AWS Solutions Architect Associate(SAA-C02)- Quiz 2

Q1.
A company has deployed an API in a VPC behind an internal Network Load Balancer (NLB). An application that consumes the API as a client is deployed in a second account in private subnets.Which architectural configurations will allow the API to be consumed without using the public Internet? (Select TWO.)

Configure a VPC peering connection between the two VPCs. Access the API using the private address

Configure a ClassicLink connection for the API into the client VPC. Access the API using the ClassicLink address

Configure an AWS Direct Connect connection between the two VPCs. Access the API using the private address

Configure a PrivateLink connection for the API into the client VPC. Access the API using the PrivateLink address

WHY A IS True?	CONCEPT: VPC peering connection	A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account.
WHY B IS False?	CONCEPT: ClassicLink connection	ClassicLink allows you to link EC2-Classic instances to a VPC in your account, within the same Region. This is not relevant to sending data between two VPCs.
WHY C IS False?	CONCEPT: AWS Direct Connect connection	Direct Connect is used for connecting from on-premises data centers into AWS. It is not used from one VPC to another.
WHY D IS True?	CONCEPT: PrivateLink connection	You can create your own application in your VPC and configure it as an AWS PrivateLink-powered service (referred to as an endpoint service). Other AWS principals can create a connection from their VPC to your endpoint service using an interface VPC endpoint. You are the service provider, and the AWS principals that create connections to your service are service consumers. This configuration is powered by AWS PrivateLink and clients do not need to use an internet gateway, NAT device, VPN connection or AWS Direct Connect connection, nor do they require public IP addresses.
Short Trick	"Deployed in a second account in private subnets." & "Allow the API to be consumed without using the public Internet" - Indicate towards there are two VPC which needs to be connected & AWS Direct Connect, ClassicLink connection aren't used for connecting two VPCs.
References:	REFERNCED DOCS

Q2.
You are deploying an application on Amazon EC2 that must call AWS APIs. Which method of securely passing credentials to the application should you use?

Store API credentials as an object in Amazon S3

Embed the API credentials into your application files

Assign IAM roles to the EC2 instances

Store the API credentials on the instance using instance metadata

WHY A IS False?	CONCEPT: API credentials as an object in Amazon S3	It is an AWS best practice not to store API credentials within applications, on file systems or on instances (such as in metadata).
WHY B IS False?	CONCEPT: API credentials into your application files	It is an AWS best practice not to store API credentials within applications, on file systems or on instances (such as in metadata).
WHY C IS True?	CONCEPT: Assign IAM roles to the EC2 instances	Applications must sign their API requests with AWS credentials. Therefore, if you are an application developer, you need a strategy for managing credentials for your applications that run on EC2 instances. For example, you can securely distribute your AWS credentials to the instances, enabling the applications on those instances to use your credentials to sign requests, while protecting your credentials from other users. However, it's challenging to securely distribute credentials to each instance, especially those that AWS creates on your behalf, such as Spot Instances or instances in Auto Scaling groups. You must also be able to update the credentials on each instance when you rotate your AWS credentials. IAM roles enable your applications to securely make API requests from your instances, without requiring you to manage the security credentials that the applications use. Instead of creating and distributing your AWS credentials, you can delegate permission to make API requests using IAM roles.
WHY D IS False?	CONCEPT: API credentials on the instance	It is an AWS best practice not to store API credentials within applications, on file systems or on instances (such as in metadata).
Short Trick	"securely passing credentials" - It is a best practice question & It is an AWS best practice not to store API credentials within applications, on file systems or on instances (such as in metadata).
References:	REFERNCED DOCS

Q3.
A company is migrating an on-premises 10 TB MySQL database to AWS. The company expects the database to quadruple in size and the business requirement is that replicate lag must be kept under 100 milliseconds.Which Amazon RDS engine meets these requirements?

Amazon Aurora

Microsoft SQL Server

MySQL

Oracle

WHY A IS True?	CONCEPT: Amazon Aurora	Aurora cluster volumes automatically grow as the amount of data in your database increases. An Aurora cluster volume can grow to a maximum size of 64 tebibytes (TiB). Table size is limited to the size of the cluster volume. That is, the maximum table size for a table in an Aurora DB cluster is 64 TiB. Aurora Replicas return the same data for query results with minimal replica lag—usually much less than 100 milliseconds after the primary instance has written an update.
WHY B IS False?	CONCEPT: Microsoft SQL Server	Microsoft SQL Server is a relational database management system developed by Microsoft. As a database server, it is a software product with the primary function of storing and retrieving data as requested by other software applications—which may run either on the same computer or on another computer across a network (including the Internet).
WHY C IS False?	CONCEPT: MySQL	MySQL Database Service is a fully managed database service to deploy cloud-native applications. Millisecond latency is not guaranteed with this database engine.
WHY D IS False?	CONCEPT: Oracle	It is a database commonly used for running online transaction processing (OLTP), data warehousing (DW) and mixed (OLTP & DW) database workloads. This Database engine does not support the size or latency requirements
Short Trick	."replicate lag must be kept under 100 milliseconds" - only possible in the case of Amazon Aurora & also the maximum table size for a table in an Aurora DB cluster is 64 TiB.
References:	REFERNCED DOCS

Q2.You are deploying an application on Amazon EC2 that must call AWS APIs. Which method of securely passing credentials to the application should you use?

Q3.A company is migrating an on-premises 10 TB MySQL database to AWS. The company expects the database to quadruple in size and the business requirement is that replicate lag must be kept under 100 milliseconds.Which Amazon RDS engine meets these requirements?

Q2.
You are deploying an application on Amazon EC2 that must call AWS APIs. Which method of securely passing credentials to the application should you use?

Q3.
A company is migrating an on-premises 10 TB MySQL database to AWS. The company expects the database to quadruple in size and the business requirement is that replicate lag must be kept under 100 milliseconds.Which Amazon RDS engine meets these requirements?