Overview of Cloud Computing and Amazon Web Services

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What type of processors do EC2 instances use?

intel

T/F NAT instances, NAT gateways, and Egress only internet gateways are all stateful

T

T/F With Amazon Simple Queue Service messages will be retained for a max of 14 days

T

T/F You can detach and then attach and EBS volume to EC2 instances within the same AV zone, but you can't do that with EBS volumes across AV zones

T

T/F an elastic environment will automatically reduce resources when they are no longer needed

T

T/F cross load balancing is enabled by default in application load balancers

T

T/F if I choose IPv6 as my CIDR block range the size will be fixed at /56 and the IP addresses will be automatically created

T

T/F if you launch a instance using a EBS backed instance the data will always persist even when shutdown or stopped?

T

T/F it is best practice to create a IAM user with admin access and do everything with that user and not the root account?

T

T/F message queues can be used to break large jobs apart so that they can be run

T

T/F no one has the ability to change the default network interface of a instance called the primary network interface (eth0)?

T

T/F once encryption is enabled on a RDS instance it can't be turned off?

T

T/F snapshots are manual, stored in S3, and may cause a temp I/O suspension?

T

T/F tables in DynamoDB can be created, updated, and deleted through the DynamoDB API?

T

T/F the only way to enable encryption for a redshift cluster is when it is first launched?

T

T/F there are many ways to load data into S3, the most efficient way is perhaps to load data into Redshift via S3?

T

T/F when you create a bucket policy the policy only applies to objects in that bucket?

T

T/F with Amazon Cognito you can create identities for users of your apps using public login providers such as Facebook or google?

T

T/F with DynamoDB you have the option of creating Global Table's which can replicate your tables across regions, thus helping your database stay available?

T

T/F with WAF conditions are combined into rules and rules are combined onto ACLs?

T

T/F without VPC there would be no way for me to isolate resources running in the cloud

T

For the 3 models of cloud computing, name each column

1. IaaS 2. PaaS 3. SaaS

How many vaults can one create per account per region?

1000

T/F you can only use the same instance type within a placement group?

F, It's possible to use different instance types in a placement group but it is recommended that you use the same type.

What are signed URL's or signed cookies used for?

A signed URL contains information that gives a user more control over access to their content, for instance it may contain a date and time giving a user access for only so long. Signed HTTP cookies provide the same degree of control.

With AWS Step Functions you define your application as a state machine, what is that?

A step machine is a series of steps that define the behavior of the app

What is an AWS WAF?

AWS Web Application Firewall (WAF) is a web firewall that helps protect a web application from attacks.

T/F AWS Lambda is fully managed

T

What does cross zone load balancing do?

Cross zone load balancing will distribute requests evenly across AV zones

What are the 2 types of EBS volumes that I can choose from?

EBS HDD-Backed Volume and EBS SDD-Backed Volumes

IAM policies are written in what?

JSON

T/F S3 does not have a file system?

T, All objects are stored in a flat namespace organized by buckets

General Purpose SSD's under 1 TB have the ability to burst the IO, what is the max limit for burst?

The IO can burst up to 3000 IOPS

What level are NACL's applied at?

The subnet level

Whenever you load data into S3 for a redshift cluster you should use the via the COPY command you should then run the VACUUM command, why?

it will reorganize your data and reclaim space

What is AWS Elastic Beanstalk?

A web service for deploying and managing applications in the AWS Cloud without worrying about the infrastructure that runs those applications. After uploading code Elastic Beanstalk will handle load balancing, autoscaling, and application health monitoring. You still will have underlying control of your resources.

With route 53 you can utilize the weighted round robin policy to do A/B testing. What is A/B testing?

A/B testing is when you send a little bit of traffic to a server on which you made a change to say 10% and keep 90% of traffic going to the old server

What is AWS Certificate Manager

ACM would be used to manage SSL ( Secure Socket Layer ) certificates for use with AWS services. Using ACM I would be able to manage and deploy TLS ( Transport Security Layer) certificates. I can also use ACM to import and renew certificates. The certificates used in ACM can be used with Elastic Load Balancer and Amazon CloudFront. There is no charge for using ACM.

What is AWS Batch?

AWS Batch allows a user to run hundreds or thousands of batch computing jobs on aws. AWS Batch will dynamically provision the optimal instances and computing resources based on the requirements of the batch jobs submitted.

What does AWS config allow one to do?

AWS Config is a managed service that will provide you with an inventory of your AWS resources and their current configuration in an AWS account. It will continuously record the configuration changes of resources.

What AWS service provides the easiest way to deploy web applications

AWS Elastic Beanstalk

What are the 2 types of NAT devices?

NAT instances and NAT gateways

After creating a new DHCP option set and associating it will new instances and existing instances start using it right away?

New instances will but instances that are currently running will pick up the new DHCP options wen their leas is renewed

Can you move a running instance into a placement group?

No

AWS Lambda is a serverless service. If a platform is to be considered serverless what are the 4 things at min that it has to provide?

No infrastructure to manage Simple scalability Built in redundancy (so highly available) Pay only for usage

With a Hadoop ecosystem the data remains on the servers making it a bit time consuming to scale down, does Elastic MapReduce have this problem?

No, EMR doesn't have this problem as the data remain uncoupled. It resides in S3 and the EC2 instance(s) do the processing.

If you wanted to run a job for 12 hours would you be able to do that with AWS Lambda?

No, The execution duration per request with AWS Lambda is 300 sec or 5 minutes, meaning that if you wanted a job to run for 12 hours you wouldn't be able to do that with Lambda.

Storage options with AWS can be divided into what 3 major categories?

Object storage Block Storage File Storage

Prices for Amazon EC2 are divided into what 3 categories?

On demand instances, Reserved instances, Spot instances

One of the 4 main options for a VPC to connect to a data center is AWS hardware VPN, explain it?

One could create a IPsec(Internet Protocol Security) which is a security protocol for securing IP communications by authenticating and encrypting each IP packet of a communication session. On the AWS side of the VPN connection 2 virtual private gateways would be created for failover and the customer gateway would also need to be set up. AWS supports both static and dynamic BGP based VPN connections.

DynamoDB supports 2 types of primary keys, what are they

Partition key: this consists of one attribute known as the partition key. In a table that has only a partition key no two items can have the same partition key value. Partition key and sort keys: this is also known as composite primary key this type of key has 2 attributes. The first one is the partition key and the second is the sort key.

What does RDS performance insight do?

Performance insights expand on existing RDS monitoring features to help illustrate DB performance. The Performance Insights dashboard contains database performance info that can help one trouble shoot different issues.

Aurora is compatible with what 2 types of relational databases?

PostgesSQL and MySQL

Explain the gist of Amazon Elastic MapReduce and why one would use it?

Process frameworks like Hadoop can help you process huge amounts of data by distributing the processing over multiple computers. Setting up Hadoop can be difficult though. To avoid the complexity of having to set up Hadoop one can instead use Amazon Elastic MapReduce (EMR) which will use the infrastructure of Amazon EC2 and Amazon S3 to provide a Hadoop framework.

Explain what AWS step functions allow one to do?

AWS Step Functions is a full managed service that makes it easy for one to coordinate the components of distributed applications and microservices using a visual workflow.

AWS has a shared security mode, what does this mean?

AWS has a shared security model, which means that AWS is responsible for the security of the cloud whereas the customers are responsible for the security in the cloud.

what is AWS Lambda used for?

AWS lambda is a full managed compute service that runs back end code in response to events such as image uploads or in app activity ect.

T/F each bucket and object inside it has a ACL associated with it?

Access control list T, Each bucket and option inside it has an ACL associated with it.

Say I have want to run some high processing applications such as machine learning algorithms, molecular modeling, genomics ect. Which instance type should I choose?

Advanced computing, If you have a workload that requires high processing computing than you want to use a advanced computing instance. These instances can provide access to hardware based accelerators such as GPUs and FPGAs(field programmable gate arrays) which can enable parallelism.

Concerning redshift, if you have tables that are small and infrequently modified but frequently joined, which data distribution process should be used: KEY, ALL, EVEN?

All

Name and describe the 3 cloud deployment models

All in cloud - An all in cloud deployment model is one in which all new applications are built in the cloud or existing applications are migrated to the cloud. Netflix has this deployment model. Hybrid - Here you host some of your applications on the cloud and some on premise. On-premise or private cloud - With this model you are providing resources via your own data center. Using this model you can segregate resources and charge their usage back to specific business units.

What is amazon Aurora?

Amazon Aurora is a cloud optimized, MySQL and PostgreSQL compatible relational database.

What is Amazon Cognito?

