Oct 10, 2023

Skill Assessment - AWS Q3

過去問ソース

https://www.chase2learn.com/amazon-web-services-linkedin-assessment/

ネットで見つけた過去問の解答にひっかかりを感じたら、ChatGPT解答を比較し、学習を深めることにする。


Q2. Which database is a NoSQL database type that can quickly store and retrieve key-value pairs?

Aurora

Neptune

RDS for MySQL

DynamoDB

 

ChatGPT

The NoSQL database type that can quickly store and retrieve key-value pairs is DynamoDB.


What do you describe other database systems?

 

ChatGPT

Other database systems typically refer to a broad category of database management systems (DBMS) that are not specifically NoSQL databases. Here's an overview of different types of database systems:


1.     
Relational Databases (RDBMS): These databases use a structured, tabular format to store data. They are based on the relational model and use SQL (Structured Query Language) to query and manipulate data. Examples include MySQL, PostgreSQL, Microsoft SQL Server, and Oracle Database.

2.     Document Stores: Document databases are NoSQL databases that store data in a semi-structured format, usually as JSON or XML documents. Each document can have a different structure, making them flexible for unstructured or semi-structured data. Examples include MongoDB and Couchbase.

3.     Key-Value Stores: These databases store data as a collection of key-value pairs, making them simple and efficient for basic read and write operations. Examples include Redis, Riak, and Amazon DynamoDB.

4.     Column-Family Stores: Column-family databases are NoSQL databases optimized for storing and retrieving large volumes of data with high write and read performance. They are used for time-series data, sensor data, and other use cases. Examples include Apache Cassandra and HBase.

5.     Graph Databases: These databases are designed for managing and querying data with complex relationships. They use graph structures to represent and navigate data, making them suitable for applications like social networks, recommendation engines, and fraud detection. Examples include Neo4j and Amazon Neptune.

6.     In-Memory Databases: These databases store data primarily in memory (RAM) for extremely fast data access and low-latency operations. Examples include Redis and Memcached.

7.     Time-Series Databases: Time-series databases are optimized for storing and querying time-stamped data, making them suitable for applications that need to analyze data over time, such as IoT, monitoring, and analytics. Examples include InfluxDB and TimescaleDB.

8.     NewSQL Databases: NewSQL databases aim to combine the scalability benefits of NoSQL databases with the transactional and consistency guarantees of traditional RDBMS. Examples include Google Spanner and CockroachDB.

9.     Search Engines: While not traditional databases, search engines like Elasticsearch and Apache Solr are used to index and search large volumes of text and structured data efficiently.

10.   Columnar Databases: These databases are designed for analytical workloads and store data in columnar formats, optimizing them for analytical queries and data warehousing. Examples include Amazon Redshift and ClickHouse.

The choice of database system depends on the specific requirements of an application, including data structure, query patterns, scalability, and performance considerations. Different database systems are optimized for different use cases and data models.


What do you describe these 3 databases?

1. Aurora

2. Neptune

3. RDS for MySQL

 

ChatGPT

Certainly, I can provide descriptions for each of these three database services offered by Amazon Web Services (AWS):

1.     Amazon Aurora:

·  Amazon Aurora is a fully managed, relational database service provided by AWS.

·  It is compatible with both MySQL and PostgreSQL, meaning it can be used as a drop-in replacement for these database engines.

·  Aurora is known for its high performance and availability, with capabilities for automatic failover, replication, and automated backups.

·  It offers features like read replicas and global databases to distribute workloads and enable cross-region replication.

·  Aurora is designed to deliver performance that is typically greater than standard MySQL or PostgreSQL databases while maintaining high availability and reliability.

2.     Amazon Neptune:

·  Amazon Neptune is a fully managed graph database service by AWS.

·  It is optimized for storing and querying data with complex relationships, making it well-suited for applications that require graph-based modeling, such as social networks, recommendation systems, and knowledge graphs.

·  Neptune supports two popular graph query languages: Apache TinkerPop Gremlin and W3C's SPARQL.

·  It is highly available and allows for read replicas, automatic backups, and data encryption at rest and in transit.

·  Neptune is compatible with both property graph and RDF (Resource Description Framework) data models.

