Cloud Computing




















  • An Application team has asked a SysOps Admin to provision an additional environment for an application in four additional regions. The application is running on more than 100 instances in us-east-1, using fully baked AMIs. An AWS CloudFormation template has been created to deploy resources in us-east-1. To provision the application quickly the SysOps Admin must Run the existing CloudFormation template in each additional region based on the success of the template used currently in us-east-1.

  • A company has a fleet of EC2 instances, and needs to remotely execute scripts for all of the instances. Amazon EC2 System Manager Run Command allows this.

  • A company is creating an application that will keep records. The application will run on Amazon EC2 instances and will use an Amazon Aurora MySQL DB as its data store. To maintain compliance, the application must not retain information that is determined to be sensitive. To detect if sensitive data is being stored in the application a SysOps admin should Export data from the DB by using an AWS Lambda function. Store the data in Amazon S3. Use Amazon Macie to examine the stored data. Examine the report for any sensitive data that is discovered.

  • Access Control List (ACL) is the document that defines who can access a particular bucket or object in Amazon S3. ACLs enable to manage access to buckets and objects. Each bucket and object has an ACL attached to it as a subresource. It defines which AWS accounts or groups are granted access and the type of access.

  • A user is sending custom data metrics to CloudWatch. The allowed time stamp granularity for each data point published for the custom metric is 1 millisecond (ms).
    The user is allowed to send data up to 1,000 of a second. CloudWatch aggregates the data by each minute and generates a metric for that.

  • Dev teams are maintaining several workloads on AWS. Company management is concerned about rising costs and wants the SysOps Admin to configure alerts so teams are notified when spending approaches preset limits. AWS Budgets service will satisfy these requirements.

  • A company has several accounts between different teams and wants to increase its auditing and compliance capabilities. The accounts are managed through AWS Organizations. Management wants to provide the security team with secure access to the account logs while also restricting the possibility for the logs to be modified. A SysOps admin can achieve this with the LEAst amount of operational overhead by From the master account, create an organization trail using AWS CloudTrail and apply it to all Regions. Use IAM roles to restrict access.

  • A launch configuration in Auto Scaling represents a template that the Auto Scaling group uses to launch the Amazon EC2 instances. When create a launch configuration, specify information for the instances such as the ID of the Amazon Machine Image (AMI), the instance type, a key pair, one or more security groups, and a block device mapping.

  • AWS CloudWatch is a service used to monitor the AWS resources and the applications running on EC2. It collects and tracks the metrics of various services or applications.

  • A Dev team recently deployed a new version of a web application to production. After the release, penetration testing revealed a cross-site scripting vulnerability that could expose user data. AWS WAF service will mitigate this issue.

  • Every object in Amazon S3 is stored in a Bucket. Before can store data in Amazon S3, must create a bucket.

  • An Auto Scaling group scales up and down based on Average CPU Utilization. The alarm is set to trigger a scaling event when the Average CPU Utilization exceeds 80% for 5 minutes. Currently, the Average CPU has been 95% for over two hours and new instances are not being added. The issue could be The maximum size of the Auto Scaling group is below or at the current group size.

  • AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. The user has to always include the namespace as a part of the request. However, the other parameters are optional. If the user has uploaded data using CLI, he can view it as a graph inside the console. The data will take around 2 minutes to upload but can be viewed only after around 15 minutes.

  • A popular auctioning platform requires near-real-time access to dynamic bidding information. The platform must be available at all times. The current Amazon RDS instance often reaches 100% CPU utilization during the weekend auction and can no longer be resized. To improve application performance, a sysops admin is evaluating Amazon ElastiCache, and has chosen Redis (cluster mode enabled) instead of Memcached. Reasons for making this choice are Multi-AZ with automatic failover and Online resharding.
    Amazon ElastiCache for Redis supports both Redis cluster and non-cluster modes and provides high availability via support for automatic failover by detecting primary node failures and promoting a replica to be primary with minimal impact.

  • Amazon S3 offer Storage over the Internet. It's a simple web services interface that can use to store and retrieve any amount of data, at any time, from anywhere on the web.

  • To change the Instance type for instances running. In application tier that are using Auto Scaling. Would change the instance type definition in Auto Scaling launch configuration.

