Transact SQL :- sp_describe_undeclared_parameters

Background

One of our Reporting tools is failing.

Wanted to see why …

SQL

The failing SQL looks something like this :-


exec sp_describe_undeclared_parameters 
   N'INSERT INTO [#Connect] ([COL])
    VALUES (@P1)'

sp_describe_undeclared_parameters ?

What is sp_describe_undeclared_parameters ?

Well it allows laziness.

Have a SQL in mind and you do not want to issue sp_help against each table and determine the column types and size.

sp_describe_undeclared_parameters

Syntax

sp_describe_undeclared_parameters 
     @tsql = {'Transact-SQL_batch'}   

Sample

Sample – HP/ALM

Sample – HP/ALM – td.Projects
Query – Ask for column definition
sp_describe_undeclared_parameters @tsql =   
N'
    SELECT top 10 * 
    from [qcsiteadmin_1250_db].[td].[PROJECTS] 
    where [PROJECT_NAME] = @project
'  

Actual SQL

declare @project varchar(255)

set @project = 'BIS'
SELECT top 10 * 
from [qcsiteadmin_1250_db].[td].[PROJECTS] 
where [PROJECT_NAME] = @project

Sample – Jira

Sample – Jira – table – jiraissue
sp_describe_undeclared_parameters @tsql =   
N'
    SELECT top 100 * 
    from   [d_jiradb].[dbo].[jiraissue]
    where  [REPORTER] = @reporter
    and    [ASSIGNEE] = @assignee
    and    [CREATOR] =  @creator
    and    [CREATED] 
             between @dateCreatedBegin 
             and @dateCreatedCompleted
'  

Output

Sample – Jira – table – jiraissue – Actual

declare @reporter               nvarchar(255)
declare @assignee               nvarchar(255)
declare @creator                nvarchar(255)
declare @dateCreatedBegin       datetime
declare @dateCreatedCompleted   datetime

set @dateCreatedBegin = '2018-10-01'

set @dateCreatedCompleted = '2019-03-01'

SELECT top 100 * 
    from   [d_jiradb].[dbo].[jiraissue]
    where  [REPORTER] = isNull(@reporter, [REPORTER])
    and    [ASSIGNEE] = isNull(@assignee, [ASSIGNEE])
    and    [CREATOR] =  isNull(@creator, [CREATOR] )
    and    [CREATED] 
                between @dateCreatedBegin 
                and @dateCreatedCompleted

SQL Server Version

sp_describe_undeclared_parameters was introduced in MS SQL Server v2012.

References

  1. Docs / SQL / Reference / System stored procedures / Database Engine / sp_describe_undeclared_parameters
    • sp_describe_undeclared_parameters (Transact-SQL)
      Link

WordPress, Web Links, and CSS

Background

I have family members that are full-stack developers.

Not so here.

No Surprise

And, so then I am going to need all of the Web ( Stack Overflow & Blogs ) to get me through this.

Started

It started a couple of posts back.

I was trying to write about Instance Metadata and referenced the endpoint.

That endpoint is http://169.254.169.254/latest/meta-data/.

Obviously 169.254.169.254 is a non-routable address and we do not want people inadvertently clicking on it.

 

Correction

Here is the original entry

Original

HTML

Here is the HTML Code

<a href="http://169.254.169.254/latest/meta-data/">
    http://169.254.169.254/latest/meta-data/.
</a>

Output

Original :-
http://169.254.169.254/latest/meta-data/.

 

Revision

Outline

  1. Access Site Customizer
    • Create Style Sheet Entry
      • Give it name
        • Properties
          • color: currentColor;
          • cursor: not-allowed;
          • opacity: .5;
          • text-decoration: none;
          • pointer-events: none;
  2. Access Post
    • Access HTML Links
      • Add Class Reference

 

CSS

To correct, let us use CSS.


