All Flashcards
1
Q
S3 - How is a key defined?
A
A key acts as a file name.
It can include (back) slashes, dots or dashes.
2
Q
S3 - What is the durability / accessibility of S3 Standard?
A
- 999999999% durability and
99. 99% availabiliy
3
Q
S3 - How is data consistency handled?
A
For PUT of new items AWS provides read-after write concistency.
For DELETE and PUT on existing objects eventual concistency (Because the files are stored across multiple data centers)
4
Q
S3 - Describe S3 Standard - Infrequent Access?
A
Same duability as Standard.
Storage costs are lower, but there is a retrieval fee.
Also the size min. is 128KB and the duration is set to a min. of 30 days
5
Q
S3 - What is a typical object lifecycle?
A
- Initially store in S3 Standard
- After 30 days transition to S3 IA
- After 90 days transition to Glacier
- After 3 years delete the file
6
Q
S3 - What is SSE-S3?
A
“Check-Box style” ecryption
AWS handles key management and key protection
7
Q
S3 - What is SSE-KMS?
A
Fully integrated solution, Amazon handles the users key management und protection, but the user manages the keys
8
Q
S3 - What is SSE-C?
A
User maintains own encryption keys, but Amazon handles the library implementation
9
Q
S3 - What is Client-Side encryption?
A
Data is ecrypted on the client side before the data is sent to S3
10
Q
S3 - What is MFA Delete Protection?
A
For a delete request the authorization with a MFA device is needed alongside the normal user/password route
11
Q
S3 - What are Pre-Signed URLs?
A
Private items be made “public” for a certain time duration
12
Q
S3 - What is cross-region replication?
A
For latency and performance reasons objects can be located in S3 buckets across different regions.
Required:
- IAM policy to enable S3 to sent the files to another region
- Versioning must be turned on
13
Q
EC2 - What defines an instance type?
A
- Count of virtual CPUs
- Memory
- Storage in type and size
- Network performance
14
Q
EC2 - What is enhanced networking?
A
Reduces impact of the virtualization on the networking capabilities.
Results in lower latency, more packets and less jitter
15
Q
EC2 - What defines an AMI?
A
- The operating system
- The state of patches
- The installed applications or other system software
16
Q
EC2 - What are the typs of AMIs?
A
- Published by AWS
- Maketplace AMIs
- AMIs from existing instances or backups
- From AWS VM Import/Export
17
Q
EC2 - How can you access an instance from the web?
A
- Assign a public or elastic IP or use the DNS for the instance
- Make sure that the route table, security group and NACL allow access
18
Q
EC2 - Does an EC2 instance need a security group?
A
Yes, at least one security group must be attached to the instance
19
Q
EC2 - What kind of source/destinatons are allowed in a Security Group?
A
CIDR IP blocks or other security groups
20
Q
EC2 - Can you export a VM and import it to AWS?
A
Yes, using AWS VM Import/Export.
Instances from AMIs cannot be exported (and used in another data center)
21
Q
EC2 - How can an instance be resized?
A
Stop the instance.
Change the type using the “Change Instance Type” setting
22
Q
EC2 - Can you change the Security Group on a running instance?
A
Yes, also rules in a security group can be changed and take effect immediately
23
Q
EC2 - What is Termination Protection?
A
No instance can be terminated before this setting is manually deselected.
Does not prevent Spot Instances to be terminated.
24
Q
EC2 - How can an EC2 reserved instance be modified?
A
- Switch the AZ in the same region
- Change the instance type in the same instance family
25
EC2 - Describe the tenancy options for instances
Shared Tenancy: Host has instances from all customers
Dedicated Instance: Instance (Server) is used by the custome
Dedicated Host: Entire rack is used by the customer
26
EC2 - What is Instance Store?
Storage located directly on the hadware (Not netwok storage like EBS)
Storage and usage costs are included in the instance costs.
Data will be lost if the instance goes down.
Instances can only be terminated, not sopped.
27
EC2 - Are EBS volumes replicated on the Availability Zones?
