CCNA Reliability and Business Continuity Questions

15 of 240 questions · Page 4/4 · Reliability and Business Continuity · Answers revealed

226
Drag & Dropmedium

Drag and drop the steps to set up an AWS Site-to-Site VPN connection into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order

Why this order

First create and attach the virtual private gateway, then define the customer gateway, then create the VPN connection, configure the on-premises router, and verify the tunnel.

227
MCQmedium

A company runs a web application on EC2 instances behind an Application Load Balancer (ALB) in a single Availability Zone. The application stores session data in an RDS MySQL DB instance. To improve reliability, the company wants to deploy the application across multiple Availability Zones. Which combination of actions should the company take to achieve this? (Choose the correct course of action.)

A.Deploy EC2 instances in a single Availability Zone behind an Application Load Balancer. Enable Multi-AZ for the RDS MySQL DB instance.
B.Deploy EC2 instances in two Availability Zones and place them behind a Network Load Balancer. Keep RDS MySQL as a single-AZ deployment.
C.Deploy EC2 instances in two Availability Zones. Configure an RDS MySQL Read Replica in a second Availability Zone and route read traffic to it.
D.Deploy EC2 instances in two Availability Zones and place them behind an Application Load Balancer. Enable Multi-AZ for the RDS MySQL DB instance.
AnswerD

This provides high availability for both compute and database layers.

Why this answer

Option B is correct because deploying EC2 instances in multiple AZs behind an ALB and using Multi-AZ RDS improves availability and fault tolerance. Option A is wrong because a Network Load Balancer is not required for HTTP traffic. Option C is wrong because RDS replication alone does not distribute application traffic.

Option D is wrong because RDS Read Replicas are for read scaling, not failover.

228
MCQhard

A company runs a critical application on Amazon EC2 instances across multiple Availability Zones. The application stores state data on a shared Amazon EFS file system. The SysOps administrator needs to ensure that the file system remains available if an entire Availability Zone fails. The file system must also provide low-latency access from all instances. Which configuration meets these requirements?

A.Create an EFS file system with the One Zone storage class and mount it from all instances.
B.Create an EFS file system with the Standard storage class, enable replication to another Region, and use DNS failover.
C.Create an EFS file system with the Standard storage class in the same Region, and mount it from all instances using the regional mount target.
D.Create an EFS file system with the Standard storage class, and enable Multi-AZ deployment.
AnswerC

EFS Standard automatically replicates data across multiple AZs in the Region. Mounting via the regional mount target ensures low-latency access from all AZs and availability during an AZ outage.

Why this answer

Option C is correct because the EFS Standard storage class stores data redundantly across multiple Availability Zones (AZs) within a Region, ensuring high availability and durability even if an entire AZ fails. By mounting the file system using the regional mount target (which resolves to the EFS file system's regional DNS name), instances in any AZ can access the file system with low latency, as EFS automatically routes traffic to the most appropriate mount target in the same AZ. This configuration meets both the availability and low-latency requirements without additional replication or failover complexity.

Exam trap

The trap here is that candidates confuse EFS's Standard storage class with RDS's Multi-AZ deployment feature, or incorrectly assume that cross-Region replication is necessary for AZ-level fault tolerance, when in fact EFS's regional storage class already provides Multi-AZ redundancy within a single Region.

How to eliminate wrong answers

Option A is wrong because the One Zone storage class stores data only within a single Availability Zone, so if that AZ fails, the file system becomes unavailable, violating the requirement for continued availability during an AZ failure. Option B is wrong because enabling cross-Region replication does not provide low-latency access from all instances within the same Region; it introduces additional latency for cross-Region data access and requires DNS failover, which is not designed for intra-Region AZ failures and adds unnecessary complexity. Option D is wrong because EFS does not support a 'Multi-AZ deployment' configuration; the term 'Multi-AZ' applies to Amazon RDS, not EFS, and EFS inherently provides Multi-AZ redundancy through the Standard storage class, not through a separate deployment option.

