All Flashcards
KMS multi region keys what limits on them?
Keys are not global related, not cloned but replicated
Cannot be converted from single region key.
make management of keys more complex
What does kinesis data streams offer for security features?
Control access via IAM.
Encryption in flight.
Encryption at rest with KMS.
VPC endpoint
What two services support VPC Gateway Endpoints
S3.
Dynamo DB
Define AWS firewall manager
Security management service to centrally, configure firewall rules across organizations includes
WAF rules.
Security groups.
Network firewall rules
R 53 resolver
Define IAM ID Center
Allows for sign in for all accounts business cloud apps, like salesforce
Third-party app supporting SAML 2.0
Aurora supports these databases
MYSQL
POSTGRES
How many replicas in aurora cluster max?
15
RDS technology, which does not support IAM
Oracle
Define cloud watch metric stream
Send cloud watch metrics in near real time to S3 via kinesis firehose or third-party destinations
Five tenants of AWS well architected application
Cost
Performance
Reliability
Security.
Operational excellence
aws: principal org ID
For any resource policy to restrict to accounts that are member of an AWS Org
Define comprehend medical is it HIPPA compliant
Detect extract analyze info from unstructured sources, such as doctors notes, radiology reports
Supports HIPAA
Define Kendra
Document search service using machine learning
Define Sagemaker
Fully manage service for deploying machine learning models quickly
Define AWS Polly
Text to speech service.
Uses lexicons for pronunciations.
Uses SSML = speech synthesis markup language
Define Transcribe
Auto convert speech to text
Auto remove PII.
Auto language
Define VPC sharing versus VPC peering
Sharing is for sharing subnets with other AWS accounts or to centrally manage VPCs for multiple accounts.
Peering is a peering connection between two VPCs in same or multiple accounts
What are SCP’s?
Service control policies.
IAM policies applied to OU or accounts to restrict access.
Does not apply to management account
What is S3 max object size
Five TB
What is lambda max execution time?
15 minutes
What are RCU and WCU in Dynamo DB
Read capacity units and write capacity units.
Can be scaled independently
What is the purpose of increasing visibility timeout in SQS?
Gives consumers more time to process messages, resulting in less duplicates
Define SQS visibility timeout
Period of time where SQS prevents other consumers from receiving and processing messages
What is a glacier vault lock?
Uses WORM.
Right once read many
Locks added for never delete
What is S3 durability and availability?
99.99 or 53 minutes in one year
What are the features of the application migration service or MGN?
Converts source servers to run an AWS physical VM or cloud
Key futures of Aurora global DB.
How many secondary regions?
How many read replicas
Replicas in other regions
Up to five secondary regions.
15 read replicas max per region
kinesis data shard -
What are the max throughput?
Incoming and outgoing.
provisioned mode:
each shard = 1MB per second incoming
2 MB per second outgoing
Define kinesis partition key function
Used to order data in shards
truck one goes to shard one
Can kinesis fire hose transform data
Yes
To create aurora read replica auto scaling do what
Create policy under actions
Can create auto scaling policy
Decide on target either by request or CPU
EKS node types
manage node. AWS manage the node for you.
self manage node
Fargate
Describe Aurora global database with regard to regions
One primary region.
Up to five secondary regions.
With up to 16 read replicas per region
What is the used case for Aurora serverless
In frequent intermittent or unpredictable workloads no capacity plan needed
Why use EFS over EBS?
EFS is a shared file storage service offering high performance and can be connected to from many EC two instances
Define aurora reader endpoint
A reader endpoint connects to all replicas therefore application only needs to connect to reader endpoint
Five things about Aurora high availability and read scaling
Storage replicated with Six copies of data
Instant takes rights the master
Auto fail over less than 30 seconds.
Master +15 read replicas.
Supports cross region replication.
Why use Aurora global database feature?
Global means available in multiple regions
What machine learning integrations does Aurora have?
Sage maker
Comprehend
Aurora - list 6 features
Backup and recovery
Isolation and security.
Industry compliance.
Automated patching.
Advanced monitoring.
Backtrack is a way, restoring the database to appoint in time recovery must be enabled by database creation
List features of Aurora
What databases does it support?
What is the performance increase?
What is the auto scale storage max?
How many replicas support?
What failover capabilities does it support?
What is the cost versus RDS?
Supports postgres and MYSQL.
