All Flashcards
KMS multi region keys what limits on them?
Keys are not global related, not cloned but replicated
Cannot be converted from single region key.
make management of keys more complex
What does kinesis data streams offer for security features?
Control access via IAM.
Encryption in flight.
Encryption at rest with KMS.
VPC endpoint
What two services support VPC Gateway Endpoints
S3.
Dynamo DB
Define AWS firewall manager
Security management service to centrally, configure firewall rules across organizations includes
WAF rules.
Security groups.
Network firewall rules
R 53 resolver
Define IAM ID Center
Allows for sign in for all accounts business cloud apps, like salesforce
Third-party app supporting SAML 2.0
Aurora supports these databases
MYSQL
POSTGRES
How many replicas in aurora cluster max?
15
RDS technology, which does not support IAM
Oracle
Define cloud watch metric stream
Send cloud watch metrics in near real time to S3 via kinesis firehose or third-party destinations
Five tenants of AWS well architected application
Cost
Performance
Reliability
Security.
Operational excellence
aws: principal org ID
For any resource policy to restrict to accounts that are member of an AWS Org
Define comprehend medical is it HIPPA compliant
Detect extract analyze info from unstructured sources, such as doctors notes, radiology reports
Supports HIPAA
Define Kendra
Document search service using machine learning
Define Sagemaker
Fully manage service for deploying machine learning models quickly
Define AWS Polly
Text to speech service.
Uses lexicons for pronunciations.
Uses SSML = speech synthesis markup language
Define Transcribe
Auto convert speech to text
Auto remove PII.
Auto language
Define VPC sharing versus VPC peering
Sharing is for sharing subnets with other AWS accounts or to centrally manage VPCs for multiple accounts.
Peering is a peering connection between two VPCs in same or multiple accounts
What are SCP’s?
Service control policies.
IAM policies applied to OU or accounts to restrict access.
Does not apply to management account
What is S3 max object size
Five TB
What is lambda max execution time?
15 minutes
What are RCU and WCU in Dynamo DB
Read capacity units and write capacity units.
Can be scaled independently
What is the purpose of increasing visibility timeout in SQS?
Gives consumers more time to process messages, resulting in less duplicates
Define SQS visibility timeout
Period of time where SQS prevents other consumers from receiving and processing messages
What is a glacier vault lock?
Uses WORM.
Right once read many
Locks added for never delete
What is S3 durability and availability?
99.99 or 53 minutes in one year
What are the features of the application migration service or MGN?
Converts source servers to run an AWS physical VM or cloud
Key futures of Aurora global DB.
How many secondary regions?
How many read replicas
Replicas in other regions
Up to five secondary regions.
15 read replicas max per region
kinesis data shard -
What are the max throughput?
Incoming and outgoing.
provisioned mode:
each shard = 1MB per second incoming
2 MB per second outgoing
Define kinesis partition key function
Used to order data in shards
truck one goes to shard one
Can kinesis fire hose transform data
Yes
To create aurora read replica auto scaling do what
Create policy under actions
Can create auto scaling policy
Decide on target either by request or CPU
EKS node types
manage node. AWS manage the node for you.
self manage node
Fargate
Describe Aurora global database with regard to regions
One primary region.
Up to five secondary regions.
With up to 16 read replicas per region
What is the used case for Aurora serverless
In frequent intermittent or unpredictable workloads no capacity plan needed
Why use EFS over EBS?
EFS is a shared file storage service offering high performance and can be connected to from many EC two instances
Define aurora reader endpoint
A reader endpoint connects to all replicas therefore application only needs to connect to reader endpoint
Five things about Aurora high availability and read scaling
Storage replicated with Six copies of data
Instant takes rights the master
Auto fail over less than 30 seconds.
Master +15 read replicas.
Supports cross region replication.
Why use Aurora global database feature?
Global means available in multiple regions
What machine learning integrations does Aurora have?
Sage maker
Comprehend
Aurora - list 6 features
Backup and recovery
Isolation and security.
