4.3.3. Sample Questions - Domain 3: Resilient Cloud Solutions

Question 1:

A company is running a critical web application on Amazon EC2 instances behind an Application Load Balancer (ALB). They need to ensure high availability and automatic recovery in case an EC2 instance becomes unhealthy. Which combination of AWS services should be configured to meet this requirement, adhering to the First Principle of designing for failure?

A) Amazon S3 and AWS CloudFront B) Amazon RDS Multi-AZ and AWS Backup C) Amazon EC2 Auto Scaling and ALB health checks D) AWS Lambda and Amazon API Gateway

Correct Answer: C

Explanation:

• A) Amazon S3 and AWS CloudFront: S3 is object storage, and CloudFront is a content delivery network. While important for performance and availability of static content, they do not directly address the health and automatic recovery of EC2 instances.
• B) Amazon RDS Multi-AZ and AWS Backup: RDS Multi-AZ provides high availability for databases, and AWS Backup is for data protection. These are crucial for data tier resilience but do not manage the health and recovery of EC2 instances in the application layer.
• C) Amazon EC2 Auto Scaling and ALB health checks: This combination directly addresses the requirement. ALB health checks continuously monitor the health of registered EC2 instances. If an instance fails health checks, the ALB stops sending traffic to it. EC2 Auto Scaling, configured with health checks, can then automatically terminate the unhealthy instance and launch a new, healthy one, ensuring continuous availability and automatic recovery. This aligns with the First Principle of Automated Self-Healing and Fault Tolerance.
• D) AWS Lambda and Amazon API Gateway: These services are used for building serverless applications. While highly scalable and resilient by nature, they are not directly used for managing the health and recovery of traditional EC2 instances.

Question 2:

A global e-commerce application needs to provide low-latency access to its data for users worldwide and ensure business continuity even in the event of a regional disaster. The application uses Amazon DynamoDB as its primary data store. Which DynamoDB feature should be implemented to meet these requirements for global resilience?

A) DynamoDB Streams B) DynamoDB Accelerator (DAX) C) Global Tables D) On-Demand Backup and Restore

Correct Answer: C

Explanation:

• A) DynamoDB Streams: DynamoDB Streams capture a time-ordered sequence of item-level modifications in a DynamoDB table. While useful for event-driven architectures and data replication to other services, Streams alone do not provide multi-Region active-active replication for global low-latency access and disaster recovery.
• B) DynamoDB Accelerator (DAX): DAX is an in-memory cache for DynamoDB that delivers fast responses for millions of requests per second. It improves read performance but does not address multi-Region data replication or disaster recovery.
• C) Global Tables: DynamoDB Global Tables provide a fully managed, multi-Region, multi-master database that enables you to run and access data in multiple AWS Regions. They automatically replicate data across your chosen Regions, providing low-latency access for global users and serving as a robust solution for disaster recovery by allowing applications to failover to another Region seamlessly. This aligns with the First Principle of Global Resilience and Active-Active Disaster Recovery.
• D) On-Demand Backup and Restore: This feature allows you to create full backups of your DynamoDB tables for long-term retention and point-in-time recovery. While essential for data protection, it is a recovery mechanism, not a real-time multi-Region replication solution for low-latency global access or active-active disaster recovery.

Question 3:

A company is designing a new microservices application that needs to scale rapidly and cost-effectively based on demand. The application components are stateless and can be packaged as Docker containers. Which AWS compute service is best suited for deploying these containerized microservices to achieve high scalability and operational efficiency without managing the underlying EC2 instances?

