AWS Loadbalancer and Autoscaling Flashcards

Question 1

Q

What types of load balancers can you have in AWS?

Answer

A

Classic LB
Network NLB
Application ALB

Question 2

Q

Is an ELB, highly available?

Answer

A

Yes, it is created in a region and across multiple AZ’s in the region.

Question 3

Q

Dump this

Answer

A

Dump this

Question 4

Q

How does AWS create a logical ELB in AWS?

Answer

A

The logical LB is created from several nodes distributed into the available AZ’s. As you see each of these nodes has a separate public IP, to enable it to seems as if you are connecting to a single endpoint of the ELB, AWS creates a URL they you connect to when accessing the ELB, this URL will return all the ELBs of the ELBs to you. This causes an issue in that the load may not be distributed equally depending on how my instances you have in each AZ, to get around this the ELB has cross zones replication, in classic LB you had to enable it, newer LBs have it enabled by default.

Question 5

Q

When using an ELB with an autoscaling group, what has the autoscaling group to do as it adds and removes nodes?

Answer

A

The autoscaling group has to add and remove the registration of the nodes with the ELB target group.

Question 6

Q

Can you use an ELB without Autoscaling group?

Answer

A

Yes, you just have to register the instances with the ELB target group.

Question 7

Q

What is an ELB target group used for?

Answer

A

A target group is used to group instances the ELB will distribute traffic to.

Question 8

Q

Should, I use classic LB?

Answer

A

No, they are moving away from this LB, you should use NLB or ALB.

Question 9

Q

What transports do classic LB support?

Answer

A

TCP, SSL, HTTP, HTTS

Question 10

Q

In a classic LB do I get a security group for my ELB?

Answer

A

Yes, when you create an ELB you create or assign a security group.

Question 11

Q

What are ELB health checks?

Answer

A

ELB performs a check on the backend instance, by performing one of the following,

Checking the instance status
Sending an HTTP/HTTPs request and checking th response code.

Question 12

Q

If the software running on my webserver holds state and requires thet any returning request be sent to the same server node, is this possible with ELB

Answer

A

Use ELB client sticky session, you have two options,

LB generate cookies
Application generated cookies

Question 13

Q

I the classic ELB a layer 7 device?

Question 14

Q

What is an ALB?

Answer

A

It is an application load balancer and operates at layer 7 with a wider set of services,

EC2
Contaners
Lambda

Question 15

Q

I require the ability to route HTTP traffic based on the path, what LB should I use?

Question 16

Q

I require an LB that can route based on path and can be internal facing, what type of ELB should I choose?

Question 17

Q

I require an LB that will work for both IPv4 and IPv6, what ELB should I use?

Question 18

Q

What is the target group?

Answer

A

It is a collection of instances.

Question 19

Q

I am using a lambda function and I wnat to have an LB in front of it so I can control the traffic going to different function and also to enable blue/green deployments, what is my best option?

Answer

A

Use an AL, ALB support Lambda functions.

Question 20

Q

Does NLB support WebSockets?

Answer

A

No, you will need an ALB

Question 21

Q

I have a multiple application that needs an LB, what LB can I used the also can do rooting at L7?

Answer

A

You cna use the ALB, it enables you to route based on pat and domain.

Question 22

Q

Can I use multiple certs on an ALB?

Question 23

Q

I want to understand who is hitting my LB, how and I architect this?

Answer

A

LB’s support access logs and enable you to capture th logs.

Question 24

Q

I want to understand who is hitting my LB, how and I architect this?

Answer

A

LB’s support access logs and enable you to capture the logs.

Question 25

Q

I wnat to redirect on my LB, is this possible?

Answer

A

Yes you can do it on your ALB

Question 26

Q

What is a network LB?

Answer

A

It is an LB that operates at L4 or the OSI model.

Question 27

Q

if I need extreme performance LB should I choose NLB or ALB?

Answer

A

NLB as it is not processing the incoming l7 traffic and operating at l4 they can deal with high volumes of traffic.

Question 28

Q

I need an LB to support static IP, will an ALB work for me?

Answer

A

No ALB only support DSN, you need an NLB for a static IP

Question 29

Q

I need an end to end encryption (TLS) but I need lB to load balance across my nodes, should I have an ALB?

