AutoScaling Revisited
Basics
- AutoScaling increases or decreases the amount of EC2 instances based on policy
- Helps on scaling when the demand is higher or lower
- Based on
- launch configuration which determines what to launch (AMI configuration)
- groups, which are set of EC2 instances set scale in and out based on policy
- policy what determines when to scale in and out and how much
- Can be used together with ELB health checks
- Can span multiple availability zones within region
- Uses health checks to determine the status of EC2 instance
- Sends data to CloudWatch about the ELB and EC2 instances
Limits
- Maximum amount of launch configurations is 100
- Maximum amount of AutoScaling groups is 20
- Maximum amount of scaling policies per AutoScaling group is 50
Default termination policy
- Policy can be changed if desired
- Availability Zone with most instances is selected first
- EC2 with oldest configuration is deleted first
- Instance closest to the next billing hour is deleted first
- If all of above are satisfied, instance is selected in random
Elastic Load Balancer
Basics
- Amazon service
- Supports following SSL protocols
- TLS 1.0, TLS 1.1, TLS 1.2, SSL 3.0
- Support Server Order Preference
- If the load balancer is configured to support Server Order Preference, then the load balancer selects the first cipher in its list that is in the client's list of ciphers.
- Uses/can use Predefined Security Policies
- Custom Security Policy also possible
- Uses health checks to determine status of EC2 -instances
- InService, OutOfService
- Connection Draining
- Connection draining can help the load balancer to complete the in-flight requests made while keeping the existing connections open, and preventing any new requests being sent to the instances that are de-registering or unhealthy.
- Sticky Sessions
- ELB can be configured to use sticky session feature (also called session affinity) which enables it to bind a user’s session to an instance and ensures all requests are sent to the same instance.
- Disabled by default
- Duration based Session stickiness
- Duration-Based Session Stickiness is maintained by ELB using a special cookie created to track the instance for each request to each listener.
- Application-Controlled Session stickiness
- Load balancer uses a special cookie only to associate the session with the instance that handled the initial request, but follows the lifetime of the application cookie specified in the policy configuration.
Limits
- TLS 1.0, TLS 1.1, TLS 1.2, SSL 3.0
- Support Server Order Preference
- If the load balancer is configured to support Server Order Preference, then the load balancer selects the first cipher in its list that is in the client's list of ciphers.
- Custom Security Policy also possible
- InService, OutOfService
- Connection draining can help the load balancer to complete the in-flight requests made while keeping the existing connections open, and preventing any new requests being sent to the instances that are de-registering or unhealthy.
- ELB can be configured to use sticky session feature (also called session affinity) which enables it to bind a user’s session to an instance and ensures all requests are sent to the same instance.
- Disabled by default
- Duration based Session stickiness
- Duration-Based Session Stickiness is maintained by ELB using a special cookie created to track the instance for each request to each listener.
- Application-Controlled Session stickiness
- Load balancer uses a special cookie only to associate the session with the instance that handled the initial request, but follows the lifetime of the application cookie specified in the policy configuration.
- Works within AZ's, not between regions. Use Route53 together with ELB for this.
- Does not support Client-Side SSL certificates
Following topics are exam questions collected through Internet and should be evaluated as so. Answers are mine and have been checked with answers collected through the internet, but might still be wrong.
You have started a new job and are reviewing your company’s infrastructure on AWS. You notice one web application where they have an Elastic Load Balancer (&B) in front of web instances in an Auto Scaling Group. When you check the metrics for the ELB in CloudWatch you see four healthy instances In Availability Zone (AZ) A and zero in AZ B There are zero unhealthy instances. What do you need to fix to balance the instances across AZs?
A. Set the ELB to only be attached to another AZ
B. Make sure Auto Scaling is configured to launch in both AZs
C. Make sure your AMI is available in both AZs
D. Make sure the maximum size of the Auto Scaling Group is greater than 4
Why? http://docs.aws.amazon.com/autoscaling/latest/userguide/AutoScalingGroup.html AutoScaling needs to defined in both all AZ's where you want it to be used.
