    • Verify that your instance is configured for Multi-AZ support. Database changes will be automatically synced to another region in the event of a failure and RDS will automatically select a new master until the regional failure is resolved.
    • Create Read Replicas in other AWS regions. Ensure read operations against the database occur on an available Read Replica, and send write operations to another region if you need to promote a Read Replica to a standalone database if the master is down.


  1. You created a new Linux EC2 instance and installed PostgreSQL but you are not able to establish a connection to the server from your local computer. What steps do you take to resolve this issue?

    • Create a security group rule that allows all traffic from 0.0.0.0/0. This will verify whether or not another rule is denying the traffic.
    • Verify that the assigned security groups allow traffic from your IP address to port 5432. Verify that PostgreSQL is configured to listen to external traffic and is bound to the public interface.
    • Make sure that you are using an Elastic IP and that it is included within the postgresql.conf configuration file.
    • Stop and start the instance. New security group rules will only take effect after a restart.


  1. What does the statement body of this S3 bucket policy do?

    {
      "Sid": "bucketpolicy1",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::userreports/*",
      "Condition": {
        "IpAddress": { "aws:SourceIp": "68.249.108.0/24" },
        "NotIpAddress": { "aws:SourceIp": "68.249.108.128/32" }
      }
    }
    
    • bucketpolicy1 allows any user to perform any action on the objects in the userreports bucket, but limits the objects to read-only permissions for anyone coming from 68.249.108.0 to 68.249.108.255 - except 68.249.108.128.
    • bucketpolicy1 allows any user coming from the IP range of 68.249.108.0 to access objects in the userreports bucket and denies access to 68.249.108.128.
    • bucketpolicy1 allows any user to perform any action on the objects in the userreports bucket - except anyone coming from the IP of 68.249.108.128.
    • bucketpolicy1 allows any user coming from the IP range of 68.249.108.0 to 68.249.108.255 to access objects in the userreports bucket-except anyone coming from the IP of 68.249.108.128.


  1. A new developer has been added to the team and you have been asked to provide access to the organization’s AWS account. What is the best practice for granting access?

    • Give the new developer the IAM login that is assigned to the development team. This IAM user should already include all of the policies that a developer would need.
    • Create a IAM user for the new developer. Manually assign policies to the new IAM user account.
    • Do not give the new developer access to the AWS console. Using the IAM user that is assigned to the development group, generate a new set of access keys and label these with the name of the developer.
    • Create a IAM user for the new developer. Assign the new developer the a developer group you already created for the other developers.


  1. When launching an EC2 instance with an instance type that supports instance storage, what use case is best for instance storage?

    • Use the instance storage to serve temporary files that require low I/O latency.
    • Use the instance storage to handle files uploaded by your users. Since it is more secure than an EBS volume, you can isolate any malicious files from infecting your server.
    • Instance storage is faster than EBS volumes, so install the root of the operating system on this volume to speed up server performance.
    • Instance storage is a deprecated option for storage and should not be used.




  1. What’s the best practice for horizontally scaling a legacy ASP.NET web application that relies on Active Directory and is currently deployed to a single Windows EC2 instance?

    • Use Sysprep to shut down the instance during a maintenance window. Create an AMI image and place both servers behind Application Load Balancer with sticky sessions.
    • Launch a new EC2 with the latest version of Windows Server and install the application again. Use Application Load Balancer and sticky sessions to balance between both servers.
    • Create a clone of the server using an AMI image and user Application Load Balancer to balance the traffic between both instances using sticky sessions.
    • Horizontal scaling is not the best practice in this situation. Increase the size of the existing EC2 instance and vertically scale the application.


  1. What does this small section of a CloudFormation template do?

    FlowLog:
      Type: AWS::EC2::FlowLog
      Properties:
        DeliverLogsPermissionArn: !GetAtt IamRole.Arn
        LogGroupName: FlowLogsGroup
        ResourceId: !Ref LogVpcId
        ResourceType: VPC
        TrafficType: ALL
    
    • It writes the VPC network flow logs to the CloudWatch FlowLogsGroup log group. You could use this to inspect the network connections of your VPC.
    • It logs all of the network traffic within a VPC except Instance IDs defined by LogVpcID and logs it to the CloudWatch FlowLogsGroup log group.
    • It logs all the network traffic going to and from a single EC2 instance into the CloudWatch FlowLogsGroup log group. You could use this to inspect suspicious network traffic coming into an EC2 instance.
    • It logs all of the DNS requests made by resources within a VPC and logs them to the CloudWatch FlowLogsGroup. Use this to diagnose DNS lookup errors within your environment.