Answer

A

No, ALBs do not pass through the connection a NLB is operating at the TCP layer and the encryption will be passed straight through to the host.

Question 30

Q

Can I have an NLB for internal load balancing?

Question 31

Q

I wnat to authenticate users using OpenID for my application but I do not what to modify my application, how could i do this?.

Answer

A

You cna use an ALB, it supports authentication of users by OpenID.

Question 32

Q

I wnat to authenticate users using OpenID for my application but I do not what to modify my application, how could I do this?.

Answer

A

You cna use an ALB, it supports authentication of users by OpenID.

Question 33

Q

I wnat to authenticate users using IdP like FB, Amazon, Google and cognito, is it possible to auth using the ALB?

Question 34

Q

I wnat to authenticate users using IdP SAML, LDAP, MS AD, Google and cognito, is it possible to auth using the ALB?

Question 35

Q

Dose ALB or NLB support UDP

Question 36

Q

I need to create a load balancer with autoscaling in the backend, how cna I do this?

Answer

A

Create a Launch template
Create an autoscaling group and use Launch config
Create an ALB as this works best for our web type workload, we will also as part of this create a target group.

Question 37

Q

Do we create an ELB with a security group?

Answer

A

Yes, 100%, each ELB gets deployed as an ENI in the VPC and there is a security group applied to the interface.

Question 38

Q

I have deployed an ALB, do I get a single IP to send traffic to?

Answer

A

No, each LB is deployed in an AZ and depending on the number of AZs and the load, you will get back one IP for each LB making up the ELB.

Question 39

Q

What is an NLB used for?

Answer

A

L4 traffic (L7 traffic is passed through untouched.

Question 40

Q

How do health checks work on the ELB?

Answer

A

You set up the health check to be HTTP, TCP, HTTPS or SSL and the health checker will send out pings to make sure the node is working, If the node is not working it will be taken out of the pool of good node the ELB sends traffic to.

Question 41

Q

What are the two types of health checks you can set on an Autoscaling group?

Answer

A

ELB (Hecks are pinged)

EC2 (Checks are on the status of the instance)

Question 42

Q

I have nodes with issues of performance for HTTPS, I did not have these issues when I used HTTP, what options do I have?

Answer

A

HTTPs offload, ALB supports HTTPs offload.

Question 43

Q

I wnat to use HTTPs offloading with my LB, where can I store the cert?

Answer

A

AWS Cert Manager

Question 44

Q

What are the option available for giving an LB a cert?

Answer

A

Upload
IAM Cert
ACM cert

Question 45

Q

When the ELB is integrated with autoscaling group and the health check fails, what happens to the instance?

Answer

A

Instances are terminated and recreated if they fail the health check.

Question 46

Q

I wnat to add my own domain and subdomain to an ELB, how can I do this?

Answer

A

You need to set up a zone in Route53 and create a CNANE record to point to the ELB’s URL.

Question 47

Q

What services can the ALB support, traditionally it supported EC2?

Answer

A

Lambda

- EKS

Question 48

Q

For ALB’s what are the actions used for?

Answer

A

They allow you to define,

Redirect to
Forwared to
Return a fixed response
Authenticate

Question 49

Q

With an NLB can you have a static IP for the front-end?

Question 50

Q

Does an NLB support UDP?

Question 51

Q

With an NLB can I LB to IP’s outside the VPC?

Question 52

Q

What is WAF sandwich?

Answer

A

It is where you place a WAF between two LBs

Question 53

Q

What is dynamic scaling for an autoscaling group?

Answer

A

This is where AS adjusts the number of EC2 instances or ECS tasks to ensure the CPU is kept below 75%

Question 54

Q

What is predictive scaling?

Answer

A

This is where ML is used to predict/forecast the required capacity for EC2 and ECS and will adjust resources based on the forecast.

Question 55

Q

I want to use autoscaling and scale on a metric, is using 5m intervals OK?

Answer

A

No, you are better to use a finer resolution of 1min, scaling will react faster to changing workload.

Question 56

Q

What are the two configuration templates used by Autoscaling?

Answer

A

Launch config

- Launch template

Question 57

Q

My workload is variable and also can deal with been stopped at any point in time, I want to get to the lowest price point, how can I achieve this?

Answer

A

You can use spot instances

Question 58

Q

I have a steady baseline that I know will be there for up to 3 years for my instances, I also have a verable workload, how can I optimize for cost?