.linkisDisabled
{
	color: currentColor;
	cursor: not-allowed;
	opacity: .5;
	text-decoration: none;
	pointer-events: none;
}

HTML

Here is the HTML Code

<a class="linkisDisabled" href="http://169.254.169.254/latest/meta-data/">
http://169.254.169.254/latest/meta-data/.
</a>

 

Result

Revised :-
http://169.254.169.254/latest/meta-data/.

 

Crediting

Always got to credit someone.

Today it is Gerard Cohen.

CSS-Tricks
Gerard Cohen
How to Disable Links
Link

References

  1. Stack Overflow
    • How to disable a link using only CSS?
      Link

Signing Code using Microsoft’s signtool

Background

Now that we have our code signing certificate in place let us see whether we can use it.

Lineage

  1. Preparing Code Signing Certificate using Microsoft’s makecert
    Link

Command Line

Rather than use Visual Studio, Eclipse, and other modern IDEs will just go directly to the command line and utilize Microsoft’s signtool

Sample Code

Batch File

setlocal

set "_appFolder=C:\Program Files (x86)\Microsoft SDKs\ClickOnce\SignTool\"

set "_app=signtool.exe"

set "_store=My"

set "_appTarget=stub.exe"

set "_urlTimeServer=http://timestamp.digicert.com"

goto useCertName

:useCertName

set "_subject=Daniel Adeniji ( codesign self )"

"%_appFolder%\%_app%" sign /s %_store% /tr "%_urlTimeServer%" /n "%_subject%"  %_appTarget%

goto complete

:useCertHash

set "_certhash=6543843ADABB05C1223AA031C1984DDFEEB5F021"

"%_appFolder%\%_app%" sign /s %_store%  /tr "%_urlTimeServer%" /sha1 "%_certhash%" %_appTarget%

goto complete

:complete

endlocal

Output

Review

Let us go review the signed file

Windows Explorer

Please launch Windows Explorer, select the file, right click on your selection, and review it’s property.

File Property

Images

Windows Explorer – File Property – Digital Signatures

Here we notice we have a new tab, Digital Signatures

Windows Explorer – File Property – Digital Signature Details
Signer Information
  1. Signer Name :- Daniel
  2. Email :- No Name
    • Need to fix that and ensure that we have a name in a later iteration preparing SSL certificates
  3. Signing Time

View Certificate
View Certificate – Tab – General
  1. Purpose
    • Ensures software came from software publisher
    • Protects software from alteration after publication
View Certificate – Tab – Details
  1. Enhanced Key Usage
    • Code Signing (1.3.6.1.5.5.7.3.3)

View Certificate – Tab – Certification Path
  1. Path
    • Daniel (codesign self)
      • Daniel ( codesign root )

 

References

  1. Microsoft
    • Docs / .NET / .NET Framework / Windows Communication Foundation / WCF Feature Details
      • How to: Retrieve the Thumbprint of a Certificate
        Link
    • Microsoft | TechNet
      • Scott’s IT Blog
        • Working with Certificates in PowerShell
          Link
  2. Tech-Pro.net
    • Code Signing for Developers – An Authenticode How-To
      Link
  3. digicert
    • Authenticode Code Signing with Microsoft SignTool
      Link
    • Vincent Lynch
      • Best Practices for Timestamping
        Link

Preparing Code Signing Certificate using Microsoft’s makecert

Background

Ever so often it is good to revisit the steps one needs to take to prepare SSL Code Signing Certificate.

One can prepare the Request and sent it along to third party SSL Certificate Providers.

In this case we will do a complete round circle run.

That is, do everything ourselves.

Microsoft’s makecert will be our resource.

 

Makecert

Outline

  1. Artifacts
    • Do you have makecert on your machine?
  2. SSL Certificate
    • Create Code Sign Certificate for Root
    • Create Code Sign Certificate for Self
    • Extract PFX File

Artifacts

Unfortunately, Microsoft is always moving things around a bit.

