- (Topic 1)
An application is running on multiple Amazon EC2 instances. The company wants to make the application highly available by configuring a load balancer with requests forwarded to the EC2 instances based on URL paths.
Which AWS load balancer will meet these requirements and take the LEAST amount of effort to deploy?
Correct Answer:B
The correct answer is B because Application Load Balancer is an AWS load balancer that will meet the requirements and take the least amount of effort to deploy. Application Load Balancer is a type of Elastic Load Balancing that operates at the application layer (layer 7) of the OSI model and routes requests to targets based on the content of the request. Application Load Balancer supports advanced features, such as path-based routing, host-based routing, and HTTP header-based routing. The other options are incorrect because they are not AWS load balancers that will meet the requirements and take the least amount of effort to deploy. Network Load Balancer is a type of Elastic Load Balancing that operates at the transport layer (layer 4) of the OSI model and routes requests to targets based on the destination IP address and port. Network Load Balancer does not support path-based routing. AWS OpsWorks Load Balancer is not an AWS load balancer, but rather a feature of AWS OpsWorks that enables users to attach an Elastic Load Balancing load balancer to a layer of their stack. Custom Load Balancer on Amazon EC2 is not an AWS load balancer, but rather a user-defined load balancer that runs on an Amazon EC2 instance. Custom Load Balancer on Amazon EC2 requires more effort to deploy and maintain than an AWS load balancer. Reference: Elastic Load Balancing
- (Topic 3)
Which task does AWS perform automatically?
Correct Answer:B
AWS performs some tasks automatically to help you manage and secure your AWS resources. One of these tasks is patching Amazon EC2 instances. AWS provides two options for patching your EC2 instances: managed instances and patch baselines. Managed instances are a group of EC2 instances or on-premises servers that you can manage using AWS Systems Manager. Patch baselines define the patches that AWS Systems Manager applies to your instances. You can use AWS Systems Manager to automate the process of patching your instances based on a schedule or a maintenance window.
- (Topic 3)
According to security best practices, how should an Amazon EC2 instance be given access to an Amazon S3 bucket?
Correct Answer:C
According to security best practices, the best way to give an Amazon EC2 instance access to an Amazon S3 bucket is to have the EC2 instance assume a role to obtain the privileges to upload the file. A role is an AWS Identity and Access Management (IAM) entity that defines a set of permissions for making AWS service requests. You can use roles to delegate access to users, applications, or services that don’t normally have access to your AWS resources. For example, you can create a role that allows EC2 instances to access S3 buckets, and then attach the role to the EC2 instance. This way, the EC2 instance can assume the role and obtain temporary security credentials to access the S3 bucket. This method is more secure and scalable than storing or hardcoding IAM user credentials on the EC2 instance, as it avoids the risk of exposing or compromising the credentials. It also allows you to manage the permissions centrally and dynamically, and to audit the access using AWS CloudTrail. For more information on how to create and use roles for EC2 instances, see Using an IAM role to grant permissions to applications running on Amazon EC2 instances1
The other options are not recommended for security reasons. Hardcoding or storing IAM user credentials on the EC2 instance is a bad practice, as it exposes the credentials to potential attackers or unauthorized users who can access the instance or the application code. It also makes it difficult to rotate or revoke the credentials, and to track the usage of the credentials. Modifying the S3 bucket policy to allow any service to upload to it at any time is also a bad practice, as it opens the bucket to potential data breaches, data loss, or data corruption. It also violates the principle of least privilege, which states that you should grant only the minimum permissions necessary for a task.
References: Using an IAM role to grant permissions to applications running on Amazon EC2 instances
- (Topic 3)
A company has created an AWS Cost and Usage Report and wants to visualize the report. Which AWS service should the company use to ingest and display this information?
Correct Answer:A
Amazon QuickSight is an AWS service that provides business intelligence and data visualization capabilities. Amazon QuickSight enables you to ingest, analyze, and display data from various sources, such as AWS Cost and Usage Reports, Amazon S3, Amazon Athena, Amazon Redshift, and Amazon RDS. You can use Amazon QuickSight to create interactive dashboards and charts that show insights and trends from your data. You can also share your dashboards and charts with other users or embed them into your applications.
- (Topic 3)
An ecommerce company wants to provide relevant product recommendations to its customers. The recommendations will include products that are frequently purchased with other products that the customer already purchased. The recommendations also will include products of a specific color and products from the customer’s favorite brand.
Which AWS service or feature should the company use to meet these requirements with the LEAST development effort?
Correct Answer:C
Amazon Personalize is a service that provides real-time personalized recommendations based on the user’s behavior, preferences, and context. It can also incorporate metadata such as product color and brand to generate more relevant recommendations. Amazon Comprehend is a natural language processing (NLP) service that can analyze text for entities, sentiments, topics, and more. Amazon Forecast is a service that provides accurate time-series forecasting based on machine learning. Amazon SageMaker Studio is a web-based integrated development environment (IDE) for machine learning.
- (Topic 3)
A company is looking for a managed machine learning (ML) service that can recommend products based on a customer's previous behaviors.
Which AWS service meets this requirement?
Correct Answer:A
The AWS service that meets the requirement of providing a managed machine learning (ML) service that can recommend products based on a customer’s previous behaviors is Amazon Personalize. Amazon Personalize is a fully managed service that enables developers to create personalized recommendations for customers using their own data. Amazon Personalize can automatically process and examine the data, identify what is meaningful, select the right algorithms, and train and optimize a personalized recommendation model2. Amazon SageMaker, Amazon Pinpoint, and Amazon Comprehend are other AWS services related to machine learning, but they do not provide the specific functionality of product recommendation.