Correct Answer : Get Lastest Questions and Answer : For any production application that requires fast and consistent I/O performance, we recommend Provisioned IOPS: input/output operations per second storage. Provisioned IOPS storage is a storage option that delivers fast, predictable, and consistent throughput performance. When you create a DB instance, you specify an IOPS rate and storage space allocation.
Amazon RDS provisions that IOPS rate and storage for the lifetime of the DB instance or until you change it. Provisioned IOPS storage is optimized for I/O intensive, online transaction processing (OLTP) workloads that have consistent performance requirements.
Your actual realized IOPS may vary from the value that you specify depending on your database workload, DB instance size, and the page size and channel bandwidth that are available for your DB engine.
Question : When using provisioned IOPS, you will pay for the IOPS even if you do not use them.
Explanation: Because Provisioned IOPS storage reserves resources for your use, you are charged for the resources whether or not you use them in a given month. When you use Provisioned IOPS storage, you are not charged the monthly Amazon RDS I/O charge. If you prefer to pay only for I/O that you consume, a DB instance that uses standard storage may be a better choice
Question : You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours. Which of the following is the best method to quickly and temporarily deny access from the specified IP address block? 1. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block 2. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block 3. Access Mostly Uused Products by 50000+ Subscribers 4. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block
Explanation: As questions is clearly asking blcok the IP addresses, and needs to be denied.
One of the difference between Security Group and ACL is
Security Groups : Supports allow rules only While ACL : Supports allow rules and deny rules
Ans another difference is that Security group : Operates at the instance level (first layer of defense) Network ACL : Operates at the subnet level (second layer of defense)
1. The instance is replace automatically by the ELB. 2. The instance gets terminated automatically by the ELB. 3. Access Mostly Uused Products by 50000+ Subscribers 4. The instance gets quarantined by the ELB for root cause analyis
1. Create an Origin Access Identify (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI. 2. Create an Identity and Access Management (IAM) User for CloudFront and grant access to the objects in your S3 bucket to that IAM user. 3. Access Mostly Uused Products by 50000+ Subscribers