You have been asked to leverage Amazon VPC EC2 and SQS to implement an application that submits and receives millions of messages per second to a message queue. You want to ensure your application has sufficient bandwidth between your EC2 instances and SQS. Which option will provide the most scalable solution for communicating between the application and SQS?
A. Ensure the application instances are properly configured with an Elastic Load Balancer
B. Ensure the application instances are launched in private subnets with the EBS-optimized option enabled
C. Ensure the application instances are launched in public subnets with the associate-public-IP address=true option enabled
D. Launch application instances in private subnets with an Auto Scaling group and Auto Scaling triggers configured to watch the SQS queue size
Why? A, B and C options are not scalable and the keyword is "bandwidth between your EC2 instances and SQS", not EBS bandwidth.
Your application currently leverages AWS Auto Scaling to grow and shrink as load increases / decreases and has been performing well. Your marketing team expects a steady ramp up in traffic to follow an upcoming campaign that will result in a 20x growth in traffic over 4 week. Your forecast for the approximate number of Amazon EC2 instances necessary to meet the peak demand is 175. What should you do to avoid potential service disruptions during the ramp up in traffic?
A. Ensure that you have pre-allocated 175 Elastic IP addresses so that each server will be able to obtain one as it launches
B. Check the service limits in Trusted Advisor and adjust as necessary so the forecasted count remains within limits.
C. Change your Auto Scaling configuration to set a desired capacity of 175 prior to the launch of the marketing campaign
D. Pre-warm your Elastic Load Balancer to match the requests per second anticipated during peak demand prior to the marketing campaign
Why? This is tricky, but pre-warming ELB sounds viable solution to this as A and C are ruled out.
You have an Auto Scaling group associated with an Elastic Load Balancer (ELB). You have noticed that instances launched via the Auto Scaling group are being marked unhealthy due to an ELB health check, but these unhealthy instances are not being terminated. What do you need to do to ensure trial instances marked unhealthy by the ELB will be terminated and replaced?
A. Change the thresholds set on the Auto Scaling group health check
B. Add an Elastic Load Balancing health check to your Auto Scaling group
C. Increase the value for the Health check interval set on the Elastic Load Balancer
D. Change the health check set on the Elastic Load Balancer to use TCP rather than HTTP checks
Why? http://docs.aws.amazon.com/autoscaling/latest/userguide/as-add-elb-healthcheck.html
You have a web application leveraging an Elastic Load Balancer (ELB) in front of the web servers deployed using an Auto Scaling Group. Your database is running on Relational Database Service (RDS). The application serves out technical articles and responses to them in general. There are more views of an article than there are responses to the article. On occasion, an article on the site becomes extremely popular resulting in significant traffic increases that causes the site to go down. What could you do to help alleviate the pressure on the infrastructure while maintaining availability during these events? Choose 3 answers
A. Leverage CloudFront for the delivery of the articles.
B. Add RDS read-replicas for the read traffic going to your relational database
C. Leverage ElastiCache for caching the most frequently used data.
D. Use SQS to queue up the requests for the technical posts and deliver them out of the queue.
E. Use Route53 health checks to fail over to an S3 bucket for an error page.
You need to design a VPC for a web-application consisting of an Elastic Load Balancer (ELB), a fleet of web/application servers, and an RDS database. The entire Infrastructure must be distributed over 2 availability zones. Which VPC configuration works while assuring the database is not available from the Internet?
A. One public subnet for ELB, one public subnet for the web-servers, and one private subnet for the database
B. One public subnet for ELB, two private subnets for the web-servers, two private subnets for RDS
C. Two public subnets for ELB, two private subnets for the web-servers and two private subnets for RDS
D. Two public subnets for ELB, two public subnets for the web-servers, and two public subnets for RDS
Why? http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-backend-instances.html "http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-backend-instances.html"
You have a web-style application with a stateless but CPU and memory-intensive web tier running on a c2.8xlarge EC2 instance inside of a VPC. The instance when under load is having problems returning requests within the SLA as defined by your business. The application maintains its state in a DynamoDB table, but the data tier is properly provisioned and responses are consistently fast. How can you best resolve the issue of the application responses not meeting your SLA?