For the sake of brevity, we will not go over the current installation choices for makecert in this post.

 

Do we have makecert on your machine ?

Code


>cd\

>cd "Program Files"

>dir makecert.exe /s

Output

 

 

SSL Certificate Root

Let us create our root certificate

Options

Here are the Options that we will utilize:-

Option Available Choice
Algorithm SHA-1 or MD5 sha1
Enhanced Key Usage 1.3.6.1.5.5.7.3.1 – id_kp_serverAuth
1.3.6.1.5.5.7.3.2 – id_kp_clientAuth
1.3.6.1.5.5.7.3.3 – id_kp_codeSigning
1.3.6.1.5.5.7.3.4 – id_kp_emailProtection
1.3.6.1.5.5.7.3.5 – id-kp-ipsecEndSystem
1.3.6.1.5.5.7.3.6 – id-kp-ipsecTunnel
1.3.6.1.5.5.7.3.7 – id-kp-ipsecUser
1.3.6.1.5.5.7.3.8 – id_kp_timeStamping
1.3.6.1.5.5.7.3.9 – OCSPSigning
1.3.6.1.5.5.7.3.3
cy: Certificate type. Valid options are [end|authority] authority
-pe (exportable)
-ss: Certificate store name. Most common options are [AuthRoot|CA|My|Root] AuthRoot|CA|My|Root Root
-sr: Certificate store location. Valid options are [CurrentUser|LocalMachine]. Default to ‘CurrentUser’ CurrentUser|LocalMachine LocalMachine
-sv: Private Key (.pvk) codeSigningRootPrivateKey.pvk
RootCertificate.cer

 

Code


@echo on

setlocal

set "_binFolder=C:\Program Files\Microsoft Message Analyzer\"

set "_certificateName=Daniel Adeniji ( codesign root)"

rem SHA-1 or MD5
set "_algorithm=sha1" 

rem id_kp_codeSigning = 1.3.6.1.5.5.7.3.3
set "_eku=1.3.6.1.5.5.7.3.3"

rem -r	Creates a self-signed certificate.

rem -cy: Certificate type. Valid options are [end|authority].
rem Use authority to create a CA (root or intermediate) certificate.
set "_certificateType=authority"

rem -pe: Switch to mark the generated private key as exportable.

set "_codeSigningPrivateKey=codeSigningRootPrivateKey.pvk"

set "_codeSigningPublicKey=codeSigningRootPrivateKey.cer"

rem -ss: Certificate store name. Most common options are [AuthRoot|CA|My|Root]
set "_certStoreName=Root"

rem -sr: Certificate store location. Valid options are [CurrentUser|LocalMachine]. Default to ‘CurrentUser’
set "_certStoreLocation=LocalMachine"

if exist %_codeSigningPrivateKey% echo file %_codeSigningPrivateKey% exists goto :complete

if exist %_codeSigningPublicKey% echo file %_codeSigningPrivateKey% exists goto :complete

"%_binFolder%\makecert.exe" -n "CN=%_certificateName%" -a %_algorithm% -eku %_eku% -r -cy %_certificateType% -pe ^
 -sv %_codeSigningPrivateKey% %_codeSigningPublicKey% ^
 -ss %_certStoreName% -sr %_certStoreLocation%

endlocal

:complete

Output

Issuing Code Signing command does a couple of things :-

  1. Files Created
    • Root Private Key
    • Root Certificate
  2. Certificates created in store

File List

MMC

Outline
  1. Start MMC Console
  2. Add Certificate
    • Target Machine
      • Access “Trusted Root Certification Authorities
      • Review listed trusted root certificates
Image

Explanation
  1. Certificate Purposes
    • Code Signing

 

