AWS Interview Questions Answers - Design Resilent Architectures

Question 1. At Examsdigest.com we use machine learning technologies to collect

and analyze data, and we use Amazon Redshift for a data warehouse. Now, we need

your knowledge to help us implement a disaster recovery plan for Examsdigest.com

to automatically back up our cluster to a second AWS region in the event of an AWS

region outage. Which of the following option will you suggest to implement?

(A) Use Amazon Redshift enhanced VPC routing

(B) Configure cross-Region snapshot

(C) Enable automated snapshots

(D) You don't need to back up the cluster to a second AWS region as Amazon

Redshift is highly available

Explanation 1. Configure cross-Region snapshot is the correct answer. You can

configure Amazon Redshift to copy snapshots for a cluster to another AWS Region.

To configure cross-Region snapshot copy, you need to enable this copy feature for

each cluster and configure where to copy snapshots and how long to keep copied

automated snapshots in the destination AWS Region. When cross-Region copy is

enabled for a cluster, all new manual and automated snapshots are copied to the

specified AWS Region. Copied snapshot names are prefixed with copy:.

Question 2. Which of the following Container AWS services helps you to run, stop,

and manage Docker containers on a cluster?

(A) Amazon ECR

(B) Amazon ECS

(C) Amazon EKS

(D) Amazon EC2

Explanation 2. Amazon ECS is the correct answer. Amazon Elastic Container

Service (Amazon ECS) is a highly scalable, fast, container management service that

helps to run, stop, and manage Docker containers on a cluster.

You can host your cluster on a serverless infrastructure that is managed by Amazon

ECS by launching your services or tasks using the Fargate launch type. For more

control over your infrastructure, you can host your tasks on a cluster of Amazon

Elastic Compute Cloud (Amazon EC2) instances that you manage by using the EC2

launch type.

Question 3. Assuming you are working for a company in the gaming APP industry.

The demand for your applications is growing but the performance of your APPs

decreases drastically. You have been tasked to improve the performance by

integrating an in-memory data store to your applications using ElastiCache. How

does Amazon ElastiCache improve database performance?

(A) Cache query results and then you can quickly retrieve the data multiple

times without having to re-execute the query

(B) Deliver data, videos, applications, and APIs to customers globally with low

latency, high transfer speeds, all within a developer-friendly environment

(C) Reduce the load on your source DB instance by routing read queries from

your applications to the read replica

(D) Enable you to build queries that efficiently navigate highly connected

datasets

Explanation 3. Cache query results and then you can quickly retrieve the data

multiple times without having to re-execute the query is the correct answer.

Amazon ElastiCache allows you to seamlessly set up, run, and scale popular open￾Source compatible in-memory data stores in the cloud. Build data-intensive apps or

boost the performance of 

your existing databases by retrieving data from high throughput and low latency in￾memory data stores. 

Amazon ElastiCache is a popular choice for real-time use cases like Caching,

Session Stores, Gaming, Geospatial Services, Real-Time Analytics, and Queuing. 

The primary purpose of an in-memory key-value store is to provide ultrafast

(submillisecond latency) and inexpensive access to copies of data.

Question 4. Which of the following VPC features copies the network traffic from an

elastic network interface of an Amazon EC2 instance and send the traffic to

monitoring appliances?

(A) Flow logs

(B) Traffic mirroring

(C) Network access control lists (ACLs)

(D) Security groups

Explanation 4. Traffic mirroring is the correct answer. Traffic mirroring copies

network traffic from an elastic network interface of an Amazon EC2 instance and

then you can then send the traffic to out-of-band security and monitoring appliances.

Question 5. There is a real-time data analytics application called DataAnalytics APP

that uses AWS Lambda to process data and store the results in JSON format to an S3

bucket. In order to speed up the workflow, you have to use a service where you can

run sophisticated Big Data analytics on your data without moving them into a

separate analytics system. Which of the following services will you use to meet the

above requirement? (Choose three answers)

(A) Amazon Redshift Spectrum

(B) DynamoDB

(C) S3 Select

(D) Amazon Athena

(E) Amazon Neptune

Explanation 5. The services will you use to meet the above requirement are

Amazon Redshift Spectrum, S3 Select, Amazon Athena.

