All

Question 1

What is the difference between a delay queue and a message timer?

Answer 1

Delay Queue: postpone the delivery of all new messages between 0 seconds and 15 minutes

Message Timer: an initial invisibility timer for a particular message between 0 seconds and 15 minutes

Question 2

What is connection draining?

Answer 2

Where an Elastic Load Balancer (ELB) keeps open any in-flight connections while an instance is deregistering or unhealthy

Question 3

What is an Elastic Fabric Adapter (EFA)?

Answer 3

A network device that can be attached to an EC2 instance that accelerates high-performance computing (HPC)

Question 4

What are the periods after which data is available for:

1) basic monitoring
2) detailed monitoring
3) standard resolution metrics
4) high resolution metrics

Answer 4

Basic Monitoring: 5 minutes
Detailed Monitoring: 1 minute

Standard Resolution Metrics: 1 minute
High Resolution Metrics: 1 second

Question 5

What is the difference between a CloudFormation stack and a StackSet?

Answer 5

Stack: a set of AWS resources created and managed as a unit.

StackSet: enables create, update, and delete of stacks across multiple accounts and regions

Question 6

What is the difference between RTO and RPO?

Answer 6

RTO (Recovery Time Objective): the time it takes to return a system to a working state after a disaster

RPO (Recovery Point Objective): the amount of data that can be lost (measured in seconds)

Question 7

What is the difference between horizontal and vertical scalability?

Answer 7

Horizontal: more instances; scale-out/scale-in

Vertical: more powerful machine; scale-up/scale-down

Question 8

How many messages per second is supported by an SQS FIFO queue without batching? With batching?

Answer 8

Without Batching: 300 messages

With Batching: 3,000 messages

So, up to 10 messages in a batch

Question 9

What is a visibility timeout?

Answer 9

The period during which SQS prevents other consumers from receiving and processing a given message.

Default: 30 seconds
Min: 0 seconds
Max: 12 hours

Question 10

What is the difference between an inbound endpoint and an outbound endpoint in Route 53?

Answer 10

Inbound: on-prem -> AWS

Outbound: AWS -> on-prem

Question 11

What is the difference between CloudWatch, CloudTrail, and Config?

Answer 11

CloudWatch: performance monitoring, events, alerts

CloudTrail: account-specific activity/audit

Config: resource-specific history, audit, and compliance

Question 12

What are the possible targets for Kinesis Data Firehose?

Answer 12

1) S3
2) Redshift
3) ElasticSearch (OpenSearch)
4) Splunk

Question 13

What is AWS DataSync?

Answer 13

A service that enables transferring data from on-prem to AWS storage services such as:

1) S3
2) EFS
3) FSx for Windows File Server

Question 14

What is a Service Control Policy (SCP)?

Answer 14

A policy that manages control over all accounts in an AWS organization

(does NOT affect service-linked roles)

Question 15

Which file protocols does File Gateway support?

Answer 15

1) NFS (Network File System)

2) SMB (Server Message Block)

Question 16

Can an Elastic Load Balancer (ELB) work across regions?

Answer 16

No

Question 17

What is the difference between an Aurora multi-master DB cluster and a single-master DB cluster?

Answer 17

Multi-Master: All DB instances can perform write operations; there is no failover or downtime; appropriate if continuous availability is required

Single-Master: One DB instance performs write operations; all others are read-only

Question 18

What attribute allows you to persist an EBS volume even after its EC2 instance terminates?

Answer 18

DeleteOnTermination

Question 19

What are the pricing differences between alias records and CNAME records?

Answer 19

• No charge for alias queries

- Charge for CNAME queries

Question 20

How does Aurora break ties when promoting read replicas?

Answer 20

Take highest priority (lowest number, 0-15)
Then
Largest size
Then
Pick arbitrarily

Question 21

What are the supported S3 lifecycle transitions, in order?

Answer 21

Standard -> Standard IA -> Intelligent tiering -> One-zone IA -> Glacier Instant Retrieval -> Glacier Flexible Retrieval -> Glacier Deep Archive

Question 22

What error is displayed when the target groups for a load balancer have no registered targets?

Answer 22

503: Service Unavailable

Question 23

What are the different scaling policies for an auto-scaling group and what are their differences?

Answer 23

Target tracking: scale based on a metric

Step scaling: increase/decrease capacity in proportion to the size of the alarm breach; can continue responding to alarms

Simple scaling: scaling must complete and the cooldown period must expire before additional alarms can be responded to

Question 24

Which runtimes does Lambda support?

Answer 24

• C#/.NET
• Go
• Java
• Node.js
• Python
• Ruby

Question 25

How many concurrent executions does Lambda support per account per region?

Answer 25

1,000

Question 26

Which services can be invoked from an S3 event notification?

Answer 26

• SNS
• SQS
• Lambda

Question 27

For which events can S3 public event notifications?

Answer 27

• New object created
• Object removal
• Restore object
• Reduced Redundancy Storage object lost
• Replication

Question 28

What is the difference between a Spread, Partition, and a Cluster Placement Group?