A. Add another c2.8xlarge application instance, and put both behind an Elastic Load Balancer
B. Move the c2.8xlarge to the same Availability Zone as the DynamoDB table
C. Cache the database responses in ElastiCache for more rapid access
D. Move the database from DynamoDB to RDS MySQL in scale-out read-replica configuration
Why? As the questions states "data tier is properly provisioned" hence meaning that all DB related answers (B, C and D) are invalid.
You are designing a system that has a Bastion host. This component needs to be highly available without human intervention. Which of the following approaches would you select?
A. Run the bastion on two instances one in each AZ
B. Run the bastion on an active Instance in one AZ and have an AMI ready to boot up in the event of failure
C. Configure the bastion instance in an Auto Scaling group. Specify the Auto Scaling group to include multiple
AZs but have a min-size of 1 and max-size of 1
D. Configure an ELB in front of the bastion instance
Why? C option works without human intervention.
You run a web application where web servers on EC2 Instances are in an Auto Scaling group. Monitoring over the last 6 months shows that 6 web servers are necessary to handle the minimum load. During the day up to 12 servers are needed. Five to six days per year, the number of web servers required might go up to 15. What would you recommend to minimize costs while being able to provide high availability?
A. 6 Reserved instances (heavy utilization), 6 Reserved instances (medium utilization), rest covered by On-Demand instances
B. 6 Reserved instances (heavy utilization), 6 On-Demand instances, rest covered by Spot Instances
C. 6 Reserved instances (heavy utilization), 6 Spot instances, rest covered by On-Demand instances
D. 6 Reserved instances (heavy utilization), 6 Reserved instances (medium utilization), rest covered by Spot instances
Why? A option is the only option not using Spot Instances needed for HA. Reserving instances lower/minimize your costs.
You have decided to change the Instance type for instances running In your application tier that are using AutoScaling. In which area below would you change the instance type definition?
A. Auto Scaling launch configuration
B. Auto Scaling group
C. Auto Scaling policy
D. Auto Scaling tags
A customer has a web application that uses cookie Based sessions to track logged in users. It is deployed on AWS using ELB and Auto Scaling. The customer observes that when load increases Auto Scaling launches new instances, but the load on the easting Instances does not decrease, causing all existing users to have a sluggish experience. Which two answer choices independently describe a behavior that could be the cause of the sluggish user experience? Choose 2 answers
A. ELB’s normal behavior sends requests from the same user to the same backend instance
B. ELB’s behavior when sticky sessions are enabled causes ELB to send requests in the same session to the same backend instance
C. A faulty browser is not honoring the TTL of the ELB DNS name.
D. The web application uses long polling such as comet or websockets. Thereby keeping a connection open to a web server tor a long time
A user has launched an EC2 instance. The user is planning to setup the CloudWatch alarm. Which of the below mentioned actions is not supported by the CloudWatch alarm?
A. Notify the Auto Scaling launch config to scale up
B. Send an SMS using SNS
C. Notify the Auto Scaling group to scale down
D. Stop the EC2 instance
A user is trying to delete an Auto Scaling group from CLI. Which of the below mentioned steps are to be performed by the user?
A. Terminate the instances with the ec2-terminate-instance command
B. Terminate the Auto Scaling instances with the as-terminate-instance command
C. Set the minimum size and desired capacity to 0
D. There is no need to change the capacity. Run the as-delete-group command and it will reset all values to 0
A user has created a web application with Auto Scaling. The user is regularly monitoring the application and he observed that the traffic is highest on Thursday and Friday between 8 AM to 6 PM. What is the best solution to handle scaling in this case?
A. Add a new instance manually by 8 AM Thursday and terminate the same by 6 PM Friday
B. Schedule Auto Scaling to scale up by 8 AM Thursday and scale down after 6 PM on Friday
C. Schedule a policy which may scale up every day at 8 AM and scales down by 6 PM
D. Configure a batch process to add a instance by 8 AM and remove it by Friday 6 PM
A user is trying to save some cost on the AWS services. Which of the below mentioned options will not help him save cost?