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web. Amazon Cognito is a user identity and sync service that makes that makes it easy to manage user data for your apps over multiple connected devices. You can create identities for user of your app using public login providers such as google, Facebook, and amazon ect. This also supports unauthenticated identities meaning a user can start of using an app without logging in and then when they do their data will be stored.

What is the DynamoDB Accelerator?

Amazon DynamoDB Accelerator is a fully managed in memory cache for DynamoDB that delivers up to 10x performance improvements even at millions of requests per second.

What is DynamoDB?

Amazon DynamoDB is a fully managed NoSQL service ( NoSQL simply means nonrelation database).

What is Amazon EC2 Container Service?

Amazon EC2 container service (ECS) allows you to run Docker containers on Amazon EC2 instances. You can launch and manage docker enabled applications via the use of API calls.

Say I have an IO intensive workload such as a database, I'll need predictable and consistent IO performance. Should I choose a Provisioned IPS SSD or a General Purpose SSD?

Provisioned IOPS SSD is designed for this

If you install here then AWS will take care of the infrastructure but you will still have to take care of things like the OS, OS patches required for the RDBMS, database installation.

RDS

T/F RDS is integrated with auto scaling so you can use it to scale up or down just like you would for a EC2 instance? If false how could you achieve this functionality?

RDS is not integrated with auto scaling so you can't use auto scaling to scale up or down as you would with a EC2 instance but you can achieve the same functionality by using lambda functions.

Amazon elastic container service is a service that allows a user to do what?

Amazon Elastic Container Service is a container management service that allows a user to manager docker containers running on EC2 instances. It is highly scalable and fast and allows you to start, stop, manage and run the containers easily and seamlessly.

What does Amazon Elastic File System do for me?

Amazon Elastic File System provides me with a file system interface and file system semantics to my EC2 instances

What do Amazon Glacier Vault Locks allow you to do?

Amazon Glacier Vault Locks allow you to lock in policies on a vault, once locked the policies become immutable.

Which of the following would be the best way to load streaming data into data stores and analytics tools such as S3: Kinesis Data Firehose Kinesis Data Stream Kinesis Data Analytics

Amazon Kinesis Data Firehose

What is Amazon Kinesis Data Firehose used for?

Amazon Kinesis Data Firehose is the easiest way to load streaming data into data stores and analytics tools such as S3, Amazon Redshift, Amazon Elasticsearch, and Splunk allowing one to get near Realtime analytics with the existing tools and dashboards they're already using.

What is Amazon Redshift?

Amazon Redshift is a data warehouse offered by AWS.

You can determine how long objects are allowed to stay cached at edge locations with CloudFront before requests are forwarded to the origin. Does reducing the duration allow one to serve dynamic content or allow for better performance, which of those would apply to an increased duration?

Reducing the duration allows one to server dynamic content whereas increasing the duration allows for better performance as content will be served longer from the edge cache.

What is the only service that has a 100% availability SLA?

Amazon Route 53

What is amazon Route 53?

Amazon Route 53 is the DNS for AWS. A DNS translates human readable URLs to IP's.

What are the 5 storage classes for S3?

Amazon S3 Standard Amazon S3 Infrequent Access Amazon Glacier Amazon S3 Reduced Redundancy Storage Amazon S3 One Zone-Infrequent Access

What are dead letter queues and does Simple Queue Service support it?

Amazon SQS supports dead letter queues. This is useful for when messages can't be processed (which could happen for a multitude of reasons) so dead letter queues are useful for debugging you application or messaging system.

With WAF there are 2 types of rules, what are they and what's the difference?

Regular and rate based. The rate based are just like the regular except they do things in five minute intervals.

What is a Read Replica?

Replicas of databases that can be used to decrease lag and increase performance.

Target groups can exist independently from load balancers meaning you can create target groups and keep them ready for when you add it with a load balancer

Rules

For an ELB rules support only what action?

Rules support only one kind of action which is forward

What is Amazon Simple Shared storage

S3 allows you to store and retrieve any amount of data at anytime from anywhere. Its supports encryption so you can store your objects in an encrypted manner. You can store an unlimited amount of data, but each file size can't exceed 5TB. You only pay for what you use, there is no minimum fee.

S3 has an Eventually Consistent system, what does this mean?

S3 has a eventually consistent system, meaning that data is automatically replicated across availability zones so sometimes there may be situations where I don't immediately see my data updated. This is fine, as long as the PUT request returns successful I'm good

T/F S3 has object locking?

S3 storage does not have object locking, meaning if I did multiple PUT requests at the same time the one with the greater timestamp wins.

What programing language do you utilize with Kinesis Data Analytics?

SQL

Say I only want to use versioning on a few items in a bucket, what is the best way to accomplish this?

Say I only want to use versioning on a few files, I could create a new bucket, put those files in that bucket and then enable versioning for that bucket.

What is a VPC

Amazon VPC is essentially my data center but in the cloud. I have complete control over networking, IP addresses, subnetting ect.

Security groups are always stateful, what does this mean?

Security groups are always stateful, meaning that if a request is sent from a instance then the response will always be allowed, regardless of rules.

What is the capacity of each of the following Snowball devices: Snowball Snowball Edge Snowmobile

Snowball - 50 - 80TB Snowball Edge- 100TB Snowmobile - 100PB

With AWS Simple Queue Service there are 2 types of queues: standard and FIFO. Which queue would I use if I needed to support unlimited transactions per second and persevering order wasn't critical?

Standard

Say I have some of the following use cases: I need workloads that require high sequential read and write access, data warehouse applications, NoSQL databases, running an I/O bound applications. Which instance type should I use?

Storage Optimized, You would want to use storage optimized instances for any workloads that have high sequential read and write access. Because they are optimized at storage they can deliver thousands of low latency I/O operations per second.

What must you submit to retrieve an archive from Glacier?

Submit a job

With Aurora is data copied to read replicas in a synchronous or asynchronous manner

Sync

/F you can set up security groups for ELBs.

T

ACL's (Access contol lists) don't allow for the same fine grained control as IAM or bucket policies would?

T

For an ELB, It is through rules that we enable path based routing such as when I see and image in a path then I direct it to the application hosting the image

T

In terms of CloudFront, an origin can be any publicly addressable Amazon S3 or http server, ELB, or a custom origin server outside of AWS?

T

T/F A network load balancer will handle packets without making any changes to them or the headers?

T

T/F AWS Directory Service allows for single sign on and policy management?

T

T/F Amazon EBS HDD-Backed Volume uses a burst bucket model for performance

T

T/F Amazon Elastic Container Service will handle the complexity of cluster management for you?

T

T/F Amazon Redshift will take automatic backups in the form of snapshots?

T

T/F Amazon S3 does not support server side scripting?

T

T/F Amazon VPC comes with a default NACL which will allow all inbound and outbound traffic by default?

T

T/F Amazon step functions are replacing Amazon Simple Workflow Service?

T

T/F Aurora not only copies data across nodes and AV zones but also to S3?

T

T/F Classic load balancers support both network and application load balancing?

T

T/F CloudFront is a CDN that allows you to distribute content with low latency and provide higher transfer speeds?

T

T/F EBS volumes automatically replicate within their AV zones, but not across AV zones.

T

T/F EBS volumes can be used as EC2 instances boot partition or attached as a standard block device

T

T/F EC2 classic was the original release of EC2?

T

T/F ELB (Elastic Load Balancing) can remove unhealthy instances?

T

T/F I can have multiple subnets within a VPC public or private

T

T/F I can mount EFS on my servers on premise and then transfer on premise data to the AWS cloud?

T

T/F KMS (key management service) is a regional service meaning you can't copy things encrypted with KMS to another region

T

T/F NAT devices only work for IPv4 traffic?

T

T/F VPC endpoints can help save a lot of money

T

T/F Versioning can only be done at the bucket level?

T

T/F a VPC can't span regions

T

T/F a common thing to create a bucket policy for is allowing access to a website?

T

T/F all VPC's come with a default security group that can be deleted but not changed

T

T/F all subnets must associated with a NACL?

T

T/F amazon Aurora has a self-healing storage system?

T

T/F as an object loses popularity it may be sent from an edge location to a regional edge location?

T

T/F by default in every account a default VPC is created in each region?

T

T/F concerning DynamoDB, the attributes that you choose as the primary key must exist for every item in the table?

T

T/F containers are similar to hardware virtualization, but instead of partitioning the machine they isolate processes running on a single operating system?

T

T/F data in a instance store will persist if it is rebooted, otherwise any shutdown will result in data loss?

T

T/F data warehouses like amazon redshift are read oriented systems?