Answer 28

EC2 instances are deployed such that they are:

Cluster: …close together in a single AZ
Partition: …not sharing hardware with another partition
Spread: …each instance running on different hardware

Question 29

What is VPC Peering?

Answer 29

A connection between 2 VPCs through a private IPv4 or IPv6 address

Question 30

What is the difference between a Virtual Private Gateway and a Customer Gateway?

Answer 30

Virtual Private Gateway: on the AWS VPC side of the VPN connection

Customer Gateway: on the on-prem customer side of the VPN connection

Both are needed to set up a site-to-site VPN connection

Question 31

What is the difference between S3 Transfer Acceleration and Global Accelerator?

Answer 31

S3 Transfer Acceleration: upload files to an edge location through CloudFront that gets forwarded to your S3 bucket through the AWS network

Global Accelerator: 2 static IPs that users connect to at the edge where it is forwarded to your application through the AWS network

Question 32

What is DynamoDB Accelerator (DAX)?

Answer 32

An in-memory cache for DynamoDB

Question 33

What is VPN CloudHub?

Answer 33

A service that allows connections between multiple sites with a site-to-site VPN connection through a hub-and-spoke model

Question 34

What is the difference between a NAT instance and a NAT gateway?

Answer 34

NAT instance: an EC2 server used as a NAT; can be used as a bastion host; supports security groups; supports port forwarding

NAT gateway: a NAT managed by AWS

Question 35

What are the 4 configurations supported by the VPC console wizard?

Answer 35

1) VPC with 1 public subnet
2) VPC with public and private subnets
3) VPC with public and private subnets and site-to-site VPN access
4) VPC with private subnet only and site-to-site VPN access

Question 36

What is enhanced fanout?

Answer 36

A feature of Kinesis Data Streams to enable each consumer to have their own 2 MB/s pipe per shard

(instead of the default, which is a single 2 MB/s pipe for all consumers)

Question 37

What is the difference between SQS and Kinesis Data Streams?

Answer 37

SQS:

• message-based ack/fail with visibility timeout
• increase throughput at read time by adding more consumers

Kinesis Data Streams:

• multiple concurrent consumers
• consume records in the same order a few hours later

Question 38

What is AWS OpsWorks?

Answer 38

A configuration management service that provides managed instances of Chef and Puppet

Question 39

What is AWS X-Ray?

Answer 39

A service which shows an end-to-end view of request as they travel across distributed applications, including across AWS accounts

Question 40

What is CloudTrail?

Answer 40

A service which monitors AWS account activity

Question 41

What are VPC Flow Logs?

Answer 41

They capture info about IP traffic to/from your VPC

Question 42

What is the difference between a gateway endpoint and an interface endpoint?

Answer 42

Gateway endpoint: specified as a target for a route in route table to either S3 or DynamoDB

Interface endpoint: an ENI with a private IP which is the entry point for non-S3 and non-DynamoDB AWS services

Question 43

Which two services use Gateway VPC Endpoints?

Answer 43

S3 and DynamoDB

Question 44

What is the difference between a launch template and a launch configuration?

Answer 44

Launch configurations are deprecated

Launch templates have more features

Question 45

What is the difference between Cognito User Pools and Cognito Identity Pools?

Answer 45

Cognito User Pool: a way to log into an app; a serverless database of users

Cognito Identity Pool: a way to provide temp access to AWS resources

Question 46

What is the difference between a dedicated host and a dedicated instance?

Answer 46

With dedicated hosts, you can bring your own license.

Although both give you dedicated hardware, a dedicated HOST is the SAME hardware as long as you are paying.

A dedicated INSTANCE is the same hardware as long as the EC2 instance is RUNNING. Start/stop it and you may get different hardware

Question 47

What is the difference between site-to-site VPN and Direct Connect?

Answer 47

Site-to-Site VPN: connect on-prem with VPC over VPN on public internet. Takes minutes to configure

Direct Connect: physical connection between on-prem and VPC. Takes 1 month to set up. Private network, private connection

Question 48

What is a transit gateway?

Answer 48

A network hub for interconnecting VPCs and on-prem networks

Question 49

What is AWS Global Accelerator?

Answer 49

A service that leverages 2 anycast IP addresses…

…which will forward traffic to an edge location…

…which will forward traffic through the AWS network to your application

Used especially with non-HTTP traffic! (e.g., UDP, MQTT, etc.)

Question 50

What is the difference between unicast IP and anycast IP?

Answer 50

Unicast IP: one IP per server

Anycast IP: one IP for multiple servers

Question 51

What is the difference between the EFS modes Bursting Throughput and Provisioned Throughput?

Answer 51

Bursting Throughput: throughput scales as the filesystem grows

Provisioned Throughput: instantly provision throughput independent of the amount of data stored.

Question 52

What are the different EFS modes?

