AWS-combine
ECU
The EC2 Compute Unit (ECU) provides the relative measure of the integer processing power of an Amazon EC2 instance
256K
The message size for SQS can be ?
When creating a security group, all outbound traffic is allowed by default. True or False?
True
When using VPC Peering instances behave as if they are on the same private network. True or False?
True
Redis clusters also can support up to five read replicas to offload read requests
Upto how many read replicas does reds support ?
Performance efficiency
Use computing resources efficiently and maintain them as changes occur
Workspaces
VDI Desktop in cloud
HDFS and EMR File SystemA key factor driving the type of storage a cluster uses is whether the cluster is persistent or transient.
What are the two types of storage that can be used with Amazon EMR ?
What is a placement group?
When you launch EC2 instances, you can determine how instances are placed on underlying hardware through placement groups.
Elistic cache
Which type of Elsistic cache has the ability to persist in memory data onto disk
50 each
You can add up to how many inbound and how many outbound rules to each security group.
A _____ is a document that provides a formal statement of one or more permissions. a. Policy b. User c. Group d. Role
a
In S3 RRS, the durability of my files is a. 99.99% b. 99.99999999% c. 99% d. 100%
a
Which DNS name can only be resolved within amazon EC2? a. Internal DNS Name b. External DNS Name c. Global DNS Name d. Private DNS Name
a
In VPCs w/ private and public subnets, database servers should ideally be launched into a) The public subnet b) The private subnet c) Either d) Not recommended, they should ideally be launched outside of the VPC
a) The private subnet
egress
an exit; a means of going out
WAF - Web Application Firewall -
app level protection to website
Glacier
archive files from s3 - requirements for regulatory bodies
Opsworks
automate deployments w/ Chef
What AWS service is used to consume big data? a) Elastic Map Reduce b) Kinesis c) Redshift
b) Kinesis
Throughput optimized HDD (ST1)
big data, log processing, large amounts of sequential data (cannot be a boot volume)
QuickSight
business analytics - helps create visualization / dashboards
Can I move a reserved instance from one region to another? a. Yes b. Only in the US c. No d. Depends on the region
c
Every user you create in the IAM system starts with ____ a. Full permissions b. Partial permissions c. No permissions
c
In RDS, changes to the backup window take effect a. After 30 mins b. The next day c. Immediately d. you cannot back up in RDS
c
How long is the retention period for SQS (Simple Queue Service)? a) 1 day b) 5 days c) 12 days d) 30 days
c) 12 days
In RDS, changes to the backup window take effect... a) After 30 minutes b) The next day c) Immediately d) You cannot back up in RDS
c) Immediately
In what language are policy documents written in? a) Node.js b) Java c) JSON d) Python
c) JSON
Elastic Transcoder
change video formats for all devices
SSE-C
client managed keys; you manage keys, amazon manages encryption
A placement group is ideal for... a) Distributing content on a CDN network b) EC2 instances that require high disk IO c) EC2 instances that require high network throughput and low latency across multiple availability zones d) EC2 instances that require high network throughput and low latency across a single availability zone
d) EC2 instances that require high network throughput and low latency across a single availability zone
Cognito
easy to have user sign in with w/ social identity
Cloud Front
edge locations that cache media content
Service Catalog
enterprises - services can be authorized or not
X1
memory optimized, SAP Hana, Spark
Data Pipeline
move data from one place to another (S3 to DynamoDB)
Elastic Beanstalk
platform to develop scalable web apps, PaaS
SMS - Server Migration Service
same as DMS but VM machines - vmware replicate to cloud
Serverless Computing
system in which a cloud provider fully manages the functions of a cloud server
Polly
text to voice
How do you attach a new EBS to an EC2? (Choose 3) a) Using AWS management console b) Using AWS API tools c) Using AWS command line interface d) By doing an RDP to the instance e) By doing an SSH to the instance
a) Using AWS management console b) Using AWS API tools c) Using AWS command line interface
Can I "force" a failover for any RDS instance that has Multi-AZ configured? a) Yes b) No c) Only for Oracle RDS instances
a) Yes
Choose the correct statement (Choose 3) a) You can have unlimited number of objects in S3 bucket b) An S3 object can be of unlimited size c) Data stored in S3 is encrypted d) You can use Reduced Redundancy storage for lower cost option e) You can serve your static site from S3
a) You can have unlimited number of objects in S3 bucket d) You can use Reduced Redundancy storage for lower cost option e) You can serve your static site from S3
What are the storage optimized EC2 instance types?
1. H1 2. I3 3. D2
What are the accelerated computing EC2 instance types?
1. P3 2. P2 3. G3 4. F1
AWS user
A permanent named operator (human or a machine)
AWS Lambda
Allows you to run code w/o provisioning servers
Outbound data transfers
Are charged by tiers
Database product examples
Aurora RDS Dynamo DB elasticache, red shift Neptune and AWS database migration service
Risk management governing bodies
COBIT, AICPA, and NIST
Elasticache
Cache data in cloud - easier access to unchanged data
No. Read replicas are available in Amazon RDS for MySQL, MariaDB, and PostgreSQL as well as Amazon Aurora.
Can AWS Redshift and Dynamo DB support read replicas ?
Encryption at rest encrypts the data in DynamoDB streams.
Can you encrypt the Dynamo DB streams data?
EC2 Placement Group
Cluster same type/az, Spread with multiple instance types/az within one region, Partition through API or AWS CLI.
Redshift data warehouse
Collection of computing resources called nodes
CodeBuild
Compiling code - aws service
AWS IAM allows access to
Computing, storage, database and application services
COBIT
Control objectives for information and related technology
AWS role
Credentials are temporary, authenticates
IAM role named UpdateApp.
Cross IAM account access what IAM role would you use ?
Shared responsibility model
Customer and AWS both have resp for security
S3 is object storage and not block storage. EBS is block storage
DB backup needs cheap block storage. What option would you chose
If I own a bucket called deepa bucket, no other bucket in any region can have the same name.
Do bucket names have to be unique accross regions ?
non-relationable database
Does not incorporate table model, instead data can be stored in a single document file
Partition key is the primary key. Sort keyis the seconary partition key
Dynamo DB has partition key and sort key
Which type of root device storage can be stopped?
EBS
Provisioned Iops SSD (IO1)
EBS volume for I/O intensive apps (eg big db), more than 10,000 iops, can provision up to 20,000 iops per volume
ECS
Elastic Container Service for orchestration of docker.
Existing instances can be moved into placement groups. True or False?
False
Device Farm
Improve app by testing on hundreds of smartphones
Which 2 services provide Native encryption? a. Glacier b. EC2 c. IAM d. Storage Gateway
a d
KMS
Key management system
Storage Gateway Virtual Tape volume limits
Max 1,500 tapes (1 PB) of total tape data. You're allowed 1 VTS per AWS region. Multiple gateways in the same region can share a tape library.
NIST
National Institute of Standards and Technology
DynamoDB
Non-relational database (NoSQL)
Compliance info sharing
Obtaining industry certifications publishing security and control practices and providing documentation as part of NDA
One primary contact unlimited cases
Only the developer support plan
What are the different AWS credentials and their uses?
Passwords & MFA: root account or IAM user account login to the console Access keys: digitallys signed requests to APIs (using SDK, CLI, or REST/Query APIs) Key Pairs: SSh login to EC2 instances and CloudFront signed URLs X.509 Certificates: secures content sent using CloudFront
AWS basic security features
Patching, firewall config, disaster recovery
Utility pricing
Pay as you go, pay less when you reserve, pay even less when you use more units
The basic support plan offers this pricing
Pricing is included
How many IGW (internet gateways) can I attach to my custom VPC? a) 1 b) 2 c) 3 d) 4
a) 1
In RDS what is the maximum size for a Microsoft SQL Server DB with SQL Server Express edition? a) 10 GB b) 300 GB c) 1 TB d) 4 TB
a) 10 GB
Infrastructure
Regions, availability zones and edge locations
AW risk and compliance programs
Risk management, control environments, information security
Storage product examples
S3 EBS glacier storage gateway snowball snowmobile, snowball edge, elastic file system
in transit encryption for S3
SSL/TLS
CloudSearch
Search engine ability - fully managed
Region
Spans 2 or more AZs, separate geographic area
Amazon S3
Storage for the internet
SDK (Software Development Kit)
The platform where mobile applications are developed
What is AWS Storage Gateway? a) It's an on-premise virtual appliance that can be used to cache S3 locally at a customers site. b) It allows large scale import/exports in to the AWS cloud without the use of an internet connection. c) It allows a direct MPLS connection in to AWS. d) None of the above.
a) It's an on-premise virtual appliance that can be used to cache S3 locally at a customers site.
When replication data from your primary RDS instance to your secondary RDS instance, what is the charge? a) No charge, it's free b) Same as the standard data transfer charge c) Double the standard data transfer charge d) Half of the standard data transfer charge
a) No charge, it's free
EBS can always tolerate an Availability Zone failure? a) No, all EBS volume is stored in a single AZ b) Yes, EBS volume has multiple copies so it should be fine c) Depends on how it is setup d) Depends on the Regions where the EBS volume is initiated
a) No, all EBS volume is stored in a single AZ
What AWS service would you use primarily for data warehousing? a) Redshift b) RDS c) DynamoDB d) DMS
a) Redshift
Aurora storage is self-healing. True or False?
True
Placement groups cannot be merged. True or False?
True
The name you specify to your placement group must be unique within your AWS account. True or False?
True
Manual, Scheduled, Dynamic
Types of auto scaling
EC2 Security Group
Virtual firewall similar to ACL/VPC but is Stateful instead. Not the User Role. By default all incoming is blocked. You can only allow certain combinations of protocol, port and IP addresses.
Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB It delivers up to a 10x performance improvement - from milliseconds to microseconds - even at millions of requests per second.
What is Duynamo DB Accelerator (DAX) ?
using read replicas
What is a way to scale RDS databases ?
200
What is the Maximum number of Auto Scaling groups per region?
Local indexes support - eventual consistency - strong consistency
What type of consistency does Dynamo db local indexes support ?
Public
Which subnet is a bastion host created in?
What is the underlying Hypervisor for EC2?
Xen
min-max action in stage
1-50
What are the compute optimized EC2 instance types?
1. C5 2. C4
Reduced Redundancy storage
99.99% avail and durability (for re-creatable data)
Target
A destination for traffic based on listener rules
Amazon cloud front
A web service for content delivery
What is SNS (Simple Notification Service)?
A web service that makes it easy to set up, operate, and send notifications from the cloud.
AWS Import/Export Disk has an upper limit of 16TB.
AWS Import/Export Disk has an upper limit of how much ?
50 TB and 80 TB
AWS Snowballs come in which two sizes ?
Internet gateway
Allows Internet traffic to pass through the VPC based on authorization
yes
Are S3 objects immutable ?
Which type(s) of root device storage will be deleted upon instance termination?
Both (instance store and EBS)
What does an Activity Worker do?
Carry out the activity tasks.
Storage Gateway
Connecting to S3 to on-prem (VM can install on-prem)
What areas does security on the cloud consist of?
Data protection: classify your data into different segments and implement a least privilege access system. Encrypt EVERYTHING where possible, whether it be at rest or in transit Privilege management: ensures that only authorized and authenticated users are able to access your resources and only in a manner that is intended. Infrastructure protection: how are you protecting your VPC Detective controls: used to detect or identify a security breach
DNS
Domain name system. Example Amazon route 53
Dynamo DB -Partition Key and Sort Key Length The minimum length of a partition key value is 1 byte. The maximum length is 2048 bytes. Sort Key Length: The minimum length of a sort key value is 1 byte. The maximum length is 1024 bytes.
Dynamo DB -Partition Key and Sort Key Length limits.
Yes. Dynamo DB does not have a analyzer to determine which secondary index to use
Dynamo DB secondary indexes do you need to specify which index to use ?
To do this, use the FilterExpression parameter of the Scan operation
Dynamo DB. You can also request that only some of the data be returned, and that the remaining data should be discarded. To do this, what would you use ?
What are placement groups ideal for?
EC2 instances that require high network throughput and low latency across a SINGLE availability zone
What is Elasticache?
Elasticache is a web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud.
The symmetric data key plus the master key
Encrypted data key
Auto scaling
Ensures you have correct number of EC2 instances to handle load of application
What lives in a subnet?
Everything in the VPC
Direct Connect is more useful than a VPN when an encrypted connection needs to be made. True or False?
False: an encrypted connection cannot be made using Direct Connect.
Amazon redshift
Fast, fully managed data warehouse service
Amazon dynamo DB
Fully managed nosql DB service, non-relational db
What is a gateway-stored volume?
Gateway-stored volumes store your primary data locally, while asynchronously backing up to S3.
EC2 HPC
High Performance Compute: Cluster for performance.
30 days
How many days minimum do you have to store data in S3 standard infeqreqent access ?
4KB ( for strong consistency) - 1 item upto 4 KB each second - Larger records cost 1RCU dor every 4 KB of data
In Dynamo dB 1 Read capacity until will let you retrive upto ?? KB.
ISO
International Organization for Standardization
1000
Max no. of vaults each AWS account can have?
Memcached cluster can contain up to 20 nodes
Max number of nodes in a memcached cluster ?
Redis clusters are always made up of a single node;
Max number of nodes in a redis cluster
Cloudwatch
Monitor performance - EC2, RAM, CPU utilization
Infrastructure event management included
Only for the enterprise support plan
Reliability
Recover from disruptions, meet demand and mitigate disruptions
Red shift Dense Compute node types support clusters up to 326TB using fast SSDs
Red shift Dense Compute node types support clusters up to ??
What is a Read Replica?
Replicas of databases that can be used to decrease lag and increase performance.
Inspector
agent installed on VMs to inspect and report
CodePipeline carries state between stages using
artefacts which are just files
A company is deploying a new two-tier web application in AWS. The company has limited staff and requires high availability, and the application requires complex queries and table joins. Which configuration provides the solution for the company's requirements? a. MySQL Installed on two Amazon EC2 Instances in a single Availability Zone b. Amazon RDS for MySQL with Multi-AZ c. Amazon ElastiCache d. Amazon DynamoDB
b
Amazon SWF is designed to help users: a. Manage user identification and authorization b. Coordinate synchronous and asynchronous tasks c. Secure their VPCs d. Help users store file based objects
b
You have a video transcoding application running on Amazon EC2. Each instance polls a queue to find out which video should be transcoded, and then runs a transcoding process. If this process is interrupted, the video will be transcoded by another instance based on the queuing system. You have a large backlog of videos which need to be transcoded and would like to reduce this backlog by adding more instances. You will need these instances only until the backlog is reduced. Which type of Amazon EC2 instances should you use to reduce the backlog in the most cost efficient way? a. Reserved instances b. Spot instances c. Dedicated instances d. On-demand instances
b
If you want your application to check whether a request generated an error then you look for an ______ node in the response from the Amazon RDS API a) Incorrect b) Error c) False d) True
b) Error
You work for a busy digital marketing company who currently store their data on premise. They are looking to migrate to AWS S3 and to store their data in buckets. Each bucket will be named after their individual customers, followed by a random series of letters and numbers. Once written to S3 the data is rarely changed, as it has already been sent to the end customer for them to use as they see fit. However on some occasions, customers may need certain files updated quickly, and this may be for work that has been done months or even years ago. You would need to be able to access this data immediately to make changes in that case, but you must also keep your storage costs extremely low. The data is not easily reproducible if lost. Which S3 storage class should you choose to minimize costs and to maximize retrieval times? a) S3 b) S3 - IA (Infrequently Accessed Storage) c) S3 - RRS (Reduced Redundancy Storage) d) Glacier
b) S3 - IA (Infrequently Accessed Storage)
What service connects an on-premise software appliance (or virtual machine) with cloud based storage? a) S3 b) Storage Gateway c) Snowball d) Glacier
b) Storage Gateway
What is true about VPC (Choose 3) a) You can have one EC2 in more than 1 VPC b) There will always be at least 1 default VPC c) A VPC is always across multiple AZ within a region d) You can either have a VPC with public subnet or private subnet e) You may use a 3rd party VPN to create a site to site or remote access VPN connection with your VPC via the Internet Gateway
b) There will always be at least 1 default VPC c) A VPC is always across multiple AZ within a region e) You may use a 3rd party VPN to create a site to site or remote access VPN connection with your VPC via the Internet Gateway
You need to implement an automated service that will scan your AWS environment and tell you ways that you can improve your security as well as how to save costs. Which service should you use? a) CloudTrail b) Trusted Advisor c) Service Catalog d) Config Rules
b) Trusted Advisor
Your company is interested in implementing a VDI solution to replace their local desktop environment. Which AWS service should you consider? a) IoT b) WorkSpaces c) WorkDocs d) WorkMail
b) WorkSpaces
What level of access does the "root" account have? a) Read Only access b) Power User access c) Administrator Access d) No Access
c) Administrator Access
Which AWS service is used as a CDN to distribute content around the world? a) CloudStream b) CloudFormation c) CloudFront d) CloudPush
c) CloudFront
When an ELB is setup, what is the best way to route a website's traffic to it? a) Resolve the ELB name to an IP address and point the website to that IP b) There is no direct way to do so, Route53 has to be used c) Generate a CNAME record for the website pointing to the DNS name of the ELB
c) Generate a CNAME record for the website pointing to the DNS name of the ELB
volume gateway where entire dataset stored on s3, and frequently accessed data kept on site
cached volumes
How many S3 buckets can I have per account by default? a) 10 b) 20 c) 50 d) 100
d) 100
If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines what is the maximum size RDS volume you can have by default? a) 500 GB b) 1 TB c) 3 TB d) 6 TB
d) 6 TB
Amazon RDS does not currently support increasing storage on a _______ Db instance. a) MySQL b) Aurora c) Oracle d) SQL Server
d) SQL Server
D2
dense storage; fileservers, data whareshousing, hadoop
stage in pipeline
is collection of actions
types of stage in codepipeline
source stage + build stage.. test stage ... deploy stage..approval stage.. invoke stage..
file size range for s3
0 bytes - 5TB
What are the types of load balancers?
1. Application load balancer 2. Network load balancer 3. Classic load balancer
What are the EBS volume types?
1. General Purpose SSD 2. Provisioned IOPS SSD 3. Throughput Optimized HDD 4. Cold HDD 5. Magnetic HDD (previous generation/deprecated)
What are the use cases for F1 EC2 instance types?
1. Genomics 2. Financial analytics 3. Real-time video processing 4. Big-data search and analysis 5. Security
What type of keys does EC2 use?
1024-bit SSH-2 RSA keys
How many compute nodes can there be in a Multi-Node configuration of Redshift?
128
Jenkins CodePipeline contains
2-10 stages
You can mount 1 EBS volume to multiple EC2 instances. 1. True 2. False
2. False
What is the maximum size of a gateway-cached volume?
32 TB
MySQL default port number
3306
s3 storage tier availability and durability
99.99% availability, "eleven nines" durability
What is created as a side effect of creating a custom VPC?
A Route Table for that VPC
AWS IAM Policy
A document that explicitly lists permissions and attaches to users and groups
SaaS (Software as a Service)
A form of cloud computing where a firm subscribes to a third-party software and receives a service that is delivered online. (Dined Out)
What is a placement group?
A grouping of instances within a SINGLE availability zone.
Listeners
A process that checks for connection requests and determines how load balancer routes requests
A replication group consists of up to six clusters, with five of them designated as read replicas.
A redis? replication group consists of up to ?? clusters
Microservices
A software architecture that is composed of smaller modules that interact through APIs and can be updated without affecting the entire system.
Elastic IP Address
A static IPv4 address. Not all EC2 instances need an elastic IP address. Private IP address and a dynamic public IP addresses are enough most of the time.
Amazon Glacier
A storage service for storing COLD data, infrequently accessed but must be retained for legal or regulatory reasons
What are examples of Privilege Management?
ACLs, Role based access controls, Password management
Amazon Machine Image
AMI, provides the information required to launch an instance.
what are the possible lambda triggers
API Gateway, AWS IoT, Alexa skills kit, Alexa smart home, CloudFront, CloudWatch Events/Logs, CodeCommit, Cognito, DynamoDB, Kinesis, S3, SNS
External Compliance AuditsUnauthorized Access to Your AWS Account
AWS CloudTrail is beneficial for which use cases ?
AWS CloudTrail typically delivers log files within 15 minutes of an API call.
AWS CloudTrail typically delivers log files within xx minutes of an API call
AWS Config provides you with an AWS resource inventory, configuration history, and configuration change notifications to enable security and governance.
AWS config. What is it?
Internet Gateway
Access to public subnet
Reserve options
All up front (AUR), Partial up front (PURI), No up front payments (NURI)
Private route table
Allows traffic from a private subnet out via the NAT server, always defaults to what is in the default route table, associated to the private subnets
What is VPC Peering?
Allows you to connect one VPC to another via a direct route using private IP addresses
40 TB
Amazon Glacier archive can contain up to xx of data.?
Amazon Kinesis Firehose receives stream data and stores it in Amazon S3, Amazon Redshift, or Amazon Elasticsearch.
Amazon Kinesis Firehose receives stream data and stores it in ?
Networking and content delivery product examples
Amazon VPC cloud front route 53 API gateway direct connect elastic load balancing
What is a Workflow Starter?
An app that can initiate a workflow.
Archive
An object you store in Glacier, own ID and description
Amazon EFS is a petabyte scale file sytem. Supoorts Shared storage. ad NFS 4.0 and 4.1. Compatib le with Linux systems
Anazon EFS
Cloud formation templates do NOT have to be region specific.
Are cloud formation te,plate region specific ?
Amazon Route 53
Authoritative DNS service from AWS
Public route table
Authorizations to have traffic come in and out of the public subnets, associated to the public subnets in the PPC, if it has 000/00 IGW line in the route table, always defaults to what is in the default route table
Config
Auto monitor and warns when configuration might break- detect if company policy is being broken
Default route table
Automatically created when you create a VPC, A network construct, if no public or private route tables are defined the default route table is used
4 support plans
Basic, developer, business, and enterprise support
VDI (Virtual Desktop Infrastructure)
Centralized hosting and management of desktop images. User access their desktop from the server. Access via desktop, laptop, or "dumb terminal" Goes to presentation server, which takes them to their desktop.
What AWS services apply to the Foundations sub-pillar?
CloudFormation
What areas does performance efficiency in the cloud consist of?
Compute, Storage, Database, Space-time trade-off
Vault
Container for storing archives in Glacier
Route Tables
Control traffic going to subnets
Trusted Advisor categories
Cost Optimization, Performance, Security, Fault Tolerance.
What protections does AWS provide by default?
DDoS, Man in the Middle, IP Spoofing, Port Scanning, Packet Sniffing
Redshift
Data warehousing (big data - only queried to run report - copy of database temporarily)
DMS
Database migration services - on-prem database to cloud or databases in cloud to other regions
Deciders and activity workers communicate with Amazon SWF using long polling.