They are replicated inside their AZ, but not across them
28
EC2 - Can you use muliple EBS devices on a single instance?
Yes, they can also be combined using RAID.
But while one instance can have multiple volumes, a volume can only be attached to a single instance. (Use EFS for that case)
29
EC2 - What is a magnetic EBS volume?
They are using magnetic hard disks, which are cost-effective and range from 1GB to 1TB.
By default it has (only) 100 IOPS, but can burst.
30
EC2 - What is a magnetic EBS volume used for?
- If data is accessed infrequently
- For sequential reads
- Low storage costs are required
31
EC2 - How are (max.) IOPS calculated for standard EBS volumes?
Based on the storage capacity, 3 IOPS are given to every GB (300 IOPS for 100GB e.g.)
But the IOPS are capped to 10.000.
32
EC2 - How are EBS volumes billed?
Based on the allocated storage capacity (regardless what is really used)
33
EC2 - What are the max. volume sizes and throughputs of the EBS volume types?
General: 1GB - 16TB/ 160MB
Provisioned: 4GB - 32TB / 320MB
Magnetic: 1GB - 1TB / 40-90MB
34
EC2 - Where are EBS snaphots located?
In S3, but they are not visible to the customer in the buket
35
EC2 - Can you use an EBS snapshot in another region?
No, they can only be attached to an instance in the same region.
But they can be copied and therefore transferred to another region.
36
EC2 - What does it mean that data is "lazily loaded"?
When a volume is restored the volume is accessible but the data might not be present, but is loaded on request.
Therefore on restoring all the blocks should called and therefore be present when customers are using it
37
EC2 - How can you increase the size of a running EBS volume?
1. Create a snaphot
| 2. Create another volume (if increased size) form that volume
38
EC2 - Are files on a EBS volume encrypted at rest?
Yes, using KMS.
| The are also encrypted on transit between the instance and the volume
39
VPC - What is the smallest/largest IP range in a VPC?
/28 (16 IPs)
| /16 (65.536 IPs)
40
VPC - What are the core components of a VPC?
- Subnets
- Route Table
- Security Groups
- Network Control Access Lists
41
VPC - What is the difference between a public and private subnet?
Route table does / does not route traffic to/from the internet
42
VPC - What is the "local" route in the route table?
It enables communication within the VPC.
| The local route cannot be modified or removed.
43
VPC - What is the purpose of the Internet Gateway?
Handles requests form / to the internet from the Route Table.
It translates the internal IPs from services and instances to the public IPs (EC2 instances only know their internal IP)
44
VPC - How to create a public subnet with access to the internet with an IGW?
- Attach the Internet Gateway
- Create a route to/from 0.0.0.0/0
- Configure NACL and Security Groups
45
VPC - Can you transfer an Elastic IP to anotther region?
No, they are locked to a region (used for local routing etc.)
46
VPC - What is the purpose of a VPC endpoint?
Enables a private connection for AWS Services without the need to access the internet or a NAT gateway
47
VPC - What is the purpose of VPC Peering?
Connection with other VPC, in your own account or with someone else.
But is always limited to the same region
48
VPC - What are the restrictions for VPC Peering?
- There cannot be overlapping CIDR blocks
- Must be in the same region
- Transitive routing is not allowed
- Only one connection from VPC to VPC
49
VPC - What are the default Security Group rules for in-/outbound traffic ?
Per default no inbound traffic is allowed
| Outbound traffic is allowed, but can be changed.
50
VPC - Can (per default) instances with the same Security Group talk to each other?
No, only if this is set up
51
VPC - Will be changes to the Security Group have immediate effect?
Yes
52
VPC - What are the differences between Security Groups and the NACL?
Instance Level / Subnet Level
Only allow rules / allow and deny rules
Stateful / Stateless
Evaluates all rules / Processes in ordered list
53
VPC - What is a NAT instance?
EC2 Instance with a special AMI.
Allowed private instances to communicate to the internet (for updates e.g.)
The source/destination check needs to be disabled for the connection to work.
54
VPC - How can you connect AWS to another data center?
