Q40. You have 14 on-premise web servers,
4 database servers, 6 servers using GIS software, 3 file servers, and 4 development servers. What considerations should you take into account when migrating these servers into AWS?
l AWS does not have a way to separate billing for compute costs, so you will need to design a way to split the budget between departments.
l Software licensing costs are always included in services such as RDS, so factor the loss of use of your on-premise licenses in your budget.
l New AWS accounts are limited to 20 on-demand EC2 instances. Submit a request to increase your rate limits before starting a migration.
l The only way to transfer large amounts of database data up to AWS is via S3, which can have a slow upload speed. Plan for this delay and cost in your migration plan.
ChatGPT:
When migrating servers to AWS, there are several considerations to keep in mind, based on the provided information:
1. Budget and Cost Allocation: It's important to consider how to split the budget among different departments or workloads. AWS provides various features and tools for cost allocation and tracking, such as AWS Organizations and AWS Cost Explorer, to help manage costs effectively.
2. Software Licensing: When moving to AWS, you need to consider software licensing costs. AWS offers services like Amazon RDS, which may have licensing included, but for other software and licenses, you'll need to account for the transition, compliance, and potential cost adjustments.
3. EC2 Instance Limits: New AWS accounts have certain limits on the number of on-demand EC2 instances that can be launched initially. If your migration requires more than the default limit, you should indeed submit a request to AWS Support to increase those limits.
4. Data Transfer: When migrating data, especially large database data, to AWS, you should consider the time and cost associated with data transfer. AWS offers various data transfer methods, including AWS DataSync and AWS Snowball, to address these challenges. The choice of method depends on your specific needs and requirements.
So, the most relevant consideration from the provided options is: "New AWS accounts are limited to 20 on-demand EC2 instances. Submit a request to increase your rate limits before starting a migration."
Q41. As your web application grows and your application monitoring needs become more complex,
which additional log monitoring service should you NOT consider?
l ELK stack: Elasticsearch, Loggly, and Kibana
l PRTG
l New Relic
l Datadog
ChatGPT:
PRTG is the service you should NOT consider as a log monitoring service for your web application.
l ELK stack (Elasticsearch, Logstash, and Kibana) is a widely used open-source solution for log and data analysis.
l New Relic and Datadog are both popular Application Performance Monitoring (APM) solutions that include log monitoring as part of their broader feature set.
l PRTG, on the other hand, is primarily a network monitoring tool and is not typically used for log monitoring or log analysis. It focuses on monitoring the health and performance of network devices, systems, and services, rather than log data analysis.
Q42. You have a T2 EC2 instance that is critical to your infrastructure. How would you monitor the most important metric for this instance?
l Turn on CloudWatch Auto Recovery and put monitors on the System Status and Instance Status checks for the instance to notify you when either is in alarm.
l Use CloudWatch to put monitors on the remaining CPU credits. If you run out of CPU credit the instance will be stopped.
Q43. Which feature can be used to respond to a sudden increase in web traffic?
l EC2 Auto Scaling groups
l AWS Shield Advanced
l RDS Read Replicas
l all of these answers
Q44. If a set of servers are located within a private subnet of your VPC, how can you connect those servers to on-premise servers?
l Establish a connection with AWS Direct Connect.
l Use the AWS Client VPN.
l Install a OpenVPN server on an instance that is located within the subnet with an elastic IP.
l All of these options can establish a connection to a private subnet.
Q45. You have a UDP load balancer that is created by an instance that is running an NGINX proxy.
Your application performance management (APM) solution can detect failures in your load balancer instance and transfer the Elastic IP to a passive standby instance. Using the AWS CLI, which script do you program into your APM to move the Elastic IP?
A
aws ec2 disassociate-address --association-id eipassoc-2bebb712
aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
B
aws ec2 release-address --association-id eipassoc-2bebb712
aws ec2 assign-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
C
aws ec2 stop-instances --instance-ids i-8b953
wait 30
aws ec2 disassociate-address --association-id eipassoc-2bebb712
aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
aws ec2 start-instances --instance-ids i-8b953
D
aws ec2 release-address --association-id eipassoc-2bebb712
aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
ChatGPT:
The script that you should use to move the Elastic IP to another instance using the AWS CLI is Option D:
aws ec2 release-address --association-id eipassoc-2bebb712
aws ec2 associate-address --instance-id i-8b953 --allocation-id eipalloc-02d021a
This script first releases the Elastic IP address from its current association and then associates it with the specified instance, effectively moving the Elastic IP to the new instance. This is the correct sequence of commands for reassigning an Elastic IP to another instance.
両者食い違っている。
Releases the specified Elastic IP address.