Answer 52

1) Performance—General Purpose
2) Performance—Max I/O
3) Throughput—Bursting Throughput
4) Throughput—Provisioned Throughput

Question 53

What is the difference between CloudFront and Global Accelerator?

Answer 53

CloudFront: cached content is served from the edge

Global Accelerator: the edge proxies packets to your application

Question 54

What is the maximum number of instances per AZ when using a single spread placement group?

Answer 54

7

Question 55

What is an Internet Gateway?

Answer 55

It allows communication between instances in the VPC and the Internet

Question 56

What is VPN Connection? (AKA Site-to-Site VPN)?

Answer 56

Securely connect on-prem server with AWS VPC

Question 57

What does Amazon GuardDuty do?

Answer 57

Analyze logs and generate security findings, including against CryptoCurrency attacks

Question 58

What sorts of logs does GuardDuty analyze?

Answer 58

1) CloudTrail Event Logs
2) VPC Flow Logs
3) DNS Logs
4) Kubernetes Audit Logs

Question 59

What does Amazon Macie do?

Answer 59

Analyze S3 buckets for sensitive information (including PII)

Question 60

Which services can be used to buffer or throttle requests?

Answer 60

1) API Gateway
2) SQS
3) Kinesis

Question 61

What is the difference between Bursting Throughput and Provisioned Throughput

Answer 61

Both are EFS modes

Bursting Throughput: throughout scales as the filesystem grows

Provisioned Throughput: instantly provision throughput independent of the amount of data stored

Question 62

What are the different EFS modes?

Answer 62

1) Performance—General Purpose
2) Performance—Max I/O
3) Throughput—Bursting Throughput
4) Throughput—Provisioned Throughput

Question 63

What is an Elastic IP Address?

Answer 63

A static IPv4 address associated to your AWS account.

Can mask failure of an instance by rapidly remapping to a different instance.

Question 64

What conditions can an Application Load Balancer use to route a request?

Answer 64

1) http-request-method
2) path-pattern
3) host-header (name of host)
4) query-string
5) http-header
6) source-ip

Question 65

What does AWS PrivateLink do?

Answer 65

Creates a private connection between an application fronted by an NLB in one account with an ENI in another account

Question 66

Which AWS services can serve as the target for an Alias record?

Answer 66

• Global Accelerator
• Elastic Beanstalk
• CloudFront
• Route53 Record
• API Gateway
• VPC Interface Endpoints
• ELB
• S3 Websites
• NOT an EC2 instance

Question 67

What is the difference between an Alias and a CNAME record?

Answer 67

Alias: maps to an AWS resource; can be used for the zone apex

CNAME: maps to any other hostname; cannot be used for the zone apex

Question 68

What does DNS hostnames do?

Answer 68

Gives an EC2 instance a public hostname that corresponds to its public IP

Disabled by default for non-default VPCs

Question 69

What does the DNS resolution option do?

Answer 69

Enables using AWS DNS server to resolve hostnames

Question 70

What options do you need to configure to create a private hosted zone?

Answer 70

Enable both DNS hostnames and DNS resolution

Question 71

What is cross-zone load balancing?

Answer 71

When enabled, a load balancer distributes traffic across all nodes equally.

When disabled, a load balancer distributes traffic across all Availability Zones equally.

Question 72

List and explain the differences between the different disaster recovery mechanisms.

Answer 72

1) Backup and Restore (RPO in hours, RTO <= 24 hours)
2) Pilot Light—critical systems only are already running in the cloud (RPO in minutes, RTO in hours)
3) Warm Standby—a full version of the system is running in the cloud, but not scaled (RPO in seconds, RTO in minutes)
4) Hot-site/multi-site/active-active—a full production scale backup is always running (RPO near zero, RTO potentially zero)

Question 73

What is S3 object lock?

Answer 73

Facilitates a WORM model (Write Once, Read Many) by preventing objects from being deleted or overwritten for a fixed amount of time (or indefinitely).

Only works in versioned buckets

Question 74

What are DynamoDB Streams?

Answer 74

An ordered flow of information about changes to items in DynamoDB tables

Question 75

List and explain the differences between Route53’s routing policies.

Answer 75

• Simple—route traffic to a single resource
• Failover—route traffic to a secondary resource if the health check to the primary resource fails
• Geolocation—route traffic based on the location of USERS
• Geoproximity—route traffic based on the location of RESOURCES
• Latency—route traffic to the region with the lowest latency
• Multivalue—respond to DNS queries with multiple records (can use health checks)
• Weighted—control the percentage of requests that route to a particular resource

Question 76

What is the difference between the Geolocation and the Geoproximity routing policies?

Answer 76

Geolocation: route traffic based on the location of USERS

Geoproximity: route traffic based on the location of RESOURCES (you can change the size of the geographic region from which users are directed to your resource on a literal map by changing the BIAS)

Question 77

What is an access control list (ACL)?

Answer 77

A service policy that controls which principals in another account can access an AWS resource

Question 78

What is the only resource-based policy that IAM supports?

Answer 78

A trust policy