229
MCQeasy

A company has an Auto Scaling group that launches EC2 instances in private subnets. The instances need to download software patches from the internet. Which component must be added to the VPC to allow outbound internet traffic while keeping the instances private?

A.An internet gateway attached to the VPC
B.A VPC peering connection to a VPC with internet access
C.An egress-only internet gateway
D.A NAT gateway in a public subnet
AnswerD

NAT gateway enables outbound internet for private instances.

Why this answer

Option A is correct because a NAT gateway in a public subnet allows instances in private subnets to initiate outbound traffic to the internet. Option B is wrong because internet gateway alone does not allow private instances to reach the internet. Option C is wrong because VPC peering does not provide internet access.

Option D is wrong because an egress-only internet gateway is for IPv6 traffic.

230
Multi-Selectmedium

A company has a production application running on Amazon ECS with Fargate. The application must be highly available across multiple Availability Zones. Which TWO configurations should be implemented?

Select 2 answers
A.Configure the ECS service to run tasks in a single Availability Zone to reduce network latency.
B.Configure the ECS service to run tasks in at least two Availability Zones.
C.Use the awsvpc network mode for the task definition.
D.Place the ECS service behind an Application Load Balancer.
E.Use Fargate Spot capacity providers to reduce costs.
AnswersB, D

Correct: Running tasks in multiple AZs provides fault tolerance.

Why this answer

Options A and C are correct. Using an Application Load Balancer (Option A) distributes traffic across tasks. Running tasks in multiple Availability Zones (Option C) ensures availability if one AZ fails.

Option B (single AZ) is not highly available. Option D (network mode) is not related to AZ distribution. Option E (spot) is not for high availability.

231
Multi-Selecthard

A SysOps administrator is designing a disaster recovery strategy for a production RDS MySQL database. The database must be recoverable within 15 minutes with a Recovery Point Objective (RPO) of less than 5 seconds. Which TWO actions should the administrator take? (Choose two.)

Select 2 answers
A.Create a read replica in the same AWS Region.
B.Enable Multi-AZ deployment for the RDS instance.
C.Create a cross-Region read replica in another AWS Region.
D.Enable automated backups with a retention period of 35 days.
E.Take manual snapshots every hour.
AnswersB, C

Provides low RPO failover within region.

Why this answer

Options B and C are correct. Enabling Multi-AZ provides automatic failover to a standby in a different AZ, and using a cross-Region read replica allows replication to a different region for disaster recovery. Option A is wrong because automated backups have an RPO of up to 5 minutes, not <5 seconds.

Option D is wrong because a single-Region read replica does not protect against regional failure. Option E is wrong because manual snapshots are not automated and have higher RPO.

232
MCQhard

A company runs a production web application on AWS using Auto Scaling groups (ASGs) behind an Application Load Balancer (ALB). The application state is stored in an Amazon RDS for MySQL Multi-AZ DB instance. The application experiences periodic traffic spikes, and the current ASG uses a simple scaling policy based on average CPU utilization. Recently, during a spike, the application became unresponsive for several minutes. The CloudWatch metrics show that the CPU utilization on the RDS instance peaked at 80%, and the DB Connections metric reached the maximum allowed. The read replica lag increased to over 10 seconds during the spike. The web servers are stateless and scale out quickly. The operations team needs to improve the reliability and performance of the application to handle future spikes. Which solution should the team implement?

A.Increase the desired capacity of the ASG and add more read replicas to distribute the database load.
B.Increase the DB instance size to a larger instance class and implement an Amazon ElastiCache cluster to cache frequent database queries.
C.Migrate the database to Amazon DynamoDB with auto scaling and rewrite the application to use a serverless architecture with AWS Lambda.
D.Reduce the maximum connections parameter on the RDS instance to prevent connection exhaustion and modify the application code to reduce the number of database queries.
AnswerB

Larger DB instance provides more CPU and connections. ElastiCache reduces read load on the database by caching results, lowering CPU and connection usage.