Industry compliance.
Automated patching.
Advanced monitoring.
Backtrack is a way, restoring the database to appoint in time recovery must be enabled by database creation
List features of Aurora
What databases does it support?
What is the performance increase?
What is the auto scale storage max?
How many replicas support?
What failover capabilities does it support?
What is the cost versus RDS?
Supports postgres and MYSQL.
Cloud optimize for 5X performance.
Auto scale storage to 128 TB.
Up to 15 read replicas
Failover instantaneous.
Cost is more than RDS
What is an EC2 instance store what benefits and what drawbacks
Benefits.
Higher disk I/O as VM‘s have direct access to discs on server hardware
Instance store is an ephemeral volume. It does not persist across stop/start.
List the EBS volume types
GP2
GP3
Io1/Io2
ST1
SC1
What is the used case for EBS volume GP2 or GP3
General purpose, SSD, volume balances, price, and performance
What is use case for EBS volume type
Io1/Io2?
Highest performance, SSD low latency high throughput
What is the used case for EBS volume type sT1
Lowest cost HDD volume design for frequently access throughput intensive workloads
What is the use case for EBS volume type SC1?
Lowest cost HDD volume design for less frequently accessed workloads
What is the max CIDR size in AWS?
/16
API Gateway create what types of API
Restful APIs
EFS backups are they enabled by default?
Yes, enabled by default for one zone
API gateway websocket API -
state full or state less
Stateful – full duplex
What is the RDS feature which does not require connection string
Multi-AZ
Define a stateless application
The application does not save session data
Define a stateful application
Save session data user retain session data
What can you say about SCP’s hierarchy?
SCPs are applied at OU level account example : cannot access lambda because SCP denies at OU level
Define Neptune
Graphing Database
use case:
number of likes from one post from one user
Think social networking
What kind of DB is dynamo DB
Key pair value
What is SAML?
Security assertion, markup language
What is the max size of dynamo DB table?
400 KB
Define lambda at edge
Feature of cloud front which enables code to run near users which improves performance and latency
Why use a volume gateway?
Provides block storage with ISCSI -
backed on S3 backed by EBS snapshots, which help restore on premises volumes
What is the main reason to use FSX file gateway for window server
Creates a local cash for frequently access files. Can use SMB, NTFS, AD.
With S3 file gateway, what protocol to use if you want to integrate with AD
SMB
How is data and S3 file gateway handled?
Most recently used data is cashed in the gateway
S3 file gateway, what protocols?
NTFS or SMB
What is SNS message filtering
Jason policy to filter messages before they are sent to subscribers
Define SNS to S3 through kinesis data fire hose.
What does this help you with?
This can allow you to persist your messages
What are the four types of storage gateways?
S3 file
FSX file
Volume
Tape
What are the 4 use cases for storage gateway?
DR.
Back up and restore.
Tiered storage.
On premises, cashing
What function does storage gateway perform?
Expose S3 data to on premises
What features does FSX NET ONTAP have with regard to cloning and storage?
Instant cloning of point in time.
Storage auto shrinks and grows
What is SNS and SQS fan out
One SNS topic pushes to multiple SQS cues so each service can read from their own SQSQ
What security features for SNS
Encryption in flight.
Encryption at rest.
Client Certs if desired
What is AWS global accelerator main benefits?
Provides regional failover
High availability
Static IPs
Improve performance via edge locations.
Find green control of regional deployments client affinity think blue Green deployments
What are two types of volume gateways that you can create?
Cashed: low latency access
Stored: entire data set on premises
data sync - what aws services can it sync to?
Does it preserve file permissions?
S3
EFS
FSx
Yes
What does AWS data sync do which is important when sync between AWS storage services?
Preserves metadata, including file permissions
What is the main goal of a volume gateway?
Back up volumes from on premises servers to S3
RDS database can have how many read replicas
15
What is a storage gateway hardware app appliance
Use on premises in case there is no virtualization on premises
What is the key use for Aurora cloning
Copy on right method
Quick access to production DB.