Answer

A

You can use Auto Scale Group, to scale your workload and use fleet too with reserved and spot.

Question 59

Q

What are lifecycle hooks?

Answer

A

In AustoScaling you can configure a lifecycle hook, it will pause the instance on start or terminate and triggered a CloudWatch event, with the CW event you can select to take many different actions using services like SNS, Lambda, etc.

Question 60

Q

I wnat to be notified when instances launch or terminate, how cna I do this?

Answer

A

Using notifications?

Question 61

Q

I need to take an action as an instance is launched, this action is to register the instances in a CDMB, the instance must not become active until it is registered, how can I do this?

Answer

A

You cna use AutoScaling Lifecycle hooks

Question 62

Q

How is CloudWatch used with AutoScaling?

Answer

A

You get to create CloudWatch alarms that get triggered by the metrics coming form ASG, this enables you to scale up or down your instances.

Question 63

Q

What is AMI baking?

Answer

A

This is where we bake in the AMI all software we need.

Question 64

Q

Can I change the launcher configuration?

Answer 52

A

By default, the autoscaling group will use the EC2 status to understand when it will terminate an instance.

Answer 53

A

By default, the autoscaling group will use the EC2 status to understand when it will terminate and replace an instance.

Answer 54

A

This is the amount of time given before health checks start, this enables the software on the EC2 instance to settle.

Answer 55

A

Maintain: You maintain x number of instances
Manual: You set what you want
Schedule: You set a period you wnat to have x instances
Dynamic: You respond to the load.

Answer 56

A

This is a policy that defines how to scale the instances, you have,

Target tracking, scale based on the predefined metric
Simple scaling,
Step scaling,

Answer 57

A

Put all instance in a scale group across the 3 AZs and reserve 3 instances. The reserved instance will ensure you can spin up instances when needed.

Answer 58

A

When TLS is terminated on the NLB, the client is preserved.

Answer 59

A

ELB request could
CPU
IN bytes
OUT bytes
You can also set up cloudwatch alarms to trigger scaling policy.

Answer 60

A

You cna use cloudwatch to capture the performance counter, using custom metrics. Set up two clouds what alarms, up and down alarms and have the alarms trigger autoscaling policies in an autoscaling group.

Answer 61

A

Enable cross AZ

Answer 62

A

No, the autoscaling group job is to scale, this cna be based on default value such as the CPU, ELB counted requests, bytes in/out.

Answer 63

A

No, ELBs are created in the AZ used by your application, the number of ELB’s depend on the load, AWS scales up as required. You can only use DNS to access the ELB as there are many instances with many addressed, do the DNS ‘A’ record will contain all the IP’s of the ELBs.

Answer 64

A

ELB used DNS round-robin.

Answer 65

A

This is where traffic is distributed to the backends evenly across all AZ’s

Answer 66

A

Both support SSL offload

Answer 67

A

SNI is an extension to the TLS/SSL in 2003 and it enables the browser (client) to add the domain name in the request. This request is used by the server to identify and select the cert to use. In AWS NLB and ALB is used to select the correct cert to use.

Answer 68

A

Query string
Header based routing
Method based routing
Host-based routing
Path-based routing
IP/CIDR based routing

Answer 69

A

Yes, you can use the Lambda as a target for the ALB.

Answer 70

A

No, privatelink is only supported by NLB.

Answer 71

A

You can create an NLB and make the NLB available into your customer VPC using privatelink.

Answer 72

A

Both ELB types support access logs, there can be pushed to S3 and Atena can Quicksight can be used to better understand using Atena queries and a quick sight to visualize.

Answer 73

A

It means that all request will be completed before deregistering happens.

Answer 74

A

Host-based routing is when you want to deliver say api.keith.com and www.keith.com to the same server endpoint and have the server route the request to the appropriate app.

Answer 75

A

This is where you are routing incoming HTTP request based on for example /v1 and sat /v2 to different apps on the webserver.

Answer 76

A

This is where you are using values in the HTTP header to route incoming HTTP requests, for example, you may have a cookie in the header and you may be rooting based on the cookie.

Answer 77

A

You have to use an NLB as it can have static IP, this means the IoT device with it hardcoded IP can connect to this static IP.