T

T/F default database backups for RDS are retained for 35 days?

T

T/F every VPS can have only one DHCP set assigned to it and once created a DHCP option set can't be modified?

T

T/F for FIFO queues with simple queue service the delivery delay is retroactive meaning that the delay will apply to messages already in the queue?

T

T/F for an instance to automatically have a public DNS hostname when created in a VPC both enableDnsHostnames and enableDnsSupport

T

T/F for listeners rules with the highest priority will be executed first and rules with the lowest priority last.

T

T/F for redshift cluster compute nodes are divided into slices?

T

T/F when you create a table for DynamoDB your items will be stored across several partitions?

T

T/F when you stop a instance you will not be charged?

T

T/F you can copy snapshots of an encrypted database to another AWS region

T

T/F you can create security groups within RDS to allow for control over the flow of traffic allowed into or out of your database?

T

T/F you can enable encryption on the entire database using RDS, doing so will encrypt the entire RDS ecosystem (replicas, standbys, backups ect..)

T

T/F you can only stop a instance if it is EBS backed?

T

T/F you can trigger AWS Lambda to process data immediately after an upload to S3

T

T/F you can use the COPY command to load data into redshift in bulk?

T

To create temporary credentials and assign them to a group of users one would do so using AWS STS (Security Token Service)

T

T/F a VPC is mandatory for creating a redshift cluster?

T, A VPC is mandatory for all new Redshift cluster installations as by using a cluster your data will remain isolated from other customers.

T/F In terms of Cloudfront query strings allow you to retrieve from the origin as well as do caching at edge locations?

T, A query string is what appears after the ? In a URL. For example say you have a website that is available in different languages. When you make a request you can have CloudFront send that request to the origin and then cache the language version.

T/F Default data existing within a region will never leave tha region unless specified by the customer

T, By default data existing within a region never leaves that region unless moved by the AWS customer.

T/F you need the private key in order to connect to a instance?

T, EC2 uses a public-private key concept to encrypt and decrypt login info. The public key is used to encrypt the data and the private key is used to encypt it. You need to private key to connect to a EC2 instance.

T/F ELBs are integrated with auto scaling so when you scale up in instances they are automatically registered with the load balancer and when you scale down they are deregistered.

T, ELB is integrated with various services one of which is Auto Scaling so when new instances are spun up they are registered with the load balancer and when they are spun down they are deregistered.

T/F roles don't have any credentials associated with them?

T, Roles don't have any credentials associated with them, so when a user is assigned a role the credentials are created dynamically

T/F When scaling with RDS the simplest way to do this is to change instance type?

T, The simplest way to scale up or down is to change the instance type. When changing the instance type, if you choose the change immediately option there could be some downtime which is something you would want to make sure the business was ok with. You can also scale up or down using CLI or API

T/F by using DynamoDB streams developers can receive and get item level data before and after items are changed?

T, Using the Amazon DynamoDB Streams API developers can receive updates and get item level before and after items are changed. Which can all be used to help build creative extensions to applications. Developers could use the API to help keep Redshift and DynamoDB in sync with each other to help enable real time analytics or to perhaps build a mobile application that will alert users within a circle when another posts a picture.

T/F when creating a redshift cluster you can choose whether you create the compute and leader nodes on a private or public subnet?

T, You can choose whether to create the cluster in a private or public subnet (this applies only to the leader node though, the compute nodes will be created in a different VPC that you won't have access to).

T/F You can configure different behaviors based on the path for the website or app that is using CloudFront

T, You can configure different behaviors based on the path for the website or app that is using CloudFront. When the request is received the path will be compared with path patterns to determine which behavior to apply

T/F application load balancers have native support for microservices and containers?

T, application load balancer also have native support for containers and microservices. Instances can be registered with multiple ports allowing requests to be routed to multiple containers on a single instance. This is extremely useful for container based applications as they often dynamically allocate ports and you can and you can register any of the ports with the application load balancer.

T/F it is not possible to VPC peer across regions?

T, it is not possible

T/F you can't launch different instance types using a single AMI?

T, this is because the AMI is the blueprint for the software configuration of the server or a instance, it is not selecting the instance type.

T/F with Aurora there is no concept of standby DB's?

T, with Aurora data will be copied in a synchronous manner

What protocols does the network load balancer support?

TCP and SSL

What is the Amazon Storage Gateway and what is it used for?

The AWS storage gateway SGW service is deployed as a virtual machine in your existing environment. It can integrated with your on premise application so you can transfer the data from your data center to AWS.

What does Amazon Kinesis Data Streams allow one to do?

The Amazon Kinesis Data Streams allows one to build custom applications that can process streaming data for different specialized needs. It can capture and store terabytes of data per hour from hundreds of thousands of different sources. With the help of the Kinesis Client Library KCL you can build applications and use streaming data to power real time dashboards, generate alerts, implement dynamic pricing and so on. You can also send data from Kinesis data streams to other AWS services.

EFS works with the NFS Protocol, what is the NFS Protocol?

The Network File System (NFS) is a client/server application that lets a computer user view and optionally store and update files on a remote computer as though they were on the user's own computer.

When using an application load balancer what does the X-Forwarded-For request header do?

The X-Forwarded-For request header helps you identify the IP address of a client when you use an HTTP or HTTPS load balancer. Because load balancers intercept traffic between the server and client the server access logs will only contain the IP address of the load balancer. Thus the load balancer stores the IP address of the client in the X-Forwarded-For request header and passes the header to the server.

One of the ways of distributing data among nodes using redshift is ALL, explain what it does?

The all distribution style distributes a copy of the entire table to the first slice on each node. This helps to optimize JOINS but can increase storage making operations such as LOAD, UPDATE, and INSERT run slower. This may be a good choice for small tables that are frequently joined or for tables that don't need to be updated frequently.

Where is flow log data stored?

The flow log data is stored using Amazon CloudWatch logs

The Amazon EC2 instance store is ephemeral, what does this mean?

The instance store is ephemeral, meaning that all the data is gone when the EC2 instance is shutdown.

A Linux AMI will one of two types of virtualization, what's the main difference between them and which one is recommended?

The main difference between them is in how they boot up and how they take advantage of hardware extensions pertaining to memory, CPU, and storage. When you use a HVM AMI you can take full advantage of all the hardware extensions that provide fast access to the underlying hardware on the host system, you don't get this with the PV AMI. It is recommended to use the HVM image to get maximum performance when you launch your instance.

Say you have a 2 rules for a security group for the same port. One allows a lot and another allows very little, which one wins?

The one that allows the most access

Redshift clusters have an option called enhanced VPC routing, what does this do?

The redshift cluster has an option called enhanced VPC routing, if you select it then all traffic for commands such as COPY will unload between your cluster and your data repositories will be routed through your amazon VPC allowing you to manage the flow of data between you redshift cluster and other resources. If this option is not chosen then traffic will be routed through the internet.

What is a Egress only internet gateway?

An Egress (Outbound) only internet gateway has the same functionality as a NAT Gateway except that it is for IPv6 traffic and not IPv4.

What is an elastic IP address used for?

An elastic IP address (EIP) is designed for applications running in the cloud. Each time you launch a new EC2 instance on the cloud you will get a new IP address. This can become a pain when you need to update applications with that new IP address. Someone could be shutting down or creating a new EC2 instance for a variety of reasons. To circumnavigate this what I need to do is get an EIP and associate it with my EC2 instance and then map the EIP with my application. Now when my IP changes all I have to do is repoint the new EC2 instance to the EIP and the application is still pointing at the EIP so that's it. So essentially an EIP is a static IP address.

Concerning tables in DynamoDB an item consists of what?

An item consists of a primary key that uniquely identifies it and a key value pairs called attributes.

ATM what is the amount of AV and Regions available

At the time of writing AWS has 66 AZ and 21 regions

What are the 2 types of redshift clusters? Explain the difference?

There are 2 types of Redshift clusters: single node clusters and multinode clusters. With single node clusters there is only one node that performs both the jobs of the compute and leader nodes, and if the node goes down your screwed and would need to restore the node from a snapshot. You shouldn't use single node clusters for production, only for testing/dev. In a multinode cluster the leader node is separate from the compute node. In a multinode cluster data is automatically replicated between the compute nodes so even if a compute node fails you don't have to restore it from a snapshots.

What are behaviors used for with CloudFront?

Behaviors give you granular control of the CloudFront CDN and allow you to do certain things such as enforce certain polices, change results based on request type, control the catchability of objects and more.

What is Block Storage

Block storage devices provide fixed-sized raw storage capacity. Each storage volume can be treated as an independent disk drive and controlled by an external server operating system. Amazon EBS provides raw storage - just like a hard disk - which you can attach to your Elastic Cloud Compute (EC2) instances. Once attached, you create a file system and get immediate access to your storage.