  • To generate a report detailing specific cost allocation tags when creating a Monthly Cost Allocation report required steps are:
    • Activate the 'requested' tags by clicking Manage report tags on the Billing Preferences page.
    • Select the checkbox for Cost Allocation Report in the AWS account's Billing Management Console.
Last edited:


  • A company runs a multi-tier web application with two Amazon EC2 instances in one AZ in the us-east-1 Region. A SysOps admin must migrate one of the EC2 instances to a new AZ. Solution will accomplish this by Create an Amazon Machine Image (AMI) from the EC2 instance and launch it in a different AZ. Terminate the original instance.

  • A SysOps Admin has configured health checks on a load balancer. An Amazon EC2 instance attached to this load balancer fails the health check. The EC2 instance will be terminated based on the health check failure. And The load balancer will stop sending traffic to the EC2 instance.

  • Company A purchases company B and inherits three new AWS accounts. Company A would like to centralize billing and reserved instance benefits but wants to keep all other resources separate. This can be accomplished by Configure AWS Organizations Consolidated Billing and provide the finance team with IAM access to the billing console.

  • Amazon Route53 provides a scalable Domain Name System (DNS). It is a highly available and scalable cloud DNS web service. It is designed to give developers and businesses an extremely reliable and cost effective way to route end users to Internet applications by translating names like into the numeric IP addresses like that computers use to connect to each other. It is fully compliant with IPv6 as well.

  • AWS CloudWatch supports monitoring of the AWS estimated usage charges. When enable the monitoring of estimated charges for AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data.

  • AWS Auto Scaling can launch instances based on certain criteria. This provides cost optimization to the user as it will only launch the instance when required, thereby resulting in cost saving.

  • AWS bills the user on a as pay as you go model. AWS will charge the user once the AWS resource is allocated. Even though the user is not using the resource, AWS will charge if it is in service or allocated. Thus, it is advised that once the user's work is completed he should:
    • Terminate the EC2 instance
    • Delete the EBS volumes
    • Release the unutilized Elastic IPs
    • Delete ELB
The AutoScaling launch configuration does not cost the user. Thus, it will not make any difference to the cost whether it is deleted or not.​
  • Store data in Amazon S3 and retain a copy of frequently accessed data subsets locally.
    In AWS Storage Gateway, Gateway-cached volumes offer a substantial cost savings on primary storage and minimize the need to scale storage on-premises. Also retain low-latency access to frequently accessed data.

  • An Auto Scaling group associated with an Elastic Load Balancer (ELB). Noticed that instances via the Auto Scaling group are being marked unhealthy due to an ELB health check, but these unhealthy instance are not being terminated. To ensure trial instances marked unhealthy by the ELB will be terminated and replaced by Add an ELB health check to Auto Scaling group.
    By default, an Auto Scaling group periodically reviews the results of EC2 instance status to determine the health state of each instance. However, if associated Auto Scaling group with an ELB load balancer, can choose to use the ELB health check. In this case, Auto Scaling determines the health status of instances by checking the results of both the EC2 instance status check and the ELB instance health check.
    For information about EC2 instance status checks, see Monitor Instances With Status Checks in the Amazon EC2 User Guide for Linux Instances. For information about ELB health checks, see Health Check in the ELB Developer Guide.
    Assuming that have created a LB and have registered the LB with Auto Scaling group. If not registered the LB with Auto Scaling group, see Set Up a Scaled and LB Application.
    Auto Scaling marks an instance unhealthy if the calls to the Amazon EC2 action DescribeInstanceStatus return any state other than running, the system status shows impaired, or the calls to ELB action DescribeInstanceHealth returns OutOfService in the instance state field.
    If there are multiple LB associated with Auto Scaling group, Auto Scaling checks the health state of EC2 instances by making health check calls to each LB. For each call, if the ELB action returns any state other than InService, the instance is marked as unhealthy. After Auto Scaling marks an instances as unhealthy, it remains in that state, even if subsequent calls from other LB return an InService state for the same instance.

  • A company would like to review each change in the infrasturcture before deploying updates in its AWS CloudFormation stacks. To understand the impact of these changes before implementation an Admin should Create a change set for the running stack.

  • When the user has launched an EC2 instance from an instance store backed AMI and added an instance store volume to the instance in addition to the root device volume, the block device mapping for the new AMI contains the information for these volumes as well. In addition, the block device mappings for the instances those are launched from the new AMI will automatically contain information for these volumes.