Answer 78

A

NLB as it supports the preservation of the source IP, ALB does not.

Answer 79

A

Yes, ELB support using IP’s as a target, this means thet once the AWS ELB can see the ending IP ad in it is public-facing, you can load balance to it.

Answer 80

A

This is where the ELB will route the incoming request based on the IP or CIDR range.

Answer 81

A

No ALB supports Amazon EC2 Container Service (ECS) as a target.

Answer 82

A

HTTP/2 is a new version of the HyperText Transfer Protocol (HTTP) that uses a single, multiplexed connection to allow multiple requests to be sent on the same connection. It also compresses header data before sending it out in binary format and supports SSL connections to clients.

Answer 83

A

No, NLB does not support IPv6, ALB have support for IPv6.

Answer 84

A

Using cloud watch.

Answer 85

A

x-ray is one option, but as this is focused more on ELB, the answer would be ‘request tracing’. The Application Load Balancer injects a new custom identifier “X-Amzn-Trace-Id” HTTP header on all requests coming into the load balancer. Request tracing allows you to track a request by its unique ID as the request makes its way across various services that make up your websites and distributed applications. You can use the unique trace identifier to uncover any performance or timing issues in your application stack at the granularity of an individual request

Answer 86

A

This is a set of instances the ELB is going to route to.

Answer 87

A

ALB has the ability to enable you to auth users using a number of different methods. OpenID is one such method.

Answer 88

A

OpenID
Socail, FB, Google, Amazon, Cognito
SAML
LDAP
Microsoft AD

Answer 89

A

ALB has the ability to enable you to auth users using a number of different methods. Microsoft AD is one such method.

Answer 90

A

You can use ELB (ALB, NLB), both support internal VPC support.

Answer 91

A

You would use Route53 and weighted routing.

Answer 92

A

A CANONICAL record, this record type points at the ALB DNS name.

Answer 93

A

ALB supports IPv6 in a dual-stack mode

Answer 94

A

You can use a security group with the ALB to ensure only 80 and 443 are open.

Answer 95

A

Add a new target group to the existing ALB

- Add a new listener rule to split traffic by 50% to a new target group.

Answer 96

A

Shield basic is already in place when you use the ALB, you can add shield advance and this will add L7 protection.

Answer 97

A

You can add a WAF.

Answer 98

A

Use GuardDuty, GD will analyse the VPC flow logs for threats,

Answer 99

A

The AWS application load balancer (ALB) can be used with AKS

Answer 100

A

It is the AutoScaling group, you register the target group with the autoscaling group and it adds the instances to the target.

Answer 101

A

Yes you can add many certs

Answer 102

A

No, but an ALB dose?

Answer 103

A

Multiplexed requests, the ability to open a single connection and send many requests at the same time.

Answer 104

A

Use a network load balancer, this is operating at L4 (TCP).

Answer 105

A

ALB only support DNS, Network load balancer can have static IP’s.

Answer 106

A

Ultra-low latency
L4
App need to have direct access by client
Preserving client IP.

Answer 107

A

No, the connection is terminated at the web application.

Answer 108

A

ALB is not suitable as it will terminalte the encrypted connection at the ALB, the option is to use an NLB where the conenction is terminated at the server application.

Answer 109

A

ALB is not suitable as it will terminate the encrypted connection at the ALB, the option is to use an NLB where the connection is terminated at the server application.

Answer 110

A

Use AMI baking as bootstrapping is slower

Answer 111

A

Use AMI baking as it bakes in the software and apps and no need to deploy at software and config at boot, unlike bootstrapping that will install and configure the software at boot time.

Answer 112

A

Create an autoscaling group with a launch configuration where you use spot instances.

Answer 113

A

You can not change a launch configuration

Answer 114

A

You can edit a launch template when you do the version id increments and you can reference any of the previous or current version of the launch template.

Answer 115

A

It is the period of time an autoscaling group will what after instances are launched before health checks are sent to the instance.

Answer 116

A

It will replace the instance.

Answer 117

A

They control how the autoscaling group scales,

Step scaling enables you to react more aggressively to larger changes
The simple scaling policy enables you to track say CPU and the ASG will try to add instance to keep the CPU at say 50%

Answer 118

A

With auto-scaling, you can have scheduled scaling where we can up the number of instances for the time period required.