3.     Amazon RDS for MySQL:

·  Amazon RDS (Relational Database Service) for MySQL is a managed relational database service that focuses on MySQL, one of the most widely used open-source relational database management systems.

·  RDS for MySQL simplifies database administration tasks like patching, backups, and scaling, making it easier to operate MySQL databases in the AWS cloud.

·  It provides features such as automated backups, Multi-AZ (Availability Zone) deployments for high availability, and read replicas for offloading read traffic.

·  RDS for MySQL is a suitable choice when you need a MySQL database in a managed environment without the overhead of handling infrastructure and administrative tasks.

These services cater to different database needs. Aurora and RDS for MySQL are relational database services, while Neptune is a graph database service. The choice between them depends on the specific requirements of your application, such as data model, query patterns, scalability, and performance considerations.

 

Q3. Your database is an RDS instance running SQL Server with Multi-AZ replication 

and you have several older .NET console utilities that perform database operations every 15 seconds. 

When the cluster has to switch the primary database server to the secondary AZ, the .NET utilities start to report connection failures to the database although other applications are able to access the database. How do you correct this problem?

1.       Use the RDS console to force a reboot of the database instance so that the primary server becomes the master server again.

2.       The server running the .NET utilities is caching the DNS lookup on the database cluster address.

3.       Flush the DNS cache of the server and force the C# utilities to open new connections to the database. A.NET application will retain the IP address of a connection string until the host machine is rebooted.

4.      The NET utilities need to change the SQL Server endpoint in the connection strings to read from the secondary database server using a try/catch.

 

過去問解答は上記4。一方で3とするChatGPTの以下の説明に説得力を感じる。

 

ChatGPT

The issue with the .NET utilities reporting connection failures after a Multi-AZ failover in Amazon RDS can often be related to DNS caching. To address this problem, you should consider flushing the DNS cache on the server running the .NET utilities so that they can connect to the new primary server after the failover.

The correct option is:

B. The server running the .NET utilities is caching the DNS lookup on the database cluster address. Flush the DNS cache of the server and force the C# utilities to open new connections to the database.

Explanation:

When an RDS Multi-AZ failover occurs, the primary server's DNS record is updated to point to the new primary server in the secondary Availability Zone. However, some applications and services may cache DNS information, and they continue to attempt to connect to the old primary server. Flushing the DNS cache on the server running the .NET utilities will force it to re-resolve the DNS name, and it should be able to connect to the new primary server without issues.

Options 1 and 3 are not recommended:

1. Using the RDS console to force a reboot of the database instance is not a good solution because it's a disruptive action that could impact other applications. It's better to address the DNS caching issue on the server side.

3. The statement about .NET applications retaining the IP address of a connection string until the host machine is rebooted is not entirely accurate. It's the DNS cache on the server that needs to be refreshed, not the entire machine.

Option 4 is not a recommended solution for this problem:

4. Changing the SQL Server endpoint in the connection strings to read from the secondary database server using a try/catch is not a best practice for handling Multi-AZ failovers. DNS caching is a more common issue, and fixing it at the server level is a better approach. Additionally, using try/catch for this purpose may lead to inefficient error handling and a lack of automatic failover support.

上記4ChatGPT曰く「推奨しない」との事。かなり自信満々である。



前記Q3を改めて尋ねた(↓)

質問文は括弧箇所を省き下線部を加えた)。過去問解答とChatGPT解答に差異が有ったが、その後 別のQ&Aの後、ChatGPTの論旨に揺らぎが出るか見るためである。

 

Q3. (Your database is an RDS instance running SQL Server with Multi-AZ replication 

and you have several older .NET console utilities that perform database operations every 15 seconds.)
When the cluster has to switch the primary database server to the secondary AZ, the .NET utilities start to report connection failures to the database although other applications are able to access the database.
An operator used the NET utilities to change the SQL Server endpoint in the connection strings and to read from the secondary database server using a try/catch. Was that right action?

 

ChatGPT

Changing the SQL Server endpoint in the connection strings to read from the secondary database server and using a try/catch mechanism to handle connection failures is not the ideal solution to address the issue of .NET utilities reporting connection failures during a Multi-AZ failover in Amazon RDS. Here's why:

1.     Lack of Automatic Failover Handling: By manually changing the connection endpoint and using try/catch, you are essentially bypassing the built-in high availability features provided by Amazon RDS. RDS is designed to handle failovers automatically by promoting the secondary to the primary when necessary. Manually switching to the secondary server and catching exceptions may work temporarily but does not provide a robust, automatic failover solution.