  1. You are running Docker containers on ECS. What is the most important metric to monitor?

    • The running container count for each service from within CloudWatch.
    • The instance health of each EC2 instance in your cluster from within CloudWatch.
    • Monitor the EC2 service dashboard. Watch for posted outages to the ECS service.
    • The memory consumption of each EC2 instance in your cluster from within CloudWatch.


  1. Application Load Balancer can route traffic to several different target groups based upon several conditions. Which of these use cases is not supported by Application Load Balancer?

    • A request with a HTTP header of X-Requested-With: staging can be routed to a target group for an ECS service in your staging environment.
    • Source IPs matching 192.0.2.0/24 on a listener port of 1433 can be routed to a target group for an RDS for SQL Server cluster.
    • A path of /signup* can be routed to a target group for a Lambda function that processes new user registrations.
    • An Http POST query string of ? action=createuser can be routed to a target group for an ECS service.


  1. What does a VPC do?

    • creates a cloud-based network to interconnect a set of virtual servers and appliances
    • creates a secure tunnel between two networks
    • creates a shared storage plane for application data to be shared across multiple instances.
    • creates a private network that is completely isolated from the public internet.




  1. Can you lose the public IP address associated with your EC2 instance?

    • Yes, you can lose it if you reboot the instance.
    • Yes, you can lose it if you stop and start the instance.
    • No, you will never lose the public IP address for your instance.
    • Yes, you can lose it when you edit the instance properties and release the IP address.


  1. Where is the best place to store database backups on an EC2 instance that is configured as a database server?

    • an S3 bucket, synced with the database backups via a script that calls the AWS CLI
    • EBS volume attached to the instance
    • instance attached to the instance
    • instance storage, with a script that replicates the database backups to another instance in a different availability zone.


  1. Which of these is a valid restriction on the properties of a VPC?

    • You can have only 10 internet gateways per region on a new AWS account.
    • You can have only 10 VPCs per region on a new AWS account
    • You cannot create a CIDR block with a netmask larger than /16
    • You can have only 10 subnets within a VPC


  1. You have a Linux EC2 instance that is not responding to requests and you can not connect to it via SSH. Using the EC2 console, you issued a command to stop the instance, but for the past 10 minutes the instance has been in the “stopping” state. What is the next step you should take?

    • Issue another stop action via the EC2 console, and choose the option to forcefully stop the instance.
    • Create an AMI image of the instance, and choose the option to take the image without restarting the instance.
    • Edit the instance properties and increase the instance size.
    • Contact AWS support. Any further actions could corrupt the file system.


  1. You have 14 on-premise web servers, 4 database servers, 6 servers using GIS software, 3 file servers, and 4 development servers. What considerations should you take into account when migrating these servers into AWS?

    • AWS does not have a way to separate billing for compute costs, so you will need to design a way to split the budget between departments.
    • New AWS accounts are limited to 20 on-demand EC2 instances. Submit a request to increase your rate limits before starting a migration.




  1. As your web application grows and your application monitoring needs become more complex, which additional log monitoring service should you NOT consider?

    • ELK stack: Elasticsearch, Loggly, and Kibana
    • PRTG
    • New Relic
    • Datadog


  1. You have a T2 EC2 instance that is critical to your infrastructure. How would you monitor the most important metric for this instance?

    • Turn on CloudWatch Auto Recovery and put monitors on the System Status and Instance Status checks for the instance to notify you when either is in alarm.
    • Use CloudWatch to put monitors on the remaining CPU credits. If you run out of CPU credit the instance will be stopped.


  1. Which feature can be used to respond to a sudden increase in web traffic?

    • EC2 Auto Scaling groups
    • AWS Shield Advanced
    • RDS Read Replicas
    • all of these answers


  1. If a set of servers are located within a private subnet of your VPC, how can you connect those servers to on-premise servers?

