AWS Cloud Practitioner Study Guide

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Autoscaling

-Auto Scaling enables you to scale out and in based on demand and workload. You can automatically increase your fleet size when the load on your servers reach a particular level and likewise terminate instances when the load reduces. -Auto Scaling automatically balances EC2 instances across zones when you configure multiple zones in your Auto Scaling group settings.

What does guard duty analyze

-DNS query logs -VPC Flow Logs -AWS CloudTrail logs

What is customer responsible for with DB for EC2

-The customer is responsible for updating the operating system -The customer is responsible for updating the database software -The customer is responsible for managing access to the database

What is the maximum number of IAM users you can add to an AWS account at the same time?

10

Maximum glacier archive size

40tb

Once you exceed a usage percentage of Free Tier limits for any service, AWS will automatically send you an email notification. What is that percentage?

85

Giving other users access to AMIs

AMIs can be copied to other regions and made available to your colleagues in those regions when they launch new EC2 Instances

What is AWS Config

AWS Config is a managed service that provides AWS resource inventory information and enables you to record configuration change history to enable security and governance requirements. With AWS Config, you can discover both existing and deleted resources at any point in time.

AWS Direct Connect

AWS Direct Connect provides 1 Gbps and 10 Gbps connections, and you can easily provision multiple connections if you need more capacity. You can also use AWS Direct Connect instead of establishing a VPN connection over the Internet to your Amazon VPC, avoiding the need to utilize VPN hardware that frequently can't support data transfer rates above 4 Gbps.

EC2 instance security checks

AWS Inspector is an agent you install on your EC2 Instance and run analysis to identify vulnerabilities

Service to recognize PII

AWS Macie

As an enterprise organization, which AWS Service can you use that can provision a simple and efficient means to make controlled changes to your infrastructure?

AWS Managed Services provides simple and efficient means to make controlled changes to your infrastructure. For example, if you want to deploy an EC2 stack, or change your RDS database configuration settings, AWS Managed Services enables you to quickly and easily make the request through a dedicated self-service console.

What is AWS Organizations

AWS Organizations can help you consolidate multiple AWS Accounts so that you can centrally manage them.

Your project manager (PM) tasked you with launching an instance for a web application to be developed for an NGO. The PM is especially interested in using an AWS service that provides predicable monthly pricing, and he expects the instance to have the ability to burst above the baseline level of CPU performance when needed. What AWS service should you use to launch this instance?

Although EC2 could have been the correct answer, two things are key here: Predicable monthly pricing and instance ability to burst above the baseline level of CPU performance when needed. Lightsail accomplishes that; EC2 is more suitable for consistently high CPU performance, and costs vary according to usage.

What does CloudWatch monitor

Amazon CloudWatch works on the Hypervisor (software, hardware, etc that creates virtual machine) level and does not monitor memory utilization. CloudWatch will monitor CPU, Disk, Networking and Status

What is AWS EMR

Amazon EMR is a web service that makes it easy to process large amounts of data efficiently. Next question

What is AWS EFS

Amazon Elastic File System (Amazon EFS) provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources. It is easy to use and offers a simple interface that allows you to create and configure file systems quickly and easily. Amazon EFS is built to elastically scale on demand without disrupting applications, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it. Multiple Amazon EC2 instances and on-premises servers can simultaneously access an Amazon EFS file system, so applications that scale beyond a single instance can access a file system.

What is AWS Glacier

Amazon Glacier is used to store data as archives. It allows you to archive content reliably and move it when needed. -Can stores objects as a collection in an archive file format like a tar or zip file

AWS Lightsail

Amazon Lightsail is the easiest way to get started with AWS if you just need virtual private servers. Lightsail includes everything you need to launch your project quickly - a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP - for a low, predictable price. After you create your instance, you can easily connect to it. You can manage your instances using the Lightsail console, Lightsail API, or Lightsail command line interface (CLI).

Where are RDS backups stored

Amazon RDS Automated Backups are stored in S3.

AWS Redshift

Amazon Redshift is AWS's data warehouse service designed to scale up to petabytes of structured data. Using Redshift, you can create a data warehouse with a set of nodes, which is referred to as a 'cluster'.