What is a virtual private gateway?

By default instances launched in a VPC can't communicate with a data center without help (unless the instance is running in a public subnet in which case it could be reached via the internet). A client could enable communication from their data center to their VPC by attaching a virtual private gateway to the VPC. This will handle the amazon side of the connection. The customer then would need to add a customer gateway which would handle their side of the connection.

Since EC2 instances use intel processors they have the features that intel processors provide one of which is Intel Advanced Vector Extensions. What does this do?

This improves performance for applications such as audio and video processing

What is Amazon Route 53?

This is a DNS web service. It has an SLA uptime of 100%.

What is a internet gateway?

This is a component that allows my VPC to communicate with the internet

What is AWS Directory Service

This is a directory service built on top of Microsoft active directory an can be used to manage directories in the cloud. It enables single sign on and policy management for amazon EC2 instances and applications.

Amazon DynamoDB

This is a fully managed NoSQL database service of AWS. It consists of SSD storage and since it is a managed service you don't have to deal with database administration.

Amazon Redshift

This is a fully managed petabyte scale data warehouse service that stores data in a columnar format thereby providing better I/O effiency.

Amazon Relational Database Service

This is a fully managed relational database service. With this service I could host a variety of relational database management systems in the cloud. It supports It is scalable and AWS also offers a high availability option. Offers MySQL, Microsoft SQL Server, Oracle Database engines

AWS Elastic File System

This is a fully managed service that provides shared file storage with amazon EC2 instances in the AWS cloud. It has a simple file system interface and can be accessed concurrently for up to thousands of Amazon EC2 instances.

Amazon ElastiCache

This is a service that helps in deploying an in memory cache or data store in the cloud. Its managed so AWS takes care of most things.

Import/Export Options

This is a service that helps transfer large amounts of data into AWS using a physical storage appliance, this would thus allow me to bypass data transfer over the internet. I would simple mail a device with my data on it, AWS would load the data into the cloud, and then send the device back. AWS Snowball is another option, here AWS will ship you a device to put your data on and then you ship it back. Another option is AWS Direct Connect which sets up a direct connection via a virtual network from my data center to AWS

AWS Storage Gateway

This is a service that seamlessly helps integrate on premise storage with cloud storage. It is delivered as a VM that is installed on a on premise data center. It can be connected as a file server or as a local disk.

What does AWS CloudTrail do?

This is a service that will log all API calls including console activities and command line instructions. It can tell you exactly who did what, when, and from where.

When would I use Amazon Glacier?

This is a storage class that I would mainly use for data archiving.

What is Amazon ElastiCache?

This is a webservice that makes it easy to deploy, scale, and operate in memory cache in the cloud. Using it you can add an in memory cache layer to your application in minutes. Again ElastiCache is fully managed meaning that it will scale and do health checks and everything else for you. ElastiCache works to improve application performance by storing critical pieces of data in memory for fast access.

Amazon Aurora

This is amazons relational database that has been built for the cloud. It supports 2 RDBMS engines: MySQL and PostgresSQL.

What is Amazon Inspector

This is an automated security assessment that can be used to point out vulnerabilities in an application when its being deployed or is running. To make use of Amazon Inspector I would have to deploy the AWS agent on each EC2 instance.

Since EC2 instances use intel processors they have the features that intel processors provide one of which is Intel AES New Instructions. What does this do?

This is an encryption instruction that provides the AES algorithm to provide faster data protection and greater security.

To get the best results from placement groups it is recommended to use instance types that support "enhanced networking", why is this?

This is because enhanced networking provides higher bandwidth, higher packets per second, and lower inter-instance latencies.

Amazon Glacier

This is low cost cloud storage that is mainly used for data archiving and long term backup. This is cheaper than S3 (Simple Shared Storage). Glacier is integrated with S3 and you can save on the cost of storage by moving infrequently accessed objects from S3 over to glacier or vice versa.

What is a target and what is a target group?

This is referring to load balancer. You can create rules (up to 10 I believe) telling a load balancer to send traffic to a certain target when a condition is met. A target group is a logical grouping of targets

What is shared tenancy?

This is the default behavior when you launch a EC2 instance, the EC2 instance will be run on multitenant hardware.

What is the EC2 instance store?

This is the local storage of an EC2 instance store

General Purpose SSD's under 1 TB have the ability to burst the IO, what does that mean?

This means if I'm not using the IOPS they will accumulate as IO credit which can be used during peak loads. Let's say I have a 100GB EBS volume, I could use 300 IOPS. Now whenever I'm not using 300 IOPS they will accumulate as IO credit. When I'm running at peak loads that accumulated IO credit will be used

ELBs can terminate HTTPS/SSL traffic at the load balancer, what is the advantage of this?

This means that you dont have to run the decryption process on the EC2 instance

What does it mean to have a dedicated instance?

This means that your instances are physically isolated at the host hardware level from instances that belong to other AWS accounts.

SaaS (Software as a Service)

This model is even more simplistic than SaaS. It relates to the way in which applications are delivered over the internet. With this model you are provided a product and just have to worry about how you want to use that product . Salesforce is a good example of this.

Amazon Elastic Block Storage

This provides block storage for EC2 instances. You can choose either SSD or magnetic for EBS.

Since EC2 instances use intel processors they have the features that intel processors provide one of which is Intel Turbo Boost Tech. What does this do?

This provides more performance when needed

What is Amazon Kinesis Data Analytics used for?

This service is used to process and analyze streaming data in real time

What is Amazon EC2 Auto Scaling?

This service works to scale up or down an EC2 instance depending on the policies that you define. This can help ensure that you are running with the desired amount of EC2 instances. If an instance goes down EC2 scaling will spin one back up.

What does a NAT device do?

This will enable any instance in a private subnet with the ability to connect to the internet. A NAT device will forward traffic to the internet and then send the response to the instances. When the NAT device forwards the traffic the IPv4 address will replaced with the NAT device and when traffic is sent back to the instances the NAT address will be translated back to the IPv4 address.

Why is it best practice to assign a custom route table to each subnet?

This will give you more fine grained control on how traffic is routed

What does session stickiness for a load balancer mean? What is the advantage of this?

This will provide session stickiness which essentially means that you can instruct the load balancer to route repeat requests to the same EC2 instance whenever possible. The advantage of this is that the instance can cache the uses data locally to provide better performance

What's the difference between throughput and bandwidth?

Throughput - Throughput is a term used for how much data can be transferred from the source to its destination within a given timeframe Bandwidth - Bandwidth is the term used for the maximum transfer capacity of a network. On the surface bandwidth and throughput appear to be similar but they couldn't be further apart in practice. The most common analogy used to describe the relationship between the two is to consider bandwidth as a pipe and throughput as water. The larger the pipe or bandwidth is, the more water or data can flow through it at one time. Within a network this means that the amount of bandwidth determines how many packets can be sent and received between devices at one time and the amount of throughput tells you how many packets are actually getting transmitted. To put it another way, bandwidth provides you with a theoretical measure of the maximum number of packets that can be transferred and throughput tells you the number of packets that are actually being successfully transferred. As a result, throughput is more important than bandwidth as a measure of network performance.

There is a 2 key hierarchy for when enabling encryption when using RDS, explain this?

Thus there is a 2 key hierarchy where the data key encrypts data inside the RDS and the data key is encrypted by the master key. There are many benefits to this method such as you getting better performance for encrypting large data sets a and only having to manage a few data and master keys.

How does one use the Elastic MapReduce service

To use Elastic MapReduce you first load your data into S3 and then launch EMR. One the cluster is launched it will start processing your data. EMR is managed so most is done behind the scenes for you, one simply need to define what how many nodes the cluster will need, what types of instances, and what application one wishes to install.

High level describe the process of using a WAF?

To use WAF with CloudFront or ALB you'll first need to identify what you need to protect. You can then deploy rules and filters that will help protect your application. Conditions specify what you want WAF to look for and block. You then turn those conditions into rules.

PaaS (Platform as a Service)

Unlike with IaaS, you don't manage the infrastructure. With this model you focus on deploying and managing applications. The cloud service provider would manage the infrastructure layer for you. A user of this model wouldn't have to worry about managing updates, resources, patches ect.

What is S3's storage capacity?

Unlimited

What does S3 Cross Region Replication do?

Using Amazon S3 Cross Region Replication you can automatically copy objects into a bucket in a different AWS region.

What is Amazon Virtual Private Cloud?