    • Establish a connection with AWS Direct Connect.
    • Use the AWS Client VPN.
    • Install a OpenVPN server on an instance that is located within the subnet with an elastic IP.
    • All of these options can establish a connection to a private subnet.


  1. You have a UDP load balancer that is created by an instance that is running an NGINX proxy. Your application performance management (APM) solution can detect failures in your load balancer instance and transfer the Elastic IP to a passive standby instance. Using the AWS CLI, which script do you program into your APM to move the Elastic IP?

    • A
    aws ec2 disassociate-address --association-id eipassoc-2bebb712
    aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
    
    • B
    aws ec2 release-address --association-id eipassoc-2bebb712
    aws ec2 assign-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
    
    • C
    aws ec2 stop-instances --instance-ids i-8b953
    wait 30
    aws ec2 disassociate-address --association-id eipassoc-2bebb712
    aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
    aws ec2 start-instances --instance-ids i-8b953
    
    • D
    aws ec2 release-address --association-id eipassoc-2bebb712
    aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
    




  1. What service can host your Docker containers?

    • Lightsail
    • Elastic Container Service (ECS)
    • Elastic Compute Cloud (EC2)
    • All of these services can host a Docker container.


  1. In the S3 console, underneath the Access column, what does the public badge next to the bucket name indicate?

    In the S3 console, underneath the Access column, what does the public badge next to the bucket name indicate? | APDaga

    • All objects within this bucket are assigned public access and could be readable or writable by anyone on the internet. Ensure no sensitive data is being publicly shared within this bucket.
    • All objects within this bucket are writable, which means that the public internet has the ability to upload any file directly to your S3 bucket. Your S3 bucket could be used to serve malware.
    • Some objects within this bucket are assigned public access. Verify that any publicly shared objects within this bucket contain no sensitive data.
    • Objects within this bucket can be made public, if the ACL on that object is set to allow everyone access. Private buckets do not allow you to set public permissions on any object.


  1. What privilege is specific to the AWS root account, and cannot be granted to another IAM user on the account?

    • Revoke the AdministratorAccess role or grant it to another IAM user.
    • Create a new hosted zone in Route 53.
    • Delete the AWS account.
    • Modify the billing details.


  1. Your application is sending 50,000 emails through SES each day. Since you must maintain a low bounce rate to avoid being put on probation, what simple system do you architect to automatically process hard bounces?

    • Configure SES to send all bounce events to an SNS topic. Create a Lambda function that processes each hard bounce event and automatically flags that account as a bounce in your application to prevent further sending attempts.
    • Configure SES to no longer send to email addresses that are on your bounce list.
    • Configure SES to send the logs of all delivery attempts through Kinesis Firehose. Process each event and look for bounce types and remove these emails from your list.
    • Send all emails through SES with a custom reply-to header. Configure SES to listen for events on this email address and flag any email address that replies to this account as a bounced message and remove it from your email list.


  1. Your web application is getting a suspicious amount of bad requests from foreign IP addresses. Your business is operating in only a few countries and you would like to block any other traffic. What is the best practice for limiting access to your web application by country?

    • Use Web Application Firewall and create a geo match condition to drop all requests from countries that aren’t on your allow list.
    • Use Application Load Balancer to create a new routing rule that looks at source IP address. Add an IP block for the countries that have access.
    • Host the front end of your website in CloudFront and configure a geo restriction on the distribution.
    • Use CloudTrail to monitor the IP addresses of the bad requests. Use Lambda to add these IP addresses to an Application Load Balancer rule that blocks the IPs.


CREDITS: (Source)


Click here to see solutions for all HackerRank SQL practice questions.
&
Click here to see solutions for all Machine Learning Coursera Assignments.
&
Click here to see more codes for Raspberry Pi 3 and similar Family.
&
Click here to see more codes for NodeMCU ESP8266 and similar Family.
&
Click here to see more codes for Arduino Mega (ATMega 2560) and similar Family.

Feel free to ask doubts in the comment section. I will try my best to answer it.
If you find this helpful by any mean like, comment and share the post.
This is the simplest way to encourage me to keep doing such work.

Thanks & Regards,
- APDaga DumpBox
Post a Comment (0)
Previous Post Next Post