Why this answer

Option B is correct because increasing the DB instance size provides more CPU and memory capacity to handle the load, and caching with ElastiCache reduces read load on the database by serving frequent queries from cache. This directly addresses high CPU and connection limits on RDS, and reduces read replica lag. Option A is wrong because increasing ASG size and adding more read replicas may increase database load further due to more connections and replication overhead.

Option C is wrong because switching to DynamoDB and Lambda would require significant application changes and DynamoDB may not be suitable for complex queries. Option D is wrong because reducing MaxConnections on RDS would make the problem worse, and modifying application code to reduce queries is not a quick fix.

233
MCQmedium

A SysOps administrator creates the above IAM policy for a user. The user reports that they cannot delete an object in the bucket 'my-bucket' even though they are using MFA. What is the likely cause?

A.The resource ARN is missing the bucket-level permission.
B.The condition key aws:MultiFactorAuthPresent is incorrectly spelled.
C.The user is not using MFA when making the API call.
D.The policy does not include s3:DeleteObjectVersion.
AnswerC

The condition requires MFA to be present; if the user is not using an MFA device, the request is denied.

Why this answer

Option D is correct because the condition requires MFA, but the user might not be presenting MFA in the API call. Option A is wrong because the policy allows DeleteObject. Option B is wrong because the resource specifies the bucket.

Option C is wrong because the condition is for all actions.

234
Multi-Selectmedium

A company is using AWS CloudFormation to manage infrastructure. They want to ensure that if a stack update fails, the stack automatically rolls back to the last known good state. Which two steps should the company take? (Choose TWO.)

Select 2 answers
A.Define a stack policy that prevents updates to critical resources.
B.Set the 'Rollback on failure' option to 'Yes' in the stack update options.
C.Create a change set before updating the stack and execute it after review.
D.Enable termination protection on the stack.
E.Configure an Amazon SNS topic to send notifications when the stack update fails.
AnswersB, C

This ensures automatic rollback to the previous state if the update fails.

Why this answer

Option B and Option D are correct. Enabling rollback on failure (B) ensures automatic rollback if an update fails. Using a change set (D) allows reviewing changes before applying, reducing the risk of failure.

Option A is wrong because deletion protection prevents accidental deletion, not rollback. Option C is wrong because SNS notifications do not trigger rollback. Option E is wrong because stack policies only protect resources from updates, not rollback.

235
MCQeasy

A company runs a web application on EC2 instances in an Auto Scaling group behind an Application Load Balancer. The application stores session data in an in-memory cache on the EC2 instances. During an instance refresh, users lose their session data. Which action should be taken to improve reliability without major application changes?

A.Use ElastiCache for Memcached with auto-discovery.
B.Move session state to Amazon ElastiCache for Redis.
C.Increase the minimum size of the Auto Scaling group.
D.Enable sticky sessions (session affinity) on the ALB target group.
AnswerB

Externalizing session data to ElastiCache decouples it from EC2 instances, ensuring persistence across instance refreshes.

Why this answer

Option B is correct because ElastiCache provides a managed, external caching layer that preserves session data independently of EC2 instance lifecycle. Option A is incorrect because sticky sessions (session affinity) still lose data when instances are terminated. Option C is incorrect because ElastiCache for Redis is more appropriate than Memcached for session persistence with replication.

Option D is incorrect because increasing instance count does not address session data loss.

236
MCQeasy

A company has an RDS PostgreSQL database with a Multi-AZ deployment. The primary instance fails. What happens to the application connections?

A.The application must reconnect to the same endpoint; it will be redirected to the standby instance.
B.The application will be automatically redirected to a read replica.
C.The administrator must manually change the CNAME to point to the standby.
D.The application must use a new endpoint in a different AWS Region.
AnswerA

RDS updates the DNS to the standby, so the endpoint remains the same.