A. Delete the unutilized EBS volumes once the instance is terminated
B. Delete the AutoScaling launch configuration after the instances are terminated
C. Release the Elastic IP if not required once the instance is terminated
D. Delete the AWS ELB after the instances are terminated
A user has configured the Auto Scaling group with the minimum capacity as 3 and the maximum capacity as 5. When the user configures the AS group, how many instances will Auto Scaling launch?
A. 3
B. 0
C. 5
D. 2
An admin is planning to monitor the ELB. Which of the below mentioned services does not help the admin capture the monitoring information about the ELB activity?
A. ELB Access logs
B. ELB health check
C. CloudWatch metrics
D. ELB API calls with CloudTrail
A user has launched 10 instances from the same AMI ID using AutoScaling. The user is trying to see the average CPU utilization across all instances of the last 2 weeks under the CloudWatch console. How can the user achieve this?
A. View the AutoScaling CPU metrics
B. Aggregate the data over the instance AMI ID
C. The user has to use the CloudWatch analyser to find the average data across instances
D. It is not possible to see the average CPU utilization of the same AMI ID since the instance ID is different
Why? http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/GetMetricAutoScalingGroup.html
A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Auto Scaling. Which of the below mentioned statements will help the user understand the functionality better?
A. It is not possible to setup detailed monitoring for Auto Scaling
B. In this case, Auto Scaling will send data every minute and will charge the user extra
C. Detailed monitoring will send data every minute without additional charges
D. Auto Scaling sends data every minute only and does not charge the user
A user wants to disable connection draining on an existing ELB. Which of the below mentioned statements helps the user disable connection draining on the ELB?
A. The user can only disable connection draining from CLI
B. It is not possible to disable the connection draining feature once enabled
C. The user can disable the connection draining feature from EC2 -> ELB console or from CLI
D. The user needs to stop all instances before disabling connection draining
Why? http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-conn-drain.html
A user has created an ELB with three instances. How many security groups will ELB create by default?
A. 3
B. 5
C. 2
D. 1
Why? http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-groups.html "Elastic Load Balancing creates only one such security group per AWS account, with a name of the form default_elb_id (f"
A sys admin is maintaining an application on AWS. The application is installed on EC2 and user has configured ELB and Auto Scaling. Considering future load increase, the user is planning to launch new servers proactively so that they get registered with ELB. How can the user add these instances with Auto Scaling?
A. Increase the desired capacity of the Auto Scaling group
B. Increase the maximum limit of the Auto Scaling group
C. Launch an instance manually and register it with ELB on the fly
D. Decrease the minimum limit of the Auto Scaling group
A user has setup connection draining with ELB to allow in-flight requests to continue while the instance is being deregistered through Auto Scaling. If the user has not specified the draining time, how long will ELB allow inflight requests traffic to continue?
A. 600 seconds
B. 3600 seconds
C. 300 seconds
D. 0 seconds
Why? http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/config-conn-drain.html "The maximum timeout value can be set between 1 and 3,600 seconds (the default is 300 seconds)."
A sys admin has created a shopping cart application and hosted it on EC2. The EC2 instances are running behind ELB. The admin wants to ensure that the end user request will always go to the EC2 instance where the user session has been created. How can the admin configure this?
A. Enable ELB cross zone load balancing
B. Enable ELB cookie setup
C. Enable ELB sticky session
D. Enable ELB connection draining
A user has configured ELB with three instances. The user wants to achieve High Availability as well as redundancy with ELB. Which of the below mentioned AWS services helps the user achieve this for ELB?
A. Route 53
B. AWS Mechanical Turk
C. Auto Scaling
D. AWS EMR
A user has launched an ELB which has 5 instances registered with it. The user deletes the ELB by mistake. What will happen to the instances?
A. ELB will ask the user whether to delete the instances or not
B. Instances will be terminated
C. ELB cannot be deleted if it has running instances registered with it
D. Instances will keep running
A user has created an ELB with the availability zone US-East-1. The user wants to add more zones to ELB to achieve High Availability. How can the user add more zones to the existing ELB?
A. It is not possible to add more zones to the existing ELB
B. The only option is to launch instances in different zones and add to ELB
C. The user should stop the ELB and add zones and instances as required
D. The user can add zones on the fly from the AWS console
A user has configured an Auto Scaling group with ELB. The user has enabled detailed CloudWatch monitoring on Elastic Load balancing. Which of the below mentioned statements will help the user understand this functionality better?
