Q30. When launching an EC2 instance with an instance type that supports instance storage, what use case is best for instance storage?
- Use the instance storage to serve temporary files that require low I/O latency.
- Use the instance storage to handle files uploaded by your users. Since it is more secure than an EBS volume, you can isolate any malicious files from infecting your server.
- Instance storage is faster than EBS volumes, so install the root of the operating system on this volume to speed up server performance.
- Instance storage is a deprecated option for storage and should not be used.
ChatGPT
The best use case for instance storage when launching an EC2 instance is:
Use the instance storage to serve temporary files that require low I/O latency.
Instance storage, also known as ephemeral storage, is a type of local storage that is physically attached to the host on which your EC2 instance runs. It is ideal for temporary storage of data that doesn't need to be retained long-term, and it's well-suited for use cases where low I/O latency and high performance are critical. However, it's important to note that data stored on instance storage is not persistent, meaning it will be lost if the instance is stopped, terminated, or experiences a hardware failure. It's essential to back up any critical data elsewhere if you choose to use instance storage for temporary files.
Q31. What’s the best practice for horizontally scaling a legacy ASP.NET web application that relies on Active Directory and is currently deployed to a single Windows EC2 instance?
- Use Sysprep to shut down the instance during a maintenance window. Create an AMI image and place both servers behind Application Load Balancer with sticky sessions.
- Launch a new EC2 with the latest version of Windows Server and install the application again. Use Application Load Balancer and sticky sessions to balance between both servers.
- Create a clone of the server using an AMI image and user Application Load Balancer to balance the traffic between both instances using sticky sessions.
- Horizontal scaling is not the best practice in this situation. Increase the size of the existing EC2 instance and vertically scale the application.
ChatGPT answered:
The best practice for horizontally scaling a legacy ASP.NET web application that relies on Active Directory and is currently deployed to a single Windows EC2 instance is:
Create a clone of the server using an AMI image and use an Application Load Balancer to balance the traffic between both instances using sticky sessions.
This approach involves creating a new EC2 instance based on an AMI (Amazon Machine Image) of the existing server. By using an Application Load Balancer (ALB) with sticky sessions, you can distribute incoming traffic across both instances, ensuring that users' sessions are maintained consistently.
Vertical scaling (increasing the size of the existing EC2 instance) is a valid approach, but it has limitations in terms of how much you can scale and may not provide the same level of fault tolerance and availability as horizontal scaling with multiple instances behind a load balancer.
Option 1, using Sysprep and placing both servers behind an ALB, would require downtime during maintenance and is more complex than simply creating a clone from an AMI.
Option 2, launching a new EC2 instance with the latest version of Windows Server and installing the application, is a valid approach but doesn't address the need for horizontal scaling and high availability.
※注、ここでも過去問解答とChatGPT解答が異なっており、
Q32. What does this small section of a CloudFormation template do?
FlowLog:
Type: AWS::EC2::FlowLog
Properties:
DeliverLogsPermissionArn: !GetAtt IamRole.Arn
LogGroupName: FlowLogsGroup
ResourceId: !Ref LogVpcId
ResourceType: VPC
TrafficType: ALL
- It writes the VPC network flow logs to the CloudWatch FlowLogsGroup log group. You could use this to inspect the network connections of your VPC.
- It logs all of the network traffic within a VPC except Instance IDs defined by LogVpcID and logs it to the CloudWatch FlowLogsGroup log group.
- It logs all the network traffic going to and from a single EC2 instance into the CloudWatch FlowLogsGroup log group. You could use this to inspect suspicious network traffic coming into an EC2 instance.
- It logs all of the DNS requests made by resources within a VPC and logs them to the CloudWatch FlowLogsGroup. Use this to diagnose DNS lookup errors within your environment.
ChatGPT answered:
The purpose of this configuration is:
It writes the VPC network flow logs to the CloudWatch FlowLogsGroup log group. You could use this to inspect the network connections of your VPC.