Initial clone created with minimum space.
Uses copy on right method which only allocate storage when changes are made to data
Why use IAM permission boundaries?
Provides a boundary of permissions for any user.
Helpful for developers to manage their own permissions, but not to elevate their own permissions
Name three on-premises configurations for storage gateway
file gateway. With nfs/smb
volume gateway with iscsi
tape gateway with iscsi VTL
What are the two types of file systems in FSX luster?
Scratch
Persistent
Where did the name luster come from used in FSX luster
Linux cluster
What file system to use for high-performance computing Linux clusters scales to millions of IOPS integrates with S3?
FSX for luster
Define symmetric KMS key
Symmetric key is used to decrypt and encrypt in a single key
How do you decouple with SQS between application tiers?
Use SQS between front-end web apps and back-end apps which can process data
How can you increase SQS throughput?
By scaling up the consumers.
Create ASG from cloud watch alarm Q length this alarm triggers ASG scale out
Why use net app on tap?
Move workloads running NAS or ONTAPP
Supports NFS, SMB, ISCSI
What are SQS access policies
Similar to S3 bucket policies
Cross account access to SQS.
Other services write access to SQS
What is the only protocol in FSX for openZFS?
Only NFS
List route 53 record types
A Maps host name to IP version four
AAAA -host name to IPv6
CNAME - maps hosting to another name cannot map on domain zone Apex.
NS – name servers
Alias – like CNAME points to AWS resources can be used on Apex
Define dynamo DB DAX
Dynamo DB accelerator
10 times performance through caching
What is an edge optimized API gateway?
CloudFront feature for clients distributed, geographically. locations receive routed request, and API still lives in one region
What are AWS step functions?
Serverless workflow.
Human approval
Timeout.
Error handling
The export feature of dynamo DB does what
Exports to S3 with JSON format
What is glue data brew?
Used to clean and normalize data in preperation for ML
What is the max throughput for SQSFIFO queue
3000 messages per second
Does API gateway support caching?
 Yes
Does Dynamo DB supprt caching?
Yes
Define timestream
Does it include analytics?
What encryption?
Time series database
built in analytics
encryption at rest
Define Keyspaces
Apache open source noSQL.
Uses CQL Cassandra query language
What is the use case for dynamo DB streams?
Enables replication via changelog to other regions
What are the services the integrate with Quicksite?
Aurora.
S3
RDS
Open search
Athena
Red shift
What are the key features of open search?
Search any field, including partial matches
Dashboards.
Manage or serverless.
Can support SQL
Analysis of logs
What is enhanced VPC routing?
A feature of Redshift.
Forces a copy and unload traffic through your VPC
What type of DB is Redshift?
Relational DB
What are the valid subscribers for SNS?
HTTP and HTTPS
SQS
Lambda
Kinesis Firehose ONLY
Email
SMS
EKS supports which storage
EBS
EFS
FSX luster,
FSX Net ONTAPP
Document DB
What is it based on?
Does it auto scale?
Is it serverless?
How does it store data?
MongoDB=NoSQL
Autoscales.
Not serverless.
Stores Json data
Define AWS XRAY
Provides user centric model to analyze and debug applications.
Provides end to end view of request as traveling through the application
What is the data rate for KinesisDataStreams producers sending into KinesisDataStreams service?
1MB per second or 1000 messages per second
Per shard per shard
What is the data rate for KenesisDataStreams outbound to consumers?
2MB per second per shard
What makes up a kinesis data stream record
Contains
Partition key.
Data blob
DataLake
What is it built upon?
Major benefit
Where can the data be stored?
What sits on top?
What type of access control?
Built upon glue.
All data in one place.
Can be an S3, RDS, Aurora
Lake formation exists on top.
Column access control
Define MSK
Managed service for Kafka
Define AWS Recognition what use case
Find objects text and people using machine language.
Used in content moderation
Define IAM conditions and what are the 4 categories
Source IP
Requested region.
Resource tags.