Using and amazon virtual private cloud (VPC) you can isolate cloud resources within your own private virtual network. You have full control, you can bring your own IP addresses, define subnets how you want, and have full control over the router table and network gateways. You can connect a VPC to an existing data center as well as connect multiple VPCs via the use of Amazon VPC peering.

What is AWS Direct Connect?

Using this I would be able to establish a private, dedicated network connection between my data center to AWS. This can be used to help me reduce bandwidth for high volume data transfers and get more consistent network performance. It provides 1 Gbps and 10 Gbps connections.

How can I connect multiple VPC's together so that resources running in one VPC have access to resources running in another?

VPC Peering

What do VPC flowlogs enable me to do?

VPC flowlogs would enable me to capture information about the IP traffic going to and from network interfaces in a VPC. The flow log data is stored using Amazon CloudWatch logs.

What are the levels that you can enable VPC Flow Logs?

VPC, Subnet, Network Interface.

For Cross Region Replication to work, what must be enabled in both the source and destination buckets?

Versioning

S3 is accessible to an application via what?

Via APIs

What determines the baseline for the throughput of an Amazon EBS HDD-Backed Volume?

Volume size

What is AWS Web application Firewall

WAF is a web application firewall that detects malicious traffic targeted at the web applications. I could use this to create rules to protect my applications from things like SQL injections or block traffic from certain IP addresses ect.

Redshift cluster run on EC2 instances, does this mean that we can create security groups for our redshift clusters?

We can

What is the diffence between a NAT gateway and a NAT instance

What happens if a NAT instance goes down? NAT Gateways were created to address this problem, they are managed and created within a specific AV zone in a redundant fashion. NAT Gateways are preferred of NAT Instances since they provide better availability and bandwidth.

When using Simple Queue Service you have the ability to set a visibility timeout, what does this allow one to do?

When a consumer is trying to retrieve a message a visibility timeout will be set which will allow others to consume the message until the timeout is done. When the visibility timeout expires the message will be deleted.

T/F there is no way to prevent user in different countries from accessing content with CloudFront?

When a user requests content CloudFront will typically server the requested content regardless of where the user is located. You can use Geo Restriction however to prevent users in specific countries from accessing your content.

T/F when failover occurs while using RDS you will need to map your applications from the failed master database to the standby?

When failover occurs there is no need to map your applications from the failed master database to the standby, this will happen for you.

When loading data into a redshift cluster using the copy command you should use multiple input files. Why is this?

When loading data using he COPY command you should use multiple input files to maximize throughput and load data In parallel, since each slice loads one file at a time if you only use one file then only one slice will ingest data. Thus if your cluster has 16 slices you can have 16 slices working in parallel to maximize throughput.

When uploading to Glacier it is best practice to do what to your files?

When uploading to glacier it is best practice to aggregate your files perhaps by using TAR or ZIP.

In terms of amazon route 53 what is latency based routing?

When you have resources in AWS data centers that do the same thing and you want 53 to route DNS queries to the resource that provides the best latency you can use this policy.

In terms of Route 53 what is the weighted round robin policy?

When you have resources that perform the same function (web servers for example) and you want 53 to route traffic to those resources in the way you specify you can use the weighted round robin policy. You can also use this policy to do A/B testing (send a little bit of traffic to a server on which you made a change to say 10% and keep 90% of traffic going to the old server).

Describe high level the way in which data is written to S3

When your write something to S3 you first connect to a load balancer and then a api endpoint and then the data is stored in a redundant fashion across multiple availability zones (The minimum is 3).

What does Elastic Beanstalk do?

With AWS Elastic Beanstalk you can deploy, monitor, and scale an application on AWS quickly and easily. It is the easiest and fastest way to deploy web applications. You simply upload the code and all the resources such as EC2 instances, containers, Auto Scaling, Elastic Load Balancing ect.. will be provided behind the scenes. Essentially beanstalk lets you build your applications and focus on the code without having to worry about infrastructure.

With EBS volumes I can create point in time Snapshots of my volumes, what does this mean?

With EBS volumes I also gain the ability to create point in time snapshots of my volumes. I can then share those snapshots with co-workers, developers ect.

Describe block storage?

With block storage data will be presented to my instance as a disk volume. Block storage will provide single digit latency to amazon ec2 instances.

RDS offers 2 forms of monitoring: standard and enhanced. What is the difference between the two?

With standard monitoring you can access 15-18 metrics (depending on the RDBMS engine) such as CPU utilization, latency, throughput ect. Enhanced monitoring will give you more granular metrics as well as access to 37 additional metrics than Standard monitoring would give.

One of the ways of distributing data among nodes using redshift is KEY, explain what it does?

With the key distribution style a slice is chosen based on a distribution key that is a hash of the defined column

What does Amazon S3 versioning allow one to do?

With versioning I can keep multiple versions of the same file. When you look at the S3 bucket you will only see one version but behind the scenes s3 will store all the different versions, I'll have the ability to look at and download different versions of a file.

I can detach and re-attach a Elastic Network Interface at any time. When a ENI is moved from one instance to another will network traffic be redirected to the new instance?

Yes, when you detach and ENI and re-attach it to a different instance that instance will get all of the attributes of the ENI and traffic will be redirected to the new instance.

What would a VPN CloudHub be used for?

You can create multiple VPN connection if you have more than one remote network (for example, multiple branch offices). A VPN Cloud Hub would be used to do this.

Using EBS Volumes as Boot Partitions

You can detach and then attach and EBS volume to EC2 instances within the same AV zone, but you can't do that with EBS volumes across AV zones

How can you identify an object in a bucket?

You can identify an object in a bucket by either name or key and version ID

T/F you can use read replicas to help with high availability?

You can use read replicas to help with high availability and have cross regional read replicas and intra-region read replicas can be used to place a read replica in a AZ where the master is not in.

Auto scaling needs to know what kind of severs to use, how would you specify this and other info?

You define this in the launch configuration

How do you connect a internet gateway?

You just add it to the routing table

What is the purpose of Amazon Kinesis?

You need to use a different set of tools to analyze data in real time. Streaming platforms need to be able to handle data and process it as it arrives. The Amazon Kinesis provides the tool to analyze and manage huge quantities of data.

One of the ways of distributing data among nodes using redshift is EVEN, explain what it does?

You should use this style when you don't know if you should use KEY or ALL. It is also recommended for small dimension tables, tables without JOIN or GROUP BY clauses, and tables that are not used in aggregate queries. Data will be evenly distributed across all slices using round robin styles.

What is a IAM user?

a IAM user is an entity that we create in AWS to uniquely represent a person or service

What is a template in AWS CloudFormation?

a JSON file

What is a launch configuration?

a launch configuration is how you configure a single EC2 instance to be replicated in the event of a autoscaling

After installing the AWS CLI you can invoke it by using the ___ __ command

aws s3

let's say I have a bucket named awsbook and an image named img2.jpg and it's in the folder chp2/image, what would the object key be? What would the partition be? What would be a better partition?

chp2/image/img2.jpg, awsbook/c

What are the 2 ways of securing data with S3?

encryption of data at rest and encryption of data in transit

What does CloudFront use edge locations for?

for caching copies of content close to the user

What is Amazon Lightsail?

his is a simple way to get started with AWS for small businesses, students, developers ect. It will include pretty much everything you need to deploy your website and web applications in the cloud including DNS Management, SSD based storage, a static IP address, networking capacity ect.

Do tables in DynamoDB consist of rows or items?

item

An object can be uniquely identified anywhere in the world by combining the __ name (key) with the ___ name

object, bucket

Listeners define the ___ and ___ on which the load balancer listens for incoming traffic on

port, protocol

A role is meant to be presumable by anyone. When you create a policy for a role you need to specify 2 things, what are they?

principal (who can assume the role) and the second is the permission (what access to resources they have)

Launch permissions control what AWS accounts can use the AMI to launch a instance. There are 3 categories: public, explicit, and implicit. What does each mean?

public(launch permission is granted to all AWS accounts), Explicit (The owner is granting launch permissions to specific AWS accounts), and Implicit (The owner has implicit launch permissions for an AMI).

Lifecycle rules are attached to a bucket, say I wanted to apply a lifecycle policy to only a few files what is the best way to go about doing this?

s I would prefix the files with unique prefix and then enable the lifecycle rules on the prefix.

T/F a data warehouse is sometimes called a OLAP (online analytical processing)

t

Archives in Glacier are write once, what does that mean?

that once I create an archive I won't be able to modify the files in it unless I download them and then reupload.