2.     Loss of Real-Time Data: Depending on the nature of your application, manually switching to the secondary server can result in data inconsistencies. During a failover, the secondary may not be fully up to date with the primary, leading to potential data loss or inconsistencies.

3.     Maintenance Overhead: Manually managing database failovers can introduce operational complexity. You would need to monitor the health of the primary server, initiate the failover process, and ensure the secondary is synchronized and promoted to the primary when appropriate.

Instead, you should address the issue at the root cause, which is typically related to DNS caching on the server running the .NET utilities. Here's what you should do:

·  Flush DNS Cache: On the server running the .NET utilities, flush the DNS cache. This can often be done using system commands specific to the operating system (e.g., ipconfig /flushdns on Windows or systemd-resolve --flush-caches on Linux).

·  Proper Connection Handling: Ensure that your .NET utilities are using connection strings with the DNS endpoint or load balancer provided by Amazon RDS. These endpoints automatically switch to the current primary server during a failover without requiring manual intervention.

·  Error Handling: Implement proper error handling in your .NET applications to handle database connection errors gracefully. You can catch exceptions and retry connections if necessary, but avoid hardcoding the endpoint to a specific server.

By addressing the DNS caching issue and allowing Amazon RDS to handle failovers automatically, you can ensure the robustness and high availability of your database while minimizing the risk of data inconsistencies and operational overhead.

 

今回のQ3解答も前回同様で論旨に揺らぎは見られない。


Q7. For your AWS root account, 

you have generated a random password of the maximum allowed length and included special characters. Which additional steps should you take to secure your AWS root account?

1. Create an AM role for the account administrator with the highest privileges. Do not store the root password, but when the root account is needed reset the password on the root account via email confirmation and repeat this procedure.

2. Store your randomly generated password in your organizational secrets database using a service such as 1Password or LastPass, and only grant access to this secret to the DevOps team.

3. Create IAM accounts for your administrators and attach the AdministratorAccess policy to their accounts. Disable the root account in the user settings.

4. Create an IAM role for the account administrator with the highest privileges and do not use the root account in day-today operations. Enable two-factor authentication on the root account

 

ChatGPT

To secure your AWS root account, you should follow best practices that prioritize its protection and restrict its use. Let's evaluate the options:

1.     Create an AM role for the account administrator with the highest privileges. Do not store the root password, but when the root account is needed reset the password on the root account via email confirmation and repeat this procedure.

·  This approach suggests not storing the root password, but resetting it via email confirmation when needed. However, this method is not a recommended best practice for securing the root account, as it introduces operational inefficiencies and security risks.

2.     Store your randomly generated password in your organizational secrets database using a service such as 1Password or LastPass, and only grant access to this secret to the DevOps team.

·  This option is a more secure approach. Storing the root password securely in an organizational password manager and limiting access to the DevOps team is a good practice. However, additional steps are needed, such as enabling multi-factor authentication (MFA) on the root account.

3.     Create IAM accounts for your administrators and attach the AdministratorAccess policy to their accounts. Disable the root account in the user settings.

·  This is a strong security practice. By creating IAM accounts for administrators, you can better manage access control. Disabling the root account is a good security measure as well. However, it's essential to also enable MFA on the root account.

4.     Create an IAM role for the account administrator with the highest privileges and do not use the root account in day-to-day operations. Enable two-factor authentication on the root account.

·  This is the most secure and recommended approach. Using IAM roles for day-to-day operations is a best practice to minimize the use of the root account, and enabling MFA on the root account adds an extra layer of security.

Given the options, Option 4 is the best approach:

·  Use IAM roles for administrators for day-to-day operations to avoid relying on the root account.

·  Enable two-factor authentication (MFA) on the root account for an additional layer of security.

Options 2 and 3 provide some level of security, but Option 4 is the most comprehensive and aligns with AWS security best practices.


Q9. How do you architect a solution for an SQL Server database 

to be replicated across AWS regions in an active-active architecture?