MFA present
Supported databases in RDS
MySQL
Postgres
Maria DB
Oracle
Microsoft SQL server
Aurora
key feature of S3 versioning
Enables rollbacks
Version key is updated.
Delete the delete marker will restore original version
Aurora serverless-
Key Features
What DB’s supported
On demand
Auto scaling.
Auto start/stop
Supports MYSQL and POSTGRES
What are valid Route53 health checks?
Cloudwatch alarms
Endpoints.
Other health checks
List the S3 storage classes
Standard.
Standard infrequent.
One zone infrequent.
Glacier instant retrieval.
Glacier, flexible retrieval
Glacier, deep archive
Intelligent tiering
EventBridge supported Targets
Lambda
SNS
SQS
Cloudwatch
API destinations
API Gateway
For event bridge security.
What two types of policies
Resource based
IAM role
Define AWS control tower
Govern and secure multi account AWS environment.
Automate setup of environment.
Automate policies.
Detect policy violations
What two types of guard rails are used in AWS control tower
Preventative – use SCP’s
Detective – ID noncompliant resources via config
What are the three services that guard duty scans?
Cloudtrail events
VPC flow logs.
DNS logs
Define AWS Macie
Data and security privacy services.
Detects PII
Data sync copies data to what storage providers
NFS
SMB
Hadoop
Google cloud
Snowcone
S3.
FS X – all.
EFS.
What is the one service AWS data sync does not copy data to
EBS
Which services support throttling
API gateway
SQS
Kinesis
What is the minimum storage in days for S3 glacier instant retrieval
90 day minimum storage
What is the retrieval time for S3 glacial instant retrieval
Millisecond retrieval
What are the three retrieval modes for glacial flexible?
Expedited
Bulk.
Standard.
S3 object lambda what is it used for?
Can change the object before retrieved by application to remove sensitive data.
Only one bucket needed.
Creates S3 access point and lambda access point
What are the two types of snowball edge? What does it do?
Storage optimize : 80 TB.
Compute optimized: 42 TB.
Processes data
What are the sizes available for a snowcone?
8TB AND 14 TB versions
Define glue service
Extract, transform and load. ETL
– fully serverless
– pulls from S3 to transform and load to red shift
What are the glacier, deep archive retrieval modes?
Standard.
Bulk.
What is the retrieval time for glacier deep archive standard mode?
12 hours
What is retrieval time for glacial deep archive bulk mode?
48 hours
What is the minimum storage in days for glacial deep archive?
180 days
Define comprehend
Natural language processing to determine key places, people and events
List the S3 intelligent tiering categories
F I A A D
Frequent.
Infrequent
archive instant access.
Archive access.
Deep archive access
What are the benefits of using organizations?
Use one account to manage multiple accounts.
Cloud watch logs can be sent through central account for logging.
Better security
Define VMware Cloud
VSphere in AWS
How many IP’s for cider 10.0.0.0/31
2
List the number of IPs per cider.
/32
/31
/30
/29
/28
/27
/26
1
2
4
8
16
3 2
64
What are the two types of direct connect gateway
Hosted
Dedicated
What is a used case for direct connect gateway
Connect on premises to VPC using a direct connection location bypasses Internet
Define AWS VPN cloud hub
Allows to securely communicate with multiple sites using AWS VPN
How many IPs are reserved in AWS subnets by default
5
Define AWS inspector
For EC2 and ECS
Analyze, running processes to report OS vulnerabilities.
What is the purpose of SQS long polling?
Reduces API calls
agent weights for a time during the polling period in case message comes in
What cookie names are not allowed on application load balancer
AWSALB
AWSALBAPP
AWSALBTG
What is storage Gateway hardware appliance?
On premises in case there is no virtualization on premises
What types of health checks do network load balancers support?
TCP.
HTTP
HTTPS
What types of health checks do network load balancers support?
TCP.