Say that you have a application that needs access to resources on another instance. That application will need credentials, what is the best way to provide them?

the best way to provide them is by using IAM roles

What is eth0?

the default network interface of a instance which is called the primary network interface (eth0)

What does the instance root device contain?

the image that is used to boot the instance

What is the only way to block traffic with a security group?

the only way to block traffic is to not allow it.

When using RDS if the master DB goes down what will happen?

the standby will take on the role of the master

what are Point of Presence zones?

these are edge locations which are located in most major cities around the globe ( There are about 70 atm), they can be used by content delivery networks to send content to nearby users to reduce latency.

Throughput-Optimized HDD (st1) is good when I need to run a workload that defines performance metrics in terms of __ instead of __

throughput, IOPS

What are the Amazon Snowball devices used for?

transferring data from on premise to AWS

when should I use on demand vs reserved vs spot instances

use on demand when you dont know how much resources you will need use reserved when you know exactly how much you'll need and for how long use spot instances when things arent mission critical as you can be outbid and lose your instances on very short notice

What is a vault with Glacier?

vault is a container for an archive, it would help me organize the data that I have in Glacier. Just like a real vault you can set up different levels of authorizations for users

What are the 3 ways in which I would be able to control access to S3?

write Identity and Access Management Policies and assign these policies to user, groups or roles Bucket policies Access control lists

Explain to me what AWS CloudFormation is used for?

CloudFormation is used to provision and manage stacks of AWS resources based on templates that you create to model your infrastructure architecture allowing to manage anything from a single EC2 instance to a complex multitier multiregional application.

Amazon CloudFront

CloudFront is the global content delivery network (CDN) of AWS. It helps bring static content to websites faster, but can also be used for the dynamic content.

When using a hash or something as a partition what must you be careful of?

you want to make sure that you don't end up with too many partition keys.

What are the 3 main options for data retrieval with Glacier

§ Expedited: quick retrieval 1-5 min § Standard: 3-5 hours § Bulk 5-12 hours

Say I have some of the following use cases: media transcoding, applications supporting a large number of concurrent users, long running batch jobs, high performance computing, game servers. Which instance type should I use?

Compute Optimized (C5, C4, C3)

For reserved instances what is the difference between standard and convertible

Convertible reserved instances will provide better flexibility if your needs should change.

What's the first thing that you need to do when setting up a VPC

Decide the IP range by creating a CIDR block

T/F when deploying a single instance for elastic beanstalk it is usually done for development purposes?

Deploying a single instance is usually done for development or testing purposes whereas multiple instances are used for production.

A route table consists of what 2 things? What do they both indicate?

Destination: signifies what traffic should be routed Target: Signifies where the traffic should be routed

What are the 3 ways to distribute data among nodes using redshfit?

Distrubution, all, even

Some instances can be EBS (Elastic Block Share) optimized, what does this mean?

EBS optimized instances can deliver dedicated throughput between Amazon EC2 and Amazon EBS which will minimize contention between amazon EBS I/O and other traffic from a EC2 instance which will thus provide better performance for a EBS Volume.

If I need full control over by database instances, need operating system access, and you need full control over backups, replications, and clustering should I choose to host my database using RDS or an EC2 instance?

EC2

What is Amazon Elastic Compute Cloud or EC2?

EC2 includes the virtual servers, instances, in the cloud. A customer can choose from over 30 instances, each with a different specializations. Some are CPU intensive, some are memory intensive, whereas others are storage optimized. A customer can choose the best instance depending on their needs.

What is Elastic Load Balancing?

ELB would allow me to automatically distribute load across multiple EC2 instances. It supports load balancing meaning I would be able to automatically scale up or down EC2 instances depending on traffic. It can also do health checks and remove unhealthy instances.

For most RDS engines backups are scheduled when?

Every day

T/F DynamoDB is not managed?

F

T/F a auto scaling group can have multiple launch configurations linked to it?

F

T/F after encryption has been enabled on a redshift cluster it can be disabled?

F

T/F an EBS volume can be attached to multiple EC2 servers at a time

F

T/F edge locations have bigger caches than regional edge locations?

F

T/F for Standard queues with simple queue service the delivery delay is retroactive meaning that the delay will apply to messages already in the queue?

F

T/F there is an additional charge to use instances that support enhanced networking?

F

T/F there is snapshot support for an EC2 instances store?

F

T/F when using RDS the standby database will remain open meaning you can direct traffic to both the master and standby?

F

T/F when using RDS you can encrypt the database after creation?

F

T/F with AWS CloudFormation there are no templates already created?

F

T/F if you install a database on a EC2 instance Amazon will take care of everything for you from patches to Infrastructure

F, If you install here then AWS will take care of the infrastructure but you will still have to take care of things like the OS, OS patches required for the RDBMS, database installation.

T/F whenever I launch a instance into the default VPC it will have a public DNS hostname that corresponds to the public IPv4 address and a private DNS hostname that corresponds to the private IPv4 address of that instance?

F, If you launch a instance in a custom or nondefault VPC then the instance will have a private DNS name and it might or might not have a public DNS name depending on the attributes defined.

T/F EBS HDD-Backed Volume are good for any IO that involves random IO?

F, It is also good for any IO that involves sequential IO

T/F most enterprises will not establish a connection between their data centers and their AWS network?

F, Most enterprises will establish a connection between their data centers and their AWS network because by doing so they can have a greater bandwidth and a bigger pipeline.

T/F target groups can't exist independently from load balancers?

F, Target groups can exist independently from load balancers meaning you can create target groups and keep them ready for when you add it with a load balancer

T/F there is only one way to create a key pair for accessing a instance?

F, There are multiple ways to create a key pair, customers could bring their own, you could create a key pair via the command line or API

T/F there is no need for vault names to be unique

F, Vault names must be unique within the account and the region

T/F Elastic Beanstalk can only be deployed as a single instance?

F, When deploying elastic beanstalk you can either deploy it as single or multiple instances with the database being optional in both cases.

T/F you can associate multiple NACL's with multiple subnets?

F, You can associate a NACL with multiple subnets but a subnet can only be associated with one NACL at a time.

T/F there can be many leader nodes and compute nodes per redshift cluster?

F, although there can be many compute nodes, there can only be one leader node

T/F once a instance is launched and goes into running state you will not be charged until you connect to it?

F, as soon as it starts running you're charged

T/F there is no need for the name of a bucket to be unique?

F, bucket names must be unique, even across regions

T/F CloudFront can only cache static content?

F, it can cache dynamic content as well

T/F Auto scaling can span AV zones and regions?

F, it can span AV zones but not regions

T/F it is not possible to VPC peer across accounts?

F, it is possible to VPC peer across accounts

T/F you can only use the same instance type within a placement group?

F, it is recommended that one does though

T/F for a redshift cluster when a leader node distributes a job to a compute node the entire node works to process that job?

F, it will distribute the job to a slice on the node

T/F cross load balancing will distribute traffic evenly across AZ?

F, it will distribute traffic evenly across instances

T/F Cloud computing helps transform IT spending from a operational expenditure to a capital expenditure

F, its the other way around

T/F in terms of redshift clusters applications can communicate directly with compute nodes?

F, only directly with the leader nodes

T/F Cross Region Replication will copy over new and old objects?

F, only newly added items

T/F when creating a security group by default all incoming and outgoing traffic is allowed?

F, only outgoing traffic will allowed by default

T/F both network and application load balancers can do content routing?

F, only the application load balancer

T/F there is a slight charge for creating placement groups?

F, only when an instance is added

T/F when you make a change to a security group it does not happen immediately?

F, the change will be applied immediately

T/F if you reboot a instance store backed volume you will lose all of your data?

F, the data will persist on reboot

T/F when creating subnets within a VPC CIDR blocks are allowed to overlap

F, they are not allowed to overlap

T/F when you create users in AWS they are given basic privileges by default?

F, they have neither credentials or privileges until you add them

T/F in terms of single redshift clusters data is automatically replicated between the compute node?

F, this is true for multinode clusters

T/F when you create a user they can only be actual people?

F, users can be people or applications

T/F Amazon will start preserving existing files in a bucket anytime you perform a PUT, POST, COPY, or DELETE operation on right out of the box?

F, versioning is something that needs to be enabled on buckets

T/F you can't use snapshots to back up a database?

F, you can

T/F you don't have the ability to create your own master key for encryption when using RDS?

F, you can create your own master key

T/F when using AWS there is only one way to host your database

F, you could use and EC2 instance or RDS, or on premise

What do amazon flow logs do?

Flow logs capture information about the IP traffic going to and from your network interfaces in your VPC.

If I wanted my instance to have burstable performance which instance type would I choose?

General Purpose (T2, M5, M4, and M3)

General Purpose SSD's (gp2) will deliver how many sustained IOPS for every configured GB of storage?