A. ELB sends data to CloudWatch every minute only and does not charge the user
B. ELB will send data every minute and will charge the user extra
C. ELB is not supported by CloudWatch
D. It is not possible to setup detailed monitoring for ELB
A user has configured ELB with two EBS backed EC2 instances. The user is trying to understand the DNS access and IP support for ELB. Which of the below mentioned statements may not help the user understand the IP mechanism supported by ELB?
A. The client can connect over IPV4 or IPV6 using Dualstack. The user can find the data by giving the exact values in the time Tab under CloudWatch metrics
B. ELB DNS supports both IPV4 and IPV6. The user can find the data by filtering values of the last 1 week for a 1 hour period in the Relative tab under CloudWatch metrics
C. Communication between the load balancer and back-end instances is always through IPV4. It is not possible to find the exact time from the console. The user has to use CLI to provide the specific time
D. The ELB supports either IPV4 or IPV6 but not both. The user can find the data by giving the exact values in the Absolute tab under CloudWatch metrics
A user has setup Auto Scaling with ELB on the EC2 instances. The user wants to configure that whenever the CPU utilization is below 10%, Auto Scaling should remove one instance. How can the user configure this?
A. The user can get an email using SNS when the CPU utilization is less than 10%. The user can use the desired capacity of Auto Scaling to remove the instance
B. Use CloudWatch to monitor the data and Auto Scaling to remove the instances using scheduled actions
C. Configure CloudWatch to send a notification to Auto Scaling Launch configuration when the CPU utilization is less than 10% and configure the Auto Scaling policy to remove the instance
D. Configure CloudWatch to send a notification to the Auto Scaling group when the CPU Utilization is less than 10% and configure the Auto Scaling policy to remove the instance
A user has enabled detailed CloudWatch metric monitoring on an Auto Scaling group. Which of the below mentioned metrics will help the user identify the total number of instances in an Auto Scaling group cluding pending, terminating and running instances?
A. GroupTotalInstances
B. GroupSumInstances
C. It is not possible to get a count of all the three metrics together. The user has to find the individual number of running, terminating and pending instances and sum it
D. GroupInstancesCount
A user has configured Elastic Load Balancing by enabling a Secure Socket Layer (SSL) negotiation configuration known as a Security Policy. Which of the below mentioned options is not part of this secure policy while negotiating the SSL connection between the user and the client?
A. SSL Protocols
B. Client Order Preference
C. SSL Ciphers
D. Server Order Preference
A sys admin is trying to understand the Auto Scaling activities. Which of the below mentioned processes is not performed by Auto Scaling?
A. Reboot Instance
B. Schedule Actions
C. Replace Unhealthy
D. Availability Zone Balancing
A user is trying to setup a recurring Auto Scaling process. The user has setup one process to scale up every day at 8 am and scale down at 7 PM. The user is trying to setup another recurring process which scales up on the 1st of every month at 8 AM and scales down the same day at 7 PM. What will Auto Scaling do in this scenario?
A. Auto Scaling will execute both processes but will add just one instance on the 1st
B. Auto Scaling will add two instances on the 1st of the month
C. Auto Scaling will schedule both the processes but execute only one process randomly
D. Auto Scaling will throw an error since there is a conflict in the schedule of two separate Auto Scaling Processes
A user is planning to setup infrastructure on AWS for the Christmas sales. The user is planning to use Auto Scaling based on the schedule for proactive scaling. What advise would you give to the user?
A. It is good to schedule now because if the user forgets later on it will not scale up
B. The scaling should be setup only one week before Christmas
C. Wait till end of November before scheduling the activity
D. It is not advisable to use scheduled based scaling
A user has created an ELB with Auto Scaling. Which of the below mentioned offerings from ELB helps the user to stop sending new requests traffic from the load balancer to the EC2 instance when the instance is being deregistered while continuing in-flight requests?
A. ELB sticky session
B. ELB deregistration check
C. ELB connection draining
D. ELB auto registration Off
A user has configured an SSL listener at ELB as well as on the back-end instances. Which of the below mentioned statements helps the user understand ELB traffic handling with respect to the SSL listener?
