You are currently viewing aws linkedin assessment answers
aws linkedin assessment answers_theanswershome

aws linkedin assessment answers

1. What is the best EC2 instance class for a server that continuously has a heavy CPU load?

  • R5
  • C5
  • T2
  • H1

2. A new developer has been added to the team and you have been asked to provide access to the organization's AWS account. What is the best practice for granting access?

  • Give the new developer the IAM login that is assigned to the development team. This IAM user should already include all of the policies that a developer would need.
  • Create a AM user for the new developer. Manually assign policies to the new IAM user account.
  • Do not give the new developer access to the AWS console. Using the IAM user that is assigned to the development group, generate a new set of access keys and label these with the name of the developer.
  • Create a AM user for the new developer. Assign the new developer to a developer group you already created for the other developers.

3. You have several on-premise servers and would like to store your offsite backups on AWS. What fully managed backup service can you use to ship our backups to AWS?

  • Use the RDS console to force a reboot of the database instance so that the primary server becomes the master server again.
  • Use Storage Gateway.
  • Windows Server 2016 supports S3 as a target when using storage replicas.
  • Sync files directly to S3 with the AWS CLI.

4. When creating a trigger from a DynamoDB table to a Lambda function which DynamoDB permission(s) does the Lambda role require?

  • Describe Stream, ListStream
  • all of these answers
  • GetRecords, ListStream
  • GetRecords, GetSharedlterator

5. You created a VPC that has a public subnet and a private subnet. A web server was placed in the public subnet and a database server was placed in the private subnet. The web server is able to connect to the database server; however, the database server at is unable to get software updates. What is the cause of this issue?

  • There is no NAT gateway for the private subnet, so the database server has no routes that give it public internet access to download software updates.
  • There is no egress-only internet gateway attached to the private subnet of the VPC.
  • The router is not configured properly on the VPC. Add a route to route table for the VPC that routes all traffic for to the ID of the internet gateway.
  • The database server needs to be assigned a public address from the pool, or assigned an Elastic IP similar to the instance

6. After installing AWS Amplify's CLI, what command allows the user to connect an AWS account with the local install?

  • amplify admin
  • amplify configure
  • amplify connect
  • amplify init

7. When sending a large volume of email through SES, what is the most important set of metrics to monitor?

  • opens and clicks
  • clicks and deliveries
  • sending volume over the past 15 minutes and over one day to watch for billing spikes
  • your complaint and bounce rates

8. You have a fleet of loT devices that send telemetry to a server-side application provided by your loT vendor for decoding a proprietary messaging format. The devices are provisioned to send telemetry reports to your server via UDP on port 6339. What is the best way to scale this server as more loT devices are added to your fleet?

  • Use Route 53 with HTTP health checks. Create an application on the server to report the readiness status of the vendor-provided server software to Route 53 via HTTP.
  • Use Route 53 with UDP health checks. As you scale up, Route 53 will route the traffic to the new servers if they pass the health checks.
  • Use a Network Load Balancer to distribute the traffic across your servers. Use UP health checks to determine if the server is available to receive traffic.
  • Use Application Load Balancer to distribute the traffic across your servers.

9. You have enabled Multi-Factor Authentication (MFA) for our AWS root account and you lost your MFA device. What do you need to do to recover access to your account?

  • An email will be sent to the email address on file. After clicking on the link in your email, provide one of the MFA recovery codes that were created when MFA was enabled.
  • Use the AWS CLI with the root account access token to disable MFA on the root account. Then use the CLI to set a new password on the root account.
  • An email will be sent to the email address on file to verify ownership of the account. You will then need to provide the phone number on the account.
  • You cannot recover access to your AWS root account. Contact AWS support.

10. You have four front-end web servers behind a load balancer, which use NFS to access another EC2 instance that resizes and stores images for the front-end application. What security group policies should be assigned to these servers?