HTTP
HTTPS
RDS supports what databases
MYSQL
Maria DB
MS sequel server
Oracle
List the difference between cloud front and global accelerator
Call front is a cashing at the edge locations performance improved via cashing
Global accelerator good for UDP or TCP no cashing good for gaming IOT - fast regional failover
List EFS storage classes
Standard.
In frequent
Archive
Define cross zone load balancing
Since traffic to all instances evenly across availability zones and instances
Kinesis data streams list for features in regards to records
Routing records
Ordering of records.
Multiple applications consume same stream data.
Replay Consumer records up to 365 days later in the same order
What is EFS regional versus one zone file systems?
One zone stores data redundantly across a single zone.
Regional stores data across AZs
What is AWS Route 53 resolver
It is a DNS responds recursively to DNS queries from:
AWS resources for public records Amazon VPC specific DNS names
Amazon R53 private hosted zones
is available by default and all VPCs.
For route 53 resolver what does an inbound resolver endpoint do?
Allows DNS queries TO your VPC FROM your on premises network or another VPC
For route 53 outbound resolver endpoint does what
Allows DNS queries FROM your VPC TO your on premises network or another VPC
A route 53 resolver automatically answers DNS queries for
VPC domain names for EC2 instances.
Records in private hosted zones.
Public domain names resolver performs recursive look ups against public name servers on the Internet
Route 53 resolver what to do to resolve DNS queries for any resources in the on prime network from AWSVPC
Create an outbound, DNS resolver to resolve host names on prem from your VPC
True or false
a recovered instance is identical to the original instance, including the instance ID private IP, elastic IP address and all incident data
True
Simplified automatic recovery EC2 instance is supported if
It uses default or dedicated instance tenancy.
It does not use elastic fabric adapter.
List differences between kinesis data, streams, and kinesis data fire hose
Kinesis data streams ingest data for streaming at scale
KDfirehose is a date of transfer service to load streaming data to S3, redshift,and others
Kinesis data streams needs shards configuration manually KDFireHose is fully managed service
Kinesis streams has manual scaling
Fire hose has automated scaling
Kinesis data streams, support replay capability fire hose does not
Kinesis data of fire hose is the easiest way to do what
Load streaming data into data stores and analytics tools
Name the two types of spot requests
One time
Persistent
What defines a persistent spot request
Request is opened again after the spot instance is interrupted
List the spot instance request states
Open
Active
Fail
Closed
Disabled.
Cancelled
What is a dedicated spot instance?
Has a tenency of dedicated when you create the spot instance
What is the default tenency for EC two instances?
Shared hardware
What is a dedicated instance?
Instance that will run on hardware dedicated to a single AWS account
Dedicated instances might share hardware with
Other instances from the same AWS account that are not dedicated instances
List some differences between a dedicated host and a dedicated instance
Dedicated host as a physical server with instance capacity fully dedicated to your use.
Dedicated instance is a physical server that’s dedicated to a single customer account.
Billing for a dedicated host is per host billing per instance, billing for dedicated instance.
Visibility of sockets on dedicated host no visibility on dedicated instance
You cannot request a spot instance with the tenency of default if
In a VPC with instance tenancy as dedicated
You can only cancel spot instance request that are in what status
Open
Active
Disabled
You can only stop a spot instance if
The spot instance was launched from a persistent spot instance request
You can’t stop a spot instance if it is part of a fleet or a launch group true or false
True
What is a spot capacity pool
Set of unused EC to instances with the same instance type operating system availability zone and network platform
What can you do to control spending for spot fleet?
Specify the spot, max total price for spot instances and
on demand max total price for on-demand instances
At what size data set would it be better to use S3 transfer acceleration over cloud front to distribute content
Objects smaller than one gigabyte size should use cloud front otherwise use S3 with transfer acceleration
AWSWAF covers what end points?
Cloud front distributions
API Gateway.
Application load balancer
App sync graph CL
Cognito user pool
App runner.