AWS Workspaces

Amazon WorkSpaces is a managed, secure, cloud desktop service. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe. You can pay either monthly or hourly, just for the WorkSpaces you launch, which helps you save money when compared to traditional desktops and on-premises VDI solutions. Amazon WorkSpaces helps you eliminate the complexity in managing hardware inventory, OS versions and patches, and Virtual Desktop Infrastructure (VDI), which helps simplify your desktop delivery strategy.

RDS Responsibilities

Amazon is responsible for ensuring database infrastructure, patching of DB instances and storing data. As a customer, you are responsible for how your applications interface with the RDS endpoints and read/write to the database.

Which of the following does Amazon assure will happen when paying for AWS on an as-needed basis?

Amazon provides certain benefits when you pay for services on an as-needed basis for your business. You can spend more time innovating and inventing, which consequently reduces the complexity of procurement and enables your business to be fully elastic.

Which of the following are benefits of Amazon RDS read replicas?

Amazon read replicas are copies of your source database instance and enhance performance by reducing the instance's workload and increase availability when the instance fails. In addition, read replicas are designed for security because RDS sets up communication between them and the source DB instance using public key encryption. Automated backups are a feature of multi-AZ deployments, not a benefit of read replicas.

What is an Elastic IP

An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. You can assign it to any EC2 Instance in a public subnet. Note that the EIP address will not change when you reboot the instance.

CloudWatch alarm states

An alarm can be in the following three states: • OK • Alarm • Insufficient_Data

S3 responsibility

Backing up data

Disposable resources components to use

Bootstrapping enables you to deploy servers without having to configure them with fixed settings. Using Golden Images enables you to design auto scaling strategies

Which of the following terms applies to EC2 instances that have the ability to burst above the baseline level of their CPU performance?

Burstable performance

CloudTrail features

By default, CloudTrail event log files are encrypted using Amazon S3 server-side encryption. CloudTrail delivers log files within 15 minutes of account activity. Selected With CloudTrail, you can create a trail that either applies to one Region or to all Regions.

Subnet communication

By default, all subnets within a VPC can communicate with each other

Which of the below is TRUE when considering subnets in a VPC?

By default, all subnets within a VPC can communicate with each other, without needing any other resources or configuration. NAT Gateway and Internet Gateway work in different scenarios to allow your subnet to communicate with the internet and are not required to communicate between subnets

Which of the following AWS services should you use if you'd like to be notified when you have crossed a billing threshold?

CloudWatch

CloudWatch Options

CloudWatch comes with Basic and Detailed Monitoring options

Decoupling benefits

Decoupling components of an application can help ensure that a failure of one component does not impact the entire application process

What pricing option for existing server licenses

Dedicated Hosts can help reduce your costs as you can utilize your existing server licenses.

EC2 meaning

Elastic Compute Cloud

What does "Authorization" refer to?

Evaluating what permissions a user has

Spot instance pricing

Even though you bid on a particular price, known as the bid price, you will actually pay the spot price which will either be the same as your bid price or less than your bid price. If the spot price rises above your bid price, then you will lose the instance.

You are using your corporate directory to grant your users access to AWS services. What is this called?

Federated Access

For AWS Enterprise customers, any questions about billing and overall AWS account can be directed to which AWS support personnel?

For AWS Enterprise Accounts, questions related to billing can be directed to the AWS Concierge

What is Geolocational Routing

Geolocation enables you to direct traffic based on the user's location.

Which of the following provides the most secure and operationally efficient way to give the staff member access to the accounts payable application?

Have the user request temporary security credentials for the application by assuming a role

RDS instance cost

Hours of use, Additional Storage and Number of Requests determine the overall cost of your RDS Instance

Grant EC2 instance ability to access S3 storage

IAM Roles enable you to grant access to AWS services to trusted entities and to enable your EC2 instance to assume a role that has the permissions required to access Amazon S3. Your applications running on the EC2 instance can then assume the role and upload and download the images from S3. Roles grant temporary credentials which are managed by AWS, and you do not need to worry about rotating access keys or worrying about them getting leaked out to unauthorized entities.

Default on NACL and Security groups

In a default configuration, Security Groups allow only outbound traffic and block all incoming traffic. You need to enable inbound traffic specifying the protocol, port and source. In a VPC the default NACL is set to allow all inbound and outbound traffic. If you deploy a custom NACL, then all inbound and outbound traffic is blocked

CloudFormation Template Sections

In total there are 9 valid sections allowed within a CloudFormation template. In the answers above, only "Parameters", "Resources" and "Outputs" are considered valid. "Options" is not a template section.