Amazon Redshift Spectrum – is a feature within Amazon Web Services’ Redshift

data warehousing service that lets a data analyst conduct fast, complex analysis on

objects stored on the AWS cloud.

S3 Select – is designed to pull out only the data you need from an object, which can

dramatically improve the performance and reduce the cost of applications that need

to access data in S3.

Amazon Athena – is an interactive query service that makes it easy to analyze data

in Amazon S3 using standard SQL. Athena is serverless, so there is no infrastructure

to manage, and you pay only for the queries that you run.

Question 6. Which of the following VPC features acts as a firewall for associated

subnets, controlling both inbound and outbound traffic at the subnet level?

(A) Flow logs

(B) Traffic mirroring

(C) Network access control lists (ACLs)

(D) Security groups

Explanation 6. Network access control lists (ACLs) is the correct answer.

Network ACLs act as a firewall for associated subnets, controlling both inbound and

outbound traffic at the subnet level.

Question 7. Which of the following VPC features captures information about the IP

traffic going to and from network interfaces?

(A) Flow logs

(B) Traffic mirroring

(C) Network access control lists (ACLs)

(D) Security groups

Explanation 7. Flow logs is the correct answer. Flow logs capture information

about the IP traffic going to and from network interfaces in your VPC. You can

create a flow log for a VPC, subnet, or individual network interface. Flow log data is

published to CloudWatch Logs or Amazon S3, and it can help you diagnose overly

restrictive or overly permissive security groups and network ACL rules.

Question 8. Which of the following VPC features acts as a firewall for associated

Amazon EC2 instances, controlling both inbound and outbound traffic at the

instance level?

(A) Flow logs

(B) Traffic mirroring

(C) Network access control lists (ACLs)

(D) Security groups

Explanation 8. Security groups is the correct answer. Security groups act as a

firewall for associated Amazon EC2 instances, controlling both inbound and

outbound traffic at the instance level. When you launch an instance, you can

associate it with one or more security groups that you’ve created. Each instance in

your VPC could belong to a different set of security groups. If you don’t specify a

security group when you launch an instance, the instance is automatically associated

with the default security group for the VPC.

Question 9. You must specifically create a network path between your cluster’s

VPC and your data resources otherwise COPY and UNLOAD commands might fail

if the VPC is not configured correctly

(A) TRUE

(B) FALSE

Explanation 9. TRUE is the correct answer.

Because enhanced VPC routing affects the way that Amazon Redshift accesses other

resources, COPY and UNLOAD commands might fail unless you configure your

VPC correctly. You must specifically create a network path between your cluster’s

VPC and your data resources.

Question 10. You are working as a site reliability engineer (SRE) for a large US￾based IT company. You have been tasked to find an automated way to monitor and

resolve issues with their on-demand EC2 instances. Which of the following option

can be used to automatically monitor the EC2 instances and notify you for any

possible incidents?

(A) AWS CloudFormation

(B) AWS CloudTrail

(C) Amazon CloudWatch

(D) AWS Compute Optimizer

Explanation 10. Amazon CloudWatch is the correct answer.

CloudWatch provides you with data and actionable insights to monitor your

applications, respond to system-wide performance changes, optimize resource

utilization, and get a unified view of operational health.

CloudWatch collects monitoring and operational data in the form of logs and events,

providing you with a unified view of AWS resources, and services that run on AWS

and on-premises servers.

You can use CloudWatch to detect anomalous behavior in your environments, set

alarms, visualize logs and metrics side by side, take automated actions, troubleshoot

issues, and discover insights to keep your applications running smoothly.

Question 11. You have been tasked to improve the security of the data flow between

your Amazon Redshift cluster and other resources. The very first step is to use VPC

flow logs to monitor all the COPY and UNLOAD traffic of your Redshift cluster

that moves in and out of your VPC. Which of the following option is the most

suitable solution to improve the security of your data?

(A) Enable Enhanced VPC routing on your Amazon Redshift cluster

(B) Query data with federated queries in Amazon Redshift

(C) Configure workload management

(D) Use the Amazon Redshift Spectrum

Explanation 11. Enable Enhanced VPC routing on your Amazon Redshift

cluster is the correct answer.