After you have launched an instance, what are the only two choices for changing it’s tenancy
You can change the tenancy of an instance from dedicated to host or from host to dedicated
Scale out refers to what type of scaling
Horizontal
Scale out refers to what type of scaling
Horizontal
Scale up is used in conjunction with what type of scaling
Vertical
Security groups are state full, true or false
True
NACL’s are stateless true or false
True
Because NACL‘s are stateless, you must do what?
You must allow both inbound and outbound traffic
Why use SQS delay cues
They let you postpone the delivery of new messages to consumers for a number of seconds.
Makes messages unavailable to consumers for a period of time this helps consumers process all the messages
True or false service control policies do not affect service linked roles
True
Service control policy affects what
All users and roles in member accounts, including root user of the member accounts
What are dynamo DB streams?
Allows you to capture time ordered sequence item level modifications in a table, integrated with lambda so you can create triggers that automatically respond to events
What is dynamo db TTL ?
Feature of dynamo DB, which enables time to live on a table
Define elastiCache
Fully managed in memory data store compatible with Redis or MEMCACHED
Describe mongo DB
Mongo DB source available cross platform document oriented, database classified as no sequel. Uses json documents to store data
What is QLDB?
Quantum ledger, database dedicated to financial transactions
Describe HA options for Neptune
Available across 3AZ with 15 read replicas
Name for features of timestream
Serverless
Auto scale
Thousands of times faster at 1/10 the cost of relational databases
Data storage tearing
Built-in analytics
Describe Athena
Serverless query service for s3 stored data
Uses SQL language
Common with Quicksight
How do you improve Athena performance?
Use columnar data - Apache Parquet
Compress data for smaller retrieval
Partition data sets in s3
Use larger files
What is Athena Federated query?
Allows, SQL queries across data stored relational or non relational or Redis
Redshift what underlying database based on ?
OLTP OR OLAP?
Based on post sequel
OLAP online and analytical processing
List differences between red shift and Athena
Faster queries than Athena for joins aggregations
Redshift uses indexes
What is the MEMCACHED evictions cloud watch metric?
When memory begins to fill up it deletes unused, cache keys to free up space
What is the default behavior of AWS lambda in terms of network access?
Runs in a secure VPC with access to AWS services in the Internet lambda owns its own VPC, which is not connected to accounts default VPC
What action to take to deploy new roles in each of the organizations accounts
Use cloud formation stack sets
What can you use to validate the integrity of AWS cloud Trail log files
Enable cloud Trail, log file integrity, validation
Define AWS data pipeline
Define data driven workflows, so that completed tasks can kick off the next task
Define Amazon data, lifecycle manager or DLM
Automate creation, retention, and deletion of EBS snapshots
What file systems does the data sync support?
NFS
SMB
HDFS
cloud storage providers
snowcone
S3
EFS
FSX
open OpenZFS
net app on tap 
What type of billing method used when using AWS Linux, Ubuntu
Per second
List default termination policy in ASG
In order:
Align with allocation strategy
If old launch template configuration
Next billing hour
Can security groups have deny statements
No
Are security groups stateful
Yes
Which cluster placement strategy for large distributed workloads like Kafka Hadoop, and Cassandra and why
Partition placement group least likely to have hardware failure as each partition is its own dedicated rack
What’s the difference between a launch configuration and a launch template
Template can contain different types of instances and can’t have versions.
Configuration contains one instant types used by ASG
Static webpage definition
Static webpage delivers stored content with HTMLCSS or Java
dynamic webpage definition
Dynamic is generated site at runtime by php node.js, asp.net
What type of billing method used when using AWS Linux, Ubuntu
Per second
List default termination policy in ASG
In order:
Align with allocation strategy
If old launch template configuration
Next billing hour
Can security groups have deny statements
No
Are security groups stateful
Yes
Which cluster placement strategy for large distributed workloads like Kafka Hadoop, and Cassandra and why
Partition placement group least likely to have hardware failure as each partition is its own dedicated rack
What’s the difference between a launch configuration and a launch template
Template can contain different types of instances and can’t have versions.