Cloud optimize for 5X performance.
Auto scale storage to 128 TB.
Up to 15 read replicas
Failover instantaneous.
Cost is more than RDS
What is an EC2 instance store what benefits and what drawbacks
Benefits.
Higher disk I/O as VM‘s have direct access to discs on server hardware
Instance store is an ephemeral volume. It does not persist across stop/start.
List the EBS volume types
GP2
GP3
Io1/Io2
ST1
SC1
What is the used case for EBS volume GP2 or GP3
General purpose, SSD, volume balances, price, and performance
What is use case for EBS volume type
Io1/Io2?
Highest performance, SSD low latency high throughput
What is the used case for EBS volume type sT1
Lowest cost HDD volume design for frequently access throughput intensive workloads
What is the use case for EBS volume type SC1?
Lowest cost HDD volume design for less frequently accessed workloads
What is the max CIDR size in AWS?
/16
API Gateway create what types of API
Restful APIs
EFS backups are they enabled by default?
Yes, enabled by default for one zone
API gateway websocket API -
state full or state less
Stateful – full duplex
What is the RDS feature which does not require connection string
Multi-AZ
Define a stateless application
The application does not save session data
Define a stateful application
Save session data user retain session data
What can you say about SCP’s hierarchy?
SCPs are applied at OU level account example : cannot access lambda because SCP denies at OU level
Define Neptune
Graphing Database
use case:
number of likes from one post from one user
Think social networking
What kind of DB is dynamo DB
Key pair value
What is SAML?
Security assertion, markup language
What is the max size of dynamo DB table?
400 KB
Define lambda at edge
Feature of cloud front which enables code to run near users which improves performance and latency
Why use a volume gateway?
Provides block storage with ISCSI -
backed on S3 backed by EBS snapshots, which help restore on premises volumes
What is the main reason to use FSX file gateway for window server
Creates a local cash for frequently access files. Can use SMB, NTFS, AD.
With S3 file gateway, what protocol to use if you want to integrate with AD
SMB
How is data and S3 file gateway handled?
Most recently used data is cashed in the gateway
S3 file gateway, what protocols?
NTFS or SMB
What is SNS message filtering
Jason policy to filter messages before they are sent to subscribers
Define SNS to S3 through kinesis data fire hose.
What does this help you with?
This can allow you to persist your messages
What are the four types of storage gateways?
S3 file
FSX file
Volume
Tape
What are the 4 use cases for storage gateway?
DR.
Back up and restore.
Tiered storage.
On premises, cashing
What function does storage gateway perform?
Expose S3 data to on premises
What features does FSX NET ONTAP have with regard to cloning and storage?
Instant cloning of point in time.
Storage auto shrinks and grows
What is SNS and SQS fan out
One SNS topic pushes to multiple SQS cues so each service can read from their own SQSQ
What security features for SNS
Encryption in flight.
Encryption at rest.
Client Certs if desired
What is AWS global accelerator main benefits?
Provides regional failover
High availability
Static IPs
Improve performance via edge locations.
Find green control of regional deployments client affinity think blue Green deployments
What are two types of volume gateways that you can create?
Cashed: low latency access
Stored: entire data set on premises
data sync - what aws services can it sync to?
Does it preserve file permissions?
S3
EFS
FSx
Yes
What does AWS data sync do which is important when sync between AWS storage services?
Preserves metadata, including file permissions
What is the main goal of a volume gateway?
Back up volumes from on premises servers to S3
RDS database can have how many read replicas
15
What is a storage gateway hardware app appliance
Use on premises in case there is no virtualization on premises
What is the key use for Aurora cloning
Copy on right method
Quick access to production DB.
Initial clone created with minimum space.
Uses copy on right method which only allocate storage when changes are made to data
Why use IAM permission boundaries?
Provides a boundary of permissions for any user.
Helpful for developers to manage their own permissions, but not to elevate their own permissions
Name three on-premises configurations for storage gateway
file gateway. With nfs/smb
volume gateway with iscsi
tape gateway with iscsi VTL
What are the two types of file systems in FSX luster?
Scratch
Persistent
Where did the name luster come from used in FSX luster
Linux cluster
What file system to use for high-performance computing Linux clusters scales to millions of IOPS integrates with S3?
FSX for luster
Define symmetric KMS key
Symmetric key is used to decrypt and encrypt in a single key
How do you decouple with SQS between application tiers?