SSL Certificate Self

Let us create our signing certificate

Options

Here are the Options that we will utilize:-

Option Available Choice
Algorithm SHA-1 or MD5 sha1
Enhanced Key Usage 1.3.6.1.5.5.7.3.3 – id_kp_codeSigning 1.3.6.1.5.5.7.3.3
cy: Certificate type. Valid options are [end|authority] end
-pe (exportable)
-ss: Certificate store name. Most common options are [AuthRoot|CA|My|Root] AuthRoot|CA|My|Root My
-sr: Certificate store location. Valid options are [CurrentUser|LocalMachine]. Default to ‘CurrentUser’ CurrentUser|LocalMachine CurrentUser
-iv: Private Key (.pvk) codeSigningRootPrivateKey.pvk
-ic:certificate RootCertificate.cer

 

Code


@echo on

setlocal

set "_binFolder=C:\Program Files\Microsoft Message Analyzer\"

set "_certificateName=Daniel Adeniji ( codesign self )"

rem SHA-1 or MD5
set "_algorithm=sha1" 

rem id_kp_codeSigning = 1.3.6.1.5.5.7.3.3
set "_eku=1.3.6.1.5.5.7.3.3"

rem -cy: Certificate type. Valid options are [end|authority].
rem Use authority to create a CA (root or intermediate) certificate.
set "_certificateType=end"

rem -pe: Switch to mark the generated private key as exportable.

set "_codeSigningPrivateKey=codeSigningRootPrivateKey.pvk"

set "_codeSigningPublicKey=codeSigningRootPrivateKey.cer"

rem -ss: Certificate store name. Most common options are [AuthRoot|CA|My|Root]
set "_certStoreName=My"

rem -sr: Certificate store location. Valid options are [CurrentUser|LocalMachine]. Default to ‘CurrentUser’
set "_certStoreLocation=CurrentUser"

"%_binFolder%\makecert.exe" -n "CN=%_certificateName%" -a %_algorithm% -eku %_eku% -cy %_certificateType% -pe ^
 -iv %_codeSigningPrivateKey% -ic %_codeSigningPublicKey% ^
 -ss %_certStoreName% -sr %_certStoreLocation%

endlocal

:complete

Output

Issuing Code Signing command adds our signing certificate to the store.

  1. Certificates created in store

MMC

Outline
  1. Start MMC Console
  2. Add Certificate
    • Current User
      • Personal
        • Certificates
          • Review listed personal certificates
Image
Image – Listing

Image – Detail

 

Explanation
  1. Certificate Information & Purpose
    • Ensures software came from software publisher
    • Protects software from alteration after publication

 

Export Certificate

Let us export our SSL Certificate so that we can use in our development tool.

Outline

  1. Launch Microsoft Management Console ( MMC )
  2. Via Menu, Add File \ Add and Remove Snap In, please add Certificate Snap In
    • Select Targeted Store
    • Options will include Machine, Services, and User
  3. Review certificates under the tree of Personal \ Certificates
  4. Select certificate
    • Right Click on Certificate
    • Choose Export from the drop down menu
    • Navigate through Windows
      • Welcome
      • Export Private Key
        • Please choose “Yes, export the Private Key”
      • Export Format
        • Format :- Personal Information Exchange – PCKS #12 (.PFX)
        • Options
          • Include all certificates in the path ( Check )
            • This ensures that all exportable intermediate certificates are included, as well
          • Delete private key if successful ( un-check )
          • Export all extended properties ( Check )
          • Enable certificate privacy
      •  Security
        • Group or User Names
          • If  list of users is known and same Active Directory Domain, select Users
        • Password
          • Please choose password

Images

Image – Export Wizard – Welcome

Image – Export Wizard – Export Private Key

Please choose “Yes, export the private key”.

Exporting the Private Key is the only option that will allow us to export in PFX format.

Image – Export Wizard – Export File Format

Please choose “Personal Information Exchange – PCKS #12 (.PFX)”

certificate.exportFileFormat.03.20190606.1250AM.PNG

Image – Export Wizard – Security

This is for personal use and so for ease of use, chose to restrict to self ( domain account ) and skipped password enforcement.

 

Image – Export Wizard – Completing

Image – Export Wizard – Export was successful

 

Source Code Control

GitHub

DanielAdeniji/codesign
Link

 

References

  1. Scott Hanselman
    • Signing PowerShell Scripts
      Link
  2. Microsoft
    • Makecert
    • Technet
      • John Howard
        • How-to use MakeCert for trusted root certification authority and SSL certificate issuance
          Link
  3. Elizabeth Andrews
    • Creating self signed certificates with makecert.exe for development
      Link

AWS/EC2 – Instance – Metadata

Background

Continuing with our study on AWS/EC2.

Let us quickly cover how we go about querying the EC2 instance for rudimentary system information.

Environment

On the instance itself, please send a payload against Link-local address; specifically 169.254.169.254.  The full URL is http://169.254.169.254/latest/meta-data/

Tool

We are on MS Windows and we have browsers loaded and we will use them as simple HTTP Client.

if you are on Linux and all you have is a terminal mode connection, please use curl ( Client URL ).

Top Level

Here is our top level node.

Browser

Block Device Mapping

Lists Storage Devices; please note only block devices and not RAW Storage Devices.

Please also keep in mind detailed storage info is not available; merely names.

Images

Image-Block Device Mapping

hostname

Images

Image-hostname

instance-id

Images

Image-instance-id

instance-type

Images

Image-instance-type

hostname

Images

hostname

local-hostname

Images

Image-Localhostname

local-ipv4

Images

Image-Local IP4 Address

Mac

Please read further; specifically under Network\Interface\Macs.

Network

interface

Macs

Network Mac Addresses which can be fairly useful for network troubleshooting, etc.

Images
Network Mac -01

Placement

Availability Zone

Here we talk about Country/Region/Availability Group.

In our case we are in

  1. Country :- US
  2. Region :- East Coast
  3. Availability Zone :- 1C

Images

Image.us-east-1c

Security-Groups

Security Groups are the Security groups each instance is assigned.

In the screen shots below we have two distinct results.

First is workplace for AWS Workplace node and the second is one of our custom security groups.

Images

Image – workplace

Image – taskRunner

Summary

Quick summary.

Instance metadata allows a bit of introspection on each EC/2 instance.

Akin to Windows Management Interface, WMI, in MS Windows.

References

  1. Amazon
    • AWS Documentation » Amazon EC2 » User Guide for Windows Instances » Amazon EC2 Instances » Configuring Your Windows Instance
      • Instance Metadata and User Data
        Link
    • AWS Documentation » Amazon EC2 » User Guide for Windows Instances » Monitoring Amazon EC2 » Monitoring the Status of Your Instances
      • Scheduled Events for You
        Link
  2. Curl for Windows

Avail Open-ssh on Windows

Background

Reading up more on AWS and wanted to review available options for connecting to EC2 instances.

There are a few pathways such as SSH ( Linus & Windows ), Remote Desktop ( Windows ), and API.

SSH Client

On MS Windows, Putty is the most popular SSH Client.

Starting with MS Window 10 Build 1809, Microsoft offers a built-in option via packaging in Open-SSH.

Open-SSH Client

Outline

  1. Add MS Windows Feature
    • Determine MS Windows Version
    • If Windows 10, Build 1809
      • Add feature
        • GUI
        • Command Line
  2. Manual
    • PowerShell/Win32-OpenSSH
      • Download

 

Add MS Windows Feature

Get MS Windows Version

winver
Syntax

winver

Output

Explanation
  1. Version
    • Our Version Number is 1607
    • OS Build 14393.2969
    • Windows 10 Enterprise 2016 LTSB
  2. To use integrated install, we need to be on Build 1809

 

Add Feature OpenSSH

GUI
Outline
  1. Access Control Panel
  2. Access Programs and Features Applet
  3. Turn Windows Features On and Off
  4. Select OpenSSH Client
Screen Shot
Explanation

We are on MS Windows Build 1809, and we can clearly see that “OpenSSH” is not offered.

Powershell WindowsCapability
Outline
  1. Issue Powershell Get-WindowsCapability
  2. If SSH is listed, issue Powershell Add-WindowsCapability
Get Windows Capability – Syntax

powershell -Command "Get-WindowsCapability -Online | ? Name -like '*ssh*'"

Add Windows Capability – Syntax

powershell -Command "Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0"

Screen Shot
Screen Shot – Powershell Get-WindowsCapability

Screen Shot – Powershell Get-WindowsCapability – Output

Explanation

Since “Get-WindowsCapability” does not indicate that ssh packages are available, we will skip invoking the “Add-WindowsCapability“.

 

PowerShell/Win32-OpenSSH

Artifacts

The artifacts are here :-

https://github.com/PowerShell/Win32-OpenSSH/releases
Link

Current Version

Our current version is v7.9

Listing

Explanation
  1. Our OS is 64 bit and so we will go with Win64 files
  2. Not going to be debugging OpenSSH and so will skip files that bore Symbols in their name
  3. Our file is OpenSSH-Win64.zip

Download & Unpack

Please download OpenSSH*.zip and unpack it.

File Listing

Extracted File

  1. ssh.exe
    • SSH Client
  2. sshd.exe
    • SSH Server

Use

Let us issue a couple of commands to make sure that we are able to use our downloaded open-ssh client.

Use -01
Syntax

ssh user@host

Sample

ssh dadeniji@hrdb

Output

Summary

If one is on the latest MS Windows 10, one is able to quickly integrate OpenSSH.

On the other hand, if on an earlier OS or version prior to Windows 10  Build 1809, please download the artifacts, unpack it, and run the unpacked files.

 

Reference

  1. Microsoft
    • Docs / Windows Server / Management / Manage Windows Server systems and environments / Manage Windows with OpenSSH / Getting started with OpenSSH
      • Installation of OpenSSH For Windows Server 2019 and Windows 10
        Link
  2. PowerShell/Win32-OpenSSH
    • PowerShell/Win32-OpenSSH – Releases
      Link

AWS :- Elastic Compute Cloud ( EC2 ) and Elastic Block Store ( EBS ) :- Review Questions

Review Questions

  1. Your web application needs four instances to support steady traffic nearly all of the time. On the last day of each month, the traffic triples. What is a cost-effective way to handle this traffic pattern?
    • A. Run 12 Reserved Instances all of the time.
    • B. Run four On-Demand Instances constantly, then add eight more On-Demand Instances on the last day of each month.
    • C. Run four Reserved Instances constantly, then add eight On-Demand Instances on the last day of each month.
    • D. Run four On-Demand Instances constantly, then add eight Reserved Instances on the last day of each month.
  2. Your order-processing application processes orders extracted from a queue with two Reserved Instances processing 10 orders/minute. If an order fails during processing, then it is returned to the queue without penalty. Due to a weekend sale, the queues have several hundred orders backed up. While the backup is not catastrophic, you would like to drain it so that customers get their confirmation emails faster. What is a cost-effective way to drain the queue for orders?
    • A. Create more queues.
    • B. Deploy additional Spot Instances to assist in processing the orders. 
    • C. Deploy additional Reserved Instances to assist in processing the orders.
    • D. Deploy additional On-Demand Instances to assist in processing the orders.
  3. Which of the following must be specified when launching a new Amazon Elastic Compute Cloud (Amazon EC2) Windows instance? (Choose 2 answers)
    • A. The Amazon EC2 instance ID
    • B. Password for the administrator account
    • C. Amazon EC2 instance type
    • D. Amazon Machine Image (AMI)
  4. You have purchased an m3.xlarge Linux Reserved instance in us-east-1a. In which ways can you modify this reservation? (Choose 2 answers)
    • A. Change it into two m3.large instances.
    • B. Change it to a Windows instance.
    • C. Move it to us-east-1b.
    • D. Change it to an m4.xlarge.
  5. Your instance is associated with two security groups. The first allows Remote Desktop Protocol (RDP) access over port 3389 from Classless Inter-Domain Routing (CIDR) block 72.14.0.0/16. The second allows HTTP access over port 80 from CIDR block 0.0.0.0/0. What traffic can reach your instance?
    • A. RDP and HTTP access from CIDR block 0.0.0.0/0
    • B. No traffic is allowed.
    • C. RDP and HTTP traffic from 72.14.0.0/16
    • D. RDP traffic over port 3389 from 72.14.0.0/16 and HTTP traffic over port 80 from 0.0.00/0
  6. Which of the following are features of enhanced networking? (Choose 3 answers)
    • A. More Packets Per Second (PPS)
    • B. Lower latency
    • C. Multiple network interfaces
    • D. Border Gateway Protocol (BGP) routing
    • E. Less jitter
  7. You are creating a High-Performance Computing (HPC) cluster and need very low latency and high bandwidth between instances. What combination of the following will allow this? (Choose 3 answers)
    • A. Use an instance type with 10 Gbps network performance.
    • B. Put the instances in a placement group. ( yes )
    • C. Use Dedicated Instances.
    • D. Enable enhanced networking on the instances.
    • E. Use Reserved Instances.
  8. Which Amazon Elastic Compute Cloud (Amazon EC2) feature ensures that your instances will not share a physical host with instances from any other AWS customer?
    • A. Amazon Virtual Private Cloud (VPC)
    • B. Placement groups
    • C. Dedicated Instances
    • D. Reserved Instances
  9. Which of the following are true of instance stores? (Choose 2 answers)
    • A. Automatic backups
    • B. Data is lost when the instance stops.
    • C. Very high IOPS
    • D. Charge is based on the total amount of storage provisioned. 
  10. Which of the following are features of Amazon Elastic Block Store (Amazon EBS) ?
    • A. Data stored on Amazon EBS is automatically replicated within an Availability Zone.
    • B. Amazon EBS data is automatically backed up to tape.
    • C. Amazon EBS volumes can be encrypted transparently to workloads on the attached instance.
    • D. Data on an Amazon EBS volume is lost when the attached instance is stopped
  11. You need to take a snapshot of an Amazon Elastic Block Store (Amazon EBS) volume.  How long will the volume be unavailable?
    • A. It depends on the provisioned size of the volume.
    • B. The volume will be available immediately. 
    • C. It depends on the amount of data stored on the volume.
    • D. It depends on whether the attached instance is an Amazon EBS-optimized instance.
  12. You are restoring an Amazon Elastic Block Store (Amazon EBS) volume from a snapshot.  How long will it be before the data is available?
    • A. It depends on the provisioned size of the volume.
    • B. The data will be available immediately.
    • C. It depends on the amount of data stored on the volume.
    • D. It depends on whether the attached instance is an Amazon EBS-optimized instance.
  13. You have a workload that requires 15,000 consistent IOPS for data that must be durable.  What combination of the following steps do you need? (Choose 2 answers)
    • A. Use an Amazon Elastic Block Store (Amazon EBS)-optimized instance. 
    • B. Use an instance store.
    • C. Use a Provisioned IOPS SSD volume. 
    • D. Use a magnetic volume.
  14. Which of the following can be accomplished through bootstrapping?
    • A. Install the most current security updates.
    • B. Install the current version of the application.
    • C. Configure Operating System (OS) services.
    • D. All of the above.
  15. How can you connect to a new Linux instance using SSH?
    • A. Decrypt the root password.
    • B. Using a certificate
    • C. Using the private half of the instance’s key pair
    • D. Using Multi-Factor Authentication (MFA)
  16. VM Import/Export can import existing virtual machines as: (Choose 2 answers)
    • A. Amazon Elastic Block Store (Amazon EBS) volumes
    • B. Amazon Elastic Compute Cloud (Amazon EC2) instances
    • C. Amazon Machine Images (AMIs)
    • D. Security groups
  17. Which of the following can be used to address an Amazon Elastic Compute Cloud (Amazon EC2) instance over the web? (Choose 2 answers)
    • A. Windows machine name
    • B. Public DNS name
    • C. Amazon EC2 instance ID
    • D. Elastic IP address
  18. Using the correctly decrypted Administrator password and RDP, you cannot log in to a Windows instance you just launched. Which of the following is a possible reason?
    • A. There is no security group rule that allows RDP access over port 3389 from your IP address. 
    • B. The instance is a Reserved Instance.
    • C. The instance is not using enhanced networking.
    • D. The instance is not an Amazon EBS-optimized instance.
  19. You have a workload that requires 1 TB of durable block storage at 1,500 IOPS during normal use. Every night there is an Extract, Transform, Load (ETL) task that requires 3,000 IOPS for 15 minutes. What is the most appropriate volume type for this workload?
    • A. Use a Provisioned IOPS SSD volume at 3,000 IOPS.
    • B. Use an instance store.
    • C. Use a general-purpose SSD volume.
    • D. Use a magnetic volume.
  20. How are you billed for elastic IP addresses?
    • A. Hourly when they are associated with an instance
    • B. Hourly when they are not associated with an instance
    • C. Based on the data that flows through them
    • D. Based on the instance type to which they are attached

 

Referenced Work

  1. AWS
    • Amazon EC2 Instance Types
      • Instance Features
        Link
    • Script
      • AWS Documentation » Amazon EC2 » User Guide for Linux Instances » Amazon EC2 Instances » Configuring Your Amazon Linux Instance » Running Commands on Your Linux Instance at Launch
        • Running Commands on Your Linux Instance at Launch
          Link
    • Amazon EC2 Instance Types
      • AWS Documentation » Amazon EC2 » User Guide for Linux Instances » Storage
        • Block Device Mapping
          Link
    • Elastic Block Store
      • AWS Documentation » Amazon EC2 » User Guide for Linux Instances » Storage » Amazon Elastic Block Store (Amazon EBS) » Amazon EBS Snapshots » Creating Amazon EBS Snapshots
        • Creating Amazon EBS Snapshots
          Link
      • AWS Documentation » Amazon EC2 » User Guide for Linux Instances » Storage » Amazon Elastic Block Store (Amazon EBS) » Amazon EBS Volumes
        • Restoring an Amazon EBS Volume from a Snapshot
          Link
    • Instance Store
      • AWS Documentation » Amazon EC2 » User Guide for Linux Instances » Storage
        • Amazon EC2 Instance Store
          Link
    • Enhanced Networking
      • AWS Documentation » Amazon EC2 » User Guide for Linux Instances » Network and Security
        • Enhanced Networking on Linux
          Link
    • EC2
      • EC/2 Instance
        • How do I move my EC2 instance to another subnet, Availability Zone, or VPC?
          Link
      • EC/2 Instance Metadata
        • EC2 Instance Metadata Query Tool
          Link
    • Elastic IP
      • Premium Support / Knowledge Center
        • Why am I being billed for Elastic IP addresses when all my instances are terminated?
          Link
    • AWS Compute Blog
      • Jeff Bartley
        • Recovering files from an Amazon EBS volume backup
          Link
  2. A Cloud Guru
    • A Cloud Guru > Course taking > Other
      • AWS EC2 Instance Store vs. EBS
        Link
  3. RightScale
    • RightScale Docs / Cloud Management / Dashboard User’s Guide / clouds / Amazon Web Services (AWS)
      • EC2 Elastic IPs
        Link
  4. Scale Your Code
    • Christophe Limpalair
      • Complete guide to launching your first free AWS EC2 instance
        Link