Configuration contains one instant types used by ASG
Static webpage definition
Static webpage delivers stored content with HTMLCSS or Java
dynamic webpage definition
Dynamic is generated site at runtime by php node.js, asp.net
Any explicit deny in any policy results in
Overrides the allow
What are the 5 policy types are available in a single AWS account
Identity-based
Resource-based
IAM permissions boundary
SCP’s
Session policies
To help save S3 cost how can glue job help
Glue job can extract transform load and compressed data before it’s sent to S3
What are the EFS performance modes?
General purpose
Max I/O
What are EFS throughput modes
Elastic – auto scales
Provision – workload is known
Bursting - throughput scales with storage
Why build a shared services VPC
Provides access across multiple accounts, which are shared reducing admin overhead
How does global accelerator help with blue green deployments?
Global accelerator can shift traffic to green deployment from blue gradually or all at once
What three types of virtual interface available for direct connect
Public – to connect for public AWS services
Private to connect to VPC using private ips
Transit – to connect to VPC using private IP and transit Gateway
Define IAM policy evaluation
DORIBS
Is there an explicit deny?
Organization SCP
Resource SCP
ID based
IAM permissions boundary
Session policies
Read replicas use asynchronous, or synchronous replication
Read replicas use asynchronous replication
Read replicas in multi AZ set up use as synchronous or synchronous replication
Read replicas use synchronous in multi-AZ What?
What is Amazon QuickSite?
Service machine, learning power business intelligence service creates interactive dashboards
With regard to QuickSite, what is SPICE?
In memory computation engine if data is imported into QuickSight
What are the data sources for quick site?
RDS
Aurora.
Red shift
Athena
S3
Open search.
Timestream
When you define users in QuickSite, do the same users exist in IAM
No, these users exist only within quick sight
What is Parquette file?
Open source column, oriented, data file format, designated for efficient, data storage and retrieval use with Apache Parquette
What are glue job bookmarks?
Prevents reprocessing old data
What is glue elastic views?
Combine and replicate data across multiple data stores using SQL
What is lake formation?
Works on top of a data lake
centralize all your data for analytical purposes
fully managed service discover cleanse, transform ingest data
What is a huge benefit of using AWS lake formations
Centralized permissions
What other two types of kinesis data analytics
Sequel applications
Apache flink
Why would you need to use kinesis data analytics for Apache Flink?
For more advanced Java or sequel data analytics
Which version of kinesis data analytics would you use if you had kinesis fire hose as source?
You cannot use Flink must use kinesis analytics
What DR options are available for red shift
Multi AZ mode for some cluster types
If single AZ, then snapshots are used
With red shift, what can you do with snapshots?
Snapshots can be copied to another AWS region
What is red shift spectrum
Query data that is already an S3 without loading it
What service can convert JSON files to Apache Parquette
AWS glue
What should you use to control access to your KMS CMKs?
KMS key policies
What’s the difference between AWS secrets, manager and SSM parameter store
With AWS secrets manager, you can rotate the secrets automatically
What’s the difference between dedicated instances and dedicated hosts?
Dedicated hosts are dedicated physical servers all your instances run on can use your own licensing
Dedicated instances are instances that run hardware that’s dedicated to a single customer. Other instances can run on the same hardware from other AWS accounts.
What are Amazon cloud watch alarm actions
Create alarms, automatically stop terminate, reboot, or recover your EC2 instances
Which is better for handling spikes of traffic cloud front or global accelerator
Cloud front
Which is better for non-HTTPuse cases such as gaming UDP IOT VOIP
Global accelerator
Can SNS buffer messages
No
What three services can handle throttling
API Gateway
SQS
Kinesis
What is a VIF and what are the two types?
VIF = virtual interface
Public and private
What is the difference between a public VIF and a private VIF?
Public VIF enables access to public services such as S3
Private VIF enables access to your VPC
What is the difference between AWS private link and AWS direct connection
Private link provides a private network connection between VPCs and AWS services.
AWS direct connect is dedicated private connection between on premises and AWS.