Answer 119

A

You can edit the auto-scaling group and set the suspend processes to stop the ASG from changing during the maintenance window.

Answer 120

A

You need to think about two things here,
- Capacity when running at normal
- Min capacity the app cna run on
Answer is,
- 9 instances in 3 AZs

Answer 121

A

You have to reserve instance capacity in all 3 AZs as when the auto-scaling group terminates an instance with my not be able to create one without capacity been reserved.

Answer 122

A

Here you need to focus on again what is the min capacity needed, it is 9 instance but in this case, you need 9 instances s100% of the time and if an AZ was to fail with just 9 instances you would drop below the 9 for a small period and this would not meet the requirement so you have to OVER PROVISION capacity. so 12 instances in 4 AZ’s is the correct answer.

Answer 123

A

Here you need to focus on again what is the min capacity needed, it is 9 instance but in this case, you need 9 instances s100% of the time and if an AZ was to fail with just 9 instances you would drop below the 9 for a small period and this would not meet the requirement so you have to OVER PROVISION capacity. But we also need to look at the lowest cost too, this would be 1 instance in 7 AZs, this way you only have an extra instance over an above the 100% requires. It would also be important to factor in reservation here so in the event of a single instance or Az failure you are guaranteed to be able to restart the instance.

Answer 124

A

Yes, you used not be able able to terminate at the NLB, this was added as a feature. Also when you terminate at the NLB the IP is preserved.

Answer 125

A

Yes, when AWS added the ability to terminate TLS at the NLB, they added the ability to keep the client IP.

Answer 126

A

No, the NLB will preserve the client IP without the need for proxy protocol.

Answer 127

A

No, you can use the proxy protocol to get the client IP when using classic LB. Also, the classic LB is not recommended to be used by AWS any more.

Answer 128

A

The proxy protocol is not used with the NLB, it is used with the classic Load balancer. The proxy protocol works by saving the client IP and when the connection is created to the server, the first lines sent to the server is the contains the client IP, it is in ASCII format, looks like this, PROXY TCP4 198.51.100.22 203.0.113.7 35646 80\r\n

Answer 129

A

Yes, just include a single subnet.

Answer 130

A

Yes, NLB is an L4 so not special handlines will take place?

Answer 131

A

Certs can be created or uploaded to IAM or ACM

Answer 132

A

No, unlike ALB where backend auth is supported.

Answer 133

A

The LCU metrics for the TCP traffic is as follows:

800 new TCP connections per second.
100,000 active TCP connections (sampled per minute).
1 GB per hour for EC2 instances, containers and IP addresses as targets.

Answer 134

A

This is possible because of the sticky session is holding the session to the instance for long periods and over time you may get inbalance across instances.

Answer 135

A

Disable sticky sessions and start using an elastic cache where we session information is not needed by the application on the instance. This way we can now free the LB to distribute the request to any instance.

Answer 136

A

Request tracing, where the X-Amzn-Trace-Id is automatically added to incoming requests and if access logs are enabled the content of this header is captured.

Answer 137

A

The NLB is a layer4 load balancer and supports UDP

Answer 138

A

You can enable ELB deletion protection.

Answer 139

A

You pay 0.0225 per ALB per month ($16)

You pay for the Loadbalancer capacity unity (LCU)

Answer 140

A

You can use the ELB with IP as a target to send traffic to on-prem through the VPN.

Answer 141

A

You set up redirects on the routing rules, normally this is forwared but you can also select redirect.

Answer 142

A

You can use fixed responses.

Answer 143

A

You can use the ELB slow start feature to delay the ELB form sending traffic to the target.

Answer 144

A

No, it means HTTP/s arives on the front end for IPv6 but is sent to the backend s IPv4.

Answer 145

A

ALB supports authentication using social identities, SAML and an IdP. You cna use OICD

Answer 146

A

ALB supports authentication using social identities, SAML and an IdP. You cna use OECD. This is even better in it integrates with Cognito and where Cognito identity provider pool can be used.

Answer 147

A

25 new connection per second
3K active connections
2.22mbs (1GB per HR)
1K rules evaluation
You are billed for the max of theses

Brainscape's Knowledge GenomeTM

AWS Loadbalancer and Autoscaling Flashcards

Brainscape's Knowledge Genome^TM