Deciders and activity workers communicate with Amazon SWF using ?
SQS
Decoupling apps - queue system, store jobs that EC2 will pull - no dependencies
5
Default VPC's per region
200
Default subnets per VPC
CodeDeploy
Deploying code to EC2
Amazon workspace
Desktop streaming
Authorization
Determines how resources are used
EC2 Spot Instances
Discount due to time flexibility and interruption. After interruption, instance can be terminated, stopped or hibernated. Charges up to seconds after first uninterrupted hour or user termination.
EC2 Instances
Discounted Reserved Instances (RI) for 1 or 3 year terms, further discounted if non-convertible standard RI's.
Elastic Load Balancer
Distributed software load balancer service
Elastic load balancer
Distributes incoming traffic or loads amongst your instances
Looks at entire table accross all the partition keys. -Scans can be run in parallel from multipe threads or servers
Dynamo DB scan
With which type(s) of root device storage can you detach the volume and move it to another instance?
EBS
EC2 EBS vs Local Instance
EBS (Elastic Block Store) boot partition, you can also use the StopInstances/StartInstances API calls to use/release the compute resources but preserve the data on the boot partition. If you are using an Amazon EBS volume as a root partition, you will need to set the Delete On Terminate flag to "N" if you want your Amazon EBS volume to persist outside the life of the instance. The EBS cannot be accessed through S3 API's, only the EC2 API's.
General Purpose SSD (GP2)
EBS volume, 3 iops/gb, up to 10,000 iops
What are the types of EC2 storage available?
EBS volumes and Instance Store volumes
Compute Products
EC2, EC2 auto scaling, ECS, Lightsail, AWS Batch, Elastic Beanstalk, Fargate, Lambda, serverless app repository, elastic load balancing
Compute product examples
EC2, autoscaling, elastic container service, elastic container registry, lightsail, Beanstalk, fargate, lambda, serverless application repository, AWS batch and VMware cloud
What AWS services apply to the Data Protection sub-pillar?
ELB, EBS, S3, RDS
When you launch an Elastic Beanstalk environment, you first choose an environment tier THAT determines whether Elastic Beanstalk provisions resources to support an application that handles HTTP requests or an application that pulls tasks from a queue. An application that serves HTTP requests runs in a web SERVER ENVIRONMENT. An environment that pulls tasks from an Amazon Simple Queue Service queue runs in a WORKER ENVIRONMENT. An environment tier whose web application runs background jobs is known as a WORKER ENVIRONMENT.
Elastic Beanstalk environment, environment tier.
EC2
Elastic Compute Cloud
EC2
Elastic Compute Cloud, virtual servers in the cloud
Amazon ECS
Elastic Container service, Container Management service, replaces cluster management structure
Application load balancer
Enhanced features - metrics, access logs, health checks, more protocol support
15,000 per month pricing
Enterprise support plan
Workmail
Exchange for AWS
Alias records do not allow you to resolve a naked domain name to an ELBs DNS address. True or False?
False
Amazon SWF restricts me to use specific programming languages. True or False?
False
In RDS, you are responsibly for maintaining OS & Application security patching, antivirus etc. True or False?
False
True or False. AWS recommends providing EC2 instances with credentials so they can access other resources (such as S3 buckets) instead of assigning roles.
False
True or False. Amazon recommends that you leave all security groups in web facing subnets open on port 22 to 0.0.0.0/0 CIDR, that way you can connect wherever you are in the world.
False
True or False. Amazon's Glacier service is a Content Distribution Network which integrates with S3.
False
True or False. As the AWS is PCI DSS 1.00 compliant, I can immediately deploy a website to it that takes credit card details. I do not need any kind of delta accreditation from a QSA.
False
True or False. In RDS, you are responsible for maintaining OS & application security patching, antivirus, etc.
False
True or False. When creating a new security group, all inbound traffic is allowed by default.
False
True or False. When deploying databases on your own EC2 instances, it is recommended that you deploy these on magnetic storage rather than SSD as you get better performance.
False
True or False. When using a custom VPC and placing an EC2 instance into a public subnet, it will automatically be internet accessible (ie. you don't need to apply an elastic IP or ELB to the instance).
False
True or False. You can RDP or SSH into an RDS instance to see what is going on with the operating system.
False
VPC Peering connections can me made between VPCs in different regions. True or False?
False
When creating a new security group, all in bound traffic is allowed by default. True or False?
False
When deploying databases on your own EC2 instances, it is recommended that you deploy these on magnetic storage rather than SSD storage as you get better performance. True or False?
False
When using a custom VPC and placing an EC2 instance in to a public subnet, it will be automatically internet accessible (ie you do not need to apply an elastic IP address or ELB to the instance). True or False?
False
When you add a rule to an RDS security group you need to specify a port number or protocol. True or False?
False
You can NOT peer VPCs with other AWS accounts. True or False?
False
You can RDP or SSH in to an RDS instance to see what is going on with the operating system. True or False?
False
An EC2 instance in a public subnet has internet access. True or False?
False: an instance in a public subnet doesn't guarantee that it will have internet access
SQS (Simple Queue Service) ensures that a message is handled only once and is never duplicated. True or False?
False: duplicate messages need to be handled in SQS (Simple Queue Service) and any given message may need to be ensured that it is processed only once
Instances running on the machine are NOT isolated from each other. True or False?
False: instances running on the same machine are isolated from each other via the Xen hypervisor
Security groups
Firewall around each instance
900 seconds hence 15 minutes
For Lambda what is the maximum execution duration per request ?
What areas does reliability in the cloud consist of?
Foundations: be aware of the service limits in place before architecting your system Change management: be aware of how change affects a system so that you can plan proactively around it Failure management: always architect your system with the assumptions that failures will occur. Always be aware of these failures, how they occurred, how to respond to them and how to prevent them from happening again
What is a gateway-cached volume?
Gateway-cached volumes allow you to access your primary data on S3, while retaining frequently accessed data locally.
Three volume types of EBS
General purpose, provisioned and magnetic
1. Amazon glacier retrieval options: -Expedited: 1 to 5 minutes -Standard: 3-5 hours -Bulk: 5-12 h
Glacier retrieval options
Well Architected Framework
Helps builds secure high-performing resilient and efficient infrastructure in a cloud native way
Cache behaviors are applied in order; if a request does not match the first path pattern, it drops down to the next path pattern. Normally the last path pattern specified is * to match all files.
How are Cloud front cache behaviors applied
4. Amazon DynamoDB integrates with AWS Lambda to provide Triggers that enable you to architect applications that automatically react to data change /set up auditing PS: YOU DO NEED TO TURN ON LAMBDA STREAMS IN ORDER TO BE ABLE TO SEND UPDATES TO YOUR AWS LAMBDA FUNCTION https://aws.amazon.com/blogs/compute/619/
How can DynamoDB integrates and AWS Lambda work together
Lambda print statements get written to cloud watch logs!!! https://docs.aws.amazon.com/lambda/latest/dg/monitoring-functions-logs.html
How can I access the output of print statemens from AWS lambda?
Snowball edge, Job status can be tracked via Amazon SNS generated text or email messages or directly in the Console.
How can snowball edge job status be tracked ?
IAM
Identity and Access Management
What does it mean that security groups are STATEFUL?
If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again.
What is Import/Export?
Import/Export accelerates moving large amounts of data into and out of AWS using portable storage devices for transport. (Using Snowball is recommended over this)
No
In Dynamo DB can you query just based on the sort key and not use the partition key ?
1 write capacity unit will let you store 1 item upto 1 KB in size each second -Larger records cost 1 WCU for every 1 KB of data
In Dynamo dB 1 Write capacity until will let you write upto ?? KB.
Lightsail
In it a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP are all offered as a package. Whereas in normal case you provision an EC2 instance and then setup the rest of these things
In the Manage Stream window, choose the information that will be written to the stream whenever data in the table is modified: Keys only—only the key attributes of the modified item. New image—the entire item, as it appears after it was modified. Old image—the entire item, as it appeared before it was modified. New and old images—both the new and the old images of the item
In the AWS consoile Dynamo db -Manage Stream window, you can choose the information that will be written to the stream whenever data in the table is modified. What are the available options. Pick 4.
Two types of storage for the root device of an EC2 instance
Instance store and EBS
EC2 Instance Store vs EBS
Instance store cannot be stopped. It's ephemeral.
What is a Multi-AZ?
Instances used for failover that are located in different AZs than your original instance. These can NOT be used at the same time.
What happens if you don't associate a subnet with a Network ACL?
It becomes associated with the default Network ACL.
Code Pipeline
Keeping track of versions of code
Kay= Hash key and a range key
Local secondary index Key =??
Direct Connect
Makes it easy to establish a dedicated network connection from your premises to AWS- provides a reliable connection
Amazon cloud watch
Managed monitoring service, distributed statistics gathering system
- A new customer adds data to a DynamoDB table. This event invokes another application that sends a welcome email to the new customer. - A global multi-player game has a multi-master topology, storing data in multiple AWS regions. Each master stays in sync by consuming and replaying the changes that occur in the remote regions. - An application automatically sends notifications to the mobile devices of all friends in a group as soon as one friend uploads a new picture. - An application in one AWS region modifies the data in a DynamoDB table. A second application in another AWS region reads these data modifications and writes the data to another table, creating a replica that stays in sync with the original table -A popular mobile app modifies data in a DynamoDB table, at the rate of thousands of updates per second. Another application captures and stores data about these updates, providing near real time usage metrics for the mobile app.
Many applications can benefit from the ability to capture changes to items stored in a DynamoDB table, at the point in time when such changes occur. Which of these are relevant use cases ?
What areas does the cost optimization in the cloud consist of?
Matched supply and demand Cost-effective resources Expenditure awareness Optimizing over time
unlimited
Max limit of archives you can have ?
500
Max security groups for each Amazon VPC?
5000
Maximum number of alarms per AWS account
Memcache D
MemcachD versus REdis which supports multithreading?
What in-memory caching engines does Elasticache support?
Memcached and Redis
Amazon Aurora
MySQL relational DB engine
Which databases can you create Read Replicas for?
MySQL, MariaDB, PostrgeSQL
What are NATs used for?
NATs are used as a bridge to provide servers and private subnets with an internet connection without ssh-ing in.
Can I mount an EBS volume on an EC2 instance in a different AZ?
NO
can you encrypt the root volume on an instance? Can additional volumes be encrypted?
NO, YES
Not limited to, the following: FedRAMP FIPS 140-2 FISMA and DIACAP HIPAA ISO 9001 ISO 27001 , ISO 27018 ITAR PCI DSS Level 1 SOC 1/ISAE 3402 SOC 2 SOC 3
Names of the key reports, certifications, and third-party attestations
NAT server
Network Address translator server, must disable source destination checking
NACL
Network access control list (across subnets)
Do you have SU access to RDS's underlying operating system?
No
Can you block specific IP addresses using Security Groups?
No. You should use Network Access Control Lists to block specific traffic. You cannot specify deny rules for security groups, only allow rules.
Data Warehouse
OLAP. A: Analytical. RedShift: Columnar based and compression. Single/Multiple Nodes => Lead Nodes and compute
What are RDS databases typically used for?
OLTP (Online Transaction Processing)
Third-party software support
Only for the business enterprise support plans
Operational support training account assistance and proactive guidance
Only provided by the enterprise support plan
Production system down for less than an hour
Only the business enterprise support plans last year
Business hours access to cloud support associate via email
Only the developer support plan
Business critical system down for less than 15 minutes
Only the enterprise support plan
Five pillars
Operational excellence, security, reliability, performance efficiency and cost optimization
IAM user groups
Permissions by job function
NAT
Private internet gateway (IGW) pretends to be internet and redirects package when private subnet needs outgoing access to internet
What are the ways that elasticity can be implemented?
Proactive cyclic scaling: scaling based on recurring cycles Proactive event-based scaling: scaling when a surge is expected Auto-scaling based on demand: scale up or down based on metrics
Routines
Program modules that execute on demand
Security
Protect information systems and assets, risk assessment and mitigation strategies
machine learning
Provide dataset an tell outcomes based on set and then use ML to predict outcomes for future behavior
Elastic IP addresses
Provides great fault tolerance for your applications
What do gateway-stored volumes provide?
Provides on-premises apps with low-latency access to entire datasets, while providing durable, off-site backups in the form of EBS snapshots.
What do gateway-cached volumes provide?
Provides on-premises apps with low-latency access to frequently accessed data and minimizes the need to scale your on-premises storage infrastructure.
What is the difference between a private subnet and a public subnet?
Public subnets are internet accessible while private subnets are not internet accessible.
You are a solutions architect who has been asked to do some consulting for a US company that produces re-useable rocket parts. They have a new web application that needs to be built and this application must be stateless. Which three services could you use to achieve this?
RDS, DynamoDB and Elasticache
Dense Storage nodes support clusters up to 2PB using large magnetic disks.
Red shift Dense Storage nodes support clusters up to ?
Which database service is relied on by applications that use OLAP (Online Analytics Processing)?
Redshift
What does the cost optimization pillar cover?
Reduce costs to a minimum and use those savings for other parts of your business. A cost-optimized system allows you to pay the lowest price possible while still achieving your business objectives.
S3 data transfer out a region (costs money) S3 amount of data stored READ and WRITE requests to S3 FREE: - Transfer from S3 into Cloud front OR the same REGION - Transfer in
S3 costing factors
Certificate Manager
SSL for domains
Task lists provide a way of organizing the various tasks associated with a workflowWhen a task is scheduled in Amazon SWF, you can specify a queue (task list) to put it in. Similarly, when you poll Amazon SWF for a task, you determine which queue (task list) to get the task from.
SWF task list . What do the do?
Actors can be: 1) workflow starters, 2) Deciders, 3) Activity workers.
SWF: What are the different types of actors?
Route 53
Scalable DNS and Domain Name Registration - Named after DNS Port - Globally configured - Can set up Public or Private Zones
Elasticsearch
Search engine ability - uses opensource framework
Roles
Secure way to grant permission to entities that you trust
How should your apps be secured?
Secure your app by tiers: Web layer (HTTP and HTTPS) can access app layer App layer (SSH) can access DB layer DB layer is connected to EBS volume and denies all other traffic
Bastion Host
Security measure that you can implement which acts as a gateway between you and your EC2 instances
What are the pillars of the Well-Architected Framework?
Security, Reliability, Performance Efficiency, Cost Optimization
Edge locations
Serve up content from Cloudfront
Lambda
Serverless - Don't do anything w/o OS, upload code and it responds to event
What type of security model does AWS use?
Shared Security Model: AWS is responsible for securing the underlying infrastructure that supports the cloud, and you're responsible for anything you put on the cloud or connect to the cloud.
IAM
Sign in / authentication on AWS
AWS SWF
Simple Work Flow
SWF
Simple Workflow - coordinating automated and human tasks
What does SWF stand for?
Simple Workflow Service
SES
Simple email services
SNS
Simple notification services - publish to HTTPS endpoints
Why is it necessary to disable the source/destination check for a NAT instance?
Source/destination checks ensure that an EC2 instance is either the source or destination of any traffic that it recieves, but a NAT instance must be able to send and receive traffic when the source or destination is not itself.
1. Define table schemas 2. Enable Dynamo DB streams 3. Set up basic alarms 4. Set up SNS Topic and Email Subscription 5. Define the Lambda based trigger 6. Test the trigger
Steps to make DynamoDB and AWS Lambda work together to automatically react to a data change scenario.
Each volume-> maximum of 32TB. A single gateway can support up to 32 volumes. Maximum storage of 1 PB.
Storage Cached volume limits
Each gateway stored volume -> maximum size of 16TB. A single gateway can support up to 32 volumes. Maximum storage of 512TB.
Storage Gateway Stored volume limits File gateway Volume gateway Tape gateway
Kinesis
Streaming and analytics for realtime data (financial analysis, social media)
Amazon simple DB
Structured data storage solution that is fault tolerant
What does the reliability pillar cover?
The ability of a system to recover from service or infrastructure outages/disruptions as well as the ability to dynamically acquire computing resources to meet demand.
Virtual Machine
The apparent machine that the operating system presents to the user, achieved by hiding the complexities of the hardware behind layers of operating system software.
Access to full set of trusted advisor checks
The business and enterprise support plans
$100 per month pricing
The business support plan
Access to a well architected review delivered by AWS solution architects
The enterprise support plan
CIDR block
The host identifier is used to determine which host or device on the network should receive incoming information packets. allows for blocks of IP addresses to be allocated to Internet service providers.
SSD - Solid-state drive -
The type of hard drive that has no moving part, so they are more efficient, run with no noise, emit little heat, and require little power
What are characteristics of EC2 Instance Store volumes?
They are ephemeral (not persistent), cannot be detached, data is wiped once stopped
To read and process a stream, your application will need to connect to a DynamoDB Streams endpoint and issue API requests.
To read and pocess a dynamo db stream whay can you do ?
ACLs overrule the rules in a security group. True or False?
True
AWS never initiates the movement of data between regions. True or False?
True
All messages published to SNS (Simple Notification Service) are stored redundantly across multiple AZs. True or False?
True
Amazon SWF ensures that a task is assigned only once and is never duplicated. True or False?
True
Automated backups are enabled by default for a new DB Instance? True or False?
True
I can change the permissions to a role, even if that role is already assigned to an existing EC2 instance, and these changes will take effect immediately. True or False?
True
RDS Reserved Instances are available for Multi-AZ deployments. True or False?
True
Route53 supports MX Records. True or False?
True
SQS (Simple Queue Service) supports multiple readers and writers interacting with the same queue. True or False?
True
SSL termination on ELBs is supported. True or False?
True
SWF (Simple Workflow Service) ensures that a task is assigned only once and is never duplicated. True or False?
True
There is no single point of failure for communication or bandwidth botteneck in a VPC Peering connection. True or False?
True
True or False. Automated backups are enabled by default for new DB Instance?
True
True or False. Reserved instances are available for multi-AZ deployments.
True
True or False. The AWS platform is certified PCI DSS 1.0 compliant.
True
True or False. When I create a new security group, all outbound traffic is allowed by default.
True
True or false: It is possible to transfer a reserved instance from one Availability Zone to another.
True
When you create new subnets within a custom VPC, by default they can communicate with each other, across availability zones. True or False?
True
You authenticate to active directory before you are given a security credential. True or False?
True
True or false: When you create new subnets within a custom VPC, by default they can communicate with each other, across availability zones.
True. Each subnet must reside entirely within one Availability Zone.
EC2 port scans need to be authorized by AWS. True or False?
True: unauthorized port scans are a violation of the AWS Acceptable Use Policy. Vulnerability scans MUST be requested in advanced.
Infrastructure services (security)
Under control of customer
The instance is stopped or terminated.
Under what circumstances will Amazon Elastic Compute Cloud (Amazon EC2) instance store data not be preserved? A. The associated security groups are changed. B. The instance is stopped or rebooted. C. The instance is rebooted or terminated. D. The instance is stopped or terminated.
Rekognition
Upload pic and will tell you what's in it - facial recognition
Subnet
Used to divide Amazon VPC Allows VPC to span multiple AZs
What AWS services apply to the Infrastructure Protection sub-pillar?
VPC
Applications that need to read and write from Amazon DynamoDB need to obtain a set of temporary or permanent access control keys. While these keys could be stored in a configuration file, a best practice is for applications running on AWS to use IAM Amazon EC2 instance profiles to manage credentials. IAM Amazon EC2 instance profiles or roles allow you to avoid storing sensitive keys in configuration files that must then be secured.
What areIAM Amazon EC2 instance profiles ?
8. TCO calculator is used to compare the cost of your applications in an on-premises or traditional hosting environment to AWS. Describe your on-premises or hosting environment configuration to produce a detailed cost comparison with AWS.
What is a TCO calculator ?
When you create a secondary index, you need to specify the attributes that will be projected into the index. DynamoDB provides three different options for this: KEYS_ONLY - Each item in the index consists only of the table partition key and sort key values, plus the index key values. The KEYS_ONLY option results in the smallest possible secondary index. INCLUDE - In addition to the attributes described in KEYS_ONLY, the secondary index will include other non-key attributes that you specify. ALL - The secondary index includes all of the attributes from the source table. Because all of the table data is duplicated in the index, an ALL projection results in the largest possible secondary index.
When you create a secondary index, you need to specify the attributes that will be projected into the index. DynamoDB provides three different options for this. What are they ?
SIMPLE TO USE Jobs are created in the AWS Management Console. AWS automatically ships a pre-provisioned Snowball Edge device to your location. Simply attach it to your local network and connect your applications. Once the device is ready to be returned, the E Ink shipping label automatically updates and your freight carrier transports it to the correct AWS facility where the upload begins.
Where are snowball edge jobs created ?
While using Aurora, how many copies of your data can be lost before affecting database write availability? Read availability?
Write availability: 2 copies Read availability: 3 copies
Can EC2 volumes be encrypted?
Yes, using AES-256 encryption
Can you move EBS volumes to a different AZ than the one they were created in?
Yes/Sort of; by taking a snapshot of the EBS volume and using that snapshot to create an EBS volume in another AZ.
DynamoDB on-demand backups are available at no additional cost beyond the normal pricing that's associated with backup storage size Currently, the backup and restore functionality works in the same REGION as the source table.
You are creating Dynamo DB on-demand backups. 2 per day. How much additional cost would that incur for leveraging the on demand backup service ?
Data Retention Limit for DynamoDB Streams All data in DynamoDB Streams is subject to a 24 hour lifetime. You can retrieve and analyze the last 24 hours of activity for any given table; however, data older than 24 hours is susceptible to trimming (removal) at any moment. If you disable a stream on a table, the data in the stream will continue to be readable for 24 hours. After this time, the data expires and the stream records are automatically deleted. Note that there is no mechanism for manually deleting an existing stream; you just need to wait until the retention limit expires (24 hours), and all the stream records will be deleted.
You disable a Dynamo db table stream. You want to delete the stream data manually ? Can you do so ?
5. How can the domain's zone apex, for example, "myzoneapexdomain.com", be pointed towards an Elastic Load Balancer? a. By using an Amazon Route 53 Alias record b. By using an AAAA record c. By using an Amazon Route 53 CNAME record d. By using an A record
a
In what circumstances would I choose provisioned IOPS in RDS over standard storage? a. If you use production online transaction processing b. If you have workloads that are not sensitive to latency/lag c. If your business was trying to save money d. If this was a test DB
a
DNS server
a computer or a group of computers that maintain a database to enable a computer to know the IP address of a URL
Server
a computer that provides client stations with access to files and printers as shared resources to a computer network
hyperconverged infrastructure
a hardware system allowing organizations to perform a wide range of computing, networking, virtualization, and data storage functions, supported by a single vendor
EC2 Container Service (ECS)
a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances
What is CloudWatch?
a monitoring and management service built for developers, system operators, site reliability engineers (SRE), and IT managers. Provides you with data and actionable insights to monitor your applications. Can create alarms, dashboards, events, and logs.
