Question : You are tasked with the migration of a highly trafficked Node JS application to AWS. In order to comply with organizational standards. Chef recipes must be used to configure the application servers that host this application and to support application lifecycle events. Which deployment option meets these requirements while minimizing administrative burden? 1. Create a new stack within Opsworks add the appropriate layers to the stack and deploy the application 2. Create a new application within Elastic Beanstalk and deploy this application to a new environment 3. Access Mostly Uused Products by 50000+ Subscribers 4. Launch and configure Chef Server on an EC2 instance and leverage the AWS CLI to launch application servers and configure those instances using Chef.
Explanation: The stack is the top-level AWS OpsWorks entity. It represents a set of instances that you want to manage collectively, typically because they have a common purpose such as serving PHP applications. In addition to serving as a container, a stack handles tasks that apply to the group of instances as a whole, such as managing applications and cookbooks.
For example, a stack whose purpose is to serve web applications might look something like the following:
A set of application server instances, each of which handles a portion of the incoming traffic. A load balancer instance, which takes incoming traffic and distributes it across the application servers. A database instance, which serves as a back-end data store for the application servers. A common practice is to have multiple stacks that represent different environments. A typical set of stacks consists of:
A development stack to be used by developers to add features, fix bugs, and perform other development and maintenance tasks. A staging stack to verify updates or fixes before exposing them publicly. A production stack, which is the public-facing version that handles incoming requests from users. OpsWorks heavily leverages Chef, much more so than Elastic Beanstalk which would be more aligned with tools like Python, .Net, Node JS, etc.
Question : You have been asked to automate many routine systems administrator backup and recovery activities Your current plan is to leverage AWS-managed solutions as much as possible and automate the rest with the AWS CU and scripts. Which task would be best accomplished with a script? 1. Creating daily EBS snapshots with a monthly rotation of snapshots 2. Creating daily RDS snapshots with a monthly rotation of snapshots 3. Access Mostly Uused Products by 50000+ Subscribers 4. Automatically add Auto Scaled EC2 instances to an Amazon Elastic Load Balancer
Explanation: since the question asks "Which task would be best accomplished with a script?". RDS automated backups are turned on by default, so you don't need a script for that. There is nothing built in for EBS snapshots, so that you will definitely need a script.
Question : Your organization's security policy requires that all privileged users either use frequently rotated passwords or one-time access credentials in addition to username/password. Which two of the following options would allow an organization to enforce this policy for AWS users? Choose 2 answers A. Configure multi-factor authentication for privileged IAM users B. Create IAM users for privileged accounts C. Implement identity federation between your organization's Identity provider leveraging the IAM Security Token Service D. Enable the IAM single-use password policy option for privileged users
Explanation: AWS Multi-Factor Authentication (MFA) is a simple best practice that adds an extra layer of protection on top of your user name and password. With MFA enabled, when a user signs in to an AWS website, they will be prompted for their user name and password (the first factor-what they know), as well as for an authentication code from their AWS MFA device (the second factor-what they have). Taken together, these multiple factors provide increased security for your AWS account settings and resources.
You can enable MFA for your AWS account and for individual IAM users you have created under your account. MFA can be also be used to control access to AWS service APIs.
After you've obtained a supported hardware or virtual MFA device, AWS does not charge any additional fees for using MFA. The AWS Security Token Service (AWS STS) enables you to provide trusted users with temporary credentials that provide controlled access to your AWS resources.