Using a Virtual Private Gateway (VPG) or a Customer Gateway (CGW)
55
CloudWatch - What are the two packages?
Basic: Free, data point every 5min, limited preselected metrics
Detailed: every minute, more and custom metrics, data aggregation
56
ELB - Can you target more than one AZ?
Yes, but not regions (use Route53)
57
ELB - What is Idle Connection Timeout?
When using the ELB, there is one connection to the client and one to the backend servers.
This connection will be automatically closed once there was no message after a certain time
58
ELB - What is Cross-Zone Load Balancing?
Being enabled it is possible to handle all instances as if they would be in one AZ, meaning there could be 1 instance in one AZ and 5 in another.
It is still recommended that there should be an equal amount of instances in each AZ
59
ELB - What is Connection Draining?
It stops sending requests to unhealthy instances, but does not cancel open connections
60
ELB - What is a Proxy Protocol?
It sends anoter header with information about the request to the backend instance
61
ELB - What are Sticky Sessions?
Binds the session to a specific instance, so the customer will always be directed to this instance.
ELB can use it's own cookie or use a custom cookie
62
ELB - What are Health Checks?
ELB checks if the instance is responding (InService) or not (OutOfService)
There are three types of checks: Ping, loading a page o opening a connection
63
CloudWatch - Limits of Cloudwatch
5000 Alarms per Account
| Metrics are retained for two weeks (can be stored in S3 to keep longer)
64
Auto Scaling - What is scheduled scaling?
Scale up or down based on scheduled events, for example the release of a product or an end of the month event
65
Auto Scaling - What are the basic components?
Launch configuration, Autoscaling Group and scaling policy (optional)
66
Auto Scaling - What is the Launch Configuration?
Which AMI, what instance type, what security group and the key pair.
67
Auto Scaling - What is needed for the Auto Scaling Group?
Required: Min. Size and max. capacity
Optional: Desired capacity
68
Auto Scaling - What instance groups can be used?
On-Demand or Spot
69
Auto Scaling - How does the scaling policy work?
The Auto Scaling is associated with CloudWatch to monitor the instances, when a certain threshold is reached it will scale in or out
70
Auto Scaling - Why should be scaling in be slower than scaling out?
- Instances are billed for one hour, so it does not make sense to waste that
- Maybe there will be another spike in a short time, then another instance would be needed
71
IAM - What is the best practice for the root account?
Only use it once to create individual IAM users and then store the root credentials safely away
72
IAM - How does an EC2 instance communicate to S3?
EC2 assumes a role that has the adequate rights to use S3
73
IAM - How can other accounts be granted access?
By assigning them with (temporary) roles for the services they need to communicate to
74
IAM - What is Identity Federation?
Authentication is done by another service, like Facebook
75
IAM - How can you authenticate to AWS?
With Username/Password, Access Key/AcessID, or Access Key/Session Token
76
IAM - What is included in a policy?
```
Effect (allow / deny)
Service
Resource
Action (Read, write e.g.)
Condition (schedule, IP range)
```
77
DB - How are licences handled for oracle and MS SQL Server?
They can either be included in the instance, or brought in by the user
78
DB - How is Aurora structured?
Aurora comes automatically with a cluster that has instances in multiple AZs.
There is one primary Instance (read/write) and up to 15 replicas (read)
79
DB - What two options does RDS provide for backups?
Automated backups and manual snapshots
80
DB - Why should you use Multi-AZ for snapshots?
Backups are taken from the standby, therefore not shorten the latency from the main
81
DB - For which cases is Multi-AZ the failover?
- AZ is not reachable
- Network failure to the primary database
- Compute unit failed
- Storage unit failed
82
DB - Can you perform a manual failover?
Yes
83
DB - How can a running RDS instaced be scaled out?
Scheduling it with the next maintenance window or manually trigger it.
The database will be migrated with not much loss in performance
84
DB - Describe a scenario for Read Replicas?
Blog with a lot of read, but not much write traffic
85
DB - Is it possible to have Read Replicas in different Regions?
Yes
86
DB - What is a Redshift cluster?