  • Create a security group that allows inbound NFS, HTTP, and HTTPS traffic from all IP addresses. Apply this group to all of the servers.
  • Front-end web servers should allow HTTPS. Assign another group to all of the instances that allows all traffic to pass between instances using that group.
  • Create a security group that allows inbound HTTP and HTTPS traffic from all IP addresses and apply this to the web servers. Create a second security group for the NFS filestore that allows outbound NFS traffic to the private IP range of the front-end web servers.
  • Assign Elastic IPs to all of the instances and create a group that allows all traffic to pass between each of the five Elastic IP addresses and allow all inbound HTTPS traffic.

11. How do you connect via SSH to a Linux EC2 instance with an EBS volume if you lost your key pair?

  • Contact AWS support. A support specialist can remotely restore access to your instance and send you a new key pair.
  • Stop the instance and create an AM image. Launch the image using a new key pair.
  • You can not connect to this EC2 instance. The key pair is displayed only one time. If you lose it, you have lost all access to this instance. Connect the EBS volume to another instance to recover your files.
  • Attach the EBS volume to a temporary instance launched with a new key pair, and overwrite ~/.ssh/authorized keys using the same file from the new instance.

12. How do you assign an Elastic IP to several EC2 instances?

  • An Elastic IP cannot be assigned to multiple EC2 instances. It can only be associated to a single EC2 instance.
  • In the VPC dashboard, click Elastic IPs. Select the Elastic IP and click Associate Address. Select each EC2 instance you wish to assign this address to.
  • Use the AWS CLI and pass in several ‘_-instance-id’ options to the aws ec2 associate-address command.
  • In the EC2 dashboard, click on EC2 instance. Under Actions, select Networking > Manage IP Addresses. Click to add a new IP address and type in the address of the Elastic IP. Repeat this process for each EC2 instance you want to assign this Elastic IP to.

13. What happens to a SQL Server RDS instance if the databases increase in size and go over the allocated space?

  • SQL Server will close all existing connections to the databases and attempt to shrink its log files to reclaim storage space.
  • The database instance will report a STORAGE_FULL status and could become inaccessible if the instance does not have enough remaining storage to operate. Allocate more space to the instance
  • RDS will automatically increase the allocated space by 5% and will continue to allocate new space up to 50% of the original allocated space. When storage space has increased 50%, RDS will automatically stop the instance to preserve data integrity.
  • RDS will automatically increase the allocated space by 10% and will send the AWS root account an email with resolution steps. Allocate more space to avoid overage charges.

14. You have an analytics suite that produces reports about the usage patterns of your web application. After completing your migration to AWS and using Application Load Balancer to balance the load across your web application, your marketing department noticed that location-based reports on the web traffic only show traffic originating from a single location. What is the problem?

  • Application Load Balancer has to be configured to retain the source IP address of the traffic it is forwarding. Create a policy that enables ProxyProtocol support and attach it to the ALB using the AWS CLI.
  • Use a Classic Load Balancer, not Application Load Balancer.
  • Application Load Balancer does not preserve the original source IP address. The analytics software needs to be configured to look at the ‘X-Forwarded-For’ HTTP request header for the correct source IP address.
  • Configure the web server EC2 instances to only have private IP addresses. The public IP addresses of the instances are being recorded into the web server logs, but only ALB should have a public interface and it will route traffic to the instances via the private interface.

15. What is the best practice for creating a highly available PostgreSQL database in RDS that can sustain the loss of a single AWS region?

  • Create Read Replicas in other AWS regions. You can designate a new master database from any of the read replicas until the regional failure is resolved.
  • PostgreSQL cannot be replicated across regions. Restore the database backups from an S3 bucket and repoint your database connections to the new instance.
  • Create Read Replicas in other AWS regions. Ensure read operations against the database occur on an available Read Replica, and send write operations to another region if you need to promote a Read Replica to a standalone database if the master is down.
  • Verify that your instance is configured for Multi-AZ support. Database changes will be automatically synced to another region in the event of a failure and RDS will automatically select a new master until the regional failure is resolved.

Leave a Reply