My studies for the AWS Certified Solutions Architect Exam began in the natural starting place, the sample exam questions provided by AWS. AWS does not answer the questions and though I knew the answer to most or could make a reasonable guess on others I found myself researching a couple of subjects. Since I cannot give any specifics on questions I saw on the exam, I thought I would answer the sample questions.
AWS Sample Exam Questions:The 7 sample exam questions can be found at: http://awstrainingandcertification.s3.amazonaws.com/production/AWS_certified_solutions_architect_associate_examsample.pdf
** Note that these questions published by AWS. I am providing answers based on my knowledge and experience but these are unofficial and not supported by AWS. **
- Amazon Glacier is designed for (Choose 2 answers)
- Answer(s): B - infrequently accessed data, C - data archives.
- Explanation: Glacier is an archival storage service. You are charged every-time you access data over the free tier threshold. When you put data in Glacier you want to have a reasonable expectation that you will at most need to recover a small portion at most per-month unless there is a disaster/emergency scenario.
- Other Choices: The other choices suggest scenarios where data access is required much more frequently than the ideal Glacier use case.
- Answer(s): C - The ELB stops sending traffic to the instance that failed its health check.
- Explanation: ELBs are deigned to dynamically forward traffic to the eth0 interface of some set of ec2 instances in one or more availability zones of a single region. When monitoring is setup, the ELB will see that the instance is not responding and stop sending traffic to the failed instance.
- Other Choices: The other choices suggest that an ELB will take unsupported or inaccurate actions against your instances or actions that are capabilities of other services, specifically Auto Scaling.
- Answer(s): A - Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI.
- Explanation: CloudFront is a CDN capability that distributes S3 objects geographically. An OAI is sort of like a service account for a CloudFront distribution. Using an OAI you can restrict access to S3 content effectively preventing direct access to content in S3 but still allowing CloudFront access to distribute that data.
- Other Choices: The other choices either refer to actions that do not make sense in the context of the question.
- Answer(s): B - All data on instance-store devices will be lost, E - The underlying host for the instance is changed
- Explanation: It is important in this question to note that the instance is in a VPC to rule out other answers. Any instance storage device is only persisted during the running life of the instance because instance storage is physically attached to the host rather than SAN storage like EBS. Now part of the reason that instance storage only persists while an instance is powered on is because the host could/always changes when the instance is started. Remember that instance resources are very loosely coupled with other resources. When you start an instance, it gets a resource reservation on a carefully chosen, presumably with some complex algorithm, available host.
- Other Choices: The other choices either refer to behaviors of instances not in a VPC, are outright incorrect or do not make sense in the context of the question. Reference the AWS article for behaviors when stopping or starting an instance. http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Stop_Start.html.
- Answer(s): D - hypervisor visible metrics such as CPU utilization
- Explanation: A responsibility boundary exists between the hypervisor and guest operating system. AWS does not have access to the guest operating system and therefore cannot see anything that is not visible to the hypervisor. Such information would be resource demands of the guest operating system that the hypervisor must service like, CPU usage. Refer back to the shared responsibility model discussed in the AWS Security Whitepaper.
- Other Choices: The other choices refer to data that would not be visible to the hypervisor and that would not be visible within CloudWatch unless published by the instance owner. See publishing custom metrics.
- Answer(s): B - Decommissioning of storage devices using industry-standard practices
- Explanation: The key to this question is understanding the shared responsibility boundary between AWS and its customers as well as the specific statement "operational process". Again, we need to refer to the AWS Security Whitepaper. As a standard practice, AWS shreds all physical disks after magnetically wiping them as part of their decommissioning process.
- Other Choices: The other options refer to processes or practices that cross the responsibility boundary or that simply do not make sense in the context of the question or AWS operations.
- Answer(s): A - enable S3 versioning on the bucket
- Explanation: By enabling versioning, you ensure that if accidentally or otherwise overwritten any previous object version is persisted as a previous version. In addition, you protect against complete loss from accidental deletion.
- Other Choices: The other choices, though referring to valid S3 bucket features, would not provide any protection against deletion or overwriting.