Drag and drop the steps to set up an AWS Site-to-Site VPN connection into the correct order.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
15 of 240 questions · Page 4/4 · Soa Reliability Bc topic · Answers revealed
Drag and drop the steps to set up an AWS Site-to-Site VPN connection into the correct order.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
A company runs a web application on EC2 instances behind an Application Load Balancer (ALB) in a single Availability Zone. The application stores session data in an RDS MySQL DB instance. To improve reliability, the company wants to deploy the application across multiple Availability Zones. Which combination of actions should the company take to achieve this? (Choose the correct course of action.)
This provides high availability for both compute and database layers.
Why this answer
Option B is correct because deploying EC2 instances in multiple AZs behind an ALB and using Multi-AZ RDS improves availability and fault tolerance. Option A is wrong because a Network Load Balancer is not required for HTTP traffic. Option C is wrong because RDS replication alone does not distribute application traffic.
Option D is wrong because RDS Read Replicas are for read scaling, not failover.
A company runs a critical application on Amazon EC2 instances across multiple Availability Zones. The application stores state data on a shared Amazon EFS file system. The SysOps administrator needs to ensure that the file system remains available if an entire Availability Zone fails. The file system must also provide low-latency access from all instances. Which configuration meets these requirements?
EFS Standard automatically replicates data across multiple AZs in the Region. Mounting via the regional mount target ensures low-latency access from all AZs and availability during an AZ outage.
Why this answer
Option C is correct because the EFS Standard storage class stores data redundantly across multiple Availability Zones (AZs) within a Region, ensuring high availability and durability even if an entire AZ fails. By mounting the file system using the regional mount target (which resolves to the EFS file system's regional DNS name), instances in any AZ can access the file system with low latency, as EFS automatically routes traffic to the most appropriate mount target in the same AZ. This configuration meets both the availability and low-latency requirements without additional replication or failover complexity.
Exam trap
The trap here is that candidates confuse EFS's Standard storage class with RDS's Multi-AZ deployment feature, or incorrectly assume that cross-Region replication is necessary for AZ-level fault tolerance, when in fact EFS's regional storage class already provides Multi-AZ redundancy within a single Region.
How to eliminate wrong answers
Option A is wrong because the One Zone storage class stores data only within a single Availability Zone, so if that AZ fails, the file system becomes unavailable, violating the requirement for continued availability during an AZ failure. Option B is wrong because enabling cross-Region replication does not provide low-latency access from all instances within the same Region; it introduces additional latency for cross-Region data access and requires DNS failover, which is not designed for intra-Region AZ failures and adds unnecessary complexity. Option D is wrong because EFS does not support a 'Multi-AZ deployment' configuration; the term 'Multi-AZ' applies to Amazon RDS, not EFS, and EFS inherently provides Multi-AZ redundancy through the Standard storage class, not through a separate deployment option.
A company has an Auto Scaling group that launches EC2 instances in private subnets. The instances need to download software patches from the internet. Which component must be added to the VPC to allow outbound internet traffic while keeping the instances private?
Why this answer
Option A is correct because a NAT gateway in a public subnet allows instances in private subnets to initiate outbound traffic to the internet. Option B is wrong because internet gateway alone does not allow private instances to reach the internet. Option C is wrong because VPC peering does not provide internet access.
Option D is wrong because an egress-only internet gateway is for IPv6 traffic.
A company has a production application running on Amazon ECS with Fargate. The application must be highly available across multiple Availability Zones. Which TWO configurations should be implemented?
Correct: Running tasks in multiple AZs provides fault tolerance.
Why this answer
Options A and C are correct. Using an Application Load Balancer (Option A) distributes traffic across tasks. Running tasks in multiple Availability Zones (Option C) ensures availability if one AZ fails.
Option B (single AZ) is not highly available. Option D (network mode) is not related to AZ distribution. Option E (spot) is not for high availability.
A SysOps administrator is designing a disaster recovery strategy for a production RDS MySQL database. The database must be recoverable within 15 minutes with a Recovery Point Objective (RPO) of less than 5 seconds. Which TWO actions should the administrator take? (Choose two.)
Provides low RPO failover within region.
Why this answer
Options B and C are correct. Enabling Multi-AZ provides automatic failover to a standby in a different AZ, and using a cross-Region read replica allows replication to a different region for disaster recovery. Option A is wrong because automated backups have an RPO of up to 5 minutes, not <5 seconds.
Option D is wrong because a single-Region read replica does not protect against regional failure. Option E is wrong because manual snapshots are not automated and have higher RPO.
A company runs a production web application on AWS using Auto Scaling groups (ASGs) behind an Application Load Balancer (ALB). The application state is stored in an Amazon RDS for MySQL Multi-AZ DB instance. The application experiences periodic traffic spikes, and the current ASG uses a simple scaling policy based on average CPU utilization. Recently, during a spike, the application became unresponsive for several minutes. The CloudWatch metrics show that the CPU utilization on the RDS instance peaked at 80%, and the DB Connections metric reached the maximum allowed. The read replica lag increased to over 10 seconds during the spike. The web servers are stateless and scale out quickly. The operations team needs to improve the reliability and performance of the application to handle future spikes. Which solution should the team implement?
Larger DB instance provides more CPU and connections. ElastiCache reduces read load on the database by caching results, lowering CPU and connection usage.