Stateful
a network firewall that tracks the operating state and characteristics of network connections traversing it. The firewall is configured to distinguish legitimate packets for different types of connections
Amazon Aurora
a relational database engine that combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases.
API (application programming interface)
a set of clearly defined methods of communication among various components
Virtual Private Cloud (VPC)
a subset of a public cloud that has highly restricted, secure access
You receive a spot instance at a bid of $0.05/hr. After 30 minutes, the spot price increased to $0.06/hr and your spot instances is terminated by AWS. What was the total EC2 compute cost of running your spot instance? a) $0.00 b) $0.02 c) $0.03 d) $0.05
a) $0.00
How many AZs is a subnet matched to? a) 1 b) 2 c) 3 d) 4
a) 1
How many Internet Gateways can be attached to a VPC? a) 1 b) 2 c) 3 d) 4
a) 1
How many NACLs can be associated with a subnet? a) 1 b) 2 c) 3 d) 4
a) 1
SQS (Simple Queue Service) ensures delivery of each message at least how many times? a) 1 b) 2 c) 3 d) 4
a) 1
Auditing user access/API calls etc across the entire AWS estate can be achieved by using... a) CloudTrail b) CloudWatch c) CloudFront d) CloudFlare
a) CloudTrail
Jenkins pipeline stage contains
actions
Directory Services
active directory connect to AWS
AWS Trusted Advisor
acts as your cloud expert and helps you provision your resources by best practices
How many copies of my data does RDS - Aurora store by default? a. 3 b. 6 c. 2 d. 1
b
If you want your application to check whether a request generated an error, then you look for an ____ node in the response from the Amazon RDS API a. Incorrect b. Error c. False d. True
b
In S3 the durability of my files is a. 99.99% b. 99.999999999% c. 99% d. 100%
b
What services are required for Auto Scaling (Choose 2) a) SNS b) Cloudwatch c) SQS d) ELB
b) Cloudwatch d) ELB
What is the underlying Hypervisor for EC2? a) Hyper-V b) Xen c) ESX d) OVM
b) Xen
Choose the right statements about EC2 instance: (Choose 3) a) The instance based storage is automatically saved in S3 b) You can use the instance based storage for your root volume c) You can attach multiple Elastic IPs to a single EC2 d) The public DNS of the EC2 remains intact when you shutdown the EC2 and start it again e) Data on the instance based storage remains intact when you reboot the instance
b) You can use the instance based storage for your root volume c) You can attach multiple Elastic IPs to a single EC2 e) Data on the instance based storage remains intact when you reboot the instance
In RDS, what is the maximum value I can set for my backup retention period? a. 15 days b. 30 days c. 35 days d. 45 days
c
In S3 the durability of my files is... a) 99.99% b) 99.90% c) 99.999999999% d) 100%
c) 99.999999999%
You need to supply auditors with logs as to who provisions which resources on your AWS platform. Which service would best suit this? a) CloudWatch b) CloudFormation c) CloudTrail d) Opsworks
c) CloudTrail
yes , but cannot span regions
can security group span az ?
yes. You can use the VPC wizard to set up a VPC with a NAT instance;
can use the VPC wizard to set up a VPC with a NAT instance;
EC2 placement group
cluster in an availability zone, spread or partition
Mobile Analytics
collect, analyze app usage
CloudFront distribution
collection of edge locations that make up the cdn
C4
compute optimized, cpu intensive apps
storage gateway
connects an on-premises appliance with cloud based storage.
A customer has a web application that uses cookie-based sessions to track logged-in users. It is deployed on AWS using Elastic Load Balancing and Auto Scaling. When load increases, Auto Scaling launches new instances, but the load on the other instances does not decrease; this causes all existing users to have a slow experience. What could be the cause of the poor user experience? a. The ELB DNS record's TTL is set too high. b. The new instances are not being added to the ELB during the Auto Scaling cooldown period. c. The website uses the dynamic content feature of Amazon CloudFront which is keeping connections alive to the ELB. d. The ELB is continuing to send requests with previously established sessions to the same backend instances rather than spreading them out to the new instances.
d
AWS DNS service is known as a. CloudDNS b. CloudFront c. CloudTrail d. Route53
d
Availability zones
data centers / facilities - multiple in region - close but not dependent
Mobile Hub
design, configure for mobile apps
Snowball
enterprise level - moving huge data to cloud
s3 data consistency for updates and deletes
eventual consistency
detailed monitoring
every 1 min
basic monitoring
every 5 min
From what services I can block incoming/outgoing IPs? a. Security Groups b. DNS c. ELB? d. VPC subnet? e. IGW? f. NACL
f
Elastic Beanstalk
fastest and simplest way to get an application up and running on AWS. Developers can simply upload their application code, and the service automatically handles all of the details, such as resource provisioning, load balancing, Auto Scaling, and monitoring.
F1
field programmable gate array; hardware acceleration for your code
storage gateway for flat files on s3
file gateway
Glacier
for data archival
What are the different Storage Gateway volumes?
gateway-cached and gateway-stored
M4
general purpose application servers
DDoS - Distribute denial of service attack
is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
SSL - Secure Sockets Layer
it is a protocol that provides security when communicating on the Internet
codepipeline build action type
it will build application or compile code
transition between stages adds
latency to the pipeline
s3-IA use case
less frequently accessed, but requires quick access when needed (same dur and avail as s3)
T2
low cost general purpose
Cold HDD (SC1)
lowest cost for infrequently accessed workloads, good for file servers, cannot be boot volume
Magnetic Standard HDD
lowest cost per GB that is bootable, good for infrequently accessed workloads and apps where low storage cost is important
R4
memory optimized, db
What metrics are available by default on CloudWatch?
metrics related to CPU, disk, Network, and status checks
Benefit of EFS vs EBS
multiple EC2 instances can access data in EFS, but can only mount an EBS volume to 1 instance
what are the EC2 pricing options?
on demand (fixed rate by the hour or second, no commitments), Reserved (1-3 yr contract, discounted hourly rate), Spot (set a bid price), Dedicated host (physical ec2 server dedicated to you)
EMR - ElasticMapReduce
processes large amounts of data - (uses Hadoop, Apache, Flunk, etc.)
Stateless
protocol does not require the server to retain session information or status about each communicating partner for the duration of multiple requests.
Amazon CloudWatch
provides monitoring for cloud services like EC2 graphs, set alarms, troubleshoot, spot trends
source-action type in codepipeline
pull code from code providers like github..
s3 data consistency for puts of new objects
read after write
RDS
relational database service - aurora - mysql - postgresql - maria - sql server - oracle
Virtualization
running multiple systems simultaneously on one physical computer
codepipeline stores the artefacts in
s3 bucket
S3 strong consistincy for new objects Eventual consistency for updates
s3 consistency model?
SSE-S3
s3 managed keys; objects encrypted with keys, keys encrypted with master key
What services can be a CloudFront origin?
s3, ec2, ELB, Route53
dns address for a bucket called maddie in us-east-1
s3-us-east-1.amazonaws.com/maddie
AWS CloudFormation
scripts to startup and create services automatically.
CloudTrail vs CloudWatch
security analysis and operational troubleshooting logs. CloudWatch: metrics for the behavior up to 2 weeks even if the instance has been terminated.
What security is AWS resp for?
security of the cloud (regions, AZs, and edge locations), AWS Global Infrastructure
codepipeline needs
service role to access services + s3 bucket + kms
volume gateway where entire dataset is stored on site
stored volumes
Appstream 2.0
streaming desktop
Cloudformation
turning infrastructure into code - documentation that describes environment - can deploy templates **
Pinpoint
understand / engage w/ user behavior - google analytics for mobile
s3 transfer acceleration
use CloudFront edge locations to accelerate uploads to s3
S3
virtual disk to store objects (files, words, txt, ppt)
Step Functions
visualizing what's going on in apps - microservices
storage gateway for block based storage
volume gateway
difference between CloudFront web distribution and RTMP
web dist is for websites, RTMP is for media streaming
what is client side encryption?
you encrypt the data and then upload to s3
5%
% of data, you can retrieve from Amazon Glacier for free each month
What is the maximum size of a gateway-stored volume?
1 TB
What is the maximum response time for a Business Level Premium Support Case?
1 hour
What are the use cases for G3 EC2 instance types?
1. 3D visualizations 2. Graphics-intensive remote workstation 3. 3D rendering 4. Application streaming 5. Video encoding
What are the types of placement groups? Describe them.
1. Cluster placement group: clusters instances intom a low-latency group in a single availability zone; extremely fast communication 2. Spread placement group: spreads instances across distinct underlying hardware; extremely fault tolerant because of multi-AZ placement
What are the steps to build a custom VPC?
1. Create a VPC 2. Create subnets 3. Create an internet gateway (IGW) 4. Attach the new IGW to your VPC 5. Create a new route table (RT) 6. Add the IGW as a route to the new RT 7. Add a subnet to the RTs subnet associations (this will be the public facing subnet) 8. Create web server (public subnet) and database server (private subnet) instances 9. Create a new security group for the NAT instance 10. Add HTTP and HTTPS inbound rules that allow traffic from the private subnets IP 11. Create a NAT instance (public subnet) - Community AMIs - Search for amzn-ami-vpc-nat - Choose the first image - Diable Auto-assign Public IP - Add it to the NAT security group 12. Create an Elastic IP 12. Associate the Elastic IP to the NAT 13. Disable Source/Destination Checks for the NAT 14. Add the NAT instance as a route to the initial VPC RT
What are the benefits of EBS volumes?
1. Data availability: EBS volumes are automatically replicated within the availability zone to ensure data resiliency. 2. Data persistence: An EBS volume persists independently from the life of an instance. 3. Data encryption: EBS volumes can be encrypted 4. Snapshots: EBS volumes can be used to create snapshots(backups) of the volume and store them on S3 5. Flexibility: EBS supports live configuration changes while in production(type, size, capacity, etc)
Describe general purpose SSD EBS volumes.
1. General purpose SSD volume that balances price and performance.
What are the use cases for R4 & R5 instance types?
1. High performance databases 2. Data mining & analysis 3. Distributed web scale in-memory caches 4. Real-time processing of unstructured big data 5. Hadoop/Spark clusters 6. Enterprise applications 7. Mid-sized in-memory databases
What are the use cases for X1e EC2 instance types?
1. High performance databases 2. In-memory databases 3. Memory intense applications
What are the use cases for C4 & C5 EC2 instance types?
1. High performance front-end fleets 2. Web-servers 3. Batch processing 4. Distributed analytics 5. High performance science and engineering applications 6. Ad serving 7. MMO gaming 8. Video-encoding
Describe provisioned IOPS SSD EBS volumes.
1. Highest performance SSD volume for mission critical low-latency or high-throughput workloads.
What are the benefits of an ELB?
1. Highly available: automatically distributes incoming traffic across multiple healthy targets in possibly different AZs 2. Secure: works with VPC to provide secure networks and trafficking 3. Elastic: capable of handling rapid changes in network traffic patterns 4. Flexible: allows you to use IP addresses to route requests to application targets. offers flexibility in how you virtualize your application targets 5. Robust monitoring & auditing: allows you to monitor your applications and their performance in realtime 6. Hybrid load balancing: offers ability to load balance across AWS and on-premise resources using the same load balancer
What are the use cases for z1d EC2 instance types?
1. Ideal for electronic design automation 2. Relational database workloads with high per-core licensing costs
What are the use cases for X1 EC2 instance types?
1. In-memory databases 2. Big data processing engines 3. High performance computing
Describe throughput optimized HDD EBS volumes.
1. Low cost HDD volume designed for frequently accessed, throughput-intensive workloads
Describe cold HDD EBS volumes.
1. Lowest cost HDD volume designed for less frequently accessed workloads.
What are the use cases for P2 & P3 EC2 instance types?
1. Machine learning 2. High performance databases 3. Computational fluid dynamics 4. Computational finance 5. Seismic analysis 6. Molecular modeling 7. Genomics 8. Rendering
What are the use cases for H1 EC2 instance types?
1. MapReduce-based workloads 2. Distributed file systems such as HDFS and MapR-FS 3. Network file systems 4. Log or data processing applications such as Apache Kafka 5. Big data workload clusters
What are the use cases for D2 EC2 instance types?
1. Massively Parallel Processing (MPP) data warehousing 2. MapReduce and Hadoop computing 3. Distributed file systems 4. Network file systems 5. Log or data-processing applications
What are the use cases for I3 EC2 instance types?
1. NoSQL databases (Cassandra, Mongo, Redis) 2. In-memory databases 3. Scale-out transactional databases 4. Data warehousing 5. Elasticsearch 6. Analytics workloads
Name & Describe the pricing models for EC2 instances.
1. On-Demand: pay for the capacity per hour or per second depending on the instances you run. No long-term commitments or upfront payments. 2. Spot Instances: bid what price you want for instance capacity. As instance capacity becomes available at or below your spot price. Your instance will be provisioned 3. Reserved instances: significant discount to On-Demand pricing. Reserve the capacity you need ahead of time. 4. Dedicated Hosts: A dedicated EC2 server dedicated for your use only.
Describe a Network Load Balancer.
1. Operates at the connection level (layer 4), routing connections to targets within a VPC based on the IP protocol data, ideal for load balancing of TCP traffic. Optimized to handle millions of requests while maintaining ultra-low latencies.
Describe an Application Load Balancer.
1. Operates at the request level (layer 7), routing traffic to targets within a VPC based on the content of the request. Ideal for advanced load balancing of HTTP/HTTPSS traffic.
What are the use cases for M4 & M5 EC2 instance types?
1. Small and mid-sized databases 2. Data processing tasks that require additional memory 3. Caching fleets 4. Running backend servers for SAP(System Applications and Products) 5. Microsoft Sharepoint 6. Cluster computing 7. Enterprise applications
What are the general purpose EC2 instance types?
1. T3 2. T2 3. M5 4. M4
An EBS volume must be in the same AZ as the EC2 instance. 1. True 2. False
1. True
You can attach multiple EBS volumes to a single EC2 instance. 1. True 2. False
1. True
What are the use cases for T2 & T3 EC2 instance types?
1. Websites and web applications 2. development environments 3. build servers 4. code repositories 5. micro services 6. test and staging environments 7. line of business applications.
What are the memory optimized EC2 instance types?
1. X1e 2. X1 3. R5 4. R4 5. z1d
Describe a Classic Load Balancer.
1. provides basic load balancing across multiple EC2 instances and operates at both the request level and connection level. Intended for applications that were built within the EC2-Classic Network. Newer load balancers are highly recommended.
How much text can an SQS (Simple Queue Service) message store?
256 KB of text in any format
You work for a cosmetic company which has their production website on AWS. The site itself is in a two-tier configuration with web servers in the front end and database servers at the back end. The site uses using Elastic Load Balancing and Auto Scaling. The databases maintain consistency by replicating changes to each other as and when they occur. This requires the databases to have extremely low latency. Your website needs to be highly redundant and must be designed so that if one availability zone goes offline and Auto Scaling cannot launch new instances in the remaining Availability Zones the site will not go offline. How can the current architecture be enhanced to ensure this?
3 AZ's in the same region. configure the auto scaling minimum to handle 50 percent of the peak load per zone.
You have been asked to create VPC for your company. The VPC must support both Internet-facing web applications (ie they need to be publicly accessible) and internal private applications (i.e. they are not publicly accessible and can be accessed only over VPN). The internal private applications must be inside a private subnet. Both the internet-facing and private applications must be able to leverage at least three Availability Zones for high availability. At a minimum, how many subnets must you create within your VPC to achieve this?
6
How many copies across how many AZ's of data does RDS - Aurora store by default?
6 and 3
How many copies of your data does Aurora make?
6 copies - 2 copies in each AZ, with a minimum of 3 AZs
What's the difference between a CNAME and an Alias Record?
A CNAME is used to redirect one DNS name to another DNS name (www.mobile.facebook.com --> www.m.facebook.com) while an Alias Record is used to map one DNS name to another target DNS name (www.mobile
a local secondary index that has a composite primary key (partition key and sort key) with Amazon DynamoDB.
A Dynamo DB local secondary index that has a composite primary key (partition key and sort key) with Amazon DynamoDB.
IaaS (Infrastructure as a Service)
A cloud computing technology useful for heavily utilized systems and networks. Organizations can limit their hardware footprint and personnel costs by renting access to hardware such as servers. (Take & Bake)
Database
A collection of data organized in a manner that allows access, retrieval, and use of that data
relational database
A database that represents data as a collection of tables in which all data relationships are represented by common values in related tables
Bastion Host
A heavily secured server located on a special perimeter network between the company's secure internal network and its firewall. (Used when database needs access to incoming internet in private subnet)
How does a Multi-Node configuration of Redshift work?
A leader node manages client connections and receives queries while a compute node stores data and perform queries and computations.
A replication group consists of up to six clusters, with five of them designated as read replicas.
A replication group consists of up to ?? clusters
PaaS (Platform as a Service)
A service model in which various platforms are provided virtually, enabling developers to build and test applications within virtual, online environments tailored to the specific needs of a project. (Pizza delivered)
Application Programming Interface (API)
A set of software routines that allows one software system to work with another.
AWS AMI
A template: Amazon Machine Image. A template can have up to 20 On-Demand and 20 reserved instances launched in about 10 minutes. RunInstances/DescribeInstances/TerminateInstances (release the EBS and IP addresses as well) API calls.
VMWare
A vendor that supplies the most popular types of workstation and server virtualization software. Used casually, the term may also refer to the virtualization software distributed by the company.
Amazon EC2
A web service that provides resizable compute capacity in the cloud
What is an ACL (Access Control List)?
ACLs allow you to create network rules across entire subnets.
AWS CloudTrail typically delivers log files within 15 minutes of an API call. CloudTrail typically delivers log files within 15 minutes of account activity. In addition, CloudTrail publishes log files multiple times an hour, about every five minutes
AWS CloudTrail typically delivers log files within xx minutes of an API call.
AWS resource inventory, configuration history, and configuration change notifications to enable security and governance.
AWS config. What is it?
https://www.aws.training/transcript/curriculumplayer?transcriptId=B7We7Waz406Z9hxkLDlYJw2 - pay attention to qualify pharases in qustions " Like most cost effective"
AWS free training
SSE-KMS
AWS managed keys; separate permission for envelope key (key that protects the data's encryption key)
Instance pricing varies by these three things
AWS region, OS, Number of cores and memory
Cost optimization, Performance, Security, Fault tolerance, Service Limits
AWS trusted advisor
AMI
Amazon Machine Image, providing software platform for instance
Amazon SWF objects are uniquely identified by workflow type, activity type, decision and activity tasks, and workflow execution:
Amazon SWF objects are uniquely identified by ??
Amazon S3 offers eventual consistency for GETS after overwrite PUTS and DELETES in all regions
Amazon Simple Storage Service (Amazon S3) is an eventually consistent storage system. For what kinds of operations is it possible to get stale data as a result of eventual consistency? A. GET after PUT of a new object B. GET or LIST after a DELETE C. GET after overwrite PUT (PUT to an existing key)
No extra cost
Amazon VPC, AWS elastic beanstalk, AWS cloud formation, AWS IAM, auto scaling, AWS opt-works,
AICPA
American Institute of Certified Public Accountants
AICPA stands for
American Institute of Certified Public Accountants
AWS cloud trail
An AWS service that helps you enable governance compliance and operational and risk auditing of your AWS account. Actions taken by a user role or an AWS service are recorded as events
When the message visibility timeout expires, the message becomes available for processing by other EC2 instances
An EC2 instance retrieves a message from an SQS queue, begins processing the message, then crashes. What happens to the message
What is an Internet Gateway?
An Internet Gateway allows you internet access to your EC2 instances.
Guest OS
An operating system running within a virtual machine if using EC2
By default, your cloud trail log files are encrypted using Amazon S3 SEE
Are cloud trail logs encrypted by default ?
Inbound data transfers
Are free
How often is the AWS strategic business plan re-evaluated?
At least every 6 months
Cloudtrail
Audit AWS resources - changes to environment
What are the two types of Replicas available for use with Aurora?
Aurora Replicas and MySQL Read Replicas
How many Aurora Replicas can you have? MySQL Read Replicas?
Aurora Replicas: 15 MySQL Read Replicas: 5
Trusted Advisor
Automating recommendations, scans environment and provider tips
What are some technical benefits of the Cloud?
Automation, Auto-scaling, Proactive scaling, More efficient development lifecycle, Improved testability, Disaster recovery and business continuity, "Overflow" traffic to the cloud
Security groups
Built in firewall for virtual servers, another method to filter traffic to instances
Security network features
Built in firewall, monitoring and logging, encryption in transit,
24 x 7 access to cloud support engineers via email chat and phone
Business and enterprise support plans
Access to personal health dashboard and health API
Business and enterprise support plans
By default, objects expire from the cache after 24 hours.
By default after how many hours do objects expire from the Cloud front cache?
24 hours
By default, after how much time do objects expire from the cloud front cache?
IP Address limitation per account
By default, all accounts are limited to 5 Elastic IP addresses per region.
How does AWS ensure that one customer' data is never unintentionally exposed to another?
By reseting every block of storage used by the customer using its disk virtualization layer.
What does Direct Connect allow you to do?
Bypass ISPs in your network path.
EBS HDD cannot be used as a boot volume.
Can EBS HDD cannot be used as a boot volume.?
Autoscaling can launch and terminate instnances accross AZ's. yes
Can autoscaling launch and terminate instances accorss AZ ?
AWS EC2- Elastic Cloud Compute
Can login to VMs - access to OS- VMs in cloud
Yes. Replication is performed asynchronously and there will be a small delay before data is available on all cluster nodes.
Can you create a multi AZ replication group for Redis ?
Stacked security groups
Can't skip levels - has to go through front-end to services to the database, layers of protection
Assurance programs
Certifications and attestations, laws regulations and privacy
AWS EC2
Cloud CPU. Elastic Compute Cloud.
Cloud WATCH stores logs from Lambda, Cloud Trail and EC2
Cloud WATCH stores logs from?
Cloud front content delivery: Request and response ride over teh AWS backbone rather than over the internet
Cloud front additional advantage
5 minute->63 days
Cloud watch retention schedule for basic 5 minute monitoring?
1 minute->15 days
Cloud watch retention schedule for detailed 1 minute monitoring?
What AWS services apply to the Change Management sub-pillar?
CloudTrail
What are AWS services that can be used as Detective Controls?
CloudTrail, CloudWatch, Config, S3, Glacier
What AWS services apply to the Data Protection sub-pillar?
CloudTrail, Config, CloudWatch
What AWS services are you most likely to see SNS (Simple Notification Service) being used?
CloudWatch and AutoScaling
difference between CloudWatch and CLoudTrail?
CloudWatch is for logging, monitoring; CloudTrail is for auditing, it creates an audit trail of what people are doing on an AWS account
Availability zones
Collection of data centers in a region
Non Relational DB
Collection. Documents. Name Value Pairs.
3 things you pay for
Compute, storage and data transfer out
Edge
Content delivery network - cache media in cloud (download once and then stored locally for the other availability zones
Operational excellence
Continuously improve run and monitor systems to deliver business value
COBIT
Control Objectives for Information and Related Technology
Passport control
Controls access into subnets
AWS IAM
Controls access to AWS resources
What does a Decider do?
Controls the flow of activity tasks in a workflow execution. If something finishes or fails a Decider decides what to do next.
AWS trusted advisor
Customized cloud expert
Authentication
Determines who can access resources
What is the biggest difference between Direct Connect and a VPN?
Direct connect takes anywhere from 1-5 months to set up, while VPN can be set up in minutes.
The DynamoDB Streams API is intentionally similar to that of Kinesis Streams , a service for real-time processing of streaming data at massive scale. In both services, data streams are composed of shards, which are containers for stream records. Both services' APIs contain ListStreams, DescribeStream, GetShards, and GetShardIterator actions. (Even though these DynamoDB Streams actions are similar to their counterparts in Kinesis Streams, they are not 100% identical.)
Dynamo DB streams and Kenesis sreams API similarities and differences ?
You can create tables that are automatically replicated across two or more AWS Regions, with full support for multi-master writes. This gives you the ability to build fast, massively scaled applications for a global user base without having to manage the replication process. For more information, see Global Tables.
Dynamo db how can you acheive multi REGION replication ?
EC2 EFS
Elastic File Storage for a file system mounting.
AWS EMR
Elastic Map Reduce for bigdata (hadoop) and etc.
What is Elastic Load Balancing?
Elastic load balancing automatically distributes incoming traffic across multiple targets, such as EC2 instance, containers, and IP addresses.
When underlying EC2 node is impaired. Amazon ElastiCache can automatically detect and recover from the failure of a cache node. With
Elsisti cache how is EC2 node impairment handled
What types consistency models are used for DynamoDB and how do they differ?
Eventual consistent reads and strongly consistent reads. Strongly consistent reads are guaranteed in under 1 second while eventually consistent reads are not.
Best way to estimate cost
Examine the fundamental characteristics of each AWS service
Memory utilization
Example of a custom metric in cloud watch Ec2 cluster?
As the AWS platform is PCI DSS 1.0 compliant, I can immediately deploy a website to it that can take and store credit card details. I do not need to get any kind of delta accreditation from a QSA. True or False?
False
Placement groups can span multiple availability zones. True or False?
False
Route 53 does not support zone apex records (or naked domain names). True or False?
False
SQS (Simple Queue Service) guarantees first in, first out delivery of messages. True or False?
False
SWF (Simple Workflow Service) does NOT keep track of all tasks and events in an application. True or False?
False
T/F - one subnet can span multiple AZ's
False
True or False. The service to allow Big Data Processing on the AWS platform is known as AWS "Elastic Big Data".
False
True or False. You can conduct your own vulnerability scans within your own VPC without alerting AWS first.
False
Using the console, I can add a role to an EC2 instance, after that instance has been created and powered up. True or False?
False
VPC Peering connections can be made between VPCs that have matching or overlapping CIDR blocks. True or False?
False
An Amazon EBS volume that is the root device of an instance can be detached without stopping the instance. True or False?
False.
Import/Export uses the internet to transfer data onto and off of storage devices. True or False?
False: AWS transfers your data directly onto and off of storage devices using Amazon's internal network and bypassing the internet
ELBs have predefined IP addresses. True or False?
False: ELBs are resolved to using a DNS name
The difference between S3 and EBS is that EBS is object based where as S3 is block based. True or False?
False: S3 is object based and EBS is block based
SQS (Simple Queue Service) pulls ands pushes messages to and from the queue. True or False?
False: SQS (Simple Queue Service) only pulls messages
SWF (Simple Workflow Service) presents a message-oriented API. True or False?
False: SQS (Simple Queue Service) presents a message-oriented API while SWF (Simple Workflow Service) presents a task-oriented API
By default, EC2 instances pull SQS messages from an SQS queue on a FIFO (First In First out) basis. True or False?
False: SQS is not first in, first out
If VPC A is peered with VPCs B and C, data can be sent or received from B to C or vise versa. True or False?
False: VPC peering is not transitive
You can authenticate with Active Directory using SSL. True or False?
False: You can authenticate using SAML
EC2s firewall allows all inbound traffic by default. True or False?
False: the inbound firewall is configured in a default deny-all mode and you must explicitly open the ports to allow inbound traffic
Network ACLs are NOT stateless. True or False?
False: they are stateless
Custom ACLs allow both inbound and outbound traffic upon creation. True or False?
False: they start off allowing no inbound or outbound traffic
On Guest OS, AWS has access rights to your instances and guest OS. True or False?
False: you have full root access or admin control over accounts, services, and apps. AWS does not have any access rights.
Amazon Neptune
Fast, reliable graph database built for the cloud
Amazon Redshift
Fast, simple, cost-effective data warehousing.
What is AWS responsible for protecting?
Global infrastructure (hardware, software, networking, and facilities that run AWS services) and security configuration of its products that are considered managed services (DynamoDB, RDS, Redshift, etc.).
Vehicles that travel long distances or environment that dont have cloud /network connectivity, you can collect and analyze data.
Good use case for snowball edge?
Redshift cluster
Group of nodes, runs a redshift engine with at least one database
What industry specific standards does AWS need to abide by?
HIPAA, CSA (Cloud Security Alliance), MPAA (Motion Picture Association of America
What are SNS (Simple Notification Service) Subscribers (protocols)?
HTTP, HTTPS, Email, Email-JSON, SQS, Application, Lambda
TCO calculator
Helps with the following; estimate cost savings, detailed reports, and modify assumptions
Choose to use Cache-Control headers set by your origin server or you can set the minimum, maximum, and default TTL for objects in your Amazon distribution or call invalidation API.
How can you control how long objects stay in Amazon cloud front?
DynamoDB is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in DynamoDB. CloudTrail captures all API calls for DynamoDB as events. The calls captured include calls from the DynamoDB console and code calls to the DynamoDB API operations
How can you log Dynamo DB opertions?
AWS Snowball Edge by clustering multiple snowball edge devices. Snowball Edge moves terabytes of data in about a week
How can you reach petabyte scale for snowball edge ?
Memcached is purely in-memory and does not have native backup capabilities.
How does Amazon ElastiCache Memecached get back-up
Amazon ElastiCache uses the native backup capabilities of Redis and will generate a standard Redis DB backup file that gets stored in Amazon S3.
How does Amazon ElastiCache REdis get back-up?
Data is automatically replicated to different Availability Zones within a region.
How is data stored in Amazon Simple Storage Service (Amazon S3) for high durability?
0 Security groups can specify allow rules not deny rules. You can specify separate allow rules for inbound and outbound traffic
How many deny rules can a security group specify?
All backups in DynamoDB work without consuming any provisioned throughput on the table.
How much "IOPS" does a Dynamo DB backup consume ?
What does the performance efficiency pillar cover?
How to use computing resources efficiently to meet your requirements and how to maintain efficiency as demand changes and technology evolves.
Signed urls: urls that are valid only b/w certain times and optionally from certain IP addresses Signed Cookies: Require AuthN via public and private key pairs. Origin Access Identifiers: Restrict accès to an S3 bucket only to special Cloud front users associate with your distribution
How would you restrict access to content in Amazon CloudFront to only selected requestors
http://deepasbucket.s3.amazonaws.com/deepa.doc
I create a web site based on deepasbucket S3 bucket. What would my url look like ?
http://deepasbucket.s3.amazonaws.com http://deepasbucket.s3-aws-regionusb.amazonaws.com
I have created a static s3 web site based on the bucket name deepas bucket. in region usb . What will the 2 urls look like in the virtual hosted style url
bucket policy
IAM policy to grant access to buckets
What AWS services apply to the Privilege Management sub-pillar?
IAM, MFA
What AWS services apply to the Foundations sub-pillar?
IAM, VPC
Who pays for spot instance time terminated during the hour?
If Amazon terminates the instance, you get the hour it was terminated for free. If you terminate the instance, you pay for the hour.
Shards are ephemeral: They are created and deleted automatically, as needed. Any shard can also split into multiple new shards; this also occurs automatically. (Note that it is also possible for a parent shard to have just one child shard.) A shard might split in response to high levels of write activity on its parent table, so that applications can process records from multiple shards in parallel. If you disable a stream, any shards that are open will be closed.
If you disable a dynamo db stream what happens to the shards associated with the stream ?
What happened if you stop and start an instance store EC2 instance?
If you stop and start the instance, a new hypervisor is used when starting the instance. This means if the host/hypervisor of an instance store(ephemeral) instance fails, you've lost the instance. However, you can reboot the instance without losing your data.
What is recommended for you to do for managed services?
Implement MFA, communicate to these services using SSL/TLS and that API/user activity logging be setup with CloudTrail.
Database instance
Isolated DB environment that can contains multiple databases, building block of RDS
codepipeline test action type providers
Jenkins . codebuild deploy action type providers, codedeploy.. ecs.. ebs..
Amazon Lightsail
Launch a virtual private server in just minutes
Auto scaling
Launches and terminates instances based on certain conditions, creates new resources on demand
If a S3 bucket owner allows other AWS accounts to upload objects, permissions to these objects can only be managed 'using object ACL by the AWS account' that owns the object -There are limits to managing permissions using ACLs. For example, you can grant permissions only to other AWS accounts; you cannot grant permissions to users in your account. -You cannot grant conditional permissions, nor can you explicitly deny permissions. ACLs are suitable for specific scenarios.
Limitations of using ACL for bucket
unlimited
Max limit of Glacier archives you can have ?
Maximum Write Capacity for a Table With a Stream Enabled AWS places some default limits on the write capacity for DynamoDB tables with Streams enabled. These are the limits unless you request a higher amount. To request a service limit increase see https://aws.amazon.com/support. US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), South America (São Paulo), EU (Frankfurt), EU (Ireland), Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), China (Beijing) Regions: Per table - 40,000 write capacity units All Other Regions: Per table - 10,000 write capacity units
Maximum Write Capacity for a Table With a Stream Enabled?
What does NAT stand for?
Network Address Translation (Server)
Permissions are located in the following
Policy documents, authorization
Fault Tolerance (FT)
Provides uninterrupted availability for virtual machines. Remains operational even if components fail
EC2 Instance Types
Q: How do I select the right instance type? Amazon EC2 instances are grouped into 5 families: General Purpose, Compute Optimized, Memory Optimized, Storage Optimized and Accelerated Computing instances. General Purpose Instances have memory to CPU ratios suitable for most general purpose applications and come with fixed performance (M5, M4) or burstable performance (T2); Compute Optimized instances (C5, C5n, C4) have proportionally more CPU resources than memory (RAM) and are well suited for scale out compute-intensive applications and High Performance Computing (HPC) workloads; Memory Optimized Instances (X1e, X1, R5, R4) offer larger memory sizes for memory-intensive applications, including database and memory caching applications; Accelerating Computing instances (P3, P2, G3, F1) take advantage of the parallel processing capabilities of NVIDIA Tesla GPUs for high performance computing and machine/deep learning; GPU Graphics instances (G3) offer high-performance 3D graphics capabilities for applications using OpenGL and DirectX; F1 instances deliver Xilinx FPGA-based reconfigurable computing; Storage Optimized Instances (H1, I3, D2) that provide very high, low latency, I/O capacity using SSD-based local instance storage for I/O-intensive applications, with D2 or H1, the dense-storage and HDD-storage instances, provide local high storage density and sequential I/O performance for data warehousing, Hadoop and other data-intensive applications. When choosing instance types, you should consider the characteristics of your application with regards to resource utilization (i.e. CPU, Memory, Storage) and select the optimal instance family and instance size.
Amazon DynamoDB is integrated with AWS Lambda so that you can create triggers—pieces of code that automatically respond to events in DynamoDB Streams. With triggers, you can build applications that react to data modifications in DynamoDB tables. If you enable DynamoDB Streams on a table, you can associate the stream ARN with a Lambda function that you write. Immediately after an item in the table is modified, a new record appears in the table's stream. AWS Lambda polls the stream and invokes your Lambda function synchronously when it detects new stream records. The Lambda function can perform any actions you specify, such as sending a notification or initiating a workflow. For example, you can write a Lambda function to simply copy each stream record to persistent storage, such as Amazon Simple Storage Service (Amazon S3), to create a permanent audit trail of write activity in your table. Or suppose you have a mobile gaming app that writes to a GameScores table. Whenever the TopScore attribute of the GameScores table is updated, a corresponding stream record is written to the table's stream. This event could then trigger a Lambda function that posts a congratulatory message on a social media network
Read this
Amazon RDS
Relational database services, sets up, operates and scales operational databases
Target Group
Routes requests to one or more registered targets
If the requester is an IAM user, Amazon S3 must determine if the parent AWS account to which the user belongs has granted the user necessary permission to perform the operation. In addition, if the request is for a bucket operation, such as a request to list the bucket content, Amazon S3 must verify that the bucket owner has granted permission for the requester to perform the operation.
S3 access policy evaluation: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-s3-evaluates-access-control.html
- Make sure the requester has permissions from the object owner, - Check the bucket policy to ensure the bucket owner has not set explicit deny on the object.
S3 requests an operation on an bucket object that they do not own. What access policies etc need to be checked before granting the access ?
S3 standard and S3 Standard IA Storage classes for InfrequentA objects: S3 IA and One Zone Storage class for Frequently accessed data :S3 standard and S3 RRS.
S3 storage categories
Amazon simple storage service
S3, fault tolerant tool and data storage
What compliances does AWS need to abide by?
SOC 1, 2 and 3, PCI, ISO 9001 and 27001
What relational databases are available on RDS (Relational Database Service)?
SQL Server, Oracle, MySQL Server, PostgreSQL, Aurora, MariaDB
Athena
SQL queries on S3 - turning flat files into searchable
What is SQS (Simple Queue Service)?
SQS (Simple Queue Service) is a web service that gives you access to a message queue that can be used to store messages while waiting for a computer to process them.
Fault tolerant tools
SQS, S3, simple DB, RDS
What type of storage is DynamoDB stored on?
SSD storage
What are you responsible for protecting?
Security configuration and management of IaaS (EC2, VPC, S3) and account management and user access of managed services.
What controls access to instances?
Security groups via port, protocol and IP address
SQS
Simple queue service, a fault tolerant tool
Amazon S3
Simple storage service, managed cloud storage service
What types of configurations are available for Redshift?
Single Node and Multi-Node
AWS account root user
Single sign in identity that has unrestricted access
Migration product examples
Snowball Snowball edge snowmobile migration hub migration service application discovery service database migration service
Why is it important to decouple your components?
So that if one component were to fail, not respond, or be slow to respond, the other components in the system are built to continue working as if no failure is happening.
Hypervisor
Software that enables a single computer to run multiple operating systems simultaneously.
App Stream
Streaming desktop apps to users
How does AWS prevent IP Spoofing?
The AWS-controlled, host-based firewall infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own.
Production System impaired for less than four hours
The business and enterprise support plans
Starts at $29 per month for pricing
The developer support plan
What are characteristics of EC2 EBS volumes?
They are persistent, detachable, and can be stopped without losing data
Customer instances have only access to virtualized disks. True or False?
True
True or false: Reserved instances are available for multi-AZ deployments.
True
You can peer different VPCs on the same account. True or False?
True
ELBs (Elastic Load Balancers) do not have pre-defined IPv4 addresses, you resolve them using a DNS name. True or False?
True or False?
True or false: When creating an RDS instance you can select which availability zone in which to deploy your instance.
True.
An ACL is created by default when a VPC is created. True or False?
True: it allows all inbound and outbound traffic
An Amazon EBS volume that is an additional partition (ie not the root volume) can be detached without stopping the instance. True or False?
True: it may take some time though
SQS (Simple Queue Service) does NOT keep track of all tasks and events in an application. True or False?
True: you need to implement your own app-level tracking, especially if your app uses multiple queues
VPC stands for
Virtual Private Cloud
VGW
Virtual Private Gateway
Amazon elastic blocks storage
Virtual disks in the cloud
WAF helps improve security and mitigate DOS attacks. Can be used to filter out the requests by looking at the content of the request. AWS WAF is a web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources.
Waht is WAF ?
AWS Lambda: Node JS, C#, python, Java, go
Waht languages does Lambda support ?
Amazon RDS
Web services that make it easy to create and build relational databases in the cloud
Using the Dynamo DB Kinesis stream Adapter is the recommended way to consume Streams from DynamoDB.
What adapter is recommended adapter to consume dynamo db streams ?
Bucket policy and user policy are among two of the access policy options available for you to grant permission to your Amazon S3 resources
What are 3 S3 based access policy options?
Simple, Weighted, GeoLoacation, Latency based
What are Route 53 routing policies ?
• AWS CodeCommit • AWS CodeBuild • AWS CodeDeploy • AWS CodePipeline • AWS X-Ray
What are some AWS DevOps coding tools?
EBS storage volumes -SSD- 1 GB to 16 TB. Good for random access. Has higher IOPS performance. No moving parts Types - General purpose SSD (gp2) + Provisioned IOPS SSD (Io1) Provisioned IOPS faster - HDD- 500 GB to 16 TB. Good for sequential access. Large blocks of data to read and fewer read and write operations. Good throughput. Cheaper Throughput optimized HDD(st1) and cold HDD(sc1)
What are the 2 types of EBS storage volumes
AWS Snowball Edge (100 TB capacity) is a data migration and edge computing device. 2 options - Edge Storage OptimizedSnowball - - Edge Compute Optimized
What are the 2 types of snowball edge computing?
Three types of tasks: Activity tasks: Tells an activity worker to perform its function, such as to check inventory or change a charge a credit card. AWS Lambda tasks: Decision tasks:tells a decider that the state of the workflow execution has changed so that the decider can determine the next activity
What are the 3 types pf SWF tasks
Basic Developer Business Enterprise
What are the AWS support plans ?
For each has key the total size of all indexed items must be 10GB or less
What are the index restrictions for Dynamo DB local secondary indexes ?
. The key reports, certifications, and third-party attestations include, but are not limited to, the following: FedRAMP FIPS 140-2 FISMA and DIACAP HIPAA ISO 9001 ISO 27001 ITAR PCI DSS Level 1 SOC 1/ISAE 3402 SOC 2 SOC 3
What are the key reports, certifications, and third-party attestations ?
Distributions, origins, and cache control.
What are the three core concepts of Amazon CloudFront Basics
DYNAMO DB Secondary indexes can be Local : - Must be created when the table is created. - Shares the tables partitioning key and can have additional sort keys. - Cant DELETE them later - share provisioned throughput (read/write capacity) with their parent table Global secondary indexes: They have a few major differences compared to local indexes: -They can be added on to existing tables -They have their own provisioned throughput -They can have different partition and sort keys from the parent table Since global indexes have their own read and write capacity, the price is one of cost.
What are the types of Dynamo DB secondary indexes ?
Applications that need to read and write from Dynamo need to obtain a set of temporary or permanent access control keys. While these keys could be stored in a configuration file, a best practice is for applications running on AWS to use IAM Amazon EC2 instance profiles to manage credentials. IAM Amazon EC2 instance profiles or roles allow you to avoid storing sensitive keys in configuration files that must then be secured.
What areIAM Amazon EC2 instance profiles ?
CPU, Network , queue size.
What can cloud watch monitor ?
Amazon DynamoDB is integrated with AWS Lambda so that you can create triggers—pieces of code that automatically respond to events in DynamoDB Streams. With triggers, you can build applications that react to data modifications in DynamoDB tables. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/Streams.Lambda.html
What can you use to respond to events in Dynamo db streams /data mdifiations on Dynbamo DB tables?
o Dense Compute and o Dense Storage.
What categories are Redshit nodes grouped into
AWS Snowmobile is an EXABYTE-scale data transfer service .
What data scale does Snom,obile support ?
Glacier encrypts data by default
What do you have to do to enrypt glacier data ?
DynamoDB Streams guarantees the following: 1. Each stream record appears exactly once in the stream. 2. For each item that is modified in a DynamoDB table, the stream records appear in the same sequence as the actual modifications to the item.
What does DynamoDB Streams guarantee? Choose 2
BLOBS
What does Memcachd store objects as ?
JSON policy consists of Effect, Action, Service and Resource (EASR). It may also include one or more conditions.
What does a JSON policy consist of?
JSON policy consists of Effect, Service, Action, and Resource (EASR). It may also include one or more conditions.
What does a JSON policy consist of?
It checks the data in all Three replicas in the different AZ's and returns the latest data . - Eventually consistent data will grab the data from a single zone. - Strongly consistenet reads need more read capacity.
What does a strongly consistent dynamo DB query do ?
A Trail applies to all regions
What does the default cloud trail applies to ? (AZ, region . ??)
Included as part of the Enterprise Support plan,Concierge team will assist you with your billing and account inquiries, A/c consolidation and work with you to help implement billing and A/c best practices
What is AWS Account Assistant:- AWS Support Concierge Service
6. AWS Application Discovery Service helps quickly and reliably plan application migration projects by automatically identifying applications running in on-premises data centers, their associated dependencies, and their performance profiles.
What is AWS Application Discovery Service
7. AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS https://aws.amazon.com/blogs/apn/category/aws-server-migration-service/ https://aws.amazon.com/blogs/compute/how-to-migrate-multi-tier-environments-using-the-aws-server-migration-service/
What is AWS Server Migration Service ?
The Auto Discovery client gives your applications the ability to identify automatically all of the nodes in a cache cluster and to initiate and maintain connections to all of these nodes. The Auto Discovery client is available for .NET, Java, and PHP platforms.
What is Auto Discovery client for Elisticache
A projection is the set of attributes that is copied from a table into a secondary index. Some operations require excess reads/fetching due to complexity. These operations can consume substantial throughput. Projection allows you to avoid costly fetching and perform rich queries by isolating these attributes. Remember projections consist of attributes copied into a secondary index. When making a secondary index, you specify the attributes projected. Recall the three options provided by DynamoDB: KEYS_ONLY, INCLUDE, and ALL
What is Dynamo DB projection ?
DynamoDB Streams captures a time-ordered sequence of item-level modifications in any DynamoDB table, and stores this information in a log for up to 24 hours. - Applications can access this log, process and view the data items as they appeared before and after they were modified, in near real time.
What is Dynamo db streams.
For mobile applications, a best practice is to use a combination of web identity federation with the AWS STS to issue temporary keys that expire after a short period.
What is an IAM best practice for mobile applications ?
Dynamo DB can later be scaled up or down by using an UpdateTable action
What is one of the ways IO capaity on D
OFFLoad all static content to S3 for higher performance inst4ead of keeping it on the web servers. Frees up the web server to serve dynamic content
What is one of the ways S3 can be used to improve web server performance?
ECS container agent
What is responsible for starting and stopping tasks on a ECS container instance?
4 days
What is the Default SQS message retention period?
12 hours
What is the Longest available visibility timeout for SQS?
5TB
What is the Max object size allowed in a S3 multi part file upload?
14 days or 1209600 seconds
What is the Maximum AWS SQS message retention period ?
50
What is the Maximum number of scaling policies per Auto Scaling group
125
What is the Maximum number of scheduled actions per Auto Scaling group ?
In order to make it faster and easier to upload larger (> 100 MB) objects, we've just introduced a new multipart upload feature.
What is the S3 multipart upload feature?
A Trail applies to all regions
What is the default cloud trail applies to ? (AZ, region . ??)
5000 users
What is the default maximum limit of IAM users per AWS account ?
20
What is the default, limit of EC2 instances per region ?
. The process to rotate keys can be conducted via the console, CLI, or SDKs: 1. Create a new access key for the user. 2. Reconfigure apps to use the new access key. 3. Disable the original access key (disabling instead of deleting at this stage is critical, as it allows rollback to the original key if there are issues with the rotation). 4. Verify the operation of all apps. 5. Delete the original access key.
What is the process to rotate Keys
To collect and send data into a Kenesis stream
What is the purpose of a Kenesis producer ?
Multiple shards to a Dynamo DB stream
What is the relationship b/w Dynamo db stream and shards.
Enable server access logs on the bucket. Server access logging provides detailed records for the requests that are made to a bucket. No additional charge for turning on the logging. Log storage is charged. Can be useful in security and access audits & to learn about your customer base and understand your Amazon S3 bill
What must you do to create a record of who accessed your Amazon Simple Storage Service (Amazon S3) data and from where? A. Enable Amazon CloudWatch logs. B. Enable versioning on the bucket. C. Enable website hosting on the bucket. D. Enable server access logs on the bucket.
String: Text and variable length characters up to 400KB. Supports Unicode with UTF8 encoding Number: Positive or negative number with up to 38 digits of precision Binary: Binary data, images, compressed objects up to 400KB in size Boolean: Binary flag representing a true or false value Null: Represents a blank,
What scalar Data types does Amazon DynamoDB support?
Set data types: String Set, Number Set, and0 Binary Set.
What set Data types does Amazon DynamoDB support?
Dynamo DB Stream records are organized into groups, or shards. Each shard acts as a container for multiple stream records, and contains information required for accessing and iterating through these records. The stream records within a shard are removed automatically after 24 hours.
What statement is true about Dynamo db stream record organization.
HDFS. For persistent clusters, HDFS is a common choice. When a cluster is shut down, instance storage is lost and the data does not persist. HDFS can also make use of Amazon EBS storage, trading in the cost effectiveness of instance storage for the ability to shut down a cluster without losing data.
What storage is well suited for persistent EMR clusters
EMRFS are well suited for transient clusters, as the data persists. the cluster can be shut down and started back up.
What storage is well suited for transient EMR clusters
AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. Cloud front can be used in conjunction with AWS shield
What technology can help with DDoS attacks.
What security is customer resp for?
What they put into cloud
Elisticache
What time of cache can you use for RDS /database caching
Global indexes support Eventual consistency only
What type of consistency does global indexes support ?
DynamoDB supports only identity-based policies (IAM policies) Policies attached to an IAM identity are referred to as identity-based policies (IAM polices) and policies attached to a resource are referred to as resource-based policies. - You can attach policies to IAM identities. For example, you can do the following: -Attach a permissions policy to a user or a group in your account -Attach a permissions policy to a role (grant cross-account permissions)
What type of policies does DynamoDB support ?
Each stream record is assigned a sequence number, reflecting the order in which the record was published to the stream.
What uniquely identifies a dynamo db stream record ?
You can continue using the table. It takes a few mintutes for the new capacity to take effect . STatus changes to updating when capacity is being adjusted
When dynamo DB table capacity is adjusted waht is the impact to table availability.
Custom ACL: When you create a custom network ACL, its initial configuration will deny all inbound and outbound traffic. Default network ACL: is configured to allow all traffic to flow in and out of the subnets to which it is associated.
When you create a custom ACL what traffic is allowed and not allowed? For default ACL what traffic is allowed and disallowed
You created a, new security groups. By default it creates outbound rule that allows all outbound traffic.
When you create a new security group by default what traffic is allowed?
in the autoscaling group. Auto scaling group refers to the auto scaling policy. It also refers to the launch configuration (which specfies AMI name and EC2 instance size)
Where is the health check type defined in auto scaling configuration
Proactive guidance-TAM, Account assistance -Concierge support team Training-self paced labs, Operational support- review and reporting , Architectural review Business-critical system down: < 15 minutes
Which AWS support features are available only in Enterprise version?
Proactive guidance-TAM, Account assistance, Training-self paced labs, Operational review and reporting , Architectural review
Which AWS support features are available only in Enterprise version?
(Unlike Memcached, )Redis supports the ability to persist the in-memory data onto disk.
Which cache engine supports the ability to persist the in-memory data onto disk
)Unlike Memcached, )Redis supports the ability to persist the in-memory data onto disk.
Which cache engine supports the ability to persist the in-memory data onto disk
Local Secondary indexes lets yo query data within a single partition Global secondary indexes let you query data accross the entire table
Which data do Dynamo DB secondary indexes let you query ?
A message in your SQS queue is duplicated.
Which if the following is not expected behavior from SQS and may indicate an problem with your application?
Session state, shopping cart Product catalog Have to choose best possible among available choices.
Which of the following are good candidates to store in the cache ? -session state - shopping cart - bank account balance - product catalog
The instance remains associated with its Elastic IP address.
Which of the following is true if you stop an Amazon Elastic Compute Cloud (Amazon EC2) instance with an Elastic IP address in an Amazon Virtual Private Cloud (Amazon VPC)? A. The instance is disassociated from its Elastic IP address and must be re-attached when the instance is restarted. B. The instance remains associated with its Elastic IP address. C. The Elastic IP address is released from your account. D. The instance is disassociated from the Elastic IP address
You can use the following protocols with Amazon SNS: HTTP, HTTPS, SMS, email, email-JSON, Amazon SQS, and AWS Lambda
Which protocols can you use with Amazon SNS?
KEYS_ONLY - Each item in the index consists only of the table partition key and sort key values, plus the index key values. The KEYS_ONLY option results in the smallest possible secondary index. INCLUDE - In addition to the attributes described in KEYS_ONLY, the secondary index will include other non-key attributes that you specify. ALL - The secondary index includes all of the attributes from the source table. Because all of the table data is duplicated in the index, an ALL projection results in the largest possible secondary index
While creating global secondary Index in Dynamodb, there is label named Projected attributed with following list Projected attributed ALL key only Include
Remember that IT governance is the customer's responsibility. It is the customer's responsibility to maintain adequate governance over the entire IT control environment, regardless of how its IT is deployed (on-premises, cloud, or hybrid).
Who's responsibility is IT governance ?
VM Import/Export is available at no additional charge over and above the Ec2 instance
You are migrating VM's to AWS using import export. What costs are associated with importt/export
Use mappings to specify base AMI's because AMI ids are different in different regions
You are planning to use cloud formation ti deploy a linux ec2 instance in 2 different regions, using the same base AMI. How can you do this using cloud formation ?
An application must always process a parent shard before it processes a child shard. This will ensure that the stream records are also processed in the correct order. Because Dynamo DB streams shards have a lineage (parent and children), the app should process the parent shared before it processes the child. (If you use the DynamoDB Streams Kinesis Adapter, this is handled for you:)
You are writing an appliation that processes dynamo db streams shards. What is something the application design needs to keep in mind.
10 MB. The Max object size allowed for Multi part file upload for S3 is 5 TB
You should use multipart upload for objects larger than ? Mbytes.
10 MBMax object size allowed for Multi part file upload for S3 is 5 TB
You should use multipart upload for objects larger than ? Mbytes.
Storage Gateway Virtual Tape volume limits
You're allowed 1 VTS per AWS region. Max 1,500 tapes (1 PB) of total tape data. Multiple gateways in the same region can share a tape library.
An alias resource record set can point to an ELB. You cannot create a CNAME record at the top node of a Domain Name Service (DNS) namespace, also known as the zone apex, as the case in this example
Your website is hosted on a fleet of web servers that are load balanced across multiple AZ's using an (ELB). What type of record set in Amazon Route 53 can be used to point myawesomeapp.com to your website? A. Type A Alias resource record set B. MX record set C. TXT record set D. CNAME record set
A company has an AWS account that contains 3 VPCs (dev, tst, prd) in the same region. Tst is peered to both prd and dev. All VPCs have non-overlapping CIDR blocks. The company wants to push minor releases from dev to prd to speed up time to market. Which of the following options helps accomplish this? a. Create a new peering connection between prd and dev along with appropriate routes b. Create a new entry to prd in the dev route table using the peering connection as the target c. Attach a second gateway to dev. Add a new entry in the prd route table identifying the gateway as the target d. The VPCs have non-overlapping CIDR blocks in teh same account. The route tables contain local routes for all VPCs
a
A customer has a single 3-TB volume on-premises that is used to hold a large repository of images and print layout files. This repository is growing at 500 GB a year and must be presented as a single logical volume. The customer is becoming increasingly constrained with their local storage capacity and wants an off-site backup of this data, while maintaining low-latency access to their frequently accessed data. Which AWS Storage Gateway configuration meets the customer requirements? a. Gateway-Cached volumes with snapshots scheduled to Amazon S3 b. Gateway-Stored volumes with snapshots scheduled to Amazon S3 c. Gateway-Virtual Tape Library with snapshots to Amazon S3 d. Gateway-Virtual Tape Library with snapshots to Amazon Glacier
a
Amazon S3 is a. Object Based Storage b. Block Based Storage c. A Data Warehouse Solution d. Suitable for data archival, not frequently used files.
a
An organization is planning to use AWS for their production roll out. The organization wants to implement automation for deployment such that it will automatically create a LAMP stack, download the latest PHP installable from S3 and setup the ELB. Which of the below mentioned AWS services meets the requirement for making an orderly deployment of the software? a. AWS Elastic Beanstalk b. AWS Cloudfront c. AWS Cloudformation d. AWS DevOps
a
Can I "force" a failover for any RDS instance that has Multi-AZ configured? a. Yes b. No c. Only for Oracle RDS instances
a
Can you access Amazon EBS Snapshots? a. Yes, through the AWS APIs/CLI & AWS Console b. No c. Depends on the region d. EBS does not have snapshot functionality
a
If an Amazon EBS volume is an additional partition (ie. not the root volume), can I detach it without stopping the instance? a. Yes, but it may take some time b. No, you still need to stop the instance
a
In RDS, what is the maximum size for a Microsoft SQL Server DB Instance with SQL server Express edition? a. 10GB/db b. 100GB/db c. 1TB/db d. 2TB/db
a
In a default VPC, all Amazon EC2 instances are assigned 2 IP addresses at launch, what are these? a. Private IP and Public IP b. Public IP and Secret IP c. Elastic IP and Public IP d. IPv6 and Elastic IP
a
What action is required to establish an Amazon Virtual Private Cloud (VPC) VPN? a. Assign a static internet-routable IP address to an Amazon VPC customer gateway b. Use a dedicated network address translation instance in the pubic subnet c. Modify the main route table to allow traffic to a network address translation instance
a
You are deploying an application to collect votes for a very popular television show. Millions of users will submit votes using mobile devices. The votes must be collected into a durable, scalable, and highly available data store for real-time public tabulation. Which service should you use? a. Amazon DynamoDB b. Amazon Redshift c. Amazon Kinesis d. Amazon Simple Queue Service
a
You have a VPC with 1 private subnet and 1 public subnet with a NAT server. You are creating a group of EC2 instances that configure themselves at startup via downloading a bootstrapping script from S3 that deploys an application via GIT. Which setup provides the highest level of security? a. EC2 instances in private subnet, no EIPs, route outgoing traffic via the NAT b. EC2 instances in public subnet, no EIPs, route outgoing traffic via the Internet Gateway (IGW) c. EC2 instances in private subnet, assign EIPs, route outgoing traffic via the Internet Gateway (IGW) d. EC2 instances in public subnet, assign EIPs, route outgoing traffic via the NAT
a
You have a load balancer configured for VPC, and all back-end EC2 instances are in service. Your web browser is timing out when connecting to the load balancers' DNS name. Which options are probable causes of this behavior? Choose 2 a. Load balancer was not configured to use a public subnet with an internet gateway configured b. EC2 instances do not have a dynamically allocated private IP address c. Security groups or network ACLs are not properly configured for web traffic d. Load balancer is not configured in a private subnet with a NAT instance e. VPC does not have a VGW configured
a c
Your company is getting ready to do a major public announcement of a social media site on AWS. The website is running on EC2 instances deployed across multiple Availability Zones with a Multi-AZ RDS MySQL Extra Large DB Instance. The site performs a high number of small reads and writes per second and relies on an eventual consistency model. After comprehensive tests you discover that there is read contention on RDS MySQL. Which are the best approaches to meet these requirements? (Choose 2 answers) a. Deploy ElasticCache in-memory cache running in each availability zone b. Implement sharding to distribute load to multiple RDS MySQL instances c. Increase the RDS MySQL Instance size and Implement provisioned IOPS d. Add an RDS MySQL read replica in each availability zone
a d
You are tasked with moving a legacy application from a virtual machine running inside your datacenter to an Amazon VPC unfortunately this app requires access to a number of on-premises services and no one who configured the app still works for your company. even worse there is no documentation for it. what will allow the application running inside the VPC to reach back and access its internal dependencies without being reconfigured? Choose 3 answers a. An AWS Direct connect link between the VPC and the network housing the internal services. b. An Internet gateway to allow a VPN Connection c. AN Elastic IP address on the VPC Instance d. AN IP Address space that does not conflict with the one on-premises e. Entries in Amazon Route 53 that allow the instance to resolve its dependencies IP address f. A VM Import of the current Virtual Machine
a d f
Amazon Dynamodb
a fast and flexible nonrelational database service for all applications that need consistent, single-digit millisecond latency at any scale.
CodeCommit
a fully-managed source control service that makes it easy for companies to host secure and highly scalable private Git repositories / code
How many relational database engines does RDS currently support? a) 5: MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL server b) 2: MySQL and Oracle c) 5: MySQL, PostgreSQL, MongoDB, Cassandra and SQLite d) Just MySQL
a) 5: MySQL, MariaDB, PostgreSQL, Oracle, and Microsoft SQL server
What is the availability on RRS? a) 99.99% b) 99% c) 99.90% d) 100%
a) 99.99%
What is the availability on S3? a) 99.99% b) 99% c) 100% d) 99.90%
a) 99.99%
Which of the following can be used as an origin server in CloudFront? (Choose 3) a) A webserver running on EC2 b) A webserver running in your own datacenter c) A RDS instance d) An Amazon S3 bucket e) Glacier storage
a) A webserver running on EC2 b) A webserver running in your own datacenter d) An Amazon S3 bucket
A new user has started at your work and it is your job to give them administrator access to the AWS console. You have set them up with a user name, access key ID, secret access key and you have generated a password for them. They are able to log in to the AWS console, but they cannot do anything. What should you do next? a) Add them to the Administrators group, where your other administrator users belong. b) Set up MFA for them. c) Ensure they are logging in to the AWS console from your corporate network and not the normal internet. d) Tell them to log out and try logging back in again.
a) Add them to the Administrators group, where your other administrator users belong.
You are developing a highly available web application using stateless web servers. Which services are suitable for storing session state data? (Choose 3) a) Amazon DynamoDB b) Amazon ElastiCache c) ELB d) AWS Storage Gateway e) RDS f) Amazon CloudWatch
a) Amazon DynamoDB b) Amazon ElastiCache e) RDS
An instance is launched into the public subnet of a VPC. Which of the following must be done in order for it to be accessible FROM the internet? a) Attach an Elastic IP to the instance b) Nothing. The instance is accessible from the internet c) Launch a NAT instance and route all the traffic to it d) Make an entry in the route table passing all traffic going outside the VPC to the NAT
a) Attach an Elastic IP to the instance
What are the characteristics of Simple DB (Choose 4) a) Automatic geo-redundant replication b) It provides a simple web interface to create and store data sets, query and return data c) You can store your relational database in Simple DB d) Data is automatically indexed e) You don't need to worry about the infrastructure required
a) Automatic geo-redundant replication b) It provides a simple web interface to create and store data sets, query and return data d) Data is automatically indexed e) You don't need to worry about the infrastructure required
What is true for S3 buckets? (Choose 3) a) Bucket namespace is shared globally among all AWS users b) Bucket names can contain alphanumeric characters c) Buckets are associated with a region, and all data in a bucket resides in that region d) Buckets can be transferred from one account to another through API e) You can have unlimited number of buckets in each AWS account
a) Bucket namespace is shared globally among all AWS users b) Bucket names can contain alphanumeric characters c) Buckets are associated with a region, and all data in a bucket resides in that region
You are building a system to distribute confidential training videos to employees. Using CloudFront, what method could be used to serve content that is stored in S3, but not publically accessible from S3 directly? a) Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI b) Add the CloudFront account security group "amazon-cf/amazon-cf-sg" to the appropriate S3 bucket policy c) Create an Identity and Access Management (IAM) user for CloudFront and grant access to the objects in your S3 bucket to the IAM user d) Create a S3 bucket policy that lists the CloudFront distribution ID as the principal and the target bucket as the Amazon Resource Name (ARN)
a) Create an Origin Access Identity (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI
You run a two tiered app with the following components: an ELB, there web/app server on EC2, and one MySQL RDS database. With growing load, database query take longer and longer and slow down the overall response time for the user request. What of the following options could speed up performance? (Choose 3) a) Create an RDS read-replica and redirect half of the database read request to it b) Cache database queries in Amazon Elastic Cloud c) Setup RDS in multi-availability zone mode d) Shard the database and distribute loads between shards e) Use Amazon CloudFront to cache database queries
a) Create an RDS read-replica and redirect half of the database read request to it b) Cache database queries in Amazon Elastic Cloud d) Shard the database and distribute loads between shards
One of your users is trying to upload a 7.5GB file to S3 however they keep getting the following error message - "Your proposed upload exceeds the maximum allowed object size". What is a possible solution for this? a) Design your application to use the multi-part upload API for all objects. b) Design your application to use large object upload API for this object. c) Raise a ticket with AWS to increase your maximum object size. d) Log in to the S3 console, click on the bucket and then click properties. You can then increase your maximum object size to 1TB.
a) Design your application to use the multi-part upload API for all objects.
Where should you use SWF- Simple Workflow Service (Choose 2 correct answer) a) Designing a business application which requires a lot of coordination between different tasks b) Video encoding application where each video is encoded with a predefined number of steps c) Receiving thousands of notifications from a process and add them to a queue d) Process a queue of messages where each message is a task that needs to be completed
a) Designing a business application which requires a lot of coordination between different tasks b) Video encoding application where each video is encoded with a predefined number of steps
Which route must be added to your routing table in order to allow connections to the internet from your subnet? a) Destination:0.0.0.0/0 => Target: your internet gateway b) Destination:192.168.1.257/0 => Target: your internet gateway c) Destination:0.0.0.0/33 => Target: your virtual private gateway d) Destination:0.0.0.0/0 => Target: 0.0.0.0/24 e) Destination:0.0.0.0/32 => Target: your virtual private gateway
a) Destination:0.0.0.0/0 => Target: your internet gateway
How to secure data at rest on EBS? a) EBS automatically encrypts data on it for more security b) You can use your own encryption layer on the top c) Use S3 instead d) Block the EC2 to access data to your EBS
a) EBS automatically encrypts data on it for more security
In which case do you have full authority of the underlying instance? (Choose 2) a) EC2 b) RDS c) Dynamo DB d) EMR (Elastic Map Reduce) e) Simple DB
a) EC2 d) EMR (Elastic Map Reduce)
Which AWS service if specifically designed for developers to upload their code to and then it will automatically handle the provisioning of those resources that are required to host that code? a) Elastic Beanstalk b) CloudFormation c) CloudTrail d) CloudFormer
a) Elastic Beanstalk
If I want an instance to have a public IP address, which IP address should I user? a) Elastic IP address b) Class B IP address c) Class A IP address d) Dynamic IP address
a) Elastic IP address
What AWS service is used to process big data? a) Elastic Map Reduce b) Kinesis c) Redshift
a) Elastic Map Reduce
What combination of the following options will protect Amazon S3 objects from both accidental deletion and accidental overwriting? (Choose 2) a) Enable S3 versioning on bucket b) Access S3 data using only signed URLs c) Disable S3 delete using an IAM bucket policy d) Enable S3 Reduced Redundancy Storage e) Enable Multi-factor authentication (MFA) protected access
a) Enable S3 versioning on bucket e) Enable Multi-factor authentication (MFA) protected access
You have created a new AWS account for your company and you have also configured multi-factor authentication on the root account. You are about to create your new users. What strategy should you consider in order to ensure that there is good security on this account. a) Enact a strong password policy, so that your users have to change their passwords every 45 days and must use a combination of capital and lower case letters, numbers and special symbols for all passwords. b) Require users to only be able to log in using biometric authentication. c) Restrict login to the corporate network only. d) Give all users the same password so that if they forget their passwords they can just ask their co-workers.
a) Enact a strong password policy, so that your users have to change their passwords every 45 days and must use a combination of capital and lower case letters, numbers and special symbols for all passwords.
A VPC public subnet is one that: a) Has at least 1 route in its associate routing table that uses an Internet Gateway (IGW) b) Included a route in its associated routing table via a NAT c) Has Network Access Control List (NACL) permitting outbound traffic to 0.0.0.0/0 d) Has the public subnet options selected in it congif
a) Has at least 1 route in its associate routing table that uses an Internet Gateway (IGW)
Which metrics could CloudWatch watch? (Choose 2) a) Hypervisor visible metrics such as CPU utilization b) Operating system visible metrics such as memory utilization c) Network Utilization (Read-write) d) Web server visible metrics such as number failed transaction requests e) Database visible metrics such as number of connections
a) Hypervisor visible metrics such as CPU utilization c) Network Utilization (Read-write)
How do you secure company critical data on S3? (Choose 4 correct answers) a) IAM Policies b) Bucket Policies c) Access Control Lists (ACLs) d) Server Side Encryption (SSE) e) Cloudfront
a) IAM Policies b) Bucket Policies c) Access Control Lists (ACLs) d) Server Side Encryption (SSE)
Which statement best describes IAM? a) IAM allows you to manage users, groups and roles and their corresponding level of access to the AWS platform. b) IAM allows you to manage users passwords only. AWS staff must create new users for your organization. This is done by raising a ticket. c) IAM allows you to manage permissions for AWS resources only. d) IAM stands for Improvised Application Management and it allows you to deploy and manage applications in the AWS cloud.
a) IAM allows you to manage users, groups and roles and their corresponding level of access to the AWS platform.
Your company has built a mobile application that has already been downloaded several hundred thousand times. Which authentication solution would enable mobile clients to access pictures stored in an AWS S3 bucket and provide you with the highest flexibility to rotate credentials? a) Identify federation based on AWS security token service (STS) using an AWS IAM policy for the respective S3 bucket b) IAM user per registered client with an IAM policy granted AWS S3 access to the respective bucket c) AWS S3 policy A
a) Identify federation based on AWS security token service (STS) using an AWS IAM policy for the respective S3 bucket
In what circumstances would I choose provisioned IOPS in RDS over standard storage? a) If you use production online transaction processing b) If you have workloads that are not sensitive to latency/lag c) If this was a test DB d) If your business was trying to save money
a) If you use production online transaction processing
What is an additional way to secure IAM for both the root login and new users alike? a) Implement MFA for all accounts. b) Store the access key id and secret access key of all users in a publicly accessible plain text document on S3 of which only you and members of your organization know the address to. c) Configure the AWS console so that you can only log in to it from a specific IP address range. d) Configure the AWS console so that you can only log in to it from your internal network IP address range.
a) Implement MFA for all accounts.
EBS Snapshots are backed up to S3 in what manner? a) Incrementally b) Exponentially c) Decreasingly d) EBS Snapshots are not stored in S3
a) Incrementally
Amazon Glacier is designed for: (Choose 2) a) Infrequently accessed data b) Cached session data c) Active database storage d) Data archive e) Frequently accessed data
a) Infrequently accessed data d) Data archive
What does the AWS Storage Gateway provide? a) It allows to integrate on-premises IT environments with Cloud Storage b) A direct encrypted connection to Amazon S3 c) It's a backup solution that provides an on-premises Cloud storage d) It provides an encrypted SSL endpoint for backups in the Cloud
a) It allows to integrate on-premises IT environments with Cloud Storage
What are the benefits of using ElastiCache for your web application? (Choose 2) a) It reduces the load on your web servers b) It reduces the load on your db c) Gives you more availability of cached data when your Multi-AZ RDS is under maintenance d) Gives you faster access to your cache data
a) It reduces the load on your web servers b) It reduces the load on your db
What AWS service is used for collating large amounts of data streamed from multiple sources? a) Kinesis b) SQS c) CloudFront d) CloudCapture
a) Kinesis
Your web application is using Auto Scaling and ELB . You want to monitor the application to ensure that is maintain a good quality of service for your customers, defined by the application's page load time. a) Latency reported by the elastic load balancer b) Request count reported by the ELB c) Aggregate networking for the web tier d) Aggregate CPU Utilization for the web tier
a) Latency reported by the elastic load balancer
How should you launch instance if you need a pre-defined IP? a) Launch it in a VPC b) Launch it under an ELB c) Pre-assign an IP using CloudFormation script d) Launch it in a placement group
a) Launch it in a VPC
Which of the following requires a custom CloudWatch metric to monitor? a) Memory Use b) CPU use c) Disk read operations d) Network in e) Estimated charges
a) Memory Use
Which of the following benefits does adding Multi-AZ deployment in RDS provide? a) Multi-AZ deployed database can tolerate an AZ failure b) Decrease latencies if app servers accessing database are in multiple AZ c) Make database access times faster for all app servers d) Make data base more available during maintenance tasks
a) Multi-AZ deployed database can tolerate an AZ failure d) Make data base more available during maintenance tasks
Security groups act like a firewall at the instance level whereas ________ are an additional layer of security that act at the subnet level. a) Network ACLs (Access Control Lists) b) DB Security Groups c) VPC Security Groups d) Route Tables
a) Network ACLs (Access Control Lists)
What are the characteristics of Subnet? (Choose 2) a) Network traffic entering and exiting each subnet can be allowed or denied via network Access Control Lists (ACLs) b) A subnet can be across multiple AZs c) A subnet can be across multiple regions d) Default subnets are assigned a /20 net blocks e) Default subnets are assigned a /16 new blocks
a) Network traffic entering and exiting each subnet can be allowed or denied via network Access Control Lists (ACLs) d) Default subnets are assigned a /20 net blocks
You need a configuration management service to allow your system administrators to configure and operate your web applications using Chef. Which AWS service would best suit your needs? a) Opsworks b) CloudTrail c) Trusted Advisor d) CloudWatch
a) Opsworks
In a default VPC, all Amazon EC2 instances are assigned 2 IP addresses at launch, what are these? a) Public and Private b) Public and Secret c) Elastic and Public d) IPv6 and Elastic
a) Public and Private
S3 has what consistency model for PUTS of new objects? a) Read after Write consistency b) Write after Read consistency c) Eventual consistency d) Usual consistency
a) Read after Write consistency
You need to use an object based storage solution to store your critical, non replaceable data in a cost effective way. This data will be frequently updated and will need some form of version control enabled on it. Which S3 storage solution should you use? a) S3 b) S3 - IA (Infrequently Accessed Storage) c) S3 - RRS (Reduced Redundancy Storage) d) Glacier
a) S3
Which of the following is true with respect to serving private content through CloudFront? (Choose 3) a) Signed URLs can be created to access objects from CloudFront edge locations b) Direct access to S3 URLs can be removed therefore allowing access only through CloudFront URLs c) Mark the S3 bucket private and allow access objects from CloudFront by means of Roles d) Mark the S3 bucket private and create an Origin Access Identity to access the objects
a) Signed URLs can be created to access objects from CloudFront edge locations b) Direct access to S3 URLs can be removed therefore allowing access only through CloudFront URLs d) Mark the S3 bucket private and create an Origin Access Identity to access the objects
You have created a Route53 latency record set from your domain to a machine in Singapore and a similar record to a machine in Oregon. When a user located in India visits your domain he will be routed to: a) Singapore b) Oregon c) Depends on the load on each machine d) Both, because the 2 request are made, 1 to each team
a) Singapore
What is true about EBS? (Choose 3) a) The snapshots are stored in S3 b) The snapshots are just stored as another EBS volume c) Snapshots are incremental in nature and only d) You can share the snapshot with other AWS accounts e) Snapshots are automatically encrypted
a) The snapshots are stored in S3 c) Snapshots are incremental in nature and only d) You can share the snapshot with other AWS accounts
You have a photo selling website where you have a library of photos on S3. You noticed that there are some websites that are showing the link to your S3 photos. How do you restrict sites like these using your S3 photos link? a) Use Cloudfront to server images b) Restrict access to those websites in the bucket policy c) Use Glacier to store images d) Restrict access to those websites in the IAM policy e) Remove the public URL link from the object in S3
a) Use Cloudfront to server images
What is true about RDS? (Choose 3) a) You can create multiple read replica for read heavy applications b) You can have a read replica of a read replica c) Daily backups are automatically taken d) You can enable Multi-AZ option to have automatic failover in a different region e) You can have provisioned IOPS for your RDS database
a) You can create multiple read replica for read heavy applications c) Daily backups are automatically taken e) You can have provisioned IOPS for your RDS database
What is true about penetration testing in AWS? (Choose 2) a) You can do the penetration on your individual EC2 instance only b) A prior permission is required from AWS for penetration testing c) You cant do the penetration testing at all d) You can ask AWS support to do the penetration testing e) AWS will automatically conduct penetration testing from time to time
a) You can do the penetration on your individual EC2 instance only b) A prior permission is required from AWS for penetration testing
What is true about AMI? (Choose 4) a) You can share your AMI w/ other AWS account owners b) You can create an instance store-backed AMI c) You can create an EBS-backed AMI d) For instance stored-backed AMIs, the root volume is stored in S3 e) For EBS stored-backed AMIs, the root volume is stored in S3
a) You can share your AMI w/ other AWS account owners b) You can create an instance store-backed AMI c) You can create an EBS-backed AMI d) For instance stored-backed AMIs, the root volume is stored in S3
After creating a new AWS account, you use the API to request 40 ondemand AWS EC2 instances in a single AZ. After 20 successful requests, subsequent request failed. What could be a reason for this issue, and how would you resolve it? a) You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved b) AWS allows you to provision no more than 20 instances per AZ. Select a different AZ and retry the failed request c) You need to use Amazon VPC in order to provision more than 20 instances in a single AZ. Simply terminate the resources already provisioned and re-launch them all in a VPC d) You encounter an API throttling situation and should try the failed request using an exponential decay retry algorithm
a) You encountered a soft limit of 20 instances per region. Submit the limit increase form and retry the failed requests once approved
While creating the snapshots using the command line tools, which command should I be using? a) ec2-create-snapshot b) ec2-fresh-snapshot c) ec2-deploy-snapshot d) ec2-new-snapshot
a) ec2-create-snapshot
You have been asked by your company to create an S3 bucket with the name "acloudguru1234" in the EU West region. What would be the URL for this bucket? a) https://s3-eu-west-1.amazonaws.com/acloudguru1234 b) https://s3-us-east-1.amazonaws.com/acloudguru1234 c) https://s3.acloudguru1234.amazonaws.com/eu-west-1 d) https://s3-acloudguru1234.amazonaws.com/
a) https://s3-eu-west-1.amazonaws.com/acloudguru1234
command to create elastic bean stalk stack with cloudformation
aws cloudformation create-stack --stack-name abcd --template-body file://... --capabilities CAPABILITY_IAM
A company is building software on AWS that requires access to various AWS services. Which configuration should be used to ensure that AWS credentials (i.e.,Access Key ID/Secret Access Key combination) are not compromised? a. Enable Multi-Factor Authentication for your AWS root account. b. Assign an IAM role to the Amazon EC2 instance. c. Store the AWS Access Key ID/Secret Access Key combination in software comments. d. Assign an IAM user to the Amazon EC2 Instance.
b
Amazon's EBS volumes are a. Object based storage b. Block based storage c. Encrypted by default d. Not suitable for databases
b
As an application has increased in popularity, reports of performance issues have grown. The current configuration initiates scaling actions based on Avg CPU utilization; however during reports of slowness, CloudWatch graphs have shown that Avg CPU remains steady at 40 percent. This is well below the alarm threshold of 60 percent. Your developers have discovered that, due to the unique design of the application, performance degradation occurs on an instance when it is processing more than 200 threads. What is the best way to ensure that your application scales to match demand? a. Launch two to six additional instances outside of the AutoScaling group to handle the additional load. b. Populate a custom CloudWatch metric for concurrent sessions and initiate scaling actions based on that metric instead of on CPU use. c. Empirically determine the expected CPU use for 200 concurrent sessions and adjust the CloudWatch alarm threshold to be that CPU use. d. Add a script to each instance to detect the number of concurrent sessions. If the number of sessions remains over 200 for five minutes, have the instance increase the desired capacity of the AutoScaling group by one.
b
Company "ABC" needs to deploy services to an AWS region which they have not previously used. The company currently has an AWS identity and Access Management (IAM) role for the Amazon EC2 instances, which permits the instance to have access to Amazon DynamoDB. The company wants their EC2 instances in the new region to have the same privileges. How should the company achieve this? a. Create a new IAM role and associated policies within the new region b. Assign the existing IAM role to the Amazon EC2 instances in the new region c. Copy the IAM role and associated policies to the new region and attach it to the instances d. Create an Amazon Machine Image (AMI) of the instance and copy it to the desired region using the AMI Copy feature
b
I can enable multi-factor authentication by using a. RDS b. IAM c. DynamoDB d. Account Settings
b
If an Amazon EBS volume is the root device of an instance, can I detach it without stopping the instance? a. Yes b. No
b
Individual instances are provisioned in a. Regions only, you cannot choose anything below this b. Availability Zones c. Global
b
MySQL installations default to port number a. 1433 b. 3306 c. 3389 d. 80
b
Out of the stripping options available for the EBS volumes, which one has the following disadvantage : 'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe.' ? a. Raid 0 b. RAID 1+0 (RAID 10) c. Raid 1 d. Raid 2
b
What is the difference between Elastic Beanstalk and CloudFormation? a. Elastic Beanstalk is a monitoring tool to view performance of your AWS resources. CloudFormation is an automated provisioning engine to deploy entire cloud environments via JSON. b. Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring based on the code you upload to it. CloudFormation is an automated provisioning engine to deploy entire cloud environments via JSON. c. There is no difference. d. Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring based on the code you upload to it. CloudFormation is a security service designed to harden your cloud against an attack, like a DDOS.
b
You need to design a VPC for a web-application consisting of an ELB a fleet of web application servers, and an RDS DB. The entire infrastructure must be distributed over 2 AZ. Which VPC configuration works while assuring the DB is not available from the internet? a. One Public Subnet for ELB one Public Subnet for the web-servers, and one private subnet for the DB b. One Public Subnet for ELB two Private Subnets for the web-servers, and two private subnets for the RDS c. Two Public Subnets for ELB two private Subnet for the web-servers, and two private subnet for the RDS d. Two Public Subnets for ELB two Public Subnet for the web-servers, and two public subnets for the RDS
b
Your customer is willing to consolidate their log streams (access logs application logs security logs etc.) in one single system. Once consolidated, the customer wants to analyze these logs in real time based on heuristics. From time to time, the customer needs to validate heuristics, which requires going back to data samples extracted from the last 12 hours? What is the best approach to meet your customer's requirements? a. Send all the log events to Amazon SQS. Setup an Auto Scaling group of EC2 servers to consume the logs and apply the heuristics. b. Send all the log events to Amazon Kinesis develop a client process to apply heuristics on the logs c. Configure Amazon Cloud Trail to receive custom logs, use EMR to apply heuristics the logs d. Setup an Auto Scaling group of EC2 syslogd servers, store the logs on S3 use EMR to apply heuristics on the logs
b
Instance 1 and 2 are running in two different subnets (A and B) of a VPC. Instance 1 is not able to ping instance 2. What are 2 possible reasons? a. The routing table of subnet A has no target route to subnet B b. The security group attached to instance 2 does not allow inbound ICMP traffic c. The policy linked to the IAM role on instance 1 is not configured correctly d. The NACL on subnet B doesn't allow outbound ICMP traffic
b d
What is the maximum response time for a business level premium support case? a) 15 minutes b) 1 hour c) 12 hours d) 1 day
b) 1 hour
You have created 4 weighted resource record sets with weights 1, 2, 3, and 4. The 3rd record set is selected by Route53: a) 1/7th of the time b) 3/10th of the time c) 3/7th of the time d) 1/4th of the time
b) 3/10th of the time
What is the max size of a single S3 object? a) There is no such limit b) 5 TB c) 5 GB d) 100 GB
b) 5 TB
What is an AWS region? a) A region is an independent data center, located in different countries around the globe b) A region is a geographical area that consists of different availability zones. Each region consists of 2 (or more) Availability Zones. c) A region is a collection of Edge Locations available in specific countries. d) A region consists of a number of different subset of AWS technologies. For example the compute region consists of EC2, ECS, Lambda etc.
b) A region is a geographical area that consists of different availability zones. Each region consists of 2 (or more) Availability Zones.
Individual instances are provisioned in... a) Regions only, you cannot choose anything below this b) AZs c) Global
b) AZs
Which of the following will occur when an EC2 instance in a VPC with an associated Elastic IP is stopped and started (Choose 2) a) The Elastic IP will be dissociated from the instance b) All data on instance-store devices will be lost c) All data on EBS(Elastic Block Store) devices will be lost d) The ENI (Elastic Network Interface) is detached e) The underlying host for the instance may change
b) All data on instance-store devices will be lost e) The underlying host for the instance may change
What is Amazon Glacier? a) A tool that allows to "freeze" an EBS volume. b) An AWS service designed for long term data archival. c) A highly secure firewall designed to keep everything out. d) It is a tool used to resurrect deleted EC2 snapshots.
b) An AWS service designed for long term data archival.
You have developed a new web application in us-west-2 that requires six Amazon Elastic Compute Cloud (EC2) instances running at all times. You have three availability zones available in that region (us-west-2a, us-west-2b, and us-west-2c). You need 100 percent fault tolerance if any single Availability Zone in us-west-2 becomes unavailable. How would you do this, each answer has 2 parts, select the answer with BOTH parts correct. a) Answer 1: Us-west-2a with two EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances. Answer 2: Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances b) Answer 1: Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances. Answer 2: Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances. c) Answer 1: Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with no EC2 instances. Answer 2: Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances. d) Answer 1: Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances. Answer 2: Us-west-2a with four EC2 instances, us-west-2b with two EC2 instances, and us-west-2c with two EC2 instances.
b) Answer 1: Us-west-2a with six EC2 instances, us-west-2b with six EC2 instances, and us-west-2c with no EC2 instances. Answer 2: Us-west-2a with three EC2 instances, us-west-2b with three EC2 instances, and us-west-2c with three EC2 instances.
What are the characteristics of IAM? (Choose 2) a) By default all the services are enabled for a new IAM user b) By default all the services are disabled for a new IAM user c) You can create multiple access ID and secret keys for 1 IAM user
b) By default all the services are disabled for a new IAM user c) You can create multiple access ID and secret keys for 1 IAM user
A customer's nightly EMR job processes a single 2-tb data file stored on S3. The Amazon EMR job runs on two on-demand core nodes and threes on-demand task nodes. Which of the following may help reduce the EMR job completion time? (Choose 2) a) Use 3 spot instances rather than 3 on-demand instances for the task nodes b) Change the input split size in the MapReduce job config c) Use a bootstrap action to present the S3 bucket as a local file system d) Launch the core nodes and take nodes within Amazon Virtual Cloud e) Adjust the number of simultaneous mapper tasks f) Enable termination protection for the job flow
b) Change the input split size in the MapReduce job config e) Adjust the number of simultaneous mapper tasks
When you are making a request to Route 53 for a DNS record you are... a) Charged for the request if you are using CNAMEs or Alias Records. b) Charged for the request if you are using CNAMEs, but not charged if you are using Alias Records. c) Not charged for the request if you are using CNAMEs, but charged if you are using Alias Records. d) Not charged for the request if you are using CNAMEs or Alias Records.
b) Charged for the request if you are using CNAMEs, but not charged if you are using Alias Records.
In CloudFront what happens when content is NOT present at an Edge location and a request is made to it? a) An Error 404 not found is returned b) CloudFront delivers the content directly from the origin server & stores it in the cache of the edge location c) The request is kept on hold till content is delivered to the edge location d) The request is routed to the next closest edge location
b) CloudFront delivers the content directly from the origin server & stores it in the cache of the edge location
In ClodFront what happens when content is NOT present at an Edge location and a request is made to it? a) An Error 404 not found is returned b) CloudFront delivers the content directly from the origin server and stores it in the cache of the edge location c) The request is kept on hold till content is delivered to the edge location d) The request is routed to the next closest edge location
b) CloudFront delivers the content directly from the origin server and stores it in the cache of the edge location
You need to monitor the performance of your EC2 virtual servers (including metrics such as CPU Utilization, Disk IO etc.). What service would best suit this requirement? a) CloudTrail b) CloudWatch c) CloudMonitor d) CloudAudit
b) CloudWatch
SWF (Simple Workflow Service) is designed to help users... a) Manage user identification and authorization b) Coordinate synchronous and asynchronous tasks c) Secure their VPCs d) Store file based objects
b) Coordinate synchronous and asynchronous tasks
You are a developer at a fast growing start up. Traditionally you have been using the root account to log in to the AWS console but as you have taken on more staff, to prevent dangerous mistakes you will now need to stop sharing the root account. What should you do so that everyone can access the AWS resources? (select 2) a) Create an additional AWS root account for each new user. b) Create individual user accounts with minimum necessary rights and tell the staff to log in to the console using the credentials provided. c) Create a customized sign in link such as yourcompany.signin.aws.amazon.com/console for your new users to use to sign in with. d) Give your users the root account credentials so that they can also sign in.
b) Create individual user accounts with minimum necessary rights and tell the staff to log in to the console using the credentials provided. c) Create a customized sign in link such as yourcompany.signin.aws.amazon.com/console for your new users to use to sign in with.
What database would you use to migrate databases from Oracle to MySQL? a) RDS b) DMS c) Redshift d) Elasticache
b) DMS (Database Migration Service)
Which is an operational process performed by AWS for data security? a) AES 256 bit encryption of data stored on any shared storage device b) Decommissioning of storage device using industry-standard practices c) Background virus scans of EBS volumes and EBS snapshots d) Replication of data across multiple geographic regions e) Secure wiping of EBS volumes when they are un-mounted
b) Decommissioning of storage device using industry-standard practices
If I want to run a database on an EC2 instance, which is the most recommended Amazon storage option? a) RDS b) EBS c) S3 d) Glacier
b) EBS
What AWS service is effectively a NAS in the cloud, allowing you to connect it to multiple EC2 instances at once? a) EBS b) EFS c) SQS d) SNS
b) EFS (Elastic File System)
Which of the services could spread across Multi-AZ? (Choose 2) a) EC2 b) ELB c) RDS d) Dynamo DB e) EBS
b) ELB c) RDS
There is a limit to the number of domain names that you can manage using Route 53. a) True. There is a hard limit of 10 domain names. b) False. There is a soft limit of 50 domain names however this limit can be raised by contacting AWS. c) False. There is no limit of domain names.
b) False. There is a soft limit of 50 domain names however this limit can be raised by contacting AWS.
What happens to data when an EC2 instance terminates? (Choose 3) a) For EBS backed AMI, the EBS volume with operation system on it is preserved b) For EBS backed AMI, any volume attached other than the OS volume is preserved c) All the snapshots for the EBS volume with operating system is preserved d) For S3 backed AMI, all the data in the local (ephemeral) hard drive is deleted e) For instance store-backed EC2 the data is lost when the instance is rebooted
b) For EBS backed AMI, any volume attached other than the OS volume is preserved c) All the snapshots for the EBS volume with operating system is preserved d) For S3 backed AMI, all the data in the local (ephemeral) hard drive is deleted
Your company has decided to set up a new AWS account for test and dev purposes. They already use AWS for production, but would like a new account dedicated for test and dev so as to not accidentally break the production environment. You launch an exact replica of your production environment using a cloudformation template that your company uses in production. However cloudformation fails. You use the exact same CloudFormation template in production so the failure is something to do with your new AWS account. The CloudFormation template is trying to launch 60 new EC2 instances in a single availability zone. After some research you discover that the problem is; a) For all new AWS accounts there is a soft limit of 20 EC2 instances per availability zone. You should submit the limit increase form and retry the template after your limit has been increased. b) For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the limit increase form and retry the template after your limit has been increased. c) You cannot launch more than 20 instances in your default VPC, instead reconfigure the CloudFormation template to provision the instances in a custom VPC. d) Your CloudFormation template is configured to use the parent account and not the new account. Change the account number in the CloudFormation template and relaunch the template.
b) For all new AWS accounts there is a soft limit of 20 EC2 instances per region. You should submit the limit increase form and retry the template after your limit has been increased.
What are the characteristics of Dynamo DB (Choose 3) a) It is used for SQL databases like MsSQL, MySQL, Oracle b) Gives you a fast and predictable performance with seamless scalability c) It is a managed service provided by AWS d) When reading data from Amazon DynamoDB, users can specify whether they want the read to be eventually consistent or strongly consistent e) There is a limit of stored data or throughput of data
b) Gives you a fast and predictable performance with seamless scalability c) It is a managed service provided by AWS d) When reading data from Amazon DynamoDB, users can specify whether they want the read to be eventually consistent or strongly consistent
What are the characteristics of Elastic Beanstalk (Choose 2) a) You can use it to replace an instance in the ELB when it fails its health check b) Helps you quickly deploy and manage applications in the AWS cloud c) It creates a template for your EC2 instances d) You don't need to worry about the infra required to run your application
b) Helps you quickly deploy and manage applications in the AWS cloud d) You don't need to worry about the infra required to run your application
What happens to the I/O operations while you take a database snapshot/backup? a) Nothing b) I/O operations to the database are suspended for the duration of the snapshot if it is a single AZ RDS instance c) I/O operations to the database are sent to a Secondary instance of a Multi-AZ installation (for the duration of the snapshot) d) I/O operations will be functioning normally
b) I/O operations to the database are suspended for the duration of the snapshot if it is a single AZ RDS instance
You need to create new users to access AWS console and to set password rotation policies for these new users. Which AWS service would best fir your requirements? a) Directory Services b) IAM c) Inspector d) Key Management Service
b) IAM (Identity Access Management)
Amazon Glacier is designed to (Choose 2) a) Active database storage b) Infrequently accessed data c) Data archives d) Frequently accessed data e) Cached session data
b) Infrequently accessed data c) Data archives
What are the characteristics of a reserved instance? (Choose 3) a) It can be applied across regions b) It save you significant money over on-demand instance c) You can shut down the reserved instance any time you want and the hourly charges wont incur for the shutdown hours d) If your AMI changes the Reserved instance is still valid if it's the same instance type e) You pay a fixed amount of money irrespective of the number of hours you used the instance for
b) It save you significant money over on-demand instance c) You can shut down the reserved instance any time you want and the hourly charges won't incur for the shutdown hours d) If your AMI changes the Reserved instance is still valid if it's the same instance type
You are a systems administrator and you need to monitor the health of your production environment. You decide to do this using Cloud Watch, however you notice that you cannot see the health of every important metric in the default dash board. Which of the following metrics do you need to design a custom cloud watch metric for, when monitoring the health of your EC2 instances? a) CPU usage b) Memory usage c) Disk read operations d) Network in
b) Memory usage
What are the benefits of Multi-AZ RDS deployments? (Choose 2) a) You get a read-replica b) More availability during the maintenance window c) Automatic failover in case of one data center failure d) More IOPS available for data throughput e) You get more privileges to manage your database
b) More availability during the maintenance window c) Automatic failover in case of one data center failure
Can I delete a snapshot of an EBS Volume that is used as the root device of a registered AMI? a) Yes b) No c) Only via the CLI d) Only using the AWS API
b) No
Can I move a reserved instance from one region to another? a) Yes b) No c) Only in the US d) Depends on the region
b) No
Can a placement group be deployed across multiple Availability Zones? a) Yes b) No c) Only in us-east-1 d) Yes, but only using the AWS API
b) No
Can you attach an EBS volume to more than one EC2 instance at the same time? a) Yes b) No c) If that EC2 volume is part of an AMI d) Depends on which region
b) No
In RDS when using Multi-AZ, can you use the secondary database as an independent read node? a) Yes b) No c) Depends on how you set it up d) Only in us-west-1
b) No
By default when you create a new user in the IAM console, what level of access do they have? a) Read Only access to all AWS services. b) No access to all AWS services. c) Administrator access to all AWS services. d) Power User access to all AWS services.
b) No access to all AWS services.
S3 has eventual consistency for which HTTP Methods? a) PUTS of new objects and DELETES b) Overwrite PUTS and DELETES c) PUTS of new objects and UPDATES d) UPDATES and DELETES
b) Overwrite PUTS and DELETES
You need a service to aggregate your data from multiple data sources (such as S3, DynamoDB, RDS etc.) and then provide some business intelligence based on this data. What AWS service would best fit? a) Spice b) Quick Sight c) CloudOracle d) CloudViewer
b) Quick Sight
What does RRS stand for when talking about S3? a) Relational Reaction Storage b) Reduced Redundancy Storage c) Regional Rights Storage d) Redundancy Reduced System
b) Reduced Redundancy Storage
You run a popular photo sharing website that is based off S3. You generate revenue from your website via paid for adverts, however you have discovered that other websites are linking directly to the images on your site, and not to the HTML pages that serve the content. This means that people are not seeing your adverts and every time a request is made to S3 to serve an image it is costing your business money. How could you resolve this issue? a) Use CloudFront to serve the static content. b) Remove the ability for images to be served publicly to the site and then use signed URL's with expiry dates. c) Use security groups to blacklist the IP addresses of the sites that do this. d) Use EBS rather than S3 to store the content.
b) Remove the ability for images to be served publicly to the site and then use signed URL's with expiry dates.
You are running an ERP application on EC2 for your company that runs 24x7 and the load is predictable and constant throughout the year. Which is the most cost-efficient option for the EC2 purchase model in this case? a) On-Demand b) Reserve c) Dedicated d) Spot e) EC2 is not the right choice here
b) Reserve
What is the difference between a security group in VPC and a network ACL in VPC? (Choose 3) a) Security group restricts access to a subnet while ACL restricts traffic to EC2 b) Security groups restricts access to EC2 while ACL restricts traffic to a subnet c) Security group can work outside the VPC also while ACL only works within a VPC d) Network ACL performs stateless filtering and Security group provides stateful filtering e) Security group can only set allow rule, while ACL can set deny rule also
b) Security groups restricts access to EC2 while ACL restricts traffic to a subnet d) Network ACL performs stateless filtering and Security group provides stateful filtering e) Security group can only set allow rule, while ACL can set deny rule also
You have a client who is considering moving to AWS services and do not yet have an account. What is the first thing the company should do to set up an AWS account? a) Set up an account using Cloud Search. b) Set up an account using their company email address. c) Set up an account via SQS. d) Set up an account via SNS.
b) Set up an account using their company email address.
What does Amazon SES stand for? a) Software Enabled Server b) Simple Email Service c) Simple Elastic Server d) Software Email Solution
b) Simple Email Service
An instance is connected to an ENI (Elastic Network Interface) in one subnet. What happens when you attach an ENI of a different subnet to this instance? a) The instance follows the rules of the older subnet b) The instance follows the rules of both the subnets c) The instance follows the rules of the newer subnet d) Not possible cannot be connected to 2 ENIs
b) The instance follows the rules of both the subnets
You are deploying an app on EC2 that must call AWs APIs. WHat method of securely passing credentials to the app should you use? a) Store API credentials as an object in Amazon S3 b) Use AWS identity and access management roles for EC2 instance c) Pass API credentials to the instance using instance user data d) Embed the API credential into your jar file
b) Use AWS identity and access management roles for EC2 instance
What is a VPC? a) Virtual Public Compute b) Virtual Private Cloud c) Virtual Public Cloud d) Virtual Private Compute
b) Virtual Private Cloud
How do you ensure that the data has been saved properly in S3? a) Every S3 account has a predefined bucket where the logs are stored b) When processing a request to store data, the service will redundantly store your object across multiple facilities before returning SUCCESS c) You can see the HTTP success code in the logs d) Using a combination of Content-MD5 checksums
b) When processing a request to store data, the service will redundantly store your object across multiple facilities before returning SUCCESS
When you create a new user, that user: a) Will be able to log in to the console anywhere in the world, using their access key ID and secret access key. b) Will be able to interact with AWS using their access key ID and secret access key, using the API, CLI or AWS SDK's. c) Will only be able to log in to the console in the region in which that user was created. d) Will be able to log in to the console only after MFA is enabled on their account.
b) Will be able to interact with AWS using their access key ID and secret access key, using the API, CLI or AWS SDK's.
Does S3 provides read-after-write consistency? a) Yes, not all regions b) Yes, for all regions c) No, it doesn't provide read-after-write consistency d) You can provision this by making the right API calls
b) Yes, for all regions
A startup co hired you to help them build a mobile application, that will ultimately store billions of images and videos in Amazon Simple Storage double their current installation base every 6 months, due to the nature of their business, they are expecting sudden and large increase in traffic to and from S3, and need to ensure that it can handle the performance need of their applications. What other information must you gather from this customer in order to determine whether S3 is the right option? a) You must know how many customers the company has today, because this critical in understanding what their customer base will be in two years b) You must find out total number of requests per second at peak large c) You must know the size individual objects being written to S3, in order to properly design they key namespace d) In order to build the key namespace correctly, you must understand the total amount of storage needs for each S3 bucket
b) You must find out total number of requests per second at peak large
You are a solutions architect working for a large engineering company who are moving their existing legacy hardware to AWS. You have configured their first AWS account and you have set up IAM. Your company will be primarily based in Andorra, however they will have a small subsidiary operating out of South Korea and you will need an AWS environment configured there as well. Which of the following statements is true: a) You will need to configure users and policy documents for each region respectively. b) You will need to configure users and policy documents only once, as these are applied globally. c) You will need to configure your users regionally, however your policy documents are global. d) You will need to configure your policy documents regionally, however your users are global.
b) You will need to configure users and policy documents only once, as these are applied globally.
elastic block storage
block level storage for use with EC2 instances allowing the install of different file system
An application requires OS privileges on a database host. Which one is best choice of High Available DB? a. Amazon EC2 instances in a replication configuration utilizing a single AZ b. A standalone Amazon EC2 instance c. Amazon EC2 instances in a replication configuration utilizing two different AZ d. Amazon RDS in a Multi-AZ configuration
c
An organization has established an Internet-based VPN connection between their on-premises data center and AWS. They are considering migrating from VPN to AWS DirectConnect. Which operational concern should drive an organization to consider switching from an Internet-based VPN connection to AWS DirectConnect? a. AWS DirectConnect provides greater redundancy than an Internet-based VPN connection. b. AWS DirectConnect provides greater resiliency than an Internet-based VPN connection. c. AWS DirectConnect provides greater bandwidth than an Internet-based VPN connection. d. AWS DirectConnect provides greater control of network provider selection than an Internet-based VPN connection.
c
EC2 EBS-backed (EBS root) instance is stopped, what happens to the data on any ephemeral store volumes? a. Data is automatically saved in an EBS volume. b. Data is unavailable until the instance is restarted. c. Data will be deleted and will no longer be accessible. e. Data is automatically saved as an EBS snapshot.
c
EC2 instances are launched from Amazon Machine Images (AMI). An AMI can a. Be used to launch EC2 instances in any AWS region b. Only launch EC2 instances in the same Country as the AMI is stored c. Only launch EC2 instances in the same AWS region as the AMI is stored d. Only launch EC2 instances in the same AWS AZ as the AMI is stored
c
The AWS platform consists of how many regions currently? a. 5 b. 10 c. 11 d. 12
c
To help manage your Amazon EC2 instances, you can assign you own metadata in the form of a. Wildcards b. Certificates c. Tags d. Notes
c
What is the underlying Hypervisor for EC2? a. Hyper-V b. ESX c. Xen d. OVM
c
Which of the following approaches provides the lowest cost for Amazon Elastic Block Store snapshots while giving you the ability to fully restore data? a. Maintain two snapshots: the original snapshot and the latest incremental snapshot. b. Maintain a volume snapshot; subsequent snapshots will overwrite one another c. Maintain a single snapshot the latest snapshot is both Incremental and complete. d. Maintain the most current snapshot, archive the original and incremental to Amazon Glacier.
c
Which of the following is part of the failover process for a Multi-Availability Zone Amazon Relational Database Service (RDS) instance? a. The failed RDS DB instance reboots. b. The IP of the primary DB instance is switched to the standby DB instance. c. The DNS record for the RDS endpoint is changed from primary to standby. d. A new DB instance is created in the standby availability zone.
c
An auto-scaling group spans 3 AZs and has 4 running EC2 instances. When auto-scaling needs to terminate an instance by default, autoscaling will (select 2): a. Allow >= 5mins for Windows/Linux shutdown scripts to complete before terminating b. Terminate the instance with the least active network connections c. Send an SNS notification if configured to do so d. Terminate an instance in the AZ which currently has 2 running instances e. Randomly select one of the 3 AZs and terminate an instance
c d
To be prepared for a security assessment, an organization should implement which two configuration management practices? Choose 2 answers a. Determine whether remote administrative access is performed securely. b. Verify that all Amazon Simple Storage Service (S3) bucket policies and ACLs correctly implement your security policies. c. Determine whether unnecessary users and services have been identified on all Amazon-published AMIs. d. Verify that AWS Trusted Advisor has identified and disabled all unnecessary users and services on your Amazon Elastic Compute Cloud (EC2) instances.
c d
How many geographically distinct data centers is DynamoDB spread across? a) 1 b) 2 c) 3 d) 4
c) 3
In RDS, what is the maximum value I can set for my backup retention period? a) 15 days b) 30 days c) 35 days d) 45 days
c) 35 days
How many VPCs am I allowed in each region by default? a) 1 b) 2 c) 5 d) 6
c) 5
What is the durability on RRS? a) 99.90% b) 99% c) 99.99% d) 100%
c) 99.99%
Power User Access allows... a) Full access to all AWS services and resources. b) Read Only access to all AWS services and resources. c) Access to all AWS services except for management of groups and users within IAM. d) Users to inspect the source code of the AWS platform.
c) Access to all AWS services except for management of groups and users within IAM.
You have a business critical application that requires it to be highly available with 6 instances always running. What should you do to achieve this (Choose 3) a) 2 EC2 in 3 regions with ELB on top b) 2 EC2 in 2 AZ with ELB on top c) AutoScaling rule for 6 instances always running d) Autoscaling rule for 3 instance always running in each zone e) AutoScaling Replace the lost capacity in case of zone failure in the other zone f) AutoScaling Replace the lost capacity in case of region failure in other region
c) AutoScaling rule for 6 instances always running d) Autoscaling rule for 3 instance always running in each zone e) AutoScaling Replace the lost capacity in case of zone failure in the other zone
You are a solutions architect who works with a large digital media company. The company has decided that they want to operate within the Japanese region and they need a bucket called "testbucket" set up immediately to test their web application on. You log in to the AWS console and try to create this bucket in the Japanese region however you are told that the bucket name is already taken. What should you do to resolve this? a) Change your region to Korea and then create the bucket "testbucket". b) Raise a ticket with AWS and ask them to release the name "testbucket" to you. c) Bucket names are global, not regional. This is a popular bucket name and is already taken. You should choose another bucket name. d) Run a WHO IS request on the bucket name and get the registered owners email address. Contact the owner and ask if you can purchase the rights to the bucket.
c) Bucket names are global, not regional. This is a popular bucket name and is already taken. You should choose another bucket name.
How do you achieve single sign on with AWS a) It is configurable in the IAM policies for the user b) By using Multi-factor authentication c) By using Active Directory and LDAP integration d) By configuring SAML 2.0 e) It is currently not possible in AWs
c) By using Active Directory and LDAP integration
Your company has deployed their production environment on AWS and now need to access this via a bastion host using Windows Remote Desktop protocol. What do you recommenced they do to achieve this? a) Install the bastion host in the office and then use it to connect in to the AWS environment. b) Create a bastion host in AWS in a private subnet and then open port 22 so that users can RDP in to that host. c) Create a bastion host in a public subnet and then open the RDP port up to the bastion security group. Lock the RDP protocol down so that only users with IP address ranges from your office can RDP in to this bastion host. d) Create a bastion host in a private subnet and then open the RDP port up to the bastion security group. Lock the RDP protocol down so that only users with IP address ranges from your office can RDP in to this bastion host.
c) Create a bastion host in a public subnet and then open the RDP port up to the bastion security group. Lock the RDP protocol down so that only users with IP address ranges from your office can RDP in to this bastion host.
What service is Amazon's No-SQL database service? a) RDS b) Elasticache c) DynamoDB d) Redshift
c) DynamoDB
What is the difference between Elastic Beanstalk and CloudFormation? a) Elastic Beanstalk is a monitoring tool to view the performance of your AWS resources, where as CloudFormation is an automated provisioning engine designed to deploy entire cloud environments via a JSON script. b) Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring based on the code you upload to it, where as CloudFormation is a security service designed to harden your cloud against an attack such as a DDoS c) Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring based on the code you upload to it, where as CloudFormation is an automated provisioning engine designed to deploy entire cloud environments via a JSON script. d) There is no difference between the two. Elastic Beanstalk was simply the code name used internally for CloudFormation, prior to the product being released.
c) Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring based on the code you upload to it, where as CloudFormation is an automated provisioning engine designed to deploy entire cloud environments via a JSON script.
As an application has increased in popularity, reports of performance issues have grown. The current configuration initiates scaling actions based on avg CPU utilization; however during reports of slowness, CloudWatch graphs have shown that avg CPU remains steady at 40%. This is well below the alarm threshold of 60%. Your developers have discovered that, due to the unique design of the app, performance degradation occurs on an instance when it is processing more than 200 threads. What is the best way to ensure that your app scales to match the demands? a) Launch two to six additional instances outside of the auto-scaling group to handle the additional load. b) Populate the custom CloudWatch metric for concurrent session and initiate scaling action based on that metric instead of CPU use. c) Empirically determine the expected CPU use for 200 concurrent session and initiate scaling action based on that metric instead of CPU use. d) Add a script to each instance to detect the number of concurrent sessions. If the number of session remains over 200 for five minutes, have the instance increased the desired capacity of the auto-scaling group by one.
c) Empirically determine the expected CPU use for 200 concurrent session and initiate scaling action based on that metric instead of CPU use.
For an EC2 instance launched in a private subnet in VPC, which of the following are the options for it to be able to connect to the internet (assume security groups have proper ports open)? a) Simply attach an elastic IP b) If there is also a public subnet in the same VPC, an ENI can be attached to the instance with the IP address range of the public subnet c) If there is a public subnet in the same VPC with a NAT instance attached to internet gateway, then a route can be configured from the instance to the NAT d) There is no way for an instance in private subnet to talk to the internet
c) If there is a public subnet in the same VPC with a NAT instance attached to internet gateway, then a route can be configured from the instance to the NAT
Select the incorrect statement. a) In Amazon VPC, an instance retains its private IP b) It is possible to have private subnets in VPC c) In Amazon VPC, an instance does NOT retain its private IP d) You may only have 1 IGW (internet gateway) per VPC
c) In Amazon VPC, an instance does NOT retain its private IP
Which of the following Auto Scaling cannot do? (Choose 3) a) Startup EC2 instances when the CPU utilization is above threshold b) Release EC2 instances when CPU utilization is below threshold c) Increase the instance size when utilization is above threshold d) Add more Relational Database Service (RDS) read replicas when utilization is above threshold e) Reboots an instance if the health check is failed for that instance
c) Increase the instance size when utilization is above threshold d) Add more Relational Database Service (RDS) read replicas when utilization is above threshold e) Reboots an instance if the health check is failed for that instance
What are the characteristics of CloudFormation (Choose 2) a) You can use it to replace an instance in the ELB when it fails its health check b) Helps you quickly deploy and manage applications in the AWS cloud c) It creates a template for your EC2 instance d) You don't need to worry about the infra required to run your applications
c) It creates a template for your EC2 instance d) You don't need to worry about the infra required to run your applications
What are the characteristics of EBS (Choose 3) a) You can attach one EBS volume to multiple EC2 instances b) Data in EBS is stored across multiple AZ for redundancy c) Maximum size of an EBS can be 16 TB d) You can have provisioned IOPS w/ your EBS volumes e) EBS behaves like raw unformatted block device
c) Maximum size of an EBS can be 16 TB d) You can have provisioned IOPS w/ your EBS volumes e) EBS behaves like raw unformatted block device
An AWS VPC is a component of which AWS service? a) Global Infrastructure b) Databases Service c) Networking Service d) Compute Service
c) Networking Service
Can an Amazon EBS root volume persist independently from the life of the EC2 instance? e.g. if I terminated an EC2 instance, would that EBS root volume remain? a) Yes b) No c) Only if instructed to when created d) Depends on which region the EC2 instance is provisioned in
c) Only if instructed to when created
You have written a CloudFormation template that creates 1 elastic load balancer fronting 2 EC2 instances. Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack? a) Resources b) Parameters c) Outputs d) Mappings
c) Outputs
A __________ is a document that provides a formal statement of one or more permissions. a) User b) Group c) Policy d) Role
c) Policy
How can software determine the public and private IP of the AWS EC2 instance that it is running on? a) Query the appropriate AWS CloudWatch metric b) Use ipconfig or ifconfig command c) Query the local instance metadata d) Query the local instance userdata
c) Query the local instance metadata
What AWS DB platform is most suitable for OLTP (Online Transaction Processing)? a) Elasticache b) DynamoDB c) RDS (Relational Database Service) d) Redshift
c) RDS (Relational Database Service)
What AWS service consists of the following database services: SQL, MySQL, MariaDB, PostgreSQL, Aurora, Oracle? a) Redshift b) DynamoDB c) RDS d) Kinesis
c) RDS (Relational Database Service)
In which of the following cases should you use SQS? (Choose 2 correct answers) a) Designing a business application which requires a lot of coordination between different tasks. b) Video encoding application where each video is encoded with a predefined number of steps. c) Receiving thousands of notifications from a process and add them to a queue d) Process a queue of messages where each message is a task that needs to be completed
c) Receiving thousands of notifications from a process and add them to a queue d) Process a queue of messages where each message is a task that needs to be completed
What AWS service is best used for Business Intelligence Tools/Data Warehousing? a) Elastic Beanstalk b) Elasticache c) Redshift d) DynamoDB
c) Redshift
What AWS service is used for business intelligence? a) Elastic Map Reduce b) Kinesis c) Redshift
c) Redshift
You run a meme creation website that frequently generates meme images. The original images are stored in S3 and the meta data about the memes are stored in DynamoDB. You need to store the memes themselves in a low cost storage solution. If an object is lost, you have created a Lambda function that will automatically recreate this meme using the original file in S3 and the metadata in DynamoDB. Which storage solution should you consider to store this non-critical, easily reproducible data on in the most cost effective solution as possible? a) S3 b) S3 - IA (Infrequently Accessed Storage) c) S3 - RRS (Reduced Redundancy Storage) d) Glacier
c) S3 - RRS (Reduced Redundancy Storage)
You work for a major news network in Europe. They have just released a new app which allows users to report on events as and when they happen using their mobile phone. Users are able to upload pictures from the app and then other users will be able to view these pics. Your organization expects this app to grow very quickly, essentially doubling it's user base every month. The app uses S3 to store the media and you are expecting sudden and large increases in traffic to S3 when a major news event takes place (as people will be uploading content in huge numbers). You need to keep your storage costs to a minimum however and it does not matter if some objects are lost. Which storage media should you use to keep costs as low as possible? a) S3 b) S3 - IA (Infrequently Accessed Storage) c) S3 - RRS (Reduced Redundancy Storage) d) Glacier
c) S3 - RRS (Reduced Redundancy Storage)
What is the difference between SNS and SQS? a) SQS sends messages to people on topics, where as SNS manages tasks b) SNS pulls (polls) where as SQS is push based message service c) SNS is push notification service, where as SQS is message system that requires worker nodes to poll the queue d) SQS and SNS are basically the same service
c) SNS is push notification service, where as SQS is message system that requires worker nodes to poll the queue
What application service allows you to decouple your infrastructure using messaged based queues? a) SNS b) SWF c) SQS d) SES
c) SQS (Simple Queue Service)
What does S3 stand for? a) Simple SQL Service b) Simple Serial Sequence c) Simple Storage Service d) Straight Storage Service
c) Simple Storage Service
Which of the following is a petabyte scale data transfer solution? a) SQS b) Avalanche c) Snowball d) SWF
c) Snowball
To help you manage your Amazon EC2 instances you can assign your own metadata in the form of a) Wildcards b) Certificates c) Tags d) Notes
c) Tags
You configured ELB to perform health checks on EC2 instances. If an instance fails to pass health checks, which statement will be true? a) The instance is replaced automatically by the ELB b) The instance gets terminated automatically by the ELB c) The ELB stops sending traffic to the instance that failed its health check d) The instance gets quarantined by the ELB for the root cause analysis
c) The ELB stops sending traffic to the instance that failed its health check
What kind of data should not be stored in S3? (Choose 3) a) Images and videos b) Static files for your site c) Your website database d) Notifications from a computer program e) Static files that are accessed once in many years
c) Your website database d) Notifications from a computer program e) Static files that are accessed once in many years
A_____is the concept of allowing (or disallowing) an entity such as a user, group, or role some type of access to one or more resources a. user b. AWS Account c. resource d. Permission
d
Amazon RDS does not currently support increasing storage on a ___ DB instance. a. MySQL b. Aurora c. Oracle d. MSSQL
d
Auditing user access/API calls, etc., across the entire AWS estate can be achieved using a. CloudFront b. CloudWatch c. CloudFlare d. CloudTrail
d
For the EBS volumes, which has the following disadvantage : 'Doubles the amount of I/O required from the instance to EBS compared to RAID 0, because you're mirroring all writes to a pair of volumes, limiting how much you can stripe. a. Raid 0 b. Raid 1+0 [Raid 10] c. Raid 1 d. Raid 5
d
If I want to run a database on an EC2 instance, which is the most recommended Amazon storage option? a. RDS b. S3 c. Glacier d. EBS
d
In S3 with RRS the availability is a. 99.999999999% b. 100% c. 99% d. 99.99%
d
In S3, what does RRS stand for? a. Relational Reduced Storage b. Reactive Replicating Storage c. Reduced Replication Storage d. Reduced Redundancy Storage
d
What are the 4 level of AWS premium support? a. It's an IAAS platform, there sis no support b. Free, Bronze, Silver, Gold c. Basic, Startup, Business, Enterprise d. Basic, Developer, Business, Enterprise
d
What does EBS stand for? a. Energetic Block Storage b. Elastic Based Storage c. Equal Block Storage d. Elastic Block Storage
d
What is the maximum response time for a Business Level Premium support case? a. 1 day b. 12 hrs c. 15 mins d. 1 hr
d
What types of RDS databases are currently available a. Aurora, MySQL, MSSQL, Cassandra b. PostGres, Cassandra, MongoDB, Aurora c. Oracle, MSSQL, MySQL, Cassandra d. Oracle, MSSQL, MySQL, Postgres
d
When an EC2 instance that is backed by an S3-based AMI is terminated, what happens to the data on the root volume? a. Data is automatically saved as an EBS snapshot. b. Data is automatically saved as an EBS volume. c. Data is unavailable until the instance is restarted. d. Data is automatically deleted.
d
Which feature support optimize performance for a compute cluster that requires low inter-node latency? a. Multiple Availability Zones b. AWS Direct Connect c. EC2 Dedicated Instances d. Placement Groups e. VPC private subnets
d
Which procedure for backing up a relational database on EC2 that is using a set of RAlDed EBS volumes for storage minimizes the time during which the database cannot be written to and results in a consistent backup? a. 1. Detach EBS volumes, 2. Start EBS snapshot of volumes, 3. Re-attach EBS volumes b. 1. Stop the EC2 Instance. 2. Snapshot the EBS volumes c. 1. Suspend disk I/O, 2. Create an image of the EC2 Instance, 3. Resume disk I/O d. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Resume disk I/O e. 1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Wait for snapshots to complete, 4. Resume disk I/O
d
Which statement best describes Availability Zones a. Content distribution network which is used to distribute content to users b. A restricted area designed specifically for creating VPCs c. Two zones containing compute resources that are designed to maintain synchronized copies of data within each other d. Distinct locations from within an AWS region that are engineered to be isolated from failures
d
You are putting together a wordpress site for a local charity and you are using a combination of Route53, Elastic Load Balancers, EC2 & RDS. You launch your EC2 instance, download wordpress and setup the configuration files connection string so that it can communicate to RDS. When you browse to your URL however, nothing happens. Which of the following could NOT be the cause of this. a. You have forgotten to open port 80/443 on your security group in which the EC2 instance is placed. b. Your elastic load balancer has a health check which is checking a webpage that does not exist, therefore your EC2 instance is not in service. c. You have not configured an ALIAS for your A record to point to your elastic load balancer d. You have locked port 22 down to your specific IP address therefore users cannot access your site using HTTP/HTTPS
d
You are working with a customer who has 10 TB of archival data that they want to migrate to Glacier. The customer has a 1-Mbps connection to the internet. Which service or feature provides the fastest method of getting data into Amazon Glacier? a. Glacier multipart upload b. AWS Storage Gateway c. VM Import/Export d. AWS Import/Export
d
What is the minimum file size that I can store on S3? a) 1 KB b) 1 MB c) 1 GB d) 0 bytes
d) 0 bytes
How long is the retention period for SWF (Simple Workflow Service)? a) 1 day b) 1 month c) 6 months d) 1 year
d) 1 year
How many hours is the message visibility time out window for SQS (Simple Queue Service)? a) 2 hours b) 6 hours c) 8 hours d) 12 hours
d) 12 hours
The AWS platform consists of how many regions currently? a) 10 b) 11 c) 12 d) 13
d) 13
MySQL installations default to port number... a) 1433 b) 3389 c) 80 d) 3306
d) 3306
How many Read Replicas of a database can be made? a) 1 b) 3 c) 4 d) 5
d) 5
You have been tasked with creating a VPC network topology for your company. The VPC network must support both internet facing application and internally facing application accessed only over VPN. Both internet facing and internally facing applications must be able to leverage at least 3 AZs for high availability. At a min, how many subnets must you create within your VPC to accommodate these requirements? a) 2 b) 3 c) 4 d) 6
d) 6
What does "domain" refer to in Amazon SWF (Simple Workflow Service)? a) A security Group in which only tasks inside can initiate b) A special type of worker c) The DNS record for the Amazon SWF service d) A collection of related workflows
d) A collection of related workflows
What does an AWS Region consist of? a) A console that gives you a quick, global picture of your cloud computing environment. b) A collection of databases that can only be accessed from a specific geographic region. c) A collection of data centers that is spread evenly around a specific continent. d) A distinct location within a geographic area designed to provide high availability to a specific geography.
d) A distinct location within a geographic area designed to provide high availability to a specific geography.
How do you point apex record of your website (example.com) to the public DNS of the Elastic Load Balancer a) A record b) CName record c) AAAA record d) Alias e) NS record
d) Alias
Which is NOT a feature of IAM? a) Centralized control of your AWS account b) Integrates with existing active directory account allowing single sign on c) Fine-grained access to control to AWS resources d) Allows you to setup biometric authentication, so that no passwords are required
d) Allows you to setup biometric authentication, so that no passwords are required
Which of the following is a durable key-value store? a) Amazon SNS b) Amazon SQS c) Amazon SWS d) Amazon S3
d) Amazon S3
What happens when you create a topic on Amazon SNS? a) The topic will terminate your EC2 instance without a tag. b) You can create a topic on Amazon SQS not on SNS. c) You cannot create a topic on SNS. d) An Amazon Resource Name is created.
d) An Amazon Resource Name is created.
What action is required to establish an VPC VPN connection between an on-premise data center and Amazon VPC virtual private gateway a) Established a dedicated network connection using AWS direct connect b) Modify the main route table to allow traffic to a network address translation instance c) Use a dedicated network address translation instance in the public subnet d) Assign a static internet routable IP address to Amazon VPC customer gateway
d) Assign a static internet routable IP address to Amazon VPC customer gateway
You have an Amazon VPC with a public subnet. 3 Amazon EC2 instances currently running inside the subnet can successfully communicate with other hosts on the internet. You launch a 4th instance in the same subnet, using the same AMI and security group config, you used for others, but find that this instance cannot be accessed from the internet. What should you do to enable internet access? a) Deploy a NAT instance into the public subnet b) Modify the routing table for the public subnet c) Config a publically routable IP address in the host OS of the 4th instance d) Assign an elastic IP address to the 4th instance
d) Assign an elastic IP address to the 4th instance
What are the four levels of AWS premium support? a) It's an IaaS platform, there is no support b) Free, Bronze, Silver, Gold c) Basic, Startup, Business, Enterprise d) Basic, Developer, Business, Enterprise
d) Basic, Developer, Business, Enterprise
You want to use Route53 to direct your www sub-domain to an elastic load balancer fronting your web servers. What kind of record set should you create? a) A b) AAAA c) NS d) CNAME
d) CNAME
Which of the following requires a custom CloudWatch metric to monitoring? a) Disk usage activity of the ephemeral volumes of an Amazon EC2 instance b) CPU Utilization of an Amazon EC2 instance c) Disk usage activity of an EBS volume attached to an EC2 instance d) Disk full percentage of an Elastic Block store volume
d) Disk full percentage of an Elastic Block store volume
Which statement best describes an Availability Zone? a) Content distribution network which is used to distribute content to users. b) A restricted area designed specifically for creating virtual private clouds. c) Two zones containing compute resources that are designed to automatically maintain synchronized copies of data with each other. d) Distinct locations from within an AWS region that are engineered to be isolated from failures.
d) Distinct locations from within an AWS region that are engineered to be isolated from failures.
What AWS service is best suited for non-relational databases? a) RDS b) Redshift c) Elasticache d) DynamoDB
d) DynamoDB
Which AWS compute service is specifically designed to assist you in processing large data sets? a) Big Data Processing b) Elasticache c) EC2 d) Elastic Map Reduce
d) Elastic Map Reduce
You are a digital media agency and you need to convert your media files in to different formats to suit different devices. Which AWS service should you consider using to meet these needs? a) Appstream b) SQS c) SWF d) Elastic Transcoder
d) Elastic Transcoder
To protect S3 data from accidental deletion and overwiritng you should... a) Disable S3 delete using an IAM bucket policy b) Access S3 data only using signed URLs c) Enable S3 reduced redundancy storage d) Enable S3 versioning on the bucket e) Enable MFA protected access
d) Enable S3 versioning on the bucket
Which AWS service would be the best choice for long term data archival? a) S3 b) CloudFront c) EFS d) Glacier
d) Glacier
You work for a health insurance company who collects large amounts of documents regarding patients health records. This data will be used usually only once when assessing a customer and will then need to be securely stored for a period of 7 years. In some rare cases you may need to retrieve this data within 24 hours of a claim being lodged. Which storage solution would best suit this scenario? You need to keep your costs as low as possible. a) S3 b) S3 - IA (Infrequently Accessed Storage) c) S3 - RRS (Reduced Redundancy Storage) d) Glacier
d) Glacier
You have an Amazon EC2 security group with several running EC2 instances. You change the security group rules to allow inbound traffic on a new port and protocol, and launch several new instance in the same security group. The new rule apply: a) Immediately to the new instances only b) Immediately to the new instances only, but old instance must be stopped and restarted before the new rule apply c) TO all instances, but it may take several minutes for old install to see the changes. d) Immediately to all instances in the security group
d) Immediately to all instances in the security group
Which AWS service allows you to run code without having to worry about provisioning any underlying resources (such as virtual machines, databases etc.)? a) EC2 b) EC2 Container Service c) DynamoDB d) Lambda
d) Lambda
You notice that you are not able to access your EC2 linux instance using SSH. What should you check first? a) Make sure that the patches are up to date on the instance b) Make sure that port 22 is open on the subnet for incoming traffic c) Make sure that port 22 is open on the subnet for outgoing traffic d) Make sure that port 22 is open on the security group for the incoming traffic e) Make sure that port 22 is open on the security group for outgoing traffic
d) Make sure that port 22 is open on the security group for the incoming traffic
In reviewing the auto scaling events for your app you notice that your appl is scaling up and down multiple times in the same hour. What design choice could you make to optimize for cost while preserving elasticity? (Choose 2) a) Modify the auto-scaling group termination policy to terminate the oldest instance first b) Modify the auto scaling to use scheduled scaling actions c) Modify the auto scaling group termination policy to terminate the newest instance first d) Modify the Amazon CloudWatch alarm period that trigger your auto scaling scale down policy e) Modify the auto scaling group cool-down timers.
d) Modify the Amazon CloudWatch alarm period that trigger your auto scaling scale down policy e) Modify the auto scaling group cool-down timers.
Which of the following is NOT true about SNS (Simple Notification Service)? a) Instantaneous, push based delivery b) Flexible message delivery over multiple transport protocols c) Inexpensive, pay-as-you-go model with no up-front costs d) Notifications have retention period of 30 days
d) Notifications have retention period of 30 days
Which of the following is NOT a component of IAM? a) Roles b) Users c) Groups d) Organizational Units
d) Organizational Units
You're running an application on an EC2 and now you want to add another EC2 for your application that requires a high bandwidth connect with the existing EC2. Where should you launch your EC2 in this case? a) VPC b) Public Subnet c) Private Subnet d) Placement Group e) Availability Zone
d) Placement Group
What does RRS stand for when talking about S3? a) Redundancy Removal System b) Relational Rights Storage c) Regional Rights Standard d) Reduced Redundancy Storage
d) Reduced Redundancy Storage
Amazon's highly scalable DNS service is known as... a) CloudTrail b) Directory Service c) Elastic Map Reduce d) Route 53
d) Route 53
Where would be a durable place to store flat files on the AWS platform? a) Kinesis b) CloudFront Edge Locations c) SQS d) S3
d) S3 (Simple Storage Service)
You need to enable a way so that your system administrators can receive notifications for events that happen on your AWS environment (such as alarms etc.), what service should you use? a) Cognito b) Device Farm c) Mobile Hub d) SNS
d) SNS (Simple Notification Service)
You are doing a large data analysis which requires high computing power and many instances to be launched simultaneously and then to be retired after the analysis. If the instance is retired during the analysis, the program automatically shifts the analysis to the other instance. Which is the most cost-efficient option for launching the EC2 in this case? a) On-Demand b) Reserved c) Dedicated d) Spots e) EC2 is not the right choice here
d) Spots
You have an app running in US-West-2 that requires 6 Amazon EC2 instances running at all the times. With 3 AZs available in that Region (US-West-2a, US-West-2b, US-West-2c) which of the following deployments provides 100% fault tolerance if any single AZ in US-West-2 becomes unavailable? (Choose 2) a) US-West-2a with 2 EC2 instances, US-West-2b with 2 EC2 instances, US-West-2c with 2 EC2 instances b) US-West-2a with 3 EC2 instances, US-West-2b with 3 EC2 instances, US-West-2c with no EC2 instances c) US-West-2a with 4 EC2 instances, US-West-2b with 2 EC2 instances, US-West-2c with 2 EC2 instances d) US-West-2a with 6 EC2 instances, US-West-2b with 6 EC2 instances, US-West-2c with no EC2 instances e) US-West-2a with 3 EC2 instances, US-West-2b with 3 EC2 instances, US-West-2c with 3 EC2 instances
d) US-West-2a with 6 EC2 instances, US-West-2b with 6 EC2 instances, US-West-2c with no EC2 instances e) US-West-2a with 3 EC2 instances, US-West-2b with 3 EC2 instances, US-West-2c with 3 EC2 instances
What is the best way of taking a fast snapshot without losing the consistency? a) Stop the EC2, issue a snapshot command, Switch on the EC2 b) Stop the EC2, issue a snapshot command, and wait to complete the snapshot, remount EBS c) Just issue the snapshot command d) Unmount EBS, issue snapshot command, remount e) Unmount EBS, take snapshot, wait to complete the snapshot, remount EBS
d) Unmount EBS, issue snapshot command, remount
What are the two permission types used by AWS? a) Resource based and Product based b) Product based and Service based c) Service based d) User based and Resource based
d) User based and Resource based
You are a security administrator working for a hotel chain. You have a new member of staff who has started as a systems administrator and they will need full access to the AWS console. You have created the user account and generated the access key id and the secret access key. You have moved this user into the group where the other administrators are and you have provided the new user with their secret access key and their access key id. However when they go to log in to the AWS console, they cannot sign in. What could be the cause of this? a) You have not applied the "log in from console" policy document to the user. You must apply this first so that they can log in. b) Your user is trying to log in from the AWS console from outside the corporate network. This is not possible. c) You have not yet activated MFA for the user, so by default they will not be able to log in. d) You cannot log in to the AWS console using the Access Key ID and Secret Access Key, instead you must generate a password for the user and supply the user with this password, as well as the unique link to sign in to the AWS console.
d) You cannot log in to the AWS console using the Access Key ID and Secret Access Key, instead you must generate a password for the user and supply the user with this password, as well as the unique link to sign in to the AWS console.
You work in the genomics industry and you process large amounts of genomic data using a nightly Elastic Map Reduce (EMR) job. This job processes a single 3 Tb file which is stored on S3. The EMR job runs on 3 on-demand core nodes and four on-demand task nodes. The EMR job is now taking longer than anticipated and you have been asked to advise how to reduced the completion time? a) Use four Spot Instances for the task nodes rather than four On-Demand instances. b) Configure an independent VPC in which to run the EMR jobs and then mount EFS as an independent volume for your core nodes. c) Store the file on Elastic File Service instead of S3 and then mount EFS as an independent volume for your core nodes. d) You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once.
d) You should reduce the input split size in the MapReduce job configuration and then adjust the number of simultaneous mapper tasks so that more tasks can be processed at once.
You have a business-critical two-tier web app currently deployed in two AZs in a single region, using ELB and autoscaling. The app depends on synchronous replication (very low latency connectivity) at the data layer. The app needs to remain fully avail even if one app AZ goes off-line, and autoscaling cannot launch new instance in the remaining AZ, how can the current architecture be enhanced to ensure this? a) Deploy in 3 AZ, with autoscaling min set to handle 33% peak load per zone b) Deploy in 2 regions using Weighted ROund Robin (WRR), with autoscaling min set for 50% c) Deploy in 2 regions using Weighted ROund Robin (WRR), with autoscaling min set for 100% d)Deploy in 3 AZ, with autoscaling min set to handle 50% peak load per zone
d)Deploy in 3 AZ, with autoscaling min set to handle 50% peak load per zone
s3 bucket ACL
defines what accounts or groups are allowed access and the type of access
Artifacts
documentation in console compliance reports / ISO certs
API Gateway
door, create, publish, monitor APIs .- apps to access backend requests
Which of the following will provide the maximum IOPS for your EC2? a) Instance based SSD storage b) EBS with SSD storage c) EBS with provisioned IOPS d) Stripe data across Multiple EBS volumes with Raid 5 e) Stripe data across Multiple EBS volumes with Raid 0
e) Stripe data across Multiple EBS volumes with Raid 0
What is IAM?
enables you to manage access to AWS services and resources securely. You can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.
EFS Elastic File System -
file-based and can be shared with other VMs (databases, applications)
Regions
geography - at least two availability zones
command to add codecommit remote URL
git remote add aws https://git-codecommit.<region>.amazonaws.com/v1/repos/<repoName>
P2
graphics, machine learning
G2
graphics, video encoding, 3d application streaming
I2
high speed storage, noSQL db, data warehousing
How do you access instance metadata?
http://169.254.169.254/latest/meta-data
What is the meta-data URL?
http://169.254.169.254/latest/meta-data
URL for a static website hosted in a bucket named maddie in us-east-1
http://maddie.s3-website-us-east-1.amazonaws.com
By definition a public subnet within a VPC is one that;
in it's routing table it has at least one route that uses an internet gateway.
Amazon RDS
makes it easy to set up, operate, and scale a relational database in the cloud.
Web hosting service
on demand provisioning, scalable, testing fleets (data and environment), simulate user traffic
Hypervisors
or virtual machine monitor is computer software, firmware or hardware that creates and runs virtual machines.
Amazon ElastiCache
service to deploy, operate and scale cache in the cloud. Managed, in-memory data store services. Choose Redis or Memcached to power
storage gateways used for backup with popular applications like NetBackup, Backup Exec, etc
tape gateway
ingress
the act of entering
You can use a network address translation (NAT) instance in a public subnet in your VPC to enable instances in the private subnet to initiate outbound IPv4 traffic to the Internet or other AWS services, but prevent the instances from receiving inbound traffic initiated by someone on the Internet. NAT is not supported for IPv6 traffic—use an egress-only Internet gateway instead. For more information, see Egress-Only Internet Gateways. Note You can also use a NAT gateway, which is a managed NAT service that provides better availability, higher bandwidth, and requires less administrative effort. For common use cases, we recommend that you use a NAT gateway rather than a NAT instance..
what is a nat instance
True or false: Individual EC2 instances can be provisioned in the availability zones.
yes. through subnet.