General Purpose SSD's (gp2) will deliver 3 sustained IOPS for every configured GB of storage. For example a 100GB volume could readily deliver 300 IOPS.

What is the default mode for Amazon EFS? What is it optimized for?

General purpose mode is the default for Amazon EFS. It is optimized for latency sensitive applications as well as throughput intensive workloads

Concerning DynamoDB what are Global Secondary Indexes?

Global secondary indexes are indexes that contain partition keys or partition sort keys that can be different from the tables primary key.

What protocols does the application load balancer support?

HTTP and HTTPS

A Linux AMI will use one of two types of virtualization, what are they?

Hardware Virtual Machine (HVM) or Paravirtual (PV)

Amazon Elastic File System is a shared file system, what does that mean?

I could mount the same file system to multiple EC2 instances.

Say I have a database server running on my private subnet and my web server is running on my public subnet, what would I have to do if I wanted to give my database server access to the internet?

I would have to install a NAT instance on the public subnet and route the database server internet traffic via NAT instance running on the public subnet. The reverse is not allowed.

When would I use the Amazon S3 Reduced Redundancy Storage Class?

I would use this option to store noncritical, non-production data. An example that was used is if I need to store a video in different resolutions. Perhaps I have the master copy on S3 standard but all the other copies on RRS.

When would I use Amazon S3 One Zone Infrequent Access?

I would use this to store data that is accessed less frequently, but when it is accessed, needs to be accessed rapidly.

Authorization is mainly done in AWS through the use of what?

IAM policie

The performance of a block storage device is commonly reported in what unit?

IOPS (Input/Output Per Second)

What is IaaS (Infrastructure as a Service)?

IaaS allows someone to manage resources just like they would in their own data center. It provides the foundation of a cloud IT environment providing servers, storage, networking ect. With this model you manage the overall infrastructure

What does it mean for an instance to be retired

If AWS determines there is a irreparable hardware failure for the hardware hosting the instance AWS will schedule the instance for retirement and after a certain date it will be terminated.

What does it mean for a security group rule to be marked as stale?

If a security group rule is referencing a security group in a peer VPC and the referenced security group is deleted then the rule will be marked as stale.

What happens if a health check fails? What happens if a health check keeps failing?

If the health check fails then the health check allows for traffic to be shifted away from the impaired instance. If the health check keeps failing then the EC2 instance will be replaced with a new one.

delete

If the instance root device is backed up using S3 it is called a instance store backed AMI.

What is the difference between how rules are evaluated between a security group and a NACL?

In a security group all rules are evaluated before deciding whether to allow the traffic whereas in a NACL the rule number (Ascending order) gets precedence

Delete

In file storage data is presented via a file system interface and with file system semantics to instances. When attached to an instance it will act just like a local file system.

What does the "*" mean in the bucket policy for the image?

In the following image the "*" for Principal mean that anonymous access is granted.

With Aurora there is a storage layer that automatically replicates across how many different nodes in how many different AV zones?

In two nodes across 3 different AV zones

To use the Amazon Inspector service what would I need to do?

Install the AWS agent onto each instance

Which of these can CloudWatch not be used for: Metric collecting and tracking Capturing real time changes using amazon CloudWatch Events Alarms Storing and analyzing logs

It can be used for all of these things

If you plan on uploading files larger than 100MB to Glacier it is best practice to do what?

It is best to use a multipart uploader

Should one use a EBS backed instance or a instance store backed instance?

It is recommended for one to use a instance that is backed up by EBS instead of one that is backed up using the instance store.

Why is it recommended to use the same instance type when auto scaling?

It is recommended to use the same instance type in a Auto Scaling group as you will get the best load distribution between instances of the same type.

Every subnet needs a route table, if you don't create one for a subnet what happens?

It will use the main route table of the VPC

When you first start a state machine you pass it some input as ------ and then each state change will either add to or change the ------ blob as output which then becomes input for the next state

JSON, JSON

What are the 4 languages that AWS Lambda supports?

Java, Node.js, Python, C#

Amazon S3 One Zone Infrequent access class stores data in how many zones?

Just one

Concerning redshift, if you have tables that are frequently joined or related fact tables of dimension relations, which data distribution process should be used: KEY, ALL, EVEN?

KEY

When you enable encryption when creating a RDS the default key will be created using what service?

KMS

Max I/O mode is a mode that can be utilized with EFS, what is it optimized for?

Max I/O mode is optimized for large scale data heavy applications where tens, hundreds, and thousands of EC2 instances are accessing the file system.

Say I have any of the following use cases: I'm processing large data sets, running in memory databases such as NoSql, MongoDB, Cassandra? Which instance type should I use?

Memory Optimized (X1e, X1, R4, and R3)

With AWS Simple Notification Service messages get published to what?

Messages are published to topics

Containers support the concept of microservices, what is that?

Microservices break apart a app into small chunks thus reducing complexity and allowing teams to move faster

What do Amazon API Gateways do for us?

Monitoring, deploying, an monitoring APIs can be a challenging task. One often has to keep available older APIs to provide backwards compatibility to clients. Managing authorization of APIs is also a lot of work. Amazon API Gateway not only addresses the challenges that come along with APIs but also decreases the complexity when it comes to creating and maintaining RESTful APIs. Amazon Gateway is a fully managed service that makes it easy for developers to define, publish, deploy, maintain, monitor, and secure APIs at any scale. AWS Gateway servers as the front door to your web applications running on EC2, ECS, Lambda, or on premise. You can use the API Gateway in the following ways: • To create, deploy, and manage a RESTful API to expose back-end HTTP endpoints, AWS Lambda functions, or other AWS service To invoke exposed API methods through the front end HTTP endpoints

A load balancer can support up to __ listeners.

10

With applications load balancers you can set up path based routing and using pathed based routing you can set up __ different rules meaning you can have __ different applications with a single ELB.

10, 10

When creating a EBS volume with Provisioned IOPS I can specify the IOPS rate and EBS volumes will deliver within ___% of that specified rate ___% of the time

10, 99.9

How many read replicas can you have with an RDS?

15

The ratio of for volume vs Provisioned IOPS is _:__ meaning that if I had a 100GB volume share I could provision 100* __ IOPS to that share

1:50, 50

DynamoDB stores how many geographically replicas of each table?

3

the network load balancer works on how many layers of the OSI model?

4

I could create a Provisioned IPS SSD (io1) volume between _GB and __TB and could specify anything between __ to ___ IOPS per volume share.

4, 16, 100, 20000

What is the max archive size that can be uploaded in a single request with Glacier?

4GB

When creating a subnet for a VPC how many addresses will AWS take

5, For example in a subnet with 10.0.0.0/24 the following subnets will be reserved 10.0.0.0, 10.0.0.1, 10.0.0.2, 10.0.0.3, 10.0.0.255

Each General Purpose SSD receives how many initial IO credits?

5.4 million

A application load balancer works on how many layers of the OSI model?

7

What is the max IOPS a instance can have?

75,000

AWS CloudTrail will show the event history for the region that you are viewing for the last how many days?

90

What does a VPC endpoint do?

A Amazon VPC Endpoint gives me the ability to establish a private connection between my VPC and S3.

What is an Edge location?

A Content Delivery Network end point for CloudFront where data will be cached. There are many more of these than regions. It is your "Friendly Neighborhood Cache"

What is a NACL (Network Access Control List)?

A NACL (Network Access Control List) is a layer of security that acts as a firewall on the subnet level. A NACL is stateless and a combination of IP address, port, protocol, and allow/deny for a subnet.

How does a NACL determine what traffic should be allowed?

A NACL uses a list of rules to determine what traffic is allowed, once a rule is matched it is used even if there is one that contradicts it further down the list.

What is a amazon machine image?

A amazon machine image is a blueprint that has all the detail of the software configuration of a server or instance.

What is a bucket?

A bucket is a container for storing objects in Amazon S3, it's similar to a folder on a computer

What is AWS Lambda?

A code execution service. AWS lambda allows a customer to run code without provisioning or managing servers or infrastructure. You pay for only the compute time when the code is getting executed. AWS Lambda scales automatically whenever you upload your code. High availability is also provided automatically.

In terms of AWS Config what does a config rule represent?

A config rule represents the desired configurations for a resource and is evaluated against configuration changes on the relevant resources

What are data warehouses designed to do?

A data warehouse is designed to enhance business intelligence meaning that it is used to help a organization enhance their performance.

When launching a EC2 instance what does having a dedicated host mean? How can it help reduce cost?

