Exam questions about EC2 — AWS Solutions Architect Associate Course

Chapter 3: Solved exam questions about the fundamentals of one of the most popular services, AWS EC2

As you already know, some chapters will contain another with the typical exam questions in the AWS Solutions Architect Associate Exam, along with their solutions and explanations. This first chapter will review the usual questions on EC2 and Security Groups.

Typical EC2 Exam Questions for the AWS Solutions Architect Associate Certification.

Remember that all the chapters from the course can be found in the following link:

Complete Course for the AWS Solutions Architect-Associate Certification

QUESTIONS & ANSWERS

Which Amazon EC2 billing option gives you low cost, maximum flexibility, no upfront costs or commitment, and you only pay for what you use?

1. On-Demand Instances.
2. Dedicated Host.
3. Reserved Instances.
4. Spot Instances.

Solution: 1. With On-Demand instances, you pay for hours used with no commitment. There are no upfront costs.

Amazon EC2 instances run between 10 am and 6 pm Monday-Thursday in a development environment. Production instances run 24/7. Which pricing models should be used? (Select TWO)

1. Use Spot instances for the development environment.
2. Use scheduled reserved instances for the development environment.
3. Use Reserved instances for the production environment.
4. Use Reserved instances for the development environment.
5. Use On-Demand instances for the production environment.

Solution: 2, 3. Scheduled Reserved Instances allow you to reserve capacity for your Amazon EC2 instances in specific time windows. They are a good choice for workloads that do not run continuously but do run on a regular schedule, so this is ideal for the development environment.

On the other hand, Reserved instances are a good choice for workloads that run continuously. They provide a significant discount (up to 75%) compared to On-Demand instance pricing. This is the best option for the production environment, where instances run 24/7.

You are planning to deploy several EC2 instances in your VPC. You will deploy the EC2 instances across several subnets and multiple AZs. What AWS feature can act as an instance-level firewall to control traffic between your EC2 instances?

1. AWS WAF.
2. Security group.
3. Network ACL.
4. Route table.

Solution: 2. A Security Group in AWS acts like a virtual firewall for your Amazon EC2 instance to control inbound and outbound traffic. They act at the instance level, not the subnet level, controlling inbound and outbound traffic.
The Network ACLs act as a firewall for controlling traffic in and out of a VPC subnet; however, they act at the subnet level.
AWS WAF (Web Application Firewall) helps protect your web applications or APIs against common web exploits, but they don’t act at the instance level either.
You can see how Security Groups work in the following image:

Security Groups block traffic at the instance level.

A solutions architect is designing a web application that consists of a public-facing web tier hosted on Amazon EC2 in public subnets. The database tier consists of Microsoft SQL Server running on Amazon EC2 in a private subnet. Security is a high priority for the company. How should security groups be configured? (Select TWO)

1. Configure the security group for the web tier to allow inbound traffic on port 443 from 0.0.0.0/0.
2. Configure the security group for the web tier to allow outbound traffic on port 443 from 0.0.0.0/0.
3. Configure the security group for the database tier to allow outbound traffic on ports 443 and 1433 to the security group for the web tier.
4. Configure the security group for the database tier to allow inbound traffic on ports 443 and 1433 from the security group for the web tier.
5. Configure the security group for the database tier to allow inbound traffic on port 1433 from the security group for the web tier.

Solution: 1, 5. An inbound rule is required to allow traffic traffic to your web application from anywhere on the internet. Because of that, we should set it to 0.0.0.0/0. We should open port 443 to enable HTTPS.

SQL Server uses port 1433 for communication by default, and you should allow access to this port from your web tier. This should be set to accept traffic only from the security group attached to your web tier to maintain security. With this approach, the Security Group will block access if a user tries to connect directly to the DB from the Internet without going through the EC2 instance. We can see the diagram in the following image:

Security Groups Explanation

How can a systems administrator specify a script run on an EC2 instance during launch?

1. Metadata.
2. User Data.
3. Launch Template.
4. AWS ECS.

Solution: 2. User Data is a feature in AWS EC2 that allows you to run scripts or set configuration details upon instance launch. This can be used to automate certain tasks like installing software, configuring settings, or even starting services when the instance is launched.

EC2 User Data.

A High-Performance Computing (HPC) which requires low network latency and high throughput between nodes, will be deployed in a single AZ. How should the application be deployed for the best inter-node performance?

1. In a partition placement group.
2. In a load balancer placement group.
3. In a spread placement group.
4. In a cluster placement group.

Solution: 4. The cluster placement group is the best choice for High-Performance Computing (HPC) applications that need low network latency and high network throughput, as it groups the instances within a single Availability Zone.

The spread placement group spreads instances across distinct underlying hardware (different networks and power sources) to reduce correlated failures. In contrast, the partition placement group spreads the instances across logical partitions, providing isolation at the infrastructure level. The load balancer placement group doesn’t exist.

The different EC2 Cluster Placement Groups.

If we have to ensure that the Amazon EC2 instances from an application can be launched in another AWS Region in the event of a disaster, what steps should be taken? (Select TWO)

1. Launch instances in the second Region using the S3 API.
2. Create AMIs of the instances and copy them to another Region.
3. Launch instances in the second Region from the AMIs.
4. Copy the snapshots using Amazon S3 cross-region replication.
5. Enable cross-region snapshots for the Amazon EC2 instances.

Solution: 2, 3. AMIs (Amazon Machine Images) are a convenient way to capture the configuration and state of an EC2 instance. By creating AMIs of the instances, you can easily replicate and launch the instances in another region.

More Questions?

• Do you want more than 500 AWS practice questions?
• Access to a real exam simulator to thoroughly prepare for the exam.
• You can download all of the AWS questions on PDF.

All of this and more at FullCertified!

FullCertified | Snowflake, AWS, and Azure Practice Exams

Thanks for Reading!

If you like my work and want to support me…

1. You can follow me on Medium here.
2. Feel free to clap if this post is helpful for you! :)
3. More AWS practice exam questions? Find them at FullCertified.com!