[Default VPC] Releasing an Elastic IP address automatically disassociates it from any instance that it’s associated with. To disassociate an Elastic IP address without releasing it, use DisassociateAddress .
[Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic IP address before you can release it. Otherwise, Amazon EC2 returns an error (InvalidIPAddress.InUse ).
After releasing an Elastic IP address, it is released to the IP address pool. Be sure to update your DNS records and any servers or devices that communicate with the address.
Ref. https://awscli.amazonaws.com/
上記から、Nondefaultな場合も想定し、
またreleaseするとDNS(=Domain Name System: 機器名とIPアドレスを紐付ける仕組み)
You say "release-address" is preferable than "disassociate-address".
Can you explain the reason?
ChatGPT:
I apologize for any confusion. My previous response did not explicitly state that "release-address" is preferable to "disassociate-address." Both commands have specific use cases and implications, and the choice between them depends on your requirements and the specific scenario.
Here's a clarification of the differences and considerations:
1.Disassociate-Address:
l This command disassociates the Elastic IP address from the current EC2 instance but retains ownership of the Elastic IP.
l The Elastic IP can be associated with another EC2 instance in the same AWS account immediately.
l This is typically used when you want to move the Elastic IP to another instance within the same account without releasing it back to AWS.
l It's a faster way to reassign the Elastic IP but requires that you still have ownership of the Elastic IP.
2.Release-Address:
l This command disassociates the Elastic IP address from the current EC2 instance and releases the Elastic IP address back to AWS, making it available for anyone to use.
l Releasing the Elastic IP might be necessary in scenarios where you no longer need the IP address and want to free it up, or if you intend to transfer the Elastic IP to another AWS account.
l If you release the Elastic IP, you'll need to allocate a new Elastic IP and associate it with the new instance. This process might involve a bit more administrative overhead and a slight delay due to provisioning a new Elastic IP.
So, which command to use depends on your specific use case and whether you intend to retain or release the Elastic IP. If you are simply moving the Elastic IP to another instance within the same account, "disassociate-address" is often more appropriate. If you no longer need the Elastic IP or are transferring it to another AWS account, then "release-address" is the right choice.
以上、ChatGPTが幾らかの言い訳の後 改心してくれて、私も過去問解答Aが正しいと納得できた。
Q46. What service can host your Docker containers?
l Lightsail
l Elastic Container Service (ECS)
l Elastic Compute Cloud (EC2)
l All of these services can host a Docker container.
Q47. In the S3 console, underneath the Access column, what does the public badge next to the bucket name indicate?
l All objects within this bucket are assigned public access and could be readable or writable by anyone on the internet. Ensure no sensitive data is being publicly shared within this bucket.
l All objects within this bucket are writable, which means that the public internet has the ability to upload any file directly to your S3 bucket. Your S3 bucket could be used to serve malware.
l Some objects within this bucket are assigned public access. Verify that any publicly shared objects within this bucket contain no sensitive data.
l Objects within this bucket can be made public, if the ACL on that object is set to allow everyone access. Private buckets do not allow you to set public permissions on any object.
Q48. What privilege is specific to the AWS root account, and cannot be granted to another IAM user on the account?
l Revoke the AdministratorAccess role or grant it to another IAM user.
l Create a new hosted zone in Route 53.
l Delete the AWS account.
l Modify the billing details.
ChatGPT also adds ..
Q49. Your application is sending 50,000 emails through SES each day.
Since you must maintain a low bounce rate to avoid being put on probation, what simple system do you architect to automatically process hard bounces?
l Configure SES to send all bounce events to an SNS topic. Create a Lambda function that processes each hard bounce event and automatically flags that account as a bounce in your application to prevent further sending attempts.
l Configure SES to no longer send to email addresses that are on your bounce list.
l Configure SES to send the logs of all delivery attempts through Kinesis Firehose. Process each event and look for bounce types and remove these emails from your list.
l Send all emails through SES with a custom reply-to header. Configure SES to listen for events on this email address and flag any email address that replies to this account as a bounced message and remove it from your email list.
ChatGPT also adds ..
This method leverages the integration of Amazon SES with AWS Simple Notification Service (SNS) to handle bounce events. When a hard bounce occurs, SES can publish an SNS notification. By configuring SES to send these events to an SNS topic, you can then create a Lambda function that processes these notifications and takes appropriate actions, such as flagging the email address as a bounce in your application and preventing further sending attempts. This approach is an effective way to manage bounces and maintain a low bounce rate while automating the process.
Options B, C, and D do not directly address the automatic processing of hard bounces, and they may not be as effective or efficient in handling bounce events as Option A.
・出典、過去問
https://www.chase2learn.com/
amazon-web-services-linkedin- assessment/
No comments:
Post a Comment