A. It is not possible to have the SSL listener both at ELB and back-end instances
B. ELB will modify headers to add requestor details
C. ELB will intercept the request to add the cookie details if sticky session is enabled
D. ELB will not modify the headers
A user has setup an Auto Scaling group. The group has failed to launch a single instance for more than 24 hours. What will happen to Auto Scaling in this condition?
A. Auto Scaling will keep trying to launch the instance for 72 hours
B. Auto Scaling will suspend the scaling process
C. Auto Scaling will start an instance in a separate region
D. The Auto Scaling group will be terminated automatically
An organization has configured Auto Scaling with ELB. One of the instance health check returns the status as Impaired to Auto Scaling. What will Auto Scaling do in this scenario?
A. Perform a health check until cool down before declaring that the instance has failed
B. Terminate the instance and launch a new instance
C. Notify the user using SNS for the failed state
D. Notify ELB to stop sending traffic to the impaired instance
An organization has configured two single availability zones. The Auto Scaling groups are configured in separate zones. The user wants to merge the groups such that one group spans across multiple zones. How can the user configure this?
A. Run the command as-join-auto-scaling-group to join the two groups
B. Run the command as-update-auto-scaling-group to configure one group to span across zones and delete the other group
C. Run the command as-copy-auto-scaling-group to join the two groups
D. Run the command as-merge-auto-scaling-group to merge the groups
A user has configured ELB with two EBS backed instances. The user has stopped the instances for 1 week to save costs. The user restarts the instances after 1 week. Which of the below mentioned statements will help the user to understand the ELB and instance registration better?
A. There is no way to register the stopped instances with ELB
B. The user cannot stop the instances if they are registered with ELB
C. If the instances have the same Elastic IP assigned after reboot they will be registered with ELB
D. The instances will automatically get registered with ELB
A user has hosted an application on EC2 instances. The EC2 instances are configured with ELB and Auto Scaling. The application server session timeout is 2 hours. The user wants to configure connection draining to ensure that all in-flight requests are supported by ELB even though the instance is being deregistered. What time out period should the user specify for connection draining?
A. 5 minutes
B. 1 hour
C. 30 minutes
D. 2 hours
A sys admin has enabled logging on ELB. Which of the below mentioned fields will not be a part of the log file name?
A. Load Balancer IP
B. EC2 instance IP
C. S3 bucket name
D. Random string
Why? http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html#access-log-file-format
A user has enabled session stickiness with ELB. The user does not want ELB to manage the cookie; instead he wants the application to manage the cookie. What will happen when the server instance, which is bound to a cookie, crashes?
A. The response will have a cookie but stickiness will be deleted
B. The session will not be sticky until a new cookie is inserted
C. ELB will throw an error due to cookie unavailability
D. The session will be sticky and ELB will route requests to another server as ELB keeps replicating the cookie
A user has created an Auto Scaling group with default configurations from CLI. The user wants to setup the CloudWatch alarm on the EC2 instances, which are launched by the Auto Scaling group. The user has setup an alarm to monitor the CPU utilization every minute. Which of the below mentioned statements is true?
A. It will fetch the data at every minute but the four data points [corresponding to 4 minutes] will not have value since the EC2 basic monitoring metrics are collected every five minutes
B. It will fetch the data at every minute as detailed monitoring on EC2 will be enabled by the default launch configuration of Auto Scaling
C. The alarm creation will fail since the user has not enabled detailed monitoring on the EC2 instances
D. The user has to first enable detailed monitoring on the EC2 instances to support alarm monitoring at every minute
A user has configured ELB with a TCP listener at ELB as well as on the back-end instances. The user wants to enable a proxy protocol to capture the source and destination IP information in the header. Which of the below mentioned statements helps the user understand a proxy protocol with TCP configuration?
A. If the end user is requesting behind a proxy server then the user should not enable a proxy protocol on ELB
B. ELB does not support a proxy protocol when it is listening on both the load balancer and the back-end instances
C. Whether the end user is requesting from a proxy server or directly, it does not make a difference for the proxy protocol
D. If the end user is requesting behind the proxy then the user should add the “isproxy” flag to the ELB Configuration
A user is trying to setup a security policy for ELB. The user wants ELB to meet the cipher supported by the client by configuring the server order preference in ELB security policy. Which of the below mentioned preconfigured policies supports this feature?