Use SQS between front-end web apps and back-end apps which can process data
How can you increase SQS throughput?
By scaling up the consumers.
Create ASG from cloud watch alarm Q length this alarm triggers ASG scale out
Why use net app on tap?
Move workloads running NAS or ONTAPP
Supports NFS, SMB, ISCSI
What are SQS access policies
Similar to S3 bucket policies
Cross account access to SQS.
Other services write access to SQS
What is the only protocol in FSX for openZFS?
Only NFS
List route 53 record types
A Maps host name to IP version four
AAAA -host name to IPv6
CNAME - maps hosting to another name cannot map on domain zone Apex.
NS – name servers
Alias – like CNAME points to AWS resources can be used on Apex
Define dynamo DB DAX
Dynamo DB accelerator
10 times performance through caching
What is an edge optimized API gateway?
CloudFront feature for clients distributed, geographically. locations receive routed request, and API still lives in one region
What are AWS step functions?
Serverless workflow.
Human approval
Timeout.
Error handling
The export feature of dynamo DB does what
Exports to S3 with JSON format
What is glue data brew?
Used to clean and normalize data in preperation for ML
What is the max throughput for SQSFIFO queue
3000 messages per second
Does API gateway support caching?
 Yes
Does Dynamo DB supprt caching?
Yes
Define timestream
Does it include analytics?
What encryption?
Time series database
built in analytics
encryption at rest
Define Keyspaces
Apache open source noSQL.
Uses CQL Cassandra query language
What is the use case for dynamo DB streams?
Enables replication via changelog to other regions
What are the services the integrate with Quicksite?
Aurora.
S3
RDS
Open search
Athena
Red shift
What are the key features of open search?
Search any field, including partial matches
Dashboards.
Manage or serverless.
Can support SQL
Analysis of logs
What is enhanced VPC routing?
A feature of Redshift.
Forces a copy and unload traffic through your VPC
What type of DB is Redshift?
Relational DB
What are the valid subscribers for SNS?
HTTP and HTTPS
SQS
Lambda
Kinesis Firehose ONLY
Email
SMS
EKS supports which storage
EBS
EFS
FSX luster,
FSX Net ONTAPP
Document DB
What is it based on?
Does it auto scale?
Is it serverless?
How does it store data?
MongoDB=NoSQL
Autoscales.
Not serverless.
Stores Json data
Define AWS XRAY
Provides user centric model to analyze and debug applications.
Provides end to end view of request as traveling through the application
What is the data rate for KinesisDataStreams producers sending into KinesisDataStreams service?
1MB per second or 1000 messages per second
Per shard per shard
What is the data rate for KenesisDataStreams outbound to consumers?
2MB per second per shard
What makes up a kinesis data stream record
Contains
Partition key.
Data blob
DataLake
What is it built upon?
Major benefit
Where can the data be stored?
What sits on top?
What type of access control?
Built upon glue.
All data in one place.
Can be an S3, RDS, Aurora
Lake formation exists on top.
Column access control
Define MSK
Managed service for Kafka
Define AWS Recognition what use case
Find objects text and people using machine language.
Used in content moderation
Define IAM conditions and what are the 4 categories
Source IP
Requested region.
Resource tags.
MFA present
Supported databases in RDS
MySQL
Postgres
Maria DB
Oracle
Microsoft SQL server
Aurora
key feature of S3 versioning
Enables rollbacks
Version key is updated.
Delete the delete marker will restore original version
Aurora serverless-
Key Features
What DB’s supported
On demand
Auto scaling.
Auto start/stop
Supports MYSQL and POSTGRES
What are valid Route53 health checks?
Cloudwatch alarms
Endpoints.
Other health checks
List the S3 storage classes
Standard.
Standard infrequent.
One zone infrequent.
Glacier instant retrieval.
Glacier, flexible retrieval
Glacier, deep archive
Intelligent tiering
EventBridge supported Targets
Lambda
SNS
SQS
Cloudwatch
API destinations
API Gateway
For event bridge security.
What two types of policies
Resource based
IAM role
Define AWS control tower
Govern and secure multi account AWS environment.
Automate setup of environment.
Automate policies.
Detect policy violations
What two types of guard rails are used in AWS control tower
Preventative – use SCP’s
Detective – ID noncompliant resources via config