What is the key difference between kinesis data streams and kinesis firehose
Kinesis data streams stream and process data runs real time metrics and analytics
Kinesis data firehose will load streaming data into data stores and analytics tools. It does not do any analytics by itself.
What are the two types of VPC endpoint?
Interface.
Gateway
What is the difference between a VPC interface endpoint and a gateway endpoint
An interface endpoint enables connectivity to AWS services over AWS private link. It consists of a collection of an elastic network interfaces private IP addresses services as an entry point for traffic to the AWS service.
GatewayEndpoints our supported by Amazon, S3 and dynamo DB. Gateway and points do not use AWS private link instead uses specific IP routes to connect to Dynamo DB or S3
What is VPC traffic mirroring?
To replicate network traffic to and from an EC2 to instance and forward to an out of band security and monitoring appliance
Which services are available for private link
EC2
ELB
Kinesis
EC2 systems manager
SNS
Data sink
Amazon elastiCache is used for
Used as a cashing layer in front of relational databases
What is spread placement group
Spreads instances across underlying hardware
How many instances per group per AZ in a spread placement group
7
True or false Amazon EFS file system can have Mount targets in only one VPC at a time
True
What are some limits on EC2 Hibernate?
RAM must be less then 150GB
Root Volume must be EBS and encrypted
No bare metal
ON-Demand reserved and spot instances supported
Is EFS compatible with Windows OS?
NO
What are the EFS performance modes?
General and MAX I/O
What are the EFS storage classes?
Standard.
Infrequent access
Archive
Does Amazon RDS mySQL support storage auto scaling?
Yes
How to migrate AWS account from an AWS organization a to organization B what are the steps?
Remove member from old organization
send invite to member the new organization
accept the invite to new organization
What happens in the case of auto scaling group when an instance is in impaired status?
Auto scaling does not immediately terminate the instance, but waits for a few minutes for the instance to recover
Can a single region KMS key be converted to a multi region
No!
Route 53 what is created automatically for a public hosted zone only
NS and SOA records
Can IAM permission boundaries be applied to groups
No. Roles or users only.
Can IAM permission boundaries be applied to groups
No. Roles or users only.
Can you host a website on lambda
No
Can you put cloud front in front of lambda?
No
List the default auto scaling group termination policy
Allocation strategy,
Old launch template
Old Launch configuration
Next billing hour
Can you use S3 Gateway endpoint to transfer data over direct connection
No!
To use EBS multi what type of EBS volume is needed
Io2 or io1
For IAAS what components are responsibility of the customer?
Applications
Data
Runtime
Middleware
OS
For PAAS what components are responsibility of the customer?
Applications
Data
What database is in-memory, low latency, high performance?
ElastiCache
What is EMR?
ETL service. Extract Transform and Load
What does a DynamoDB Global table do for you?
Table will be accessible with low-latency in multiple regions
What failover type is DynamoDB Global Table?
Active - Active
What type of storage does RedShift store data?
Columnar
What DB type of DB is RedShift based on?
Postgres
What are the performance increase for Redshift?
10X increase
Is RedShift OLTP or OLAP?
OLAP - Online Analytical processing
What is MPP
Massive Parallel Processing - Used by Redshift
Does Redshift have Serverless offering?
YES -
What does EMR stand for?
Elastic Map Reduce
What does EMR do?
Helps to create Hadoop clusters for vast amounts of data
Is Athena Serverless?
YES
What use cases for Athena?
Analyze and query
VPN flow logs
ELB logs
CloudTrails
DocumentDB is based on….
MongoDB
DocumentDB is SQL or NoSQL?
NoSQL
What is TimeStream Database
Time Series database -
1000 times faster
1/10th the cost of relational databases
What is QLDB
Quantum Ledger Database
Immutable - cannot be modified.
Journal behind the scene
cryptographically verifiable.
AWS managed blockchain is a service to…
join public blockchain networks
build your own blockchain
AWS Managed blockchain is compatible with what frameworks
HyperLedger Fabric
Ethereum