A) Amazon EC2 B) AWS Lambda C) Amazon ECS on AWS Fargate D) Amazon Lightsail

Correct Answer: C

Explanation:

• A) Amazon EC2: EC2 provides virtual servers (instances) where you have full control over the operating system. While you can run containers on EC2, it requires managing the underlying infrastructure, which contradicts the goal of operational efficiency without managing instances.
• B) AWS Lambda: Lambda is a serverless compute service for running code without provisioning or managing servers. While highly scalable and cost-effective for event-driven functions, it's designed for short-lived, stateless functions, not typically for long-running containerized microservices that might require more persistent resources or specific container orchestration features.
• C) Amazon ECS on AWS Fargate: Amazon Elastic Container Service (ECS) is a highly scalable, high-performance container orchestration service. When used with AWS Fargate, it allows you to run containers without having to provision, configure, or scale clusters of virtual machines. Fargate handles the underlying infrastructure management, making it ideal for deploying stateless containerized microservices that need to scale rapidly and cost-effectively, aligning with the First Principle of Serverless Operations and Elastic Scalability.
• D) Amazon Lightsail: Lightsail offers virtual private servers (VPS) that are easy to use and manage. It's designed for simpler workloads and fixed monthly pricing, not for highly scalable, dynamic microservices architectures where underlying infrastructure management is abstracted away.

Question 4:

A DevOps team needs to implement an automated recovery process for their application running on EC2 instances. If an instance fails its health checks, they want to automatically replace it with a new, healthy instance. Additionally, they need to ensure that the application's DNS record (managed by Route 53) points to the healthy instances. Which combination of AWS services will enable this automated recovery and DNS failover?

A) AWS CloudFormation and AWS Config B) Amazon CloudWatch Alarms and AWS Systems Manager C) Amazon EC2 Auto Scaling and Amazon Route 53 health checks D) AWS Lambda and Amazon SQS

Correct Answer: C

Explanation:

• A) AWS CloudFormation and AWS Config: CloudFormation is for IaC, and Config is for compliance monitoring. Neither directly provides automated instance replacement or DNS failover based on health checks.
• B) Amazon CloudWatch Alarms and AWS Systems Manager: CloudWatch Alarms can trigger actions, and Systems Manager can automate operational tasks. While these can be part of a recovery process, they don't inherently provide the automatic instance replacement (Auto Scaling) or direct DNS failover (Route 53 health checks) capabilities needed.
• C) Amazon EC2 Auto Scaling and Amazon Route 53 health checks: This combination is specifically designed for automated recovery and DNS failover. EC2 Auto Scaling groups automatically replace unhealthy instances. Route 53 health checks can monitor the health of endpoints (like an ALB in front of an Auto Scaling group) and automatically update DNS records to route traffic away from unhealthy endpoints to healthy ones, ensuring continuous availability. This aligns with the First Principle of Automated Resilience and Service Continuity.
• D) AWS Lambda and Amazon SQS: Lambda is a serverless compute service, and SQS is a message queuing service. While they can be used to build custom recovery logic, they don't provide the out-of-the-box automated instance replacement and DNS failover capabilities offered by Auto Scaling and Route 53 health checks.

Question 5:

A company is implementing a disaster recovery (DR) strategy for their critical application, which includes an Amazon RDS for PostgreSQL database. They need a DR solution that minimizes both Recovery Time Objective (RTO) and Recovery Point Objective (RPO) to ensure rapid recovery with minimal data loss in a separate AWS Region. Which RDS feature is best suited for this requirement?

A) Automated Backups B) Database Snapshots C) Multi-AZ Deployments D) Cross-Region Read Replicas

Correct Answer: D

Explanation:

• A) Automated Backups: Automated backups allow point-in-time recovery within a retention period. While crucial for data protection, they typically have higher RTO and RPO compared to replication-based DR solutions, as they require restoring data from a backup.
• B) Database Snapshots: Snapshots are full backups of your database instance. Similar to automated backups, restoring from a snapshot involves a recovery process that can lead to higher RTO and RPO.
• C) Multi-AZ Deployments: Multi-AZ deployments provide high availability within a single AWS Region by synchronously replicating data to a standby instance in a different Availability Zone. While excellent for regional resilience, they do not protect against a regional disaster.
• D) Cross-Region Read Replicas: For disaster recovery with minimal RTO and RPO across regions, Cross-Region Read Replicas are the most suitable. Data is asynchronously replicated from the primary database instance to a read replica in a different AWS Region. In a disaster, you can promote the read replica to a standalone primary database instance, significantly reducing RTO and RPO. This aligns with the First Principle of Regional Disaster Recovery and Data Durability.