A cluster is composed of a leader node and multiple compute nodes.
Client Applications only interact with the leader node.
87
DB - What happens when Redshift is resized?
Redshift creates a new cluster and migrates all the data to it
88
DB - How to set up / change DynamoDB
User will define the read / write capacity, AWS will provide the right hardware.
Infrastructure will be added in runtime when the requirements change
89
DB - How is Multi-AZ set up for DynamoDB?
It is automatically configured inside the region
90
DB - In DynamoDB, what is a Eventually Consistent Read?
Since the data is replicated some of the written data might be inconsistent (1sec window)
91
DB - In DynamoDB, what it a Strongly Consistent Read?
Before giving out data it makes sure all nodes have the same data
92
SQS - Describe the message lifecyle in three steps
Message is send and distributed across multiple SQS Servers
Being taken and processed, it remains in the queue, but is not visible to be received again.
The "taker" sends a request to delete the message
93
SQS - What is a Delay Queue?
A time where is message is in the queue, but invisible for the consumers
94
SQS - How to trigger the deletion of the message
Send a request with the handle ID
95
SQS - What is long polling?
If no message is in the queue wait a certain amount of time until breaking the connection.
This reduces CPU load.
96
SQS - What is a dead letter queue?
If a service cannot process a message, for whatever reason, it can move the message to another queue, the "dead letter queue"
97
SWF - What is SWF?
Is a task organiser for workloads with multiple tasks that cannot be done synchronously .
Tasks are assigned to workers, who do the task and return the info to the Decider
98
Route53 - What is a host?
Individual computer or service accessed through a domain
99
Route53 - What is a Name Server?
Computer designated to translate names into IP addresses
100
Route53 - What three steps are taken for DNS resolution?
1. Check host file
2. Check DNS cache
3. Contact DNS Server
101
Route53 - What is A / AAAA?
Mapping of a host to a IPv4/IPv6 address
102
Route53 - What is a CNAME?
Points subdomains to a domain
103
Route53 - What is a Pointer (PTR)?
Maps IPs to DNS names
104
Route53 - What is the Sender Policy Framework?
Ensures that mails are send from the server the DNS name is mapped to
105
Route53 - What are the three main functions for Route53?
DNS Service
Domain registration
Health checks
106
Route53 - What resources can Route53 route to?
CloudFront
ElasticLoadBalancers
S3
EC2
107
Route53 - What are public/private Hosted Zones?
Private: Information about how to route traffic in the VPC
Public: How to route traffic on the Internet
108
Route53 - What is a routing policy?
Determines how Route53 handles queries.
| Can be simple, weighted, latency based, failover or geolocation based
109
Route53 - What is Simple Routing?
Directly routes to one resource
110
Route53 - What is Weighted Routing?
Multiple resources.
| Every resource gets a value which determines their priority in the routing
111
Route53 - What is Latency Based Routing?
Pings all resources, smallest value will be the target
112
Route53 - What is Failover Routing?
Determines what happens if the main resource is not available
113
Route53 - What is Geolocation Routing?
Based on the IP of the user.
| Routes to Continents, Countries or even States
114
Elasticache - What is the cache-aside pattern?
App checks the cache first, if no entry found the the value is taken from the database and then stores in the cache
115
Elasticache - Difference Redis / Memcached?
Memcached is easier to set up and can scale very easily by using partitions.
Redis has more data types, can be persisted and uses read replicas
116
Elasticache - How to vertically scale Elasticache
It is not possible to scale to runtime.
You need to create a new cluster.
For memcached that means losing the whole cache, for redis a snapshot can be used
117
Elasticache - Is it possbile to create Multi-AZ in Elasticache?
Yes
118
CloudFront - What is a CDN?
Distributed network of caching servers to speed up content delivery world wide
119
CloudFront - What happens when a file is not in an edge location?
It will be retrieved from the origin server and then cached
120
CloudFront - Explain Distribution, Origin and Cache Control
Distributions: Name under which the CDN can be accessed
Origins: Where the files come from
Cache Control: How long items should be in cache
