❎
TutorialsDojo Wrong Answers
  • Points to remember for the exam
  • Jon Bonso (TutorialsDojo) Test Scores
  • Test 1 (70%)
    • Tracking Policies
    • Run an ECS Task When a File is Uploaded to an S3 Bucket using CloudWatch Events
    • Choosing the right Partition Key
    • Choosing the right EBS volume type
    • Throttle API requests for better throughput
    • Optimizing high availability with CloudFront origin failover
    • Storage Gateway vs FSx
    • RDS Read Replicas vs Multi-AZ Deployments
    • RDS Enhanced Monitoring & CloudWatch
    • Lifecycle Policies
    • Redshift enhanced VPC routing
    • Querying external data using Amazon Redshift Spectrum
    • How to Connect Your On-Premises Active Directory to AWS Using AD Connector
    • NAT Gateways
    • EC2 Auto Scaling
    • IAM database authentication for MySQL and PostgreSQL
    • SUMMARY
  • Test 2 (69%)
    • Synchronous & Asynchronous Lambda
    • S3 Static Website Hosting & CloudFront
    • Shard Iterator Expires Unexpectedly
    • Bastion Host Architecture
    • CodeDeploy deployment types
    • Route 53 Geolocation vs Route 53 Geopriximity vs CloudFront geo-restriction
    • VPC IP Addresses
    • SQS Message Retention
    • Routing traffic to a website that is hosted in a S3 bucket
    • Choosing the right EBS volume type
    • EBS Volumes Facts
    • Auto Scaling Group Cooldown Period
    • Monitoring memory and disk metrics for EC2 instances
    • Geoproximity vs Geolocation
    • VPC Endpoints
    • Edge to edge routing
    • Temporary security credentials in IAM
    • Configuring instances in different subnets to communicate to each other
    • SUMMARY
  • Test 3 (66%)
    • S3 Consistency
    • Selling in the Reserved Instance Marketplace
    • DDoS Mitigation
    • Managing Throughput Capacity Automatically with DynamoDB Auto Scaling
    • Kinesis Data Streams
    • S3 Single PUT Limit
    • CloudFormation Resource Attributes
    • Redshift
    • S3 Glacier Provisioned Capcity
    • Launch Configurations
    • Active-active and active-passive failover
    • File Gateway vs Volume Gateway
    • EC2 Instance Store Lifetime
    • RDS Backups for over 35 days
    • Simple Workflow Service (SWF)
    • EC2 Service Limits
    • Restricting Access to S3 Content by using an Origin Access Identity (OAI)
    • NACL Rules
    • Cross-account access to objects that are stored in S3 buckets
    • S3 Encryption
    • SUMMARY
  • Test 4 (82%)
    • Importing an SSL/TLS Certificate
    • S3 Network Costs
    • Step Functions vs SWF
    • EBS Performance vs S3
    • Global Accelerator
    • Provisioned IOPS SSD Volumes
    • SWF
    • RAID 0 vs RAID 1
    • RDS Enhanced Monitoring
    • AWS X-Ray
    • VPC Security Groups
    • Federating users by creating a custom identity broker application
    • SUMMARY
  • Test 5 (72%)
    • AWS Storage Gateway Hardware Appliance
    • General Purpose SSD volumes (gp2)
    • SQS short and long polling
    • EFA vs ENA vs ENI vs ParallelCluster
    • Auto Scaling lifecycle hooks
    • High availability for Aurora
    • Redshift vs Aurora
    • CloudFormation Outputs
    • Setting Up Route 53 Zone Apex Support with a Load Balancer
    • What is encrypted in EBS?
    • Systems Manager Run Command
    • Establish a connection to your EC2 instance
    • IAM
    • Amazon WorkSpaces
    • Usability of EBS Volumes while Snapshots are being created
    • Access logs for your ELBs
    • API Gateway HTTPS Endpoint
    • "Server refused our key" error
    • SUMMARY
  • Test 6 (78%)
    • Managing how long content stays in the cache (expiration)
    • Troubleshooting instance launch issues
    • Enhanced networking on Linux Instances
    • Best practices for working with MySQL storage engines
    • Replication with Aurora
    • Using Lambda with Kinesis
    • Inter-Region VPC Peering
    • Multi-AZ Cost Optimization
    • RDS Multi-AZ Deployments
    • RDS encryption in-transit (SSL)
    • Require that objects grant the bucket owner full control
    • Identity Federation
    • Enabling internet access in a VPC
    • Endpoint groups for standard accelerators in Global Accelerator
    • SUMMARY
  • Final Test
    • SQS FIFO + SWF
    • Bastion Host Login
    • Redshift Cross-Region Snapshots
    • Default VPC vs Non-default VPC DNS
    • Customer Gateway
    • Bucket owner granting cross-account bucket permissions
Powered by GitBook
On this page

Was this helpful?

  1. Test 6 (78%)

SUMMARY

  • Cache-Control max-age lets you specify how long (in seconds) that you want an object to remain in the cache before CloudFront gets the object again from the origin serve.

  • If you get anInsufficient instance capacityerror, try submitting a new request for instance after a few minutes.

  • Enhanced networking provides many features, such as: higher bandwidth, higher packet per second (PPS) performance, and consistently lower inter-instance latencies.

  • Use InnoDB as the storage engine for your MySQL database and also partition your large tables so that file sizes are under the 16 TiB limit.

  • Aurora Replicas = Milliseconds Asynchronous Replication.

  • RDS Read Replicas = Seconds Asynchronous Replication.

  • Kinesis Data Streams = Can set a Lambda function as a destination.

  • Kinesis Data Firehose = Cannot set a Lambda function as a destination.

  • You can do VPC Peering across AWS regions.

  • To optimize costs, you should use Multi-AZ only for very important tiers, for example not development or test.

  • If you want to force SSL, use the rds.force_ssl parameter and you can also download the RDS Root CA certificate and import the certificate to your servers and configure your application to use SSL to encrypt the connection to RDS.

  • There are several ways of identity federation in AWS:

    • Web identity federation - Google, Facebook or any other OpenID Connect (OIDC)-compatible IdP.

    • Cognito - Preferred way of web identity federation because it does a lot of the work for you.

    • Custom identity broker - When you manually set it up because your identity store is not compatible with SAML 2.0.

    • SAML 2.0 - An open federation standard that allows an identity provider (IdP) to authenticate users and pass identity and security information about them to a service provider (SP).

    • Active Directory Federation Services (AD FS) - It authenticates the user against Active Directory and temporary credentials are returned using STS AssumeRoleWithSAML.

  • To enable internet access in a VPC, you need to create an internet gateway (IG) and attach it to your VPC. Then add a route to the route table that directs internet-bound traffic to the internet gateway.

  • An endpoint group routes requests to one or more registered endpoints in Global Accelerator.

PreviousEndpoint groups for standard accelerators in Global AcceleratorNextSQS FIFO + SWF

Last updated 4 years ago

Was this helpful?