  • A SysOps Admin wants to automate the process of configuration, deployment, and management of Amazon EC2 instances using Chef or Puppet. AWS OpsWorks service will satisfy the requirement.

  • A user is trying to launch an EBS backed EC2 instance under free usage. The user wants to achieve encryption of the EBS vloume. The user cannot use EBS encryption and has to encrypt the data manually or using a third party tool.
    AWS EBS supports encryption of the volume while creating new volumes. It supports encryption of the data at rest, the I/O as well as all the snapshots of the EBS volume. The EBS supports encryption for the selected instance type and the newer generation instances, such as m3, c3, cr1, r3, g2. It is not supported with a micro instance.

  • An application running on Amazon EC2 instances in an Auto Scaling group across multiple AZs was deployed using an AWS CloudFormation template. The SysOps team has patched the AMI version and must update all the EC2 instances to use the new AMI. The SysOps Admin can use CloudFormation to apply the new AMI while maintaining a minimum level of active instances to ensure service continuity by Set an AutoScalingUpdate policy in the CloudFormation template to update the stack.

  • A company is running a popular social media site on EC2 instances. The application stores data in an Amazon RDS for MySQL DB instance and has implemented read caching by using an ElastiCache for Redis (cluster mode enabled) cluster to improve read times. A social event is happening over the weekend, and the SysOps Admin expects website traffic to triple. To ensure improved read times for users during the social event, A SysOps Admin can Add shards to the existing Redis cluster.

  • Running a web-application on AWS consisting of the following components an ELB an Auto-Scaling Group of EC2 instances running Linux/PHP/Apache, and RDS MySQL. Security measures fall into AWS's responsibility is Protect against IP spoofing or packet sniffing.

  • A SysOps Admin is trying to set up an Amazon Route 53 domain name to route traffic to a website hosted on Amazon S3. The domain name of the website is and the S3 bucket name is anycompany-static. After the record set is set up in Route 53, the domain name does not seem to work, and the static website is not displayed in the browser. A cause of this is The S3 bucket name must match the record set name in Route 53. The name of the bucket must be
Last edited:


  • Design principles, A series of questions, and Six pillars are the components of the AWS Well-Architected Framework.

  • A Multi-AZ deployed DB is synchronous while read replicas are asynchronous.

  • Amazon CloudWatch use to monitor certain metrics of DBs and can set alarms when certain metrics/thresholds are reached.

  • Warm standby DR approach ensures that there is a scaled down, but fully functional, copy of production environment in another Region.

  • DB can be cost effective by Use read replicas and auto scaling.

  • Performance efficiency pillar of the AWS Well-Architected Framework features the 'go global in minutes' design principle.

  • Relational DBs use structured data due to their defined schemas.
    Semi-structured data or All other DBs listed would be considered to use nonrelational DBs,
    and unstructured data may be stored in object storage such as Amazon S3 like mp3 audio files, etc.

  • Amazon Neptune is a full-managed graph DB.

  • A ledger DB use if want a transparent, immutable, and cryptographically verifiable transaction log.

  • The reliability pillar features the 'stop guessing capacity' design principle.

  • Amazon MemoryDB purpose built DB service would choose to implement a fully managed, Redis compatible, durable primary DB solution.
    While Amazon Elasticache for Redis is Redis compatible, it generally requires a primary DB as it is an in-memory cache solution, while Amazon MemoryDB is not a cache.

  • A DB has a table which stores metadata of images as json documents categorize to Semi-structured.

  • Amazon Relational Database Service (Amazon RDS) can run several different engines such as Amazon Aurora, Oracle, PostgreSQL, etc.

  • AWS Schema Conversion Tool (AWS SCT) is recommended to use first for heterogeneous migrations, where migrate between different DB engines. It is designed to help manage migrations by estimating workloads and potential issues. In some cases it can even migrate schemas automatically.

  • The six pillars of the AWS Well-Architected Framework are Security, Reliability, Performance, Operational Excellence, Cost Optimization, and Sustainability.

  • Amazon Redshift is A fast, cloud-centered, fully managed, and secure data warehousing service that houses analytical data for use in complex queries, business intelligence reporting, and machine learning.

  • The Accounting department would like to receive billing updates more than once a month. They would like the updates to be in a format that can easily be viewed with a spreadsheet application. This request can be fulfilled by Set AWS Cost and Usage Reports to publish bills daily to an Amazon S3 bucket in CSV format.