A. ELBSecurity Policy-2014-01
B. ELBSecurity Policy-2011-08
C. ELBDefault Negotiation Policy
D. ELBSample- OpenSSLDefault Cipher Policy
Why? http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-security-policy-table.html --- 2016-08 is the latest
A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AlarmNotification (which notifies Auto Scaling for CloudWatch alarms) process for a while. What will Auto Scaling do during this period?
A. AWS will not receive the alarms from CloudWatch
B. AWS will receive the alarms but will not execute the Auto Scaling policy
C. Auto Scaling will execute the policy but it will not launch the instances until the process is resumed
D. It is not possible to suspend the AlarmNotification process
A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned SSL protocols is not supported by the security policy?
A. TLS 1.3
B. TLS 1.2
C. TLS 1.0
D. SSL 3.0
Why? http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-ssl-security-policy.html
An organization has configured Auto Scaling with ELB. There is a memory issue in the application which is causing CPU utilization to go above 90%. The higher CPU usage triggers an event for Auto Scaling as per the scaling policy. If the user wants to find the root cause inside the application without triggering a scaling activity, how can he achieve this?
A. Stop the scaling process until research is completed
B. It is not possible to find the root cause from that instance without triggering scaling
C. Delete Auto Scaling until research is completed
D. Suspend the scaling process until research is completed
A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling terminate process only for a while. What will happen to the availability zone rebalancing process (AZRebalance. during this period?
A. Auto Scaling will not launch or terminate any instances
B. Auto Scaling will allow the instances to grow more than the maximum size
C. Auto Scaling will keep launching instances till the maximum instance size
D. It is not possible to suspend the terminate process while keeping the launch active
A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. Which of the below mentioned security policies is supported by ELB?
A. Dynamic Security Policy
B. All the other options
C. Predefined Security Policy
D. Default Security Policy
A user has configured an ELB to distribute the traffic among multiple instances. The user instances are facing some issues due to the back-end servers. Which of the below mentioned CloudWatch metrics helps the user understand the issue with the instances?
A. HTTPCode_Backend_3XX
B. HTTPCode_Backend_4XX
C. HTTPCode_Backend_2XX
D. HTTPCode_Backend_5XX
A user has configured ELB with SSL using a security policy for secure negotiation between the client and load balancer. The ELB security policy supports various ciphers. Which of the below mentioned options helps identify the matching cipher at the client side to the ELB cipher list when client is requesting ELB DNS over SSL?
A. Cipher Protocol
B. Client Configuration Preference
C. Server Order Preference
D. Load Balancer Preference
Why? http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-ssl-security-policy.html#server-order-preference "Elastic Load Balancing supports the Server Order Preference option for negotiating connections between a client and a load balancer. During the SSL connection negotiation process, the client and the load balancer present a list of ciphers and protocols that they each support, in order of preference. By default, the first cipher on the client's list that matches any one of the load balancer's ciphers is selected for the SSL connection. If the load balancer is configured to support Server Order Preference, then the load balancer selects the first cipher in its list that is in the client's list of ciphers."
A sys admin is trying to understand the sticky session algorithm. Please select the correct sequence of steps, both when the cookie is present and when it is not, to help the admin understand the implementation of the sticky session:
1. ELB inserts the cookie in the response
2. ELB chooses the instance based on the load balancing algorithm
3. Check the cookie in the service request
4. The cookie is found in the request
5. The cookie is not found in the request
A. 3,1,4,2 [Cookie is not Present] & 3,1,5,2 [Cookie is Present]
B. 3,4,1,2 [Cookie is not Present] & 3,5,1,2 [Cookie is Present]
C. 3,5,2,1 [Cookie is not Present] & 3,4,2,1 [Cookie is Present]
D. 3,2,5,4 [Cookie is not Present] & 3,2,4,5 [Cookie is Present]
An organization has configured Auto Scaling for hosting their application. The system admin wants to understand the Auto Scaling health check process. If the instance is unhealthy, Auto Scaling launches an instance and terminates the unhealthy instance. What is the order execution?