Why this answer

Option A is correct because RDS automatically fails over to the standby in the other AZ, and the DNS record updates to point to the standby. The application needs to reconnect. Option B is wrong because RDS does not automatically change the AWS Region.

Option C is wrong because the CNAME is automatically updated. Option D is wrong because the endpoint does not change.

237
MCQmedium

A SysOps administrator is designing a disaster recovery plan for a critical application that runs on EC2 instances in a single region. The RTO is 1 hour, and the RPO is 15 minutes. The application data is stored on an Amazon EBS volume. Which approach meets these requirements at the lowest cost?

A.Deploy the application across multiple Availability Zones using an Auto Scaling group and an Application Load Balancer.
B.Use AWS Database Migration Service (DMS) for continuous replication to an EC2 instance in the DR region.
C.Take automated EBS snapshots every 15 minutes and copy them to the DR region. Use a pre-configured Amazon Machine Image (AMI) to launch EC2 instances from the latest snapshot.
D.Use S3 Cross-Region Replication to replicate the EBS volume data to an S3 bucket in the DR region.
AnswerC

EBS snapshots are cost-effective, and copying to another region provides regional resilience. Automation achieves RPO, and pre-staged AMI helps meet RTO.

Why this answer

Option B is correct because EBS Snapshots are incremental and can be copied to another region. Automating snapshot creation every 15 minutes meets the RPO, and restoring from a snapshot in the DR region can be done within an hour if the AMI is pre-staged. Option A is wrong because continuous replication can be expensive and may require additional infrastructure.

Option C is wrong because RTO would likely exceed 1 hour due to full replication time. Option D is wrong because Multi-AZ does not protect against regional failure.

238
MCQeasy

A SysOps administrator needs to ensure that an EC2 instance automatically recovers from an underlying hardware failure. Which configuration should be used?

A.Use AWS Lambda to periodically check instance health and reboot if necessary.
B.Enable termination protection on the instance.
C.Create a CloudWatch alarm on the StatusCheckFailed metric and configure the recovery action.
D.Place the instance in an Auto Scaling group with a minimum size of 1.
AnswerC

The recovery action stops and starts the instance on new hardware, preserving instance ID, IP addresses, and metadata.

Why this answer

Option C is correct because a CloudWatch alarm based on the StatusCheckFailed metric can trigger a recovery action. Option A is wrong because Auto Scaling recovery terminates and replaces the instance, which may change the private IP. Option B is wrong because termination protection only prevents accidental deletion.

Option D is wrong because a Lambda function is unnecessary and more complex.

239
Matchingmedium

Match each AWS backup and disaster recovery service to its feature.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Centralized backup management

Automatic object replication across regions

High availability with standby replica

Read scaling and cross-region disaster recovery

Continuous replication for DR

Why these pairings

These are common backup and DR solutions.

240
MCQeasy

A SysOps administrator needs to ensure that an Amazon S3 bucket can withstand the loss of an entire AWS Availability Zone. What is the SIMPLEST configuration to meet this requirement?

A.Enable cross-region replication to a bucket in another Region.
B.Use S3 Standard storage class.
C.Use S3 One Zone-IA storage class.
D.Enable MFA Delete on the bucket.
AnswerB

S3 Standard automatically replicates data across ≥3 AZs.

Why this answer

Option C is correct because S3 Standard is designed for 99.99% availability and can withstand the loss of two facilities concurrently. Option A is wrong because cross-region replication is for disaster recovery, not just AZ resilience. Option B is wrong because S3 One Zone-IA does not survive AZ loss.

Option D is wrong because MFA Delete is for data protection, not durability.

← PreviousPage 4 of 4 · 240 questions total

Ready to test yourself?

Try a timed practice session using only Reliability and Business Continuity questions.