When you use Amazon Redshift enhanced VPC routing, Amazon Redshift forces

all COPY and UNLOAD traffic between your cluster and your data repositories

through your Amazon VPC. By using enhanced VPC routing, you can use standard

VPC features, such as VPC security groups, network access control lists (ACLs),

VPC endpoints, VPC endpoint policies, internet gateways, and Domain Name

System (DNS) servers. You use these features to tightly manage the flow of data

between your Amazon Redshift cluster and other resources. 

When you use enhanced VPC routing to route traffic through your VPC, you can

also use VPC flow logs to monitor COPY and UNLOAD traffic.

If enhanced VPC routing is not enabled, Amazon Redshift routes traffic through the

internet, including traffic to other services within the AWS network.

Question 12. As a Solutions Architect for a startup, you have been tasked to provide

the most suitable database service for the company in order to:

1. Store and retrieve any amount of data and serve any level of request traffic.

2. Scale up or scale down your tables’ throughput capacity without downtime or

performance degradation.

3. Create full backups of your tables for long-term retention and archival for

regulatory compliance needs.

Which of the following Amazon database service is the most suitable solution to use

to achieve the above requirements?

(A) Amazon Keyspaces

(B) Amazon Neptune

(C) Amazon DocumentDB

(D) Amazon DynamoDB

Explanation 12. Amazon DynamoDB is the correct answer.

Amazon DynamoDB is a fully managed NoSQL database service that provides fast

and predictable performance with seamless scalability.

With DynamoDB:

1) You can create database tables that can store and retrieve any amount of data and

serve any level of request traffic.

2) You can scale up or scale down your tables’ throughput capacity without

downtime or performance degradation.

3) You can create full backups of your tables for long-term retention and archival for

regulatory compliance needs.

4) You can enable point-in-time recovery for your Amazon DynamoDB tables.

5) You can delete expired items from tables automatically to help you reduce storage

usage and the cost of storing data that is no longer relevant.

Question 13. Which of the following Amazon Database services is compatible with

MongoDB?

(A) DocumentDB

(B) Amazon Neptune

(C) Amazon Aurora

(D) Amazon RDS

Explanation 13. DocumentDB is the correct answer. Amazon DocumentDB is

compatible with MongoDB, is a fast, reliable, and fully-managed database service.

Amazon DocumentDB makes it easy to set up, operate, and scale MongoDB￾compatible databases in the cloud. With Amazon DocumentDB, you can run the

same application code and use the same drivers and tools that you use with

MongoDB.

Question 14. Which of the following ACL rules allows inbound HTTP traffic from

any IPv4 address.

(A) Rule: 100, Type: HTTP, Protocol: TCP, Port range: 80, Source: 0.0.0.0/0,

Allow/Deny: ALLOW

(B) Rule: 100, Type: HTTP, Protocol: TCP, Port range: 443, Source: 0.0.0.0/0,

Allow/Deny: ALLOW

(C) Rule: 100, Type: HTTP, Protocol: TCP, Port range: 53, Source: 0.0.0.0/0,

Allow/Deny: ALLOW

(D) Rule: 100, Type: HTTP, Protocol: TCP, Port range: 22, Source: 0.0.0.0/0,

Allow/Deny: ALLOW

Explanation 14. Rule: 100, Type: HTTP, Protocol: TCP, Port range: 80, Source:

0.0.0.0/0, Allow/Deny: ALLOW is the correct answer. 

1) Rule: 100, Type: HTTP, Protocol: TCP, Port range: 443, Source: 0.0.0.0/0,

Allow/Deny: ALLOW is incorrect because it uses the port 443 which is the HTTPS

port

2) Rule: 100, Type: HTTP, Protocol: TCP, Port range: 53, Source: 0.0.0.0/0,

Allow/Deny: ALLOW is incorrect because it uses the port 53 which is the DNS port

3) Rule: 100, Type: HTTP, Protocol: TCP, Port range: 22, Source: 0.0.0.0/0,

Allow/Deny: ALLOW is incorrect because it uses the port 22 which is the SSH port

Question 15. Amazon _____________________ is a highly available, durable,

secure, fully managed pub/sub messaging service that enables you to decouple

microservices, distributed systems, and serverless applications.