Where do you go to for viewing your AWS monthly charges?

Information about your AWS monthly charges are provided in the Billing and Cost Management Console. Cost Explorer, Budgets, and Monthly Spend by Linked Account View are actually three features within the Billing and Cost Management console; they are not dashboards that display your monthly charges.

Using Infrastructure as Code is a related of which cloud concept?

Infrastructure as Code is a key implementation of Automation in cloud - using Infrastructure as Code allows to quickly and easily deploy and manage your environment without reliance on humans to complete all the tasks. Scalability is the concept that as cloud has essentially limitless capacity, and it allows you to expand out as needed. Elasticity is the ability to go up and down in resources as needed. High Availability relates to the ability of your application to withstand failures in Cloud Infrastructure.

Which of the following services in a VPC grants you Internet Access for the VPC?

Internet Gateway (IGW) gives you access to the Internet for a VPC

Standard Glacier data retrieval time

It takes 3 to 5 hours to prepare a Glacier archive to be available for download.

Are Key Pairs unique to the region in which you have created them?

Key Pairs are unique to the region in which you create them. If you wish to launch an EC2 Instance in another region, you need to ensure you configure a Key Pair for that region.

Which EC2 Instances are now billed on a per second basis?

Linux-based instances are now billed on a per second basis.

Reserved instance benefit (taxes)

Many companies capitalize reserved instance purchases, especially those with 3-year terms. Waiting for current infrastructure to fully depreciate will cause the company to miss the other cloud benefits that are available. Moving the company to an operating expense model will prove too large a task, and will most likely result in a rejected business case. Elastic infrastructure is definitely a benefit, but doesn't address the capitalization issue.

Which of the following are principles of sound design when it comes to performance efficiency?

Of these choices, you should democratize advanced technologies, deploy into multiple Regions, and use Serverless technologies.

Policie

Policies enable you to assign permissions to users, groups and roles

Which of the following are payment options for Reserved Instances?

Reserves instances are available with all upfront, partial upfront, or no upfront (AURI, PURI, and NURI) pricing

RDS Automated backup retention period

Retention period for Amazon RDS automated backups can be between one day and 35 days.

When setting up the properties of an S3 bucket, which of the following options should you select to get detailed records for the requests made to the bucket?

Server access logging

When designing a loose coupling infrastructure, which of the following examples represents service discovery?

Service Discovery means that you do not tie down a service to a specific parameter or value. Using DNS names for end points instead of using IP Address ensures flexibility for failover

Your System Administration team lead wants you to subscribe to the RSS feed to be notified of any interruptions to the EC2 service in the N. California and Ohio Regions. Which of the following will enable you to do that?

Service health dashboard

When running your database instance as a Multi-AZ deployment, can you use the standby for read or write operations?

Standby replica cannot serve read requests. Multi-AZ deployments are designed to provide enhanced database availability and durability, rather than read scaling benefits.

Tags

Tags enable you to identify your EC2 Instances using Key Value Name Pairs. You can create multiple Tags such as Name of Server, Department and the Employee who launched it.

What should you do with EBSs for reliability

Take snapshots

AWS Storage Gateway

The Storage Gateway service is primarily used for attaching infrastructure located in a Data centre to the AWS Storage infrastructure. The AWS documentation states that; "You can think of a file gateway as a file system mount on S3." Amazon Elastic File System (EFS) is a mountable file storage service for EC2, but has no connection to S3 which is an object storage service. Amazon Elastic Block Store (EBS) is a block level storage service for use with Amazon EC2 and again has no connection to S3.

AWS Trusted Advisor categories

The five categories are cost optimization, security, performance, fault tolerance and service limits.

Password policy options

The password policy options does not include the requirement of using at least one numerical character from 1 to 9; it is actually at least one numerical character from 0 to 9. Passwords can contain between 6 to 128 characters, so 12 to 64 characters is incorrect. The other three options listed are correct.

Acceptable IAM Names

User names should contain alphanumeric characters, or any of the following: _+=,.@- mike.smith John_smith

Configurable components of IAM

Users, Groups, Roles, and Permissions are integral to IAM. Authentication and Authorization are functions that IAM provides, and Access Controls is the function performed by IAM, but not actual components of it.

IAM Policies

Using the Condition element, you build expressions in which you use condition operators (equal, less than, etc.) to match the condition in the policy against values in the request. Condition values can include date, time, the IP address of the requester, etc.

