Amazon Web Services (AWS) - Set #7

Powered by Techhyme.com

You have a total of 130 minutes to finish the practice test of AWS Certified SysOps Administrator to test your knowledge.

1. Your developers want to deploy their web applications into their own environments. They would like to be able to control the provisioning and deprovisioning of their development environments, but they don’t want to deal with the underlying resources that run their applications. Which service would best meet their needs?
  • A. AWS Elastic Beanstalk
  • B. AWS Lambda
  • C. Amazon CloudFormation
  • D. They will need to create their environments manually.
Answer - A
Explanation - AWS Elastic Beanstalk is the ideal solution for this use case. Environments can be provisioned and deprovisioned, and no interaction with the resources running the code is needed. AWS Lambda isn’t meant for running web applications; it’s more suited to functions that are triggered by something like an event or a scheduled time. Amazon CloudFormation requires a lot of focus on the resources in the environment, which is not considered desirable in this use case.
2. Which language is not supported in AWS Elastic Beanstalk?
  • A. Go
  • B. Python
  • C. PHP
  • D. These are all supported.
Answer - D
Explanation - Elastic Beanstalk supports multiple languages, including Go, Java, .NET, Node.js, PHP, Python, and Ruby. It also supports Docker web applications.
3. Your developers have deployed an application via Elastic Beanstalk. However, the application is not becoming available. They have asked you to take a look at it. What do you need to do to be able to troubleshoot the EC2 instances running the application?
  • A. Check CloudWatch logs.
  • B. Redeploy the application.
  • C. Enable login access.
  • D. You can’t troubleshoot the EC2 instances.
Answer - C
Explanation - By default, you can’t log in to an EC2 instance created with Elastic Beanstalk. To troubleshoot the EC2 instances, you will need to enable login access in the Elastic Beanstalk Console. Checking CloudWatch logs will most likely not give you any useful information on your application if the issue is software related. Redeploying the application would also not likely help, especially if there is a software dependency not being met.
4. Your security team has required that your Elastic Beanstalk environments be kept up to date automatically. They want to ensure that the operating systems, platforms, languages, and frameworks are all kept up to date. What is the best option to ensure this happens with the least amount of administrative overhead?
  • A. Manually update each instance whenever updates are released.
  • B. Use your enterprise patching system for the OS and application; update the platform and languages manually.
  • C. Enable managed platform updates in the Elastic Beanstalk Console.
  • D. You can’t ensure that this will happen automatically as it is outside of your usual patch management tools.
Answer - C
Explanation - The best option is to enable managed platform updates in the Elastic Beanstalk Console. Once they are enabled, you can choose what type of updates you want and when you want updates to occur. Manually updating instances would work but would require a lot of administrative overhead. Enterprise patching systems are great for OS and applications, but they aren’t always so great about platform dependencies or language updates.
5. You have enabled managed platform updates in Elastic Beanstalk. Your security team tells you that some of your environments are running Java 7, and they want you to update to Java 8. You’re concerned that managed platform updates are not working. What is the best explanation for why the environments are behind?
  • A. Managed platform updates are having technical issues that need to be addressed.
  • B. Managed platform updates only update minor versions, not major versions.
  • C. You should use managed platform updates for OS updates, not application or language updates.
  • D. You need to approve the update for Java 8 in the console before it can install.
Answer - B
Explanation - Managed platform updates only update minor versions, not major versions. To update a major version, you must manually initiate the update. Managed platform updates can be used to update the operating system, applications, platforms, and languages that you need. There is no approval process needed in Elastic Beanstalk to update. Instead, you simply need to manually initiate the update if it is a major version behind.
6. What is the duration and length of a maintenance window in Elastic Beanstalk when using managed platform updates?
  • A. 2 hours every week
  • B. 2 hours every other week
  • C. 2 hours once a month
  • D. 1 hour every week
Answer - A
Explanation - Maintenance windows for managed platform updates in Elastic Beanstalk are 2-hour time periods that occur every week.
7. Your supervisor has asked you how much Elastic Beanstalk will cost. What do you tell them?
  • A. Elastic Beanstalk costs .50 cents per resource created, and you must pay the normal rate for the resources that were created.
  • B. Elastic Beanstalk costs .50 cents per resource created, but the resources created are free.
  • C. Elastic Beanstalk is free, as are the resources created with it.
  • D. Elastic Beanstalk is free; you just pay for the resources created.
Answer - D
Explanation - Elastic Beanstalk is free; you just pay for the resources created.
8. You have been asked to support a blue/green deployment in Elastic Beanstalk. You need to create a second environment that is as similar to the primary environment as possible. What is the best way to accomplish this?
  • A. Back up the primary environment and then make your changes to it. Use the backup to create a secondary environment afterward.
  • B. Create a new environment and build it from scripts.
  • C. Clone the primary environment to make the second environment.
  • D. Create a new environment and restore from backups of the primary environment.
Answer - C
Explanation - AWS recommends that you clone the primary environment. This gives you an exact copy to work on without any concerns of something being missed as you might have with a backup or setup scripts.
9. Which type of deployment policy is the fastest but will also require an outage of your Elastic Beanstalk environment?
  • A. All at once
  • B. Rolling
  • C. Rolling with additional batch
  • D. Immutable
Answer - A
Explanation - All at once is the fastest deployment policy since all of the systems are updated at once, but it does require downtime. Rolling allows you to keep your application up while deploying an update, though it can only support a lower capacity. Rolling with additional batch allows your application to stay up during the update, though it incurs additional cost due to the EC2 instances that need to be spun up. Immutable is also a zero-downtime deployment policy. It is very fast and offers the fastest failback of all the options; it is also the most expensive.
10. Which type of deployment policy is the fastest and does not require an outage of your Elastic Beanstalk environment?
  • A. All at once
  • B. Rolling
  • C. Rolling with additional batch
  • D. Immutable
Answer - D
Explanation - Immutable is a zero-downtime deployment policy. It is very fast and offers the fastest failback of all the options, but it is also the most expensive. All at once is the fastest deployment policy since all of the systems are updated at once; however, it does require downtime. Rolling allows you to keep your application up while deploying an update, though it can only support a lower capacity. Rolling with additional batch allows your application to stay up during the update, though it incurs additional cost due to the EC2 instances that need to be spun up.
11. Which type of deployment policy is the least expensive and does not require an outage of your Elastic Beanstalk environment?
  • A. All at once
  • B. Rolling
  • C. Rolling with additional batch
  • D. Immutable
Answer - B
Explanation - Rolling allows you to keep your application up while deploying an update, though it can only support a lower capacity. It is the least expensive option with no downtime. Immutable is a zero-downtime deployment policy. It is very fast and offers the fastest failback of all the options, but it is also the most expensive. All at once is the fastest deployment policy since all of the systems are updated at once, but it does require downtime. Rolling with additional batch allows your application to stay up during the update, though it incurs additional cost due to the EC2 instances that need to be spun up.
12. Which type of deployment policy is the least expensive and does not require running at lower capacity or an outage of your Elastic Beanstalk environment?
  • A. All at once
  • B. Rolling
  • C. Rolling with additional batch
  • D. Immutable
Answer - C
Explanation - Rolling with additional batch allows your application to stay up during the update, though it incurs additional cost due to the EC2 instances that need to be spun up. Rolling allows you to keep your application up while deploying an update though it can only support a lower capacity. It is the least expensive option with no downtime. Immutable is a zero-downtime deployment policy. It is very fast and offers the fastest failback of all the options, it is also the most expensive. All at once is the fastest deployment policy since all of the systems are updated at once, but it does require downtime.
13. You are using CloudFormation and your system administrators want to be able to update your application while keeping it up. They tell you that it can run at 50% capacity with no issue later that evening. Your supervisor wants to reduce costs where possible. What is the best deployment policy to use?
  • A. All at once
  • B. Rolling
  • C. Rolling with additional batch
  • D. Immutable
Answer - B
Explanation - A rolling deployment policy can be set to ensure that 50% of the systems remain up and able to process traffic. As you are not creating new instances with this deployment type, it is the least expensive option to utilize that does not incur downtime.
14. You are using CloudFormation and your system , administrators want to be able to update your application while keeping it available. They tell you that it can run at 50% capacity with no issue later that evening. Your supervisor wants to ensure that you can fail back as quickly as possible should something go wrong; this is the highest priority. What is the best deployment policy to use?
  • A. All at once
  • B. Rolling
  • C. Rolling with additional batch
  • D. Immutable
Answer - D
Explanation - The immutable deployment policy offers the fastest failback capability of all the deployment policy types. Since the supervisor has said that this capability is the highest priority, the immutable policy is the best answer.
15. You are using CloudFormation and your system administrators want to be able to update your application while keeping it available. They tell you that it can run at 50% capacity with only slight performance degradation later that evening. Your supervisor wants to ensure that performance is not impacted at all but wants to keep costs down. What is the best deployment policy to use?
  • A. All at once
  • B. Rolling
  • C. Rolling with additional batch
  • D. Immutable
Answer - C
Explanation - By using rolling with additional batch, you ensure that you are operating at full capacity, which will not impact performance as the supervisor requested. Rolling with additional batch is a less expensive option than immutable as you are only spinning up instances to cover the systems that are being taken offline as opposed to all of the instances as you would do if immutable was being used.
16. Your system administrators want to be able to update your application while keeping it available. They tell you that it can run at 50% capacity with no performance degradaion later that evening. Your supervisor wants to keep costs down. What is the best deployment policy to use?
  • A. All at once
  • B. Rolling
  • C. Rolling with additional batch
  • D. Immutable
Answer - B
Explanation - Since the application will not suffer at 50% capacity later in the evening and your supervisor wants to keep costs down, rolling is the best option. Since no new instances are provisioned, this keeps the cost down, and you can specify that only 50% of the instances are getting updated at any point in time.
17. You are using CloudFormation and your system administrators want to update your application to the latest version in the development environment for testing. It is okay for the application to be unavailable for a brief period of time. Your supervisor wants to keep costs down. What is the best deployment policy to use?
  • A. All at once
  • B. Rolling
  • C. Rolling with additional batch
  • D. Immutable
Answer - A
Explanation - Since this is a development environment and it is considered acceptable to have downtime, all at once is the best deployment policy. It is the fastest method, and the cost is kept down since no new instances are spun up.
18. When using CloudFormation, which setting would need to be modified when using the rolling with additional batch policy to specify that only 50% of your instances should be updated at one time?
  • A. Policy size with Percentage
  • B. Batch size with Percentage
  • C. Batch size with Fixed
  • D. Policy size with Fixed
Answer - B
Explanation - Once you have selected the rolling with additional batch deployment policy, you would enter in 50% for the batch size in the percentage field. Batch size with Fixed would work if you wanted to specify a number of instances as opposed to a percentage of your fleet. The other options in this question are not options that exist in the console.
19. When using CloudFormation, which setting would need to be modified when using the rolling with additional batch policy to specify that only 2 of your fleet of 10 instances should be updated at one time?
  • A. Policy size with Percentage
  • B. Batch size with Percentage
  • C. Batch size with Fixed
  • D. Policy size with Fixed
Answer - C
Explanation - Once you have selected the rolling with additional batch deployment policy, you would select Batch size and Fixed, then enter in the number of instances that can be taken down at any given point in time. Batch size with Percentage works when you want to specify a percentage of your fleet that may be updated at the same time. The other two options don’t actually exist.
20. You are using CloudFormation, and you have a deployment that has failed, but the deployment did not roll back even though health checks are failing. What is a likely explanation for why the rollback did not occur?
  • A. Elastic Beanstalk service is degraded.
  • B. The command timeout is set too long.
  • C. The health checks are incorrect.
  • D. “Ignore health check” is selected in Deployment preferences.
Answer - D
Explanation - The most likely explanation is that “Ignore health check” is selected in Deployment preferences. This prevents the deployment from being marked failed if the health check doesn’t pass within the configured command timeout window. It is highly unlikely that Elastic Beanstalk service is degraded. The command timeout being set too long would delay the overall failure but would not prevent rollback once an instance was marked unhealthy. It is unlikely the health checks are incorrect.
21. When systems are deployed with CloudFormation, health checks are passing during the deployment; however, it is found that the health checks are marking instances as healthy prematurely before all of the services are running that the application relies on. Given a little more time, the application starts with no issue. What is the most likely cause for this?
  • A. The health checks are incorrectly marking instances healthy.
  • B. A health check URL is not configured.
  • C. The instances are healthy, but the application has issues.
  • D. This is working by design.
Answer - B
Explanation - If a health check URL is not configured, then instances are marked as healthy as soon as they accept a TCP connection. The services the application relies on may not be up and responding by then. It is unlikely that instances are being marked healthy incorrectly. If the application has issues, it wouldn’t start working after a slightly longer time frame; this appears to be an issue of dependencies not being met.
22. Which environmental variables are created by Elastic Beanstalk for tagging AMIs when using Packer to build images? (Choose three.)
  • A. AWS_EB_PLATFORM_DESCRIPTION
  • B. AWS_EB_PLATFORM_ARN
  • C. AWS_EB_PLATFORM_NAME
  • D. AWS_EB_PLATFORM_RESOURCES
  • E. AWS_EB_PLATFORM_PROPERTIES
  • F. AWS_EB_PLATFORM_VERSION
Answer - B, C, F
Explanation - The three variables created are AWS_EB_PLATFORM_ARN, AWS_EB_PLATFORM_NAME, and AWS_EB_PLATFORM_VERSION. The others are not automatically created by Elastic Beanstalk and don’t actually exist.
23. You have the AWS CLI installed on your system and you manage your environment with it. You have full administrative permissions. When you try to run the Elastic Beanstalk command, eb platform logs, the command is not recognized. What is the most likely reason the command is not being recognized?
  • A. You don’t have the EB CLI installed.
  • B. You have not typed the command properly.
  • C. You can’t configure Elastic Beanstalk with the AWS CLI.
  • D. It’s an invalid command.
Answer - A
Explanation - The command that is being used requires the Elastic Beanstalk CLI to be installed. The command is typed correctly and is a valid command, but without the EB CLI, it will not work. You can configure Elastic Beanstalk with the AWS CLI, but the commands are different and start with AWS rather than EB.
24. You have been asked to come up with a solution for your on-premises databases to be moved to AWS. Your supervisor wants the DBAs to focus on databases rather than on maintaining servers. Your organization uses a combination of Microsoft SQL Server and Oracle SQL. What would your recommendation be?
  • A. EC2 instances running Microsoft SQL Server and Oracle SQL
  • B. You can’t move Microsoft SQL Server to AWS.
  • C. Amazon Relational Database Service (RDS)
  • D. You can’t move Oracle SQL to AWS.
Answer - C
Explanation - Amazon RDS is a managed SQL service provided by Amazon. It allows you to focus on your databases rather than the servers they are running on and supports multiple database engines, including Microsoft SQL Server and Oracle SQL. While you could certainly run Microsoft SQL Server and Oracle SQL in EC2 instances, this does not meet your supervisor’s requirement of not having to manage the underlying servers.
25. Which database engine is not supported by Amazon RDS?
  • A. MariaDB
  • B. MySQL
  • C. PostgreSQL
  • D. MongoDB
Answer - D
Explanation - MongoDB is not supported in RDS. However, it does support multiple database engines, including Amazon Aurora, MySQL, MariaDB, Oracle, Microsoft SQL Server, and PostgreSQL.
26. You need to move your on-premises NoSQL database to AWS. You don’t have any issues with upgrading or changing technology; you just require a NoSQL service that is scalable, and you would prefer that it be a managed service. Which AWS service would you choose?
  • A. Amazon RDS
  • B. Amazon Elasticache
  • C. Amazon DynamoDB
  • D. Put your NoSQL database on an EC2 instance.
Answer - C
Explanation - Amazon DynamoDB is a managed NoSQL service and is the best answer to this question. Amazon RDS is a relational database, not a NoSQL database. Amazon Elasticache is a memory caching service. While you could certainly move your NoSQL database to an EC2 instance, the preference for a managed service was mentioned, and if you install your NoSQL database on an EC2 instance, you are not getting a managed service.
27. Which of these is not a component of ACID?
  • A. Atomicity
  • B. Durability
  • C. Availability
  • D. Consistency
Answer - C
Explanation - ACID stands for Atomicity, Consistency, Isolation, and Durability. The components in ACID help to ensure database transactions complete properly.
28. Which component of ACID is used to refer to the integrity of a database transaction?
  • A. Atomicity
  • B. Consistency
  • C. Isolation
  • D. Durability
Answer - A
Explanation - Atomicity is used to refer to the integrity of a database transaction.
29. Which component of ACID is used to ensure that multiple transactions can be processed at the same time without interfering with other transactions?
  • A. Atomicity
  • B. Consistency
  • C. Isolation
  • D. Durability
Answer - C
Explanation - Isolation describes the ability to process multiple transactions without any transaction interfering with another transaction.
30. Which component of ACID is used to ensure that data is only saved once a transaction is complete?
  • A. Atomicity
  • B. Consistency
  • C. Isolation
  • D. Durability
Answer - D
Explanation - Durability ensures that data is only saved once a transaction is complete.
31. Which component of ACID is used to ensure that data is only written if it follows validation rules?
  • A. Atomicity
  • B. Consistency
  • C. Isolation
  • D. Durability
Answer - B
Explanation - Consistency ensures that data can only be written if it follows validation rules.
32. What would you call databases in a NoSQL implementation?
  • A. Tables
  • B. Stores
  • C. Databases
  • D. Indices
Answer - B
Explanation - In a NoSQL implementation, databases are referred to as stores, and there are four types of stores: document, graph, key/value, and wide column. The other options are real database terms but are not applicable to what the question is asking.
33. Which type of NoSQL store pairs a key identifier with a document or key/value pair?
  • A. Document stores
  • B. Graph stores
  • C. Key/value stores
  • D. Wide column stores
Answer - A
Explanation - Document stores pair a key identifier with a document. That document may be an actual document, a key/value pair, or even a key/value array.
34. Which type of NoSQL store is optimized for querying really large datasets?
  • A. Document stores
  • B. Graph stores
  • C. Key/value stores
  • D. Wide column stores
Answer - D
Explanation - Wide column stores are a type of NoSQL store that is optimized for querying large scale datasets.
35. Which type of NoSQL store is designed to hold data that you want to represent in graphs?
  • A. Document stores
  • B. Graph stores
  • C. Key/value stores
  • D. Wide column stores
Answer - B
Explanation - Graph stores in NoSQL are designed to hold data that you want to represent with graphs.
36. Which type of NoSQL store is designed to organize data by a name (key) and a value (key data)?
  • A. Document stores
  • B. Graph stores
  • C. Key/value stores
  • D. Wide column stores
Answer - C
Explanation - Key/value stores are used to store data using a key and a value. Keys are typically names, and values are the data associated with the names. For example, you might set a system as Env:Prod. Env is the key, and Prod is the value.
37. You currently have 38 RDS database instances on your AWS account. You need to add 10 more. What will you need to do to add the 10 database instances?
  • A. You can add them as you normally would.
  • B. You will need to contact AWS to raise the soft limit on your account as you can only have 40 RDS database instances on your account.
  • C. You will need to contact AWS to raise the soft limit on your account as you can only have 50 RDS database instances on your account.
  • D. You can’t add any more than 40 to your account; it is a hard limit.
Answer - B
Explanation - Each AWS account can have a total of 40 database instances. To be able to go over the 40, which is a soft limit, you would need to contact AWS and request that the limit be raised.
38. Which of the following is not a valid database instance type for Amazon RDS?
  • A. T (tiny/burstable)
  • B. M (multipurpose)
  • C. F (free tier)
  • D. R (memory optimized)
Answer - C
Explanation - T, M, and R are all valid instance types for Amazon RDS. While there are free tier instances available in Amazon RDS, they are not referred to as F for free tier. That was made up for this question.
39. Which database engine available in Amazon RDS automatically stores data across three availability zones?
  • A. Microsoft SQL Server
  • B. Amazon Aurora
  • C. MySQL
  • D. PostgreSQL
Answer - B
Explanation - Amazon Aurora creates a cluster volume that spans across three availability zones.
40. Which of these is not used by the customer to secure Amazon Aurora?
  • A. VPC security groups
  • B. database authentication
  • C. IAM
  • D. Antivirus
Answer - D
Explanation - This is part of the shared responsibility model. The customer is responsible for the VPC security groups, database authentication, and IAM. Since Amazon Aurora is a part of Amazon RDS, which is a managed service, AWS manages antivirus on your behalf.
41. For which of these database engines are you not able to increase storage when using Amazon RDS?
  • A. Microsoft SQL Server
  • B. MariaDB
  • C. MySQL
  • D. PostgreSQL
Answer - A
Explanation - When using Amazon RDS, you can’t increase storage for Microsoft SQL Server. You can, however, increase it for MariaDB, MySQL, and PostgreSQL.
42. You have a MySQL database that is suffering from performance issues and is currently using Provisioned IOPS storage. What is an option you could try to that could improve performance?
  • A. Change your storage type from provisioned IOPS to magnetic storage.
  • B. Change your storage type from provisioned IOPS to General Purpose SSD.
  • C. Scale up your storage so that it has greater capacity to meet demand.
  • D. You are on provisioned IOPS, so there is nothing further you can do.
Answer - C
Explanation - The best answer would be to scale up your storage. Provisioned IOPS is one of the fastest storage types, so it would make no sense to scale down to magnetic (slowest) or General Purpose SSD.
43. You had to fail over to one of your read replicas in Amazon RDS. You notice that it is missing the last transaction that occurred right around the time of the failure. What is the likely cause?
  • A. It must have stopped replication before the failure.
  • B. Read replicas only synchronize once an hour.
  • C. Read replicas use synchronous replication.
  • D. Read replicas use asynchronous replication.
Answer - D
Explanation - Read replicas use asynchronous replication. Whenever there is a change to the data source, the change is replicated to the read replicas. However, if your main data source went down before it had a chance to replicate the changes, that explains why there is missing data.
44. You are using a MySQL database in Amazon RDS. You have five read replicas and would like another, but you are unable to create another read replica. Why is that?
  • A. You don’t have permissions to create a read replica.
  • B. With MySQL in Amazon RDS, you can have only five read replicas.
  • C. You can have five read replicas, but that is a soft limit; you will need to request an increase.
  • D. Use a multi-AZ configuration instead to get around this limitation.
Answer - B
Explanation - If you are using MySQL in Amazon RDS, then you may only have five read replicas at any time. While permissions could be an issue, it is more likely that the max number of read replicas being reached is the issue. In this case, five read replicas is not a soft limit, so you can’t request a limit increase. Read replicas are used for performance; multi-AZ is used for high availability. The two have different use cases, so multi-AZ is not the answer to this question. AWS exams do like to focus on the difference between the two.
45. You are using an Amazon Aurora database in Amazon RDS. You have 10 read replicas and would like to add a few more. Will you be able to add more read replicas?
  • A. Yes, with Aurora in Amazon RDS, you can have up to 15 read replicas.
  • B. No, with Aurora in Amazon RDS, you can have only 10 read replicas.
  • C. Yes, you can have 10 read replicas, but that is a soft limit; you will need to request an increase.
  • D. No, use a multi-AZ configuration instead to get around this limitation.
Answer - A
Explanation - If you are using Amazon Aurora in Amazon RDS, then you can have up to 15 Aurora read replicas and 5 MySQL read replicas. In this case, 15 read replicas is not a soft limit so you can’t request a limit increase. Read replicas are used for performance; multi-AZ is used for high availability. The two have different use cases, so multi-AZ is not the answer to this question. AWS exams do like to focus on the difference between the two.
46. You had a failure in one of your databases recently and when you tried to restore from backup, you found that the last backup available was from several weeks ago when there was a large upload of data. What is the likely reason that this occurred?
  • A. The last backup was a manual backup and automated backups have never worked.
  • B. The data transfer overloaded the system and disabled the automated backups.
  • C. Automated backups were disabled while the large amount of data was loaded.
  • D. Automated backups were disabled due to a system error.
Answer - C
Explanation - In general, it is a bad idea to disable automatic backups. One of the few exceptions is when you are loading a large amount of data. To re-enable the automatic updates going forward, simply change the value of the backup retention parameter to anything other than zero. Automated backups are on by default, so it is not likely they have never worked. Automated backups would not be disabled due to the system being overloaded or due to a system error.
47. Which of the following is not a valid type of security group used in Amazon RDS?
  • A. VPC security group
  • B. EC2 security group
  • C. Table security group
  • D. DB security group
Answer - C
Explanation - You can protect your databases in Amazon RDS using VPC security groups, EC2 security groups, and DB security groups. Table security groups aren’t real. If you need to restrict access to specific tables, an IAM user/role would be a better fit.
48. Your security department has mandated that all information inside of your databases must be encrypted. How will you meet this requirement within your Amazon RDS databases?
  • A. Create an encrypted database and migrate your data to the new database.
  • B. Enable encryption on all of your databases.
  • C. Create an encrypted read replica then promote it.
  • D. Encryption at rest is not supported in Amazon RDS.
Answer - A
Explanation - Since encryption must be enabled at creation time, you would need to create a new encrypted database and then migrate your data to it. You can’t simply enable encryption on your existing databases. Read replicas must be encrypted with the same key as the main data source. You can’t have an encrypted read replica with an unencrypted data source.
49. You want to be able to get real-time monitoring data for your database clusters in Amazon RDS. What is the best tool to accomplish this?
  • A. Amazon CloudWatch Events
  • B. AWS CloudTrail log monitoring
  • C. Amazon RDS Enhanced Monitoring
  • D. Amazon RDS events
Answer - C
Explanation - Amazon RDS Enhanced Monitoring gives you realtime monitoring data for both database instances and database clusters. Amazon CloudWatch allows you to monitor events, usually in 1- and 5-minute intervals. AWS CloudTrail is used to monitor API calls, and Amazon RDS events are used in concert with Amazon SNS to send notifications when there are system issues or changes.
20. You recently had a database outage because of a change that was made to your database cluster. You want to ensure that you are notified of changes going forward so that you can more easily troubleshoot issues that might arise. What would be the best solution to enable messages related to changes with your RDS clusters?
  • A. Amazon CloudWatch Events
  • B. AWS CloudTrail log monitoring
  • C. Amazon RDS Enhanced Monitoring
  • D. Amazon RDS events
Answer - D
Explanation - Amazon RDS events will utilize SNS to send notifications when changes are made to database instances, clusters, snapshots, and security groups. Amazon CloudWatch allows you to monitor events, usually in 1- and 5-minute intervals, and AWS CloudTrail is used to monitor API calls. Amazon RDS Enhanced Monitoring gives you real-time monitoring data for both database instances and database clusters but does not handle communications.