(A) SQS

(B) SNS

(C) MQ

(D) SWF

Explanation 15. SNS is the correct answer. Amazon Simple Notification Service

(SNS) is a highly available, durable, secure, fully managed pub/sub messaging

service that enables you to decouple microservices, distributed systems, and

serverless applications. 

Amazon SNS provides topics for high-throughput, push-based, many-to-many

messaging. Using Amazon SNS topics, your publisher systems can fan-out messages

to a large number of subscriber endpoints for parallel processing, including Amazon

SQS queues, AWS Lambda functions, and HTTP/S webhooks. Additionally, SNS

can be used to fan out notifications to end users using mobile push, SMS, and email.

Question 16. Which of the following AWS analytic services is serverless and makes

it easy to analyze data in Amazon S3 using standard SQL?

(A) Amazon Athena

(B) Amazon Kinesis

(C) Amazon CloudSearch

(D) AWS Data Pipeline

Explanation 16. Amazon Athena is the correct answer. Amazon Athena is an

interactive query service that makes it easy to analyze data in Amazon S3 using

standard SQL. Athena is serverless, so there is no infrastructure to manage, and you

pay only for the queries that you run. 

Athena is easy to use. Simply point to your data in Amazon S3, define the schema,

and start querying using standard SQL. 

Most results are delivered within seconds. With Athena, there’s no need for complex

ETL jobs to prepare your data for analysis. This makes it easy for anyone with SQL

skills to quickly analyze large-scale datasets.

Question 17. Which of the following AWS analytic services collect, process, and

analyze real-time, streaming data so you can get timely insights and react quickly to

new information?

(A) Amazon Athena

(B) Amazon Kinesis

(C) Amazon CloudSearch

(D) AWS Data Pipeline

Explanation 17. Amazon Kinesis is the correct answer. 

Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming

data so you can get timely insights and react quickly to new information. Amazon

Kinesis offers key capabilities to cost-effectively process streaming data at any scale,

along with the flexibility to choose the tools that best suit the requirements of your

application.

Question 18. Which of the following AWS services is a web service that helps you

reliably process and move data between different AWS compute and storage

services?

(A) Amazon Athena

(B) Amazon Kinesis

(C) Amazon CloudSearch

(D) AWS Data Pipeline

Explanation 18. AWS Data Pipeline is the correct answer. AWS Data Pipeline is a

web service that helps you reliably process and move data between different AWS

compute and storage services, as well as on-premises data sources, at specified

intervals.

With AWS Data Pipeline, you can access your data where it’s stored, transform and

process it at scale, and efficiently transfer the results to S3, Amazon RDS and

Amazon EMR.

Question 19. Which of the following AWS services makes simple and cost-effective

to set up, manage, and scale a search solution for your website or application?

(A) Amazon Athena

(B) Amazon Kinesis

(C) Amazon CloudSearch

(D) AWS Data Pipeline

Explanation 19. Amazon CloudSearch is the correct answer. Amazon

CloudSearch is a managed service in the AWS Cloud that makes it simple and cost￾effective to set up, manage, and scale a search solution for your website or

application.

With Amazon CloudSearch, you can quickly add rich search capabilities to your

website or application. You don’t need to become a search expert or worry about

hardware provisioning, setup, and maintenance. With a few clicks in the AWS

Management Console, you can create a search domain and upload the data that you

want to make searchable, and Amazon CloudSearch will automatically provision the

required resources and deploy a highly tuned search index.

Question 20. You can use Amazon _________________ Logs to monitor, store, and

access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances,

AWS CloudTrail, Route 53, and other sources.

(A) CloudWatch

(B) CloudTrail

(C) Lambda

(D) CloudMonitor

Explanation 20. Amazon CloudWatch is the correct answer. You can use

Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon

Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and

other sources. 

CloudWatch Logs enables you to centralize the logs from all of your systems,

applications, and AWS services that you use, in a single, highly scalable service. You

can then easily view them, search them for specific error codes or patterns, filter

them 

based on specific fields, or archive them securely for future analysis.