Free services

VPC, Elastic Beanstalk, CloudFormation, and IAM are all free. However, some of the resources that they help create and deploy may not be free. For example, The CloudFormation tool itself is free as is creating templates. However, when CloudFormation is used to launch EC2 Instances from the template, those EC2 Instances will be chargeable. Similarly, if you use Elastic Beanstalk to launch a Load Balancer, the Elastic Beanstalk service itself is free, but not the Elastic Load Balancer.

You have just launched a Windows EC2 Instance. What method is available to you to obtain the Windows Local Administrator password?

When you launch a server (Windows or Linux); you must configure it to be associated with a Key Pair. This is an encrypted key where you will be able to use your private key to login to Linux based servers or decrypt the Windows Administrator password using the AWS Management Console.

Your IT Manger has set up an AWS IAM user for you. Which link can you use to access your AWS Management Console? ​

When you set up an IAM User in your AWS Account, you access the console via a special URL, which is https://AWSAccountID.signin.aws.amazon.com/console. The AWS Account ID is unique to your AWS Account

What is AWS Service Catalog

With AWS Service Catalog, you can create a customized portfolio for each type of user in your organization and selectively grant access to the appropriate portfolio. When you add a new version of a product to a portfolio, that version is automatically available to all current users

AWS Rekognition

With Amazon Rekognition you can detect, analyze, and compare text, scenes and faces for a wide variety of user verification and identify content that should be removed.

Which of the following is the AWS email and calendaring service?

WorkMail

S3 pricing model

You are charged per the storage used, the number of requests made and if you transfer data over the Internet.

Discount on RDS instance

You can benefit from a discount by committing to purchase a Reserved DB Instance. There are no spot instances with RDS and there is no such thing as LightSail Instance for DBs

You are configuring AWS Organizations with multiple OUs for departments such as Operations and Development. There is a Test/Dev Account attached to the Developers OU, and you want to ensure that they are only able to configure certain AWS Services like RDS and Lambda. Which method can you use to restrict the Development Team to only performing certain actions?

You can configure Policies in AWS Organizations to ensure only certain actions can be performed for certain AWS accounts in OU's.

What is convertible reserved instance

You can exchange one or more Convertible Reserved Instances for another Convertible Reserved Instance with a different configuration, including instance family, operating system, and tenancy. There are no limits to how many times you perform an exchange, as long as the target Convertible Reserved Instance is of an equal or higher value than the Convertible Reserved Instances that you are exchanging.

How many EIPs per region

You can get 5 EIP's per region by default. You can raise a support request to get additional Elastic IP Addresses.

Load balancer to static IP address

You can now configure a new type of load balancer called a Network Load Balancer which allows you to assign Static Elastic IP Address per subnet

How many internet gateways per VPC

You can only have one Internet Gateway per VPC.

Route53 services

You can perform Domain Registration, DNS Management, Traffic Management, and Availability Monitoring

Vulnerability testing against AWS

You can run vulnerability tests against your workloads as long as you inform AWS when you plan to run the test, and you only run this against your own workloads

Reserved instance duration options

You can sign up for 1 or 3-year contract for a reserved instance capacity.

Moving S3 data to different storage class

You can use Lifecycle Management to automatically move objects from one storage class to another for better management of costs

S3 Restrictions

You can use the Bucket Policies to grant access at the bucket level and Access Control Lists at the file level.

S3 buckets showing on the web

You need to grant public access and read/write access if you want to be able to access files over a web browser. In addition the Bucket must be enabled for public access by ensuring that you have not this is not blocked at the account level.

When would you use the EC2 On Demand pricing model?

You would use the EC2 On Demand model when you need compute capability that does not require any up front payments or long term commitments, and where you have applications with short term or unpredictable workloads that cannot be interrupted.

Minimum files in S3 to create static website

index.htm error.html

Amazon RDS 6 engines

• MySQL • Aurora • MS SQL • Oracle • ProgreSQL • MariaDB


Set pelajaran terkait

8th grade, Module 12; Pythagorean Theorem

View Set

Ch. 11 - Stereotyping, Prejudice, Discrimination

View Set

ATI: The Gastrointestinal System

View Set

Visual Elements - Light and Color

View Set

Adult Primary Care- Parathyroid/Thyroid

View Set