Question : What is a placement group? 1. A collection of Auto Scaling groups in the same Region 2. Feature that enables EC2 instances to interact with each other via high bandwidth, low latency connections 3. Access Mostly Uused Products by 50000+ Subscribers 4. A collection of authorized Cloud Front edge locations for a distribution
Explanation: A placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gbps network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking.
Question : Your entire AWS infrastructure lives inside of one Amazon VPC You have an infrastructure monitoring application running on an Amazon instance in Availability Zone (AZ) A of the region, and another application instance running in AZ B. The monitoring application needs to make use of ICMP ping to confirm network reachability of the instance hosting the application. Can you configure the security groups for these instances to only allow the ICMP ping to pass from the monitoringinstance to the application instance and nothing else, If so how? 1. No Two instances in two different AZ's can't talk directly to each other via ICMP ping as that protocol is not allowed across subnet (iebroadcast) boundaries 2. Yes Both the monitoring instance and the application instance have to be a part of the same security group, and that security group needs to allow inbound ICMP 3. Access Mostly Uused Products by 50000+ Subscribers application instance's security group needs to allow Inbound ICMP. 4. Yes, Both the monitoring instance's security group and the application instance's security group need to allow both inbound and outbound ICMP ping packets since ICMP is not a connection oriented protocol
Explanation: Ping (ICMP Echo Request and Echo Reply) requests to the router in your VPC is not supported. Ping between Amazon EC2 instances within VPC is supported as long as your operating systems firewalls, VPC security groups and network access control lists permit such traffic.
Your security groups use connection tracking to track information about traffic to and from the instance. Rules are applied based on the connection state of the traffic to determine if the traffic is allowed or denied. This allows security groups to be stateful - responses to inbound traffic are allowed to flow out of the instance regardless of outbound security group rules, and vice versa. For example, if you initiate an ICMP ping command to your instance from your home computer, and your inbound security group rules allow ICMP traffic, information about the connection (including the port information) is tracked. Response traffic from the instance for the ping command is not tracked as new request, but rather as an established connection and is allowed to flow out of the instance, even if your outbound security group rules restrict outbound ICMP traffic.
Only inbound on the app server and outbound on the monitoring server is needed for ICMP.
Question : You have two Elastic Compute Cloud (EC) instances inside a Virtual Private Cloud (VPC) in the same Availability Zone (AZ) but in different subnets.One instance is running a database and the other instance an application that will interface with the database. You want to confirm that they can talk to each other for your application to work properly. Which two things do we need to confirm in the VPC settings so that these EC2 instances can communicate inside the VPC?
Choose 2 answers A. A network ACL that allows communication between the two subnets. B. Both instances are the same instance class and using the same Key-pair. C. That the default route is set to a NAT instance or internet Gateway (IGW) for them to communicate. D. Security groups are set to allow the application host to talk to the database on the right port/protocol.
Explanation: Complete scenerio described at http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Scenario2.html
A - An acl is by default configured for subnets in the same vpc to communicate. However, if it is configured not to, the subnets will not communicate. D - An acl takes care of subnets being able to recognize each other. The security group takes care of the authorization to do it.
B - it is just not it. C - The question does not mention internet. You could be using a VPN to connect.
1. Create an alarm that sends email when an instance exceeds 10 GB of outbound network traffic per day. 2. Create an alarm that sends sms when an instance exceeds 10 GB of outbound network traffic per day. 3. Access Mostly Uused Products by 50000+ Subscribers
1. creates an alarm that will send an email message when your estimated month-to-date charges for Amazon EC2 exceed $50. 2. creates an alarm that will send an email message when your estimated month-to-date charges for Amazon EC2 exceed $50 for consecutive 3 months. 3. Access Mostly Uused Products by 50000+ Subscribers
1. Create an alarm that stops an instance and send a text message (SMS) if outbound traffic exceeds 1 GB per hour. 2. Create an alarm that terminates an instance and send a text message (SMS) if outbound traffic exceeds 1 GB per hour. 3. Access Mostly Uused Products by 50000+ Subscribers
1. Create an alarm that stops an instance when cpu utilization reaches or exceeds 90%, so that application logs can be retrieved for troubleshooting. 2. Create an alarm that stops an instance when memory utilization reaches or exceeds 90%, so that application logs can be retrieved for troubleshooting. 3. Access Mostly Uused Products by 50000+ Subscribers