Why this answer
Option B is correct because increasing the DB instance size provides more CPU and memory capacity to handle the load, and caching with ElastiCache reduces read load on the database by serving frequent queries from cache. This directly addresses high CPU and connection limits on RDS, and reduces read replica lag. Option A is wrong because increasing ASG size and adding more read replicas may increase database load further due to more connections and replication overhead.
Option C is wrong because switching to DynamoDB and Lambda would require significant application changes and DynamoDB may not be suitable for complex queries. Option D is wrong because reducing MaxConnections on RDS would make the problem worse, and modifying application code to reduce queries is not a quick fix.
A SysOps administrator creates the above IAM policy for a user. The user reports that they cannot delete an object in the bucket 'my-bucket' even though they are using MFA. What is the likely cause?
The condition requires MFA to be present; if the user is not using an MFA device, the request is denied.
Why this answer
Option D is correct because the condition requires MFA, but the user might not be presenting MFA in the API call. Option A is wrong because the policy allows DeleteObject. Option B is wrong because the resource specifies the bucket.
Option C is wrong because the condition is for all actions.
A company is using AWS CloudFormation to manage infrastructure. They want to ensure that if a stack update fails, the stack automatically rolls back to the last known good state. Which two steps should the company take? (Choose TWO.)
This ensures automatic rollback to the previous state if the update fails.
Why this answer
Option B and Option D are correct. Enabling rollback on failure (B) ensures automatic rollback if an update fails. Using a change set (D) allows reviewing changes before applying, reducing the risk of failure.
Option A is wrong because deletion protection prevents accidental deletion, not rollback. Option C is wrong because SNS notifications do not trigger rollback. Option E is wrong because stack policies only protect resources from updates, not rollback.
A company runs a web application on EC2 instances in an Auto Scaling group behind an Application Load Balancer. The application stores session data in an in-memory cache on the EC2 instances. During an instance refresh, users lose their session data. Which action should be taken to improve reliability without major application changes?
Externalizing session data to ElastiCache decouples it from EC2 instances, ensuring persistence across instance refreshes.
Why this answer
Option B is correct because ElastiCache provides a managed, external caching layer that preserves session data independently of EC2 instance lifecycle. Option A is incorrect because sticky sessions (session affinity) still lose data when instances are terminated. Option C is incorrect because ElastiCache for Redis is more appropriate than Memcached for session persistence with replication.
Option D is incorrect because increasing instance count does not address session data loss.
A company has an RDS PostgreSQL database with a Multi-AZ deployment. The primary instance fails. What happens to the application connections?
RDS updates the DNS to the standby, so the endpoint remains the same.
Why this answer
Option A is correct because RDS automatically fails over to the standby in the other AZ, and the DNS record updates to point to the standby. The application needs to reconnect. Option B is wrong because RDS does not automatically change the AWS Region.
Option C is wrong because the CNAME is automatically updated. Option D is wrong because the endpoint does not change.
A SysOps administrator is designing a disaster recovery plan for a critical application that runs on EC2 instances in a single region. The RTO is 1 hour, and the RPO is 15 minutes. The application data is stored on an Amazon EBS volume. Which approach meets these requirements at the lowest cost?
EBS snapshots are cost-effective, and copying to another region provides regional resilience. Automation achieves RPO, and pre-staged AMI helps meet RTO.
Why this answer
Option B is correct because EBS Snapshots are incremental and can be copied to another region. Automating snapshot creation every 15 minutes meets the RPO, and restoring from a snapshot in the DR region can be done within an hour if the AMI is pre-staged. Option A is wrong because continuous replication can be expensive and may require additional infrastructure.
Option C is wrong because RTO would likely exceed 1 hour due to full replication time. Option D is wrong because Multi-AZ does not protect against regional failure.
A SysOps administrator needs to ensure that an EC2 instance automatically recovers from an underlying hardware failure. Which configuration should be used?
The recovery action stops and starts the instance on new hardware, preserving instance ID, IP addresses, and metadata.
Why this answer
Option C is correct because a CloudWatch alarm based on the StatusCheckFailed metric can trigger a recovery action. Option A is wrong because Auto Scaling recovery terminates and replaces the instance, which may change the private IP. Option B is wrong because termination protection only prevents accidental deletion.
Option D is wrong because a Lambda function is unnecessary and more complex.
Match each AWS backup and disaster recovery service to its feature.
Drag a concept onto its matching description — or click a concept then click the description.
Centralized backup management
Automatic object replication across regions
High availability with standby replica
Read scaling and cross-region disaster recovery
Continuous replication for DR
Why these pairings
These are common backup and DR solutions.
A SysOps administrator needs to ensure that an Amazon S3 bucket can withstand the loss of an entire AWS Availability Zone. What is the SIMPLEST configuration to meet this requirement?
S3 Standard automatically replicates data across ≥3 AZs.
Why this answer
Option C is correct because S3 Standard is designed for 99.99% availability and can withstand the loss of two facilities concurrently. Option A is wrong because cross-region replication is for disaster recovery, not just AZ resilience. Option B is wrong because S3 One Zone-IA does not survive AZ loss.
Option D is wrong because MFA Delete is for data protection, not durability.
Ready to test yourself?
Try a timed practice session using only Soa Reliability Bc questions.