A dedicated hosts means that you get a server exclusively assigned to you. This option has the potential of helping someone reduce costs because they can use existing licenses for things such as windows server, SQL Server, SUSE Linux Enterprise ect. Also you can carve out as many VMs as you want depending on the capability of the physical server.

what is an availability zone

A distinct location within a region that is insulated from failures in other availability zones and provides inexpensive, low-latency network connectivity to other availability zones in the same region.

For amazon CloudFront what is a distribution used for?

A distribution specifies the location or locations of the original version of your files. A distribution will have a unique CloudFront.net domain name that can be used to reference objects through the global network of edge locations.

The code you run on AWS Lambda is called a what?

A lambda function

Are the following the jobs of a leader node or a compute node for a redshift cluster: • Acts as a SQL endpoint for applications • Performs database functions and coordinates the parallel SQL processing All catalog tables exist here

A leader node

What is a message queue?

A message queue is a form of asynchronous service to service communication used in serverless and microservice architectures.

What is a placement group and what does it provide an application? Is it the same as cluster networking?

A placement group is a logical grouping of instances with a single AZ. A placement group would provide a application with low latency and high network throughput.

T/F a read replica can be promoted to master DB?

A read replica can be promoted to master DB but it is important to remember that the replication between the master and replica is asynchronous, meaning if the replica is promoted to master there may be some data loss

What 2 types of nodes do redshift clusters consist of?

A redshift cluster consists of a leader node and a compute node.

What is a AWS region?

A region in AWS is a geographical area that has a cluster of highly redundant data centers. Within each region there are availability zones.

What is a route table?

A route table is a table consisting of rules for how traffic should be routed.

What is a scalable infrastructure?

A scalable infrastructure can efficiently meet unexpected increases in demand by your application. With AWS this often means increasing the number of instances.

What level is a security group applied at?

A security group is applied at the instance level and not at the subnet level.

What is a security group?

A security group is essentially a virtual firewall that can be assigned to any instance running in a VPC. It defines what traffic can run in and out.

Is a security group stateful or stateless? Is a NACL group stateful or stateless? What does each mean?

A security group is stateful meaning that return traffic is allowed by default whereas a NACL is stateless meaning that return traffic is not allowed by default

Before you can upload files to Glacier you need to create a what?

A vault

AWS trusted advisor provides best practices or checks in 5 different categories, what are they?

• Cost optimization • Security • Fault tolerance • Performance • Service Limits

What are the steps for setting up Elastic File System?

• Create a filesystem • Create a mount target in each AZ from which you want to access the file system • Run the mount command from the EC2 instance on the DNS name of the mount of the EFS Start using the EFS

What are the 3 main ways to access Glacier

• Directly via the Amazon Glacier API or SDK • Via a lifecycle policy were you move old files from say S3 to Glacier • Via various 3rd party tools and gateways

What are the 2 consistency models that one can choose when using DynamoDB?

• Eventually Consistent ○ This is the default. This will maximize throughput, however you might not see the change from the update or write immediately after. Repeating the read after a short time should allow you to see the changes though. • Strongly Consistent Reads ○A strongly consistent read will return a result that reflects all writes that received a successful response prior to the read.

Which of the following ways can you move objects between different storage classes: Lifecycle policies Drag and drop By running the S3 copy (aws s3 cp) command form the AWS CLI From the amazon S3 console From a SDK

• Lifecycle policies • By running the S3 copy (aws s3 cp) command form the AWS CLI • From the amazon S3 console From a SDK

Name at least 2 common industry uses for Glacier?

• Magnetic tape replacement ○ Creating a tape archive is pretty expensive. With Amazon Glacier there is no upfront cost, there is no maintenance overhead like with tapes. • Healthcare/life sciences/scientific data storage ○ Think about how much data hospitals need to keep. When doing research a single sequence of genomes can take up a terabyte of data. • Media assets archiving/digital preservation ○ Media assets can grow really fast. Glacier is a good place to archive these • Compliance archiving/long term backup Many organizations have a SLA to archive documents for x amount of years.

What are the 4 ways to auto scale when creating a auto scaling group?

• Maintain the instance level ○ Here you define the min amount of server you always want running. Say you know you always want 6 servers running, then you would set the min to 6 for the fleet. • Manual scaling ○ You can scale up or down manually, but why... • Scaling as per demand ○ You can scale as demand increases such as according to various CloudWatch metrics such as an increase in CPU, disk reads, disk writes, and so on. Here you must define 2 policies: one for scaling up and another for scaling down. • Scaling as per schedule ○If your traffic is predicable then you can do scaling up or down during certain periods of time.

What are the 2 different in memory key value engines that ElastiCache supports?

• Memcached ○ This is the gold standard of web caching • Redis ○This is becoming increasingly popular. Unlike Memcached you can use it for long lived data.

List at least 4 benefits of an Amazon API Gateway?

• Resiliency and performance at any scale ○ Can manage any amount of traffic and you don't need to manage any infrastructure • Caching ○ The ability to cache the output of API calls so you don't have to call the backend every time. • Security ○ Provides several tools for authorizing access • Metering ○ Automatically meters traffic to your APIs and lets one extract utilization data for each API key. • Monitoring ○ Once you deploy an API Gateway will provide you with a dashboard to view all metrics related to calls to that service. It will also be integrated with CloudWatch. • Lifecycle management • API Gateways allow you to run and maintain several different versions of the same API at the same time. • Integration with other AWS products Such as Lambda and CloudWatch

High level explain the way a query is executed on a redshift cluster and the roles the leader and compute nodes play?

• SQL is submitted • The leader node gets the query and develops a plan • The leader node selects which compute nodes will do the work • The compute node processes the job and sends the results back to the leader node The leader node aggregates the results and sends it back to the client or the application

With AWS Simple Queue Service there are 2 types of queues: standard and FIFO. Which queue would I use if I needed to ensure order as well that the message can be delivered multiple times?

• Standard ○ This is the default queue. It supports nearly unlimited transactions per second. It provides at least one message deliver and tries to preserved order but may not. • FIFO ○ This queue preserves order. It can support up to 300 messages per second. This is not the queue to use if the consumer needs the message delivered multiple times.

AWS step functions have 7 state types, define each: Task Choice Parallel Wait Fail Succeed Pass

• Task ○ Single unit of work • Choice ○ Branching logic • Parallel ○ Parallel states allow one to fork the same input into multiple states and then join the results into a combined state • Wait ○ Cause a delay • Fail ○ Stops execution and marks it as failure • Succeed ○ Stops an execution successfully • Pass ○This passes its input to output

An Elastic Beanstalk consists of what 3 major components?

• The environment ○ This consists of things like VPC's, EC2 instances, ELB's ect • The application version ○ This is the code for the application • Saved configuration ○This defines how an environment and its resources should behave. It can be used to quickly launch new environments as well as rollback configurations.

What are the 3 storage interfaces that a Storage Gateway supports?

• The file gateway which would enable me to store and receive objects using standard industry file protocols. • The Volume Gateway would present my application with disk volumes by using the iSCSI block protocol. Data saved in these volumes can be backed up to the cloud as EBS snapshots. • The Tape Gateway which would present the storage gateway to my application as a virtual tape library.

With Object Lifecycle Management what are the 2 main kinds of actions one can perform?

• Transition Action ○ This is the action I would use when I'm defining when to move over objects to a different storage class, for instance after 7 days. • Expiration Action ○ This is when you define what's going to happen when the object expires

S3 will automatically encrypt your data on write and decrypt on retrieval using Advanced Encryption Standards (AES) 256 bit symmetric keys, what are the 3 ways in which one can manage these keys?

•SSE with Amazon S3 Key Management (SSE-SE) With this amazon will manage the encryption keys for you. Each object is encrypted using a per object key, each per object key is encypted using a master key, and the master key is managed using S3 key management. •SSE with customer provided keys With this S3 will encrypt you data using the custom encryption keys you provide. Amazon wont store the encryption key anywhere, after the encryption is done the key is discarded. • SSE with AWS Key Management Service KMS With this S3 will encrypt my data at rest using keys that I manage using AWS KMS. It provides an audit trail so you can see who is used your key to access objects as well as failed attempts. You also get separate permissions for the use of the master key thus providing additional security.


Ensembles d'études connexes

10.3 Actions of the Autonomic Nervous System

View Set

1IC/12-13. Complete Grammar Bank. 1st International Commerce. Liceo Español Luis Buñuel

View Set

Laws of Agency: Real Estate Exam

View Set

ENC 1102 Lecture Presentation and Knowledge Check : MLA basics

View Set

Psychosociologie clinique: approche historico-culturelle

View Set

HUNTERcourse Minnesota Chapter 9: Hunting Techniques

View Set