This configuration sets up flow logs for the specified VPC, capturing network flow information and sending it to the CloudWatch Logs log group named "FlowLogsGroup." This is a common practice for monitoring and diagnosing network traffic within a VPC, which can be useful for troubleshooting, security analysis, and performance monitoring.
Q33. You are running Docker containers on ECS. What is the most important metric to monitor?
- The running container count for each service from within CloudWatch.
- The instance health of each EC2 instance in your cluster from within CloudWatch.
- Monitor the EC2 service dashboard. Watch for posted outages to the ECS service.
- The memory consumption of each EC2 instance in your cluster from within CloudWatch.
ChatGPT:
The most important metric to monitor when running Docker containers on Amazon Elastic Container Service (ECS) is:
The memory consumption of each EC2 instance in your cluster from within CloudWatch.
Monitoring memory consumption is crucial because it helps ensure that your EC2 instances have enough resources to run the Docker containers effectively. If an instance's memory usage is consistently high or reaches critical levels, it can lead to performance issues, service interruptions, or even container failures.
Monitoring the running container count and instance health are also important, but memory consumption is often a critical factor in ensuring the overall health and performance of your Dockerized applications. It helps you proactively address resource constraints before they impact your containers' performance.
Google:
AWS Health Checkとは何ですか?
ヘルスチェックは、特定のサーバー上のサービスに、
EC2のヘルスチェックとは?
EC2 AutoScalingはAutoScalingグループ内のE
※メモリー使用量確認はヘルスチェックには含まれない。
Q34. Application Load Balancer can route traffic to several different target groups based upon several conditions. Which of these use cases is not supported by Application Load Balancer?
- A request with a HTTP header of X-Requested-With: staging can be routed to a target group for an ECS service in your staging environment.
- Source IPs matching 192.0.2.0/24 on a listener port of 1433 can be routed to a target group for an RDS for SQL Server cluster.
- A path of /signup* can be routed to a target group for a Lambda function that processes new user registrations.
- An Http POST query string of ? action=createuser can be routed to a target group for an ECS service.
ChatGPT:
The use case that is not supported by an Application Load Balancer (ALB) is:
An Http POST query string of ?action=createuser can be routed to a target group for an ECS service.
ALB supports routing based on various conditions, including HTTP headers, source IP addresses, paths, and other factors. However, routing based on an HTTP POST query string is not a natively supported condition for ALB. ALB primarily routes traffic based on information in the HTTP request, but it's more focused on headers, paths, and host names rather than the specific details of the query string.
The other use cases mentioned can be supported by ALB's routing capabilities. For example, routing based on HTTP headers, source IP addresses, or paths is well-supported, and you can route traffic to different target groups based on these conditions.
Q36. Can you lose the public IP address associated with your EC2 instance?
- Yes, you can lose it if you reboot the instance.
- Yes, you can lose it if you stop and start the instance.
- No, you will never lose the public IP address for your instance.
- Yes, you can lose it when you edit the instance properties and release the IP address.
ChatGPT:
Yes, you can lose the public IP address associated with your EC2 instance in some situations. Specifically:
Yes, you can lose it if you stop and start the instance.
When you stop and start an EC2 instance, it typically gets a new public IP address. This is because the public IP address is associated with the instance's network interface, and stopping the instance often results in a new network interface being created when the instance is started again.
If you want to keep the same public IP address, you can use Elastic IP addresses, which allow you to associate a static public IP with your instance that you can retain even if you stop and start the instance.
※Elastic IP アドレスは、
Elastic IP アドレスはユーザーの AWS アカウントに割り当てられ、
https://docs.aws.amazon.com/
Q37. Where is the best place to store database backups on an EC2 instance that is configured as a database server?
- an S3 bucket, synced with the database backups via a script that calls the AWS CLI
- EBS volume attached to the instance
- instance attached to the instance
- instance storage, with a script that replicates the database backups to another instance in a different availability zone.