  • A SysOps Admin is managing a large organization with multiple accounts on the Business Support plan all linked to a single payer account. The Admin wants to be notified automatically of AWS Personal Health Dashboard events.
    In the main payer account, the Admin configures Amazon CloudWatch Events triggered by AWS Health events to issue notifications using Amazon SNS, but alerts in the linked accounts failed to trigger. The alerts fail because The AWS Personal Health Dashboard only reports events from one account, not linked accounts.

  • A Virtual Private Cloud (VPC) is a virtual network dedicated to the user's AWS account. A user can create a subnet with VPC and launch instances inside that subnet. If the user has created a public private subnet, the instances in the public subnet can receive inbound traffic directly from the Internet, whereas the instances in the private subnet cannot. If these subnets are created with Wizard, AWS will create a NAT instance with an elastic IP. If the user is trying to delete the VPC it will not allow as the NAT instance is still running.

  • Amazon RDS supports SSL encryption for SQL Server DB instances. Using SSL, can encrypt connections between applications and SQL Server DB Instances. This is available for all the versions of Microsoft SQL Server.

  • A SysOps admin must run a script on production servers to fix an issue. The company has a policy to block all remote interactive access to production servers. Based on this situation, the admin should run the script by Configure the script to run as a cron job or scheduled task on the EC2 instances.

  • A SysOps Admin has an AWS Direct Connect connection in place in region us-east-1, between an AWS account and a data center. The Admin is now required to connect the data to a VPC in another AWS Region, us-west-2, which must have consistent network performance and low-latency. The MOST efficient and quickest way to establish this connectivity is Use Direct Connect gateway with the existing Direct Connect connection to connect to the Virtual Private Gateway of the VPC in region us-west-2.

  • A SysOps Admin receives a connection timeout error when attempting to connect to an Amazon EC2 instance from a home network using SSH. The Admin was able to connect to this EC2 instance SSH from their office network in the past. Cause the connection time out is The security group is not allowing inbound traffic from the home network on the SSH port.

  • A user has a refrigerator plant. The user is measuring the temperature of the plant every 15 mins. If the user wants to send the data to CloudWatch to view the data visually, with respect to the information given The user needs to use AWS CLI or API to upload the data.
    AWS CloudWatch supports the custom metrics. The user can always capture the custom data and upload the data to CloudWatch using CLI or APIs. While sending the data the user has to include the metric name, namespace, and timezone as part of the request.

  • A company's application running on Amazon EC2 Linux recently crashed because it ran out of available memory. Management wants to be alerted if this ever happens again. Steps will accomplish this are Create an:
    • Amazon CloudWatch dashboard to monitor the memory usage metrics on the instance over time.
    • alarm on the AWS Personal Health Dashboard that publishes an Amazon SNS notification to alert the CIO when the system is out of memory.
  • An S3 bucket ACL grantee can be an AWS account or one of the predefined Amazon S3 groups.
    The user can grant permission to an AWS account by the email address of that account or by the canonical user ID. If the user provides an email in the grant request, Amazon S3 finds the canonical user ID for that account and adds it to the ACL. The resulting ACL will always contain the canonical user ID for the AWS account, and not the AWS account's email address.

  • A company has deployed a NAT instance to allow web servers to obtain software updates from the internet. There is high latency on the NAT instance as the network grows. A SysOps Admin needs to reduce latency on the instance in a manner that is efficient, cost-effective, and allows for scaling with future demand. To accomplish this should Add a second NAT instance and place both instances behind a load balancer.

  • A company's audit shows that users have been changing cost-related tags on Amazon EC2 instances after deployment. The company has an organization in AWS Organizations with many AWS accounts.
    The company needs a solution to detect the EC2 instances automatically. The solution must require the least possible operational overhead. The solution meets these requirements is Use Service Control Policies (SCPs) to track EC2 instances that do not have the required tags.
Last edited:


  • Foreign key is used to create relationships between tables in a relational DB.

  • Structured Query Language (SQL) use to access data in a relational DB.

  • A SysOps Admin is reviewing AWS Trusted warnings and encounters a warning for an S3 bucket policy that has open access permissions. While discussing the issue the bucket owner, the Admin realizes the S3 bucket is an origin for an Amazon CloudFront web distribution. To ensure that users access objects in Amazon S3 by using only CloudFront URLs the Admin should Create an origin access identity and grant it permissions to read objects in the S3 bucket.
Last edited: