AWS Certified Solutions Architect: Zero to Mastery - part 2

Practice Questions: Answers & Explanations

MODULE 16 – Machine Learning

QUESTION 1

  1. A bank is experimenting with machine learning as a way to improve customer service. Rather than customers inserting their debit card at the bank’s ATM, they would like to give customers the option to do a facial scan instead. What AWS service would enable them to do this?

A: Rekognition Image

B: Comprehend

C: SageMaker Image

D: Personalize

Explanations:

A: Rekognition Image - CORRECT. Rekognition Image can be used for facial recognition. Amazon Rekognition Image

B: Comprehend. Comprehend is used for natural language processing of text. Its use case is to make sense of unstructured data, such as social media posts, reviews, emails, etc. Natural Language Processing – Amazon Comprehend – Amazon Web Services

C: SageMaker Image. This is a distractor. There is no service called SageMaker Image.

D: Personalize. Personalize is used for doing real-time personalization and making recommendations (such as content recommendations or recommending similar items to purchase). Recommender System – Amazon Personalize – Amazon Web Services

Practice Questions: Answers & Explanations

MODULE 17 – Backup and Recovery

QUESTION 1

  1. Your team uses Elastic Block Store (EBS), DynamoDB and Relational Database Service (RDS). Which service allows you to back up all of these services from a single location?

A: Storage Gateway

B: AWS Replicas

C: AWS Backup

D: Snow Family of Products

Explanations:

A: Storage Gateway. Storage Gateway allows you to store on-premises resources in the cloud, such as for backup purposes. All the services mentioned in the question are AWS services, so there wouldn’t be a need for a hybrid backup solution such as Storage Gateway. AWS Backup can be used to achieve what is asked in the question. Backup As A Service - Centralized Backups - AWS Backup - AWS

B: AWS Replicas. This is a distractor. Though some services offer the ability to make replicas (such as RDS), there is no service called AWS Replicas.

C: AWS Backup – CORRECT. AWS Backup allows you to set up and schedule regular backup jobs that include other services such as EBS, DynamoDB and RDS. All of this can be done from the single AWS Backup interface. Backup As A Service - Centralized Backups - AWS Backup - AWS

D: Snow Family of Products. The Snow family of products can be used to transfer large amounts of data securely from on-premises to AWS. However, this tends to be more of a one-time transfer, such as for migration of data. AWS Backup can be used to achieve what is asked in the question. Backup As A Service - Centralized Backups - AWS Backup - AWS

QUESTION 2

  1. Your company has recently started working on government contracts. As part of this effort, an auditor has discovered that some applications are using an unencrypted RDS MySQL database. To meet stricter compliance standards, you need to encrypt new and existing data in the database. What should you do?

A: Enable the Multi-AZ feature on the RDS database and enable encryption. Perform a failover from the primary database to the standby database.

B: Create a new read replica of the existing database, and enable encryption on the read replica. Promote the read replica to be the primary database. Delete the original RDS instance.

C: Create a new DynamoDB table with encryption enabled. Migrate the data from RDS to DynamoDB.

D: Create a snapshot of the existing database. Copy the snapshot and encrypt the copy. Restore an encrypted database instance from the encrypted snapshot copy.

Explanations:

A: Enable the Multi-AZ feature on the RDS database and enable encryption. Perform a failover from the primary database to the standby database. You can only encrypt an RDS database instance when you create it, not afterwards. Simply enabling Multi-AZ will not give you the ability to encrypt new and existing data. Encrypting Amazon RDS resources - Amazon Relational Database Service

B: Create a new read replica of the existing database, and enable encryption on the read replica. Promote the read replica to be the primary database. Delete the original RDS instance. It’s not possible to have an encrypted read replica of an unencrypted DB instance. Encrypting Amazon RDS resources - Amazon Relational Database Service

C: Create a new DynamoDB table with encryption enabled. Migrate the data from RDS to DynamoDB. This is a distractor. While it is possible to create a DynamoDB table that’s encrypted, DynamoDB and RDS are inherently different database. DynamoDB is a key-value (or NoSQL) database, and RDS is a relational database. Migrating between the two would require significant effort to rearchitect and re-code the applications that use the database. This is not necessary to fulfill the encryption requirements in the question.

D: Create a snapshot of the existing database. Copy the snapshot and encrypt the copy. Restore an encrypted database instance from the encrypted snapshot copy - CORRECT. To add encryption to a previously-unencrypted database instance, you should create a snapshot of the database instance. Then create a copy of the snapshot, enabling encryption on the copy. From there, restore the encrypted snapshot copy. Copying a DB snapshot - Amazon Relational Database Service

QUESTION 3

  1. You’re responsible for the databases on your team’s project, and you notice that your primary RDS database instance has failed. What is a valid way to recover from this failure?

A: Create a snapshot of the failed database and restore it to the same instance.

B: Restore to a point in time using a snapshot.

C: Promote a read replica of the database and, once it’s available, redirect database traffic to the promoted instance.

D: Modify the properties of the failed database instance and choose a new instance type, then reboot the instance.

Explanations:

A: Create a snapshot of the failed database and restore it to the same instance. It is not possible to restore a database to an existing instance; a new instance will always be created. Tutorial: Restore an Amazon RDS DB instance from a DB snapshot - Amazon Relational Database Service

B: Restore to a point in time using a snapshot. Restoring to a point in time is only an option using an automated backup, and can’t be done from a snapshot. Restoring a DB instance to a specified time - Amazon Relational Database Service

C: Promote a read replica of the database and, once it’s available, redirect database traffic to the promoted instance – CORRECT. Promoting a read replica to be the primary database is a valid way to recover from failure. This will take some time, but once ready, you can redirect traffic to the new (promoted) instance. Working with read replicas - Amazon Relational Database Service

D: Modify the properties of the failed database instance and choose a new instance type, then reboot the instance. This is a distractor. Trying to update the properties of a failed database instance is not likely to solve the problem. Instead, you should focus on recovering the database from a backup, snapshot or read replica.

QUESTION 4

  1. You’ve been asked to create a disaster recovery plan for your team’s mission-critical services. In the event of a disaster, there can be no data loss or downtime. What strategy should you use?

A: Multi-Site/Active-Active

B: Warm Standby

C: Pilot Light

D: Backup and Restore

Explanations:

A: Multi-Site/Active-Active - CORRECT. Multi-Site/Active-Active should be used for mission-critical services that cannot tolerate downtime or data loss. With this strategy, you have fully-functioning environments running in multiple regions at the same time, and likely Route 53 routing traffic across the regions. REL13-BP02 Use defined recovery strategies to meet the recovery objectives - Reliability Pillar

B: Warm Standby. With this strategy, your RPO/RTO are measured in minutes, meaning you could lose some data and experience some downtime of services. With this strategy, you have a scaled-down version of a production environment in another region. Upon failover, it will take some time to scale up resources. REL13-BP02 Use defined recovery strategies to meet the recovery objectives - Reliability Pillar

C: Pilot Light. With this strategy, your RPO/RTO are measured in tens of minutes, meaning you could lose some data and experience some downtime of services. With this strategy, you will need to start and scale resources in another region after the disaster, which will take time. REL13-BP02 Use defined recovery strategies to meet the recovery objectives - Reliability Pillar

D: Backup and Restore. This strategy is the slowest of all, and RPO/RTO could be hours. Here, you’ll need to deploy data and infrastructure to the recovery region after a disaster. REL13-BP02 Use defined recovery strategies to meet the recovery objectives - Reliability Pillar

Practice Questions: Answers & Explanations

MODULE 18 – Billing and Pricing

QUESTION 1

  1. Your manager has been pressuring the team to reduce overall spend on EC2 instances and Lambda. Which of the following can help you accomplish this?

A: Reserved Instances

B: EC2 Instance Savings Plan

C: Compute Savings Plan

D: Spot Instances

Explanations:

A: Reserved Instances. Reserved instances can provide savings of up to 70% over On-Demand pricing. This solution makes sense for long-running workloads, such as databases, and can be reserved for 1-3 years. However, this does not address the need to save on Lambda computing so would not be the best answer. Instance purchasing options - Amazon Elastic Compute Cloud

B: EC2 Instance Savings Plan. With a Savings Plan, you commit to a specific dollar amount over a specified period. An EC2 Instance Savings plan specifically would help reduce spend for EC2 computing, but would not help with Lambda. What are Savings Plans? - Savings Plans

C: Compute Savings Plan – CORRECT. With a Savings Plan, you commit to a specific dollar amount over a specified period. The Compute Savings Plan applies to EC2 instances, Lambda and Fargate, so would be the best way to lower all the costs referred to in this question. What are Savings Plans? - Savings Plans

D: With a Spot Instance, you can bid (specify the price you want to pay) on unused EC2 capacity. The primary reason for using Spot is to save money. However, this option does not help with the Lambda computing mentioned in the question. Instance purchasing options - Amazon Elastic Compute Cloud

QUESTION 2

  1. As you start to learn AWS, you want to set up an alert to notify you when your AWS costs go over $20. Which service can you use to do this?

A: CloudTrail

B: AWS Budgets

C: Cost Explorer

D: Cost and Usage Report

Explanations:

A: CloudTrail. CloudTrail captures user activity and API calls on an AWS account, which would include events such as sign-ins from the root account. This would not send alerts based on costs. What Is AWS CloudTrail? - AWS CloudTrail

B: AWS Budgets – CORRECT. AWS Budgets allow you to set a budget and monitor/alert when costs (or forecasted costs) meet a certain threshold. Set Custom Cost and Usage Budgets – AWS Budgets – Amazon Web Services

C: Cost Explorer. AWS Cost Explorer can be used by existing customers to drill into their costs (actual and forecasted) using groupings and filtering. https://aws.amazon.com/aws-cost-management/aws-cost-explorer

D: Cost and Usage Report. The Cost and Usage report allows you to publish reports to an S3 bucket. These reports can break down costs by hour, day or month, and include other information such as services and tags. What are AWS Cost and Usage Reports? - AWS Cost and Usage Reports

QUESTION 3

  1. Why might a company choose to use Consolidated Billing?

A: To receive multiple bills per account

B: To receive volume discount pricing

C: To get access to Cost Explorer

D: To grant group permissions on billing information

Explanations:

A: To receive multiple bills per account. Consolidated Billing enables you to receive a single bill that rolls up costs for multiple accounts. Consolidated billing for AWS Organizations - AWS Billing

B: To receive volume discount pricing – CORRECT. When using AWS Organizations and Consolidated Billing, it’s possible to combine accounts to qualify for discount pricing. For example, if one account doesn’t have enough volume to qualify, you can combine several accounts to qualify. Consolidated billing for AWS Organizations - AWS Billing

C: To get access to Cost Explorer. Cost Explorer is not reliant on AWS Organizations or Consolidated Billing. Cost Explorer is available to all customers. AWS Cost Explorer - Amazon Web Services

D: To grant group permissions on billing information. Permissions are set up and managed using IAM, not the Consolidated Billing feature of AWS Organizations.