  1. Use RDS for SQL Server and create the same instance in two different regions. Use Database Migration Service to keep each database in sync.
  2. Use a VPN or VPC peering to establish a connection between the VPCs in each region. Install SQL Server Enterprise Edition on EC2 instances in each region and configure an Always On availability group.
  3. Use RDS for SQL Server 2016 or 2017 Enterprise Edition. Enable Multi-AZ support and select the Mirroring/Always On option. Select another region for the mirroring option.
  4. You can not set up an active-active architecture for SQL Server that spans geographic regions.

 

ChatGPT

Setting up an active-active architecture for an SQL Server database across AWS regions requires careful consideration. Each option has its own merits and considerations. Let's evaluate the options:

1.     Use RDS for SQL Server and create the same instance in two different regions. Use Database Migration Service to keep each database in sync.

·  This approach involves using RDS in two regions but doesn't provide true active-active capabilities. It's more like an active-passive setup with data replication. Active-active means both regions actively serve traffic.

2.     Use a VPN or VPC peering to establish a connection between the VPCs in each region. Install SQL Server Enterprise Edition on EC2 instances in each region and configure an Always On availability group.

·  This approach is a feasible option for creating an active-active SQL Server setup. It involves setting up SQL Server Always On availability groups across regions, which allows for read-write operations in both regions.

3.     Use RDS for SQL Server 2016 or 2017 Enterprise Edition. Enable Multi-AZ support and select the Mirroring/Always On option. Select another region for the mirroring option.

·  This option is not accurate as RDS for SQL Server does not support cross-region active-active configurations. Multi-AZ support in RDS is for high availability within a single region, not for active-active deployments across regions. (*Q9-3-1)

4.     You cannot set up an active-active architecture for SQL Server that spans geographic regions.

·  This statement is not entirely accurate. While SQL Server active-active configurations across regions can be complex, it is possible through technologies like Always On Availability Groups or custom replication solutions.

Option 2 is the most appropriate for achieving an active-active SQL Server setup across AWS regions using SQL Server Enterprise Edition on EC2 instances. This method provides the necessary redundancy, high availability, and load balancing across regions. However, it also introduces complexity in terms of network configuration and synchronization between the regions. Always ensure you have a strong understanding of the specific requirements and challenges when implementing such architectures.

 

Q9-3-1.  上記Q9で、過去問解答とChatGPT解答が異なるのでググってみた(↓)。

今回はChatGPTに軍配が上がるようだ。

 

Can we enable a Active Active Cross Region DR strategy for AWS RDS SQL Server , If so how?

https://repost.aws/questions/QUf5JUPirSTsaZ3BMHCLoiRw/can-we-enable-a-active-active-cross-region-dr-strategy-for-aws-rds-sql-server-if-so-how

Answer: AWS RDS SQL Server does not natively support an active-active cross-region replication topology.

  .. snip ..

 

Q12. What in-memory caching server is not supported by ElastiCache?

Redis 5

Memcached

Elasticsearch

Redis 3

 

ChatGPT

As of my last knowledge update in September 2021, Elasticsearch is not supported by Amazon ElastiCache. ElastiCache primarily supports in-memory caching solutions like Redis and Memcached.

Please note that the availability of specific versions and services may have changed since then, so I recommend checking the most up-to-date AWS documentation or the AWS Management Console for the latest information on supported services and versions in Amazon ElastiCache.


Q18. Which communication channel does SNS not support natively?

OSMS text message

push notification

email

automated phone call

 

ChatGPT

As of my last knowledge update in September 2021, Amazon Simple Notification Service (SNS) natively supports the following communication channels:

1.     Push Notification: SNS supports push notifications to mobile devices using platforms like Apple iOS, Google Android, and more.

2.     Email: SNS supports sending messages via email, including both SMS (Short Message Service) and email notifications.

3.     Automated Phone Call: SNS supports automated voice calls, allowing you to deliver important messages to recipients via phone calls.

However, SNS does not natively support sending OSMS (Over-the-Top Messaging Service) text messages. It primarily focuses on the channels mentioned above. If you need to send OSMS text messages, you may need to use additional services or providers that offer such functionality, or you can implement custom solutions as needed.

Please note that the availability of communication channels and features may change over time, so it's a good practice to consult the latest AWS documentation for any updates regarding SNS capabilities.

 

 

No comments: