AWS Cloud Practitioner Study Guide
Autoscaling
-Auto Scaling enables you to scale out and in based on demand and workload. You can automatically increase your fleet size when the load on your servers reach a particular level and likewise terminate instances when the load reduces. -Auto Scaling automatically balances EC2 instances across zones when you configure multiple zones in your Auto Scaling group settings.
What does guard duty analyze
-DNS query logs -VPC Flow Logs -AWS CloudTrail logs
What is customer responsible for with DB for EC2
-The customer is responsible for updating the operating system -The customer is responsible for updating the database software -The customer is responsible for managing access to the database
What is the maximum number of IAM users you can add to an AWS account at the same time?
10
Maximum glacier archive size
40tb
Once you exceed a usage percentage of Free Tier limits for any service, AWS will automatically send you an email notification. What is that percentage?
85
Giving other users access to AMIs
AMIs can be copied to other regions and made available to your colleagues in those regions when they launch new EC2 Instances
What is AWS Config
AWS Config is a managed service that provides AWS resource inventory information and enables you to record configuration change history to enable security and governance requirements. With AWS Config, you can discover both existing and deleted resources at any point in time.
AWS Direct Connect
AWS Direct Connect provides 1 Gbps and 10 Gbps connections, and you can easily provision multiple connections if you need more capacity. You can also use AWS Direct Connect instead of establishing a VPN connection over the Internet to your Amazon VPC, avoiding the need to utilize VPN hardware that frequently can't support data transfer rates above 4 Gbps.
EC2 instance security checks
AWS Inspector is an agent you install on your EC2 Instance and run analysis to identify vulnerabilities
Service to recognize PII
AWS Macie
As an enterprise organization, which AWS Service can you use that can provision a simple and efficient means to make controlled changes to your infrastructure?
AWS Managed Services provides simple and efficient means to make controlled changes to your infrastructure. For example, if you want to deploy an EC2 stack, or change your RDS database configuration settings, AWS Managed Services enables you to quickly and easily make the request through a dedicated self-service console.
What is AWS Organizations
AWS Organizations can help you consolidate multiple AWS Accounts so that you can centrally manage them.
Your project manager (PM) tasked you with launching an instance for a web application to be developed for an NGO. The PM is especially interested in using an AWS service that provides predicable monthly pricing, and he expects the instance to have the ability to burst above the baseline level of CPU performance when needed. What AWS service should you use to launch this instance?
Although EC2 could have been the correct answer, two things are key here: Predicable monthly pricing and instance ability to burst above the baseline level of CPU performance when needed. Lightsail accomplishes that; EC2 is more suitable for consistently high CPU performance, and costs vary according to usage.
What does CloudWatch monitor
Amazon CloudWatch works on the Hypervisor (software, hardware, etc that creates virtual machine) level and does not monitor memory utilization. CloudWatch will monitor CPU, Disk, Networking and Status
What is AWS EMR
Amazon EMR is a web service that makes it easy to process large amounts of data efficiently. Next question
What is AWS EFS
Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. It is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily. Amazon EFS is built to elastically scale on demand without disrupting applications, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. Multiple Amazon EC2 instances and on-premises servers can simultaneously access an Amazon EFS file system, so applications that scale beyond a single instance can access a file system.
What is AWS Glacier
Amazon Glacier is used to store data as archives. It allows you to archive content reliably and move it when needed. -Can stores objects as a collection in an archive file format like a tar or zip file
AWS Lightsail
Amazon Lightsail is the easiest way to get started with AWS if you just need virtual private servers. Lightsail includes everything you need to launch your project quickly - a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP - for a low, predictable price. After you create your instance, you can easily connect to it. You can manage your instances using the Lightsail console, Lightsail API, or Lightsail command line interface (CLI).
Where are RDS backups stored
Amazon RDS Automated Backups are stored in S3.
AWS Redshift
Amazon Redshift is AWS's data warehouse service designed to scale up to petabytes of structured data. Using Redshift, you can create a data warehouse with a set of nodes, which is referred to as a 'cluster'.
AWS Workspaces
Amazon WorkSpaces is a managed, secure, cloud desktop service. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe. You can pay either monthly or hourly, just for the WorkSpaces you launch, which helps you save money when compared to traditional desktops and on-premises VDI solutions. Amazon WorkSpaces helps you eliminate the complexity in managing hardware inventory, OS versions and patches, and Virtual Desktop Infrastructure (VDI), which helps simplify your desktop delivery strategy.
RDS Responsibilities
Amazon is responsible for ensuring database infrastructure, patching of DB instances and storing data. As a customer, you are responsible for how your applications interface with the RDS endpoints and read/write to the database.
Which of the following does Amazon assure will happen when paying for AWS on an as-needed basis?
Amazon provides certain benefits when you pay for services on an as-needed basis for your business. You can spend more time innovating and inventing, which consequently reduces the complexity of procurement and enables your business to be fully elastic.
Which of the following are benefits of Amazon RDS read replicas?
Amazon read replicas are copies of your source database instance and enhance performance by reducing the instance's workload and increase availability when the instance fails. In addition, read replicas are designed for security because RDS sets up communication between them and the source DB instance using public key encryption. Automated backups are a feature of multi-AZ deployments, not a benefit of read replicas.
What is an Elastic IP
An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. You can assign it to any EC2 Instance in a public subnet. Note that the EIP address will not change when you reboot the instance.
CloudWatch alarm states
An alarm can be in the following three states: • OK • Alarm • Insufficient_Data
S3 responsibility
Backing up data
Disposable resources components to use
Bootstrapping enables you to deploy servers without having to configure them with fixed settings. Using Golden Images enables you to design auto scaling strategies
Which of the following terms applies to EC2 instances that have the ability to burst above the baseline level of their CPU performance?
Burstable performance
CloudTrail features
By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption. CloudTrail delivers log files within 15 minutes of account activity. Selected With CloudTrail, you can create a trail that either applies to one Region or to all Regions.
Subnet communication
By default, all subnets within a VPC can communicate with each other
Which of the below is TRUE when considering subnets in a VPC?
By default, all subnets within a VPC can communicate with each other, without needing any other resources or configuration. NAT Gateway and Internet Gateway work in different scenarios to allow your subnet to communicate with the internet and are not required to communicate between subnets
Which of the following AWS services should you use if you'd like to be notified when you have crossed a billing threshold?
CloudWatch
CloudWatch Options
CloudWatch comes with Basic and Detailed Monitoring options
Decoupling benefits
Decoupling components of an application can help ensure that a failure of one component does not impact the entire application process
What pricing option for existing server licenses
Dedicated Hosts can help reduce your costs as you can utilize your existing server licenses.
EC2 meaning
Elastic Compute Cloud
What does "Authorization" refer to?
Evaluating what permissions a user has
Spot instance pricing
Even though you bid on a particular price, known as the bid price, you will actually pay the spot price which will either be the same as your bid price or less than your bid price. If the spot price rises above your bid price, then you will lose the instance.
You are using your corporate directory to grant your users access to AWS services. What is this called?
Federated Access
For AWS Enterprise customers, any questions about billing and overall AWS account can be directed to which AWS support personnel?
For AWS Enterprise Accounts, questions related to billing can be directed to the AWS Concierge
What is Geolocational Routing
Geolocation enables you to direct traffic based on the user's location.
Which of the following provides the most secure and operationally efficient way to give the staff member access to the accounts payable application?
Have the user request temporary security credentials for the application by assuming a role
RDS instance cost
Hours of use, Additional Storage and Number of Requests determine the overall cost of your RDS Instance
Grant EC2 instance ability to access S3 storage
IAM Roles enable you to grant access to AWS services to trusted entities and to enable your EC2 instance to assume a role that has the permissions required to access Amazon S3. Your applications running on the EC2 instance can then assume the role and upload and download the images from S3. Roles grant temporary credentials which are managed by AWS, and you do not need to worry about rotating access keys or worrying about them getting leaked out to unauthorized entities.
Default on NACL and Security groups
In a default configuration, Security Groups allow only outbound traffic and block all incoming traffic. You need to enable inbound traffic specifying the protocol, port and source. In a VPC the default NACL is set to allow all inbound and outbound traffic. If you deploy a custom NACL, then all inbound and outbound traffic is blocked
CloudFormation Template Sections
In total there are 9 valid sections allowed within a CloudFormation template. In the answers above, only "Parameters", "Resources" and "Outputs" are considered valid. "Options" is not a template section.
Where do you go to for viewing your AWS monthly charges?
Information about your AWS monthly charges are provided in the Billing and Cost Management Console. Cost Explorer, Budgets, and Monthly Spend by Linked Account View are actually three features within the Billing and Cost Management console; they are not dashboards that display your monthly charges.
Using Infrastructure as Code is a related of which cloud concept?
Infrastructure as Code is a key implementation of Automation in cloud - using Infrastructure as Code allows to quickly and easily deploy and manage your environment without reliance on humans to complete all the tasks. Scalability is the concept that as cloud has essentially limitless capacity, and it allows you to expand out as needed. Elasticity is the ability to go up and down in resources as needed. High Availability relates to the ability of your application to withstand failures in Cloud Infrastructure.
Which of the following services in a VPC grants you Internet Access for the VPC?
Internet Gateway (IGW) gives you access to the Internet for a VPC
Standard Glacier data retrieval time
It takes 3 to 5 hours to prepare a Glacier archive to be available for download.
Are Key Pairs unique to the region in which you have created them?
Key Pairs are unique to the region in which you create them. If you wish to launch an EC2 Instance in another region, you need to ensure you configure a Key Pair for that region.
Which EC2 Instances are now billed on a per second basis?
Linux-based instances are now billed on a per second basis.
Reserved instance benefit (taxes)
Many companies capitalize reserved instance purchases, especially those with 3-year terms. Waiting for current infrastructure to fully depreciate will cause the company to miss the other cloud benefits that are available. Moving the company to an operating expense model will prove too large a task, and will most likely result in a rejected business case. Elastic infrastructure is definitely a benefit, but doesn't address the capitalization issue.
Which of the following are principles of sound design when it comes to performance efficiency?
Of these choices, you should democratize advanced technologies, deploy into multiple Regions, and use Serverless technologies.
Policie
Policies enable you to assign permissions to users, groups and roles
Which of the following are payment options for Reserved Instances?
Reserves instances are available with all upfront, partial upfront, or no upfront (AURI, PURI, and NURI) pricing
RDS Automated backup retention period
Retention period for Amazon RDS automated backups can be between one day and 35 days.
When setting up the properties of an S3 bucket, which of the following options should you select to get detailed records for the requests made to the bucket?
Server access logging
When designing a loose coupling infrastructure, which of the following examples represents service discovery?
Service Discovery means that you do not tie down a service to a specific parameter or value. Using DNS names for end points instead of using IP Address ensures flexibility for failover
Your System Administration team lead wants you to subscribe to the RSS feed to be notified of any interruptions to the EC2 service in the N. California and Ohio Regions. Which of the following will enable you to do that?
Service health dashboard
When running your database instance as a Multi-AZ deployment, can you use the standby for read or write operations?
Standby replica cannot serve read requests. Multi-AZ deployments are designed to provide enhanced database availability and durability, rather than read scaling benefits.
Tags
Tags enable you to identify your EC2 Instances using Key Value Name Pairs. You can create multiple Tags such as Name of Server, Department and the Employee who launched it.
What should you do with EBSs for reliability
Take snapshots
AWS Storage Gateway
The Storage Gateway service is primarily used for attaching infrastructure located in a Data centre to the AWS Storage infrastructure. The AWS documentation states that; "You can think of a file gateway as a file system mount on S3." Amazon Elastic File System (EFS) is a mountable file storage service for EC2, but has no connection to S3 which is an object storage service. Amazon Elastic Block Store (EBS) is a block level storage service for use with Amazon EC2 and again has no connection to S3.
AWS Trusted Advisor categories
The five categories are cost optimization, security, performance, fault tolerance and service limits.
Password policy options
The password policy options does not include the requirement of using at least one numerical character from 1 to 9; it is actually at least one numerical character from 0 to 9. Passwords can contain between 6 to 128 characters, so 12 to 64 characters is incorrect. The other three options listed are correct.
Acceptable IAM Names
User names should contain alphanumeric characters, or any of the following: _+=,.@- mike.smith John_smith
Configurable components of IAM
Users, Groups, Roles, and Permissions are integral to IAM. Authentication and Authorization are functions that IAM provides, and Access Controls is the function performed by IAM, but not actual components of it.
IAM Policies
Using the Condition element, you build expressions in which you use condition operators (equal, less than, etc.) to match the condition in the policy against values in the request. Condition values can include date, time, the IP address of the requester, etc.
Free services
VPC, Elastic Beanstalk, CloudFormation, and IAM are all free. However, some of the resources that they help create and deploy may not be free. For example, The CloudFormation tool itself is free as is creating templates. However, when CloudFormation is used to launch EC2 Instances from the template, those EC2 Instances will be chargeable. Similarly, if you use Elastic Beanstalk to launch a Load Balancer, the Elastic Beanstalk service itself is free, but not the Elastic Load Balancer.
You have just launched a Windows EC2 Instance. What method is available to you to obtain the Windows Local Administrator password?
When you launch a server (Windows or Linux); you must configure it to be associated with a Key Pair. This is an encrypted key where you will be able to use your private key to login to Linux based servers or decrypt the Windows Administrator password using the AWS Management Console.
Your IT Manger has set up an AWS IAM user for you. Which link can you use to access your AWS Management Console?
When you set up an IAM User in your AWS Account, you access the console via a special URL, which is https://AWSAccountID.signin.aws.amazon.com/console. The AWS Account ID is unique to your AWS Account
What is AWS Service Catalog
With AWS Service Catalog, you can create a customized portfolio for each type of user in your organization and selectively grant access to the appropriate portfolio. When you add a new version of a product to a portfolio, that version is automatically available to all current users
AWS Rekognition
With Amazon Rekognition you can detect, analyze, and compare text, scenes and faces for a wide variety of user verification and identify content that should be removed.
Which of the following is the AWS email and calendaring service?
WorkMail
S3 pricing model
You are charged per the storage used, the number of requests made and if you transfer data over the Internet.
Discount on RDS instance
You can benefit from a discount by committing to purchase a Reserved DB Instance. There are no spot instances with RDS and there is no such thing as LightSail Instance for DBs
You are configuring AWS Organizations with multiple OUs for departments such as Operations and Development. There is a Test/Dev Account attached to the Developers OU, and you want to ensure that they are only able to configure certain AWS Services like RDS and Lambda. Which method can you use to restrict the Development Team to only performing certain actions?
You can configure Policies in AWS Organizations to ensure only certain actions can be performed for certain AWS accounts in OU's.
What is convertible reserved instance
You can exchange one or more Convertible Reserved Instances for another Convertible Reserved Instance with a different configuration, including instance family, operating system, and tenancy. There are no limits to how many times you perform an exchange, as long as the target Convertible Reserved Instance is of an equal or higher value than the Convertible Reserved Instances that you are exchanging.
How many EIPs per region
You can get 5 EIP's per region by default. You can raise a support request to get additional Elastic IP Addresses.
Load balancer to static IP address
You can now configure a new type of load balancer called a Network Load Balancer which allows you to assign Static Elastic IP Address per subnet
How many internet gateways per VPC
You can only have one Internet Gateway per VPC.
Route53 services
You can perform Domain Registration, DNS Management, Traffic Management, and Availability Monitoring
Vulnerability testing against AWS
You can run vulnerability tests against your workloads as long as you inform AWS when you plan to run the test, and you only run this against your own workloads
Reserved instance duration options
You can sign up for 1 or 3-year contract for a reserved instance capacity.
Moving S3 data to different storage class
You can use Lifecycle Management to automatically move objects from one storage class to another for better management of costs
S3 Restrictions
You can use the Bucket Policies to grant access at the bucket level and Access Control Lists at the file level.
S3 buckets showing on the web
You need to grant public access and read/write access if you want to be able to access files over a web browser. In addition the Bucket must be enabled for public access by ensuring that you have not this is not blocked at the account level.
When would you use the EC2 On Demand pricing model?
You would use the EC2 On Demand model when you need compute capability that does not require any up front payments or long term commitments, and where you have applications with short term or unpredictable workloads that cannot be interrupted.
Minimum files in S3 to create static website
index.htm error.html
Amazon RDS 6 engines
• MySQL • Aurora • MS SQL • Oracle • ProgreSQL • MariaDB