A. Auto Scaling launches a new instance first and then terminates the unhealthy instance
B. Auto Scaling performs the launch and terminate processes in a random order
C. Auto Scaling launches and terminates the instances simultaneously
D. Auto Scaling terminates the instance first and then launches a new instance
A user has configured Auto Scaling with the minimum capacity as 2 and the desired capacity as 2. The user is trying to terminate one of the existing instance with the command: as-terminate-instance-in-auto-scaling-group<Instance ID> –decrement-desired-capacity
What will Auto Scaling do in this scenario?
A. Terminates the instance and does not launch a new instance
B. Terminates the instance and updates the desired capacity to 1
C. Terminates the instance and updates the desired capacity and minimum size to 1
D. Throws an error
A user has configured an HTTPS listener on an ELB. The user has not configured any security policy which can help to negotiate SSL between the client and ELB. What will ELB do in this scenario?
A. By default ELB will select the first version of the security policy
B. By default ELB will select the latest version of the policy
C. ELB creation will fail without a security policy
D. It is not required to have a security policy since SSL is already installed
An organization has setup Auto Scaling with ELB. Due to some manual error, one of the instances got rebooted. Thus, it failed the Auto Scaling health check. Auto Scaling has marked it for replacement. How can the system admin ensure that the instance does not get terminated?
A. Update the Auto Scaling group to ignore the instance reboot event
B. It is not possible to change the status once it is marked for replacement
C. Manually add that instance to the Auto Scaling group after reboot to avoid replacement
D. Change the health of the instance to healthy using the Auto Scaling commands
A user has configured ELB with Auto Scaling. The user suspended the Auto Scaling AddToLoadBalancer (which adds instances to the load balancer) process for a while. What will happen to the instances launched during the suspension period?
A. The instances will not be registered with ELB and the user has to manually register when the process is resumed
B. The instances will be registered with ELB only once the process has resumed
C. Auto Scaling will not launch the instance during this period due to process suspension
D. It is not possible to suspend only the AddToLoadBalancer process
Why? http://docs.aws.amazon.com/autoscaling/latest/userguide/as-suspend-resume-processes.html "If you suspend AddToLoadBalancer, Auto Scaling launches the instances but does not add them to the load balancer or target group. If you resume the AddToLoadBalancer process, Auto Scaling resumes adding instances to the load balancer or target group when they are launched. However, Auto Scaling does not add the instances that were launched while this process was suspended. You must register those instances manually."
A sys admin has enabled a log on ELB. Which of the below mentioned activities are not captured by the log?
A. Response processing time
B. Front end processing time
C. Backend processing time
D. Request processing time
Why? http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/access-log-collection.html -- Front End processing time is not on the list
A user has created a launch configuration for Auto Scaling where CloudWatch detailed monitoring is disabled. The user wants to now enable detailed monitoring. How can the user achieve this?
A. Update the Launch config with CLI to set InstanceMonitoringDisabled = false
B. The user should change the Auto Scaling group from the AWS console to enable detailed monitoring
C. Update the Launch config with CLI to set InstanceMonitoring.Enabled = true
D. Create a new Launch Config with detail monitoring enabled and update the Auto Scaling group
You have a business-to-business web application running in a VPC consisting of an Elastic Load Balancer (ELB), web servers, application servers and a database. Your web application should only accept traffic from predefined customer IP addresses. Which two options meet this security requirement? Choose 2 answers
A. Configure web server VPC security groups to allow traffic from your customers’ IPs
B. Configure your web servers to filter traffic based on the ELB’s “X-forwarded-for” header
C. Configure ELB security groups to allow traffic from your customers’ IPs and deny all outbound traffic
D. Configure a VPC NACL to allow web traffic from your customers’ IPs and deny all outbound traffic
A user is trying to setup a scheduled scaling activity using Auto Scaling. The user wants to setup the recurring schedule. Which of the below mentioned parameters is not required in this case?
A. Maximum size
B. Auto Scaling group name
C. End time
D. Recurrence value