ChatGPT:
The best place to store database backups on an EC2 instance that is configured as a database server is typically on an EBS volume attached to the instance. Here's why:
- Durability: EBS volumes are highly durable and provide redundancy, reducing the risk of data loss.
- Persistence: Data stored on EBS volumes persists even if the instance is stopped or terminated, making it a reliable choice for backups.
- Snapshotting: EBS volumes can be easily snapshot, providing a point-in-time backup of the data.
Using an S3 bucket with the AWS CLI is a good practice for backing up data, but it's generally more suitable for long-term backups, off-site storage, or archiving. It's recommended to store the primary database backups on EBS volumes for quick access and recovery.
Storing backups on the instance itself or on instance storage is not a recommended practice for durability and recovery, as data on instance storage can be lost if the instance is stopped or terminated. Replicating backups to another instance is complex and requires manual management, making it less suitable for a reliable backup solution.
※ここでもChatGPTの説明が分かり易く、
過去問解答と異なる場合、設問に曖昧さ(
Q38. Which of these is a valid restriction on the properties of a VPC?
l You can have only 10 internet gateways per region on a new AWS account.
l You can have only 10 VPCs per region on a new AWS account
l You cannot create a CIDR block with a netmask larger than /16
l You can have only 10 subnets within a VPC
ChatGPT:
Among the options you provided, the valid restriction on the properties of a VPC is:
You can have only 10 VPCs per region on a new AWS account.
In AWS, the limit for the number of VPCs per region is initially set to 5 by default, but it can be increased to a maximum of 10 VPCs per region for a new AWS account.
The other statements are not accurate:
There is no specific limit on the number of internet gateways per region; you can attach an internet gateway to a VPC as needed.
You can create a VPC with a CIDR block of any valid size, not limited to /16.
There is no specific limit on the number of subnets within a VPC; you can create as many subnets as needed within the IP address range of the VPC's CIDR block.
※アマゾンの案内は下記の通り
l リージョンあたりの VPC の数 5 調整可(この制限を引き上げて、リージョンあたり何百個もの VPC を使用できるようにします。)
l VPC 当たりのサブネットの数 200
l VPC 当たりの IPv4 CIDR ブロック 5 調整可(最大 50)
l VPC 当たりの IPv6 CIDR ブロック 5 調整可(最大 50)
Ref. https://docs.aws.amazon.com/
※アマゾンの言う”CIDRブロック最大50”は /n で表記できない。
あるいは/16はネットワーク数は65536個で、
設問が拙いのでは?
Q39. You have a Linux EC2 instance that is not responding to requests and you can not connect to it via SSH. Using the EC2 console, you issued a command to stop the instance, but for the past 10 minutes the instance has been in the “stopping” state. What is the next step you should take?
l Issue another stop action via the EC2 console, and choose the option to forcefully stop the instance.
l Create an AMI image of the instance, and choose the option to take the image without restarting the instance.
l Edit the instance properties and increase the instance size.
l Contact AWS support. Any further actions could corrupt the file system.
ChatGPT:
When you have an EC2 instance that is unresponsive and has been stuck in the "stopping" state for an extended period, it's generally best to try a more forceful stop action. However, you should avoid taking actions that could potentially corrupt the file system.
The appropriate next step in this situation is:
Issue another stop action via the EC2 console, and choose the option to forcefully stop the instance.
This allows AWS to forcibly terminate the underlying hardware and should bring the instance to a stopped state. Once the instance is in a stopped state, you can then attempt to start it again.
Creating an AMI without restarting the instance may not be necessary at this stage, and it's safer to try a forceful stop first. Increasing the instance size is unlikely to resolve the stopping issue, and contacting AWS support is a viable option but may take some time, so a forceful stop is generally the first step in resolving the issue.
過去問ソース
https://www.chase2learn.com/
amazon-web-services-linkedin- assessment/
関連スキルテスト AWS Q20
https://akasaka-taro.blogspot.com/2023/10/skill-assessment-aws-q20.html
No comments:
Post a Comment