All Section Flashcards

Question

Response Times for Enterprise Plan

Answer 1

- General Guidance: 24 total hours - System Impaired: 12 total hours - Prod System Impaired: 4 hours - Prod System Down: 1 hour - Business Critical System Down: 15 min

Answer 2

Step by step deployment for common platform

Answer 3

Third party connection tool

Answer 4

- a global team of experts that can help you with your desired business outcomes for AWS - help directly with AWS resources

Answer 5

3 ways to interact with AWS

Answer 6

Interaction method good for testing out a service

Answer 7

Interaction method(s) good for automation

Answer 8

Interaction method for app integration

Answer 9

2 types of AWS users

Answer 10

Service to use cloud based VMs; web, DB, data processing

Answer 11

- IaaS service - Elastic Compute Cloud

Answer 12

4 use cases for EC2

Answer 13

- Defines processor, memory, storage - Cannot change without downtime

Answer 14

3 categories of instance types

Answer 15

- Instance store - Elastic block store (EBS)

Answer 16

Ephemeral storage; Physically attached to host

Answer 17

- Provides the information required to launch an instance - Template for EC2 instance like config, OS, data - Can be shared across accounts - Can be custom; commercial ones in AWS marketplace

Answer 18

- On-demand - Reserved - Savings plan - Spot - Dedicated - Default is on-demand

Answer 19

- EC2 purchase type for consistent instances - Discount from on-demand when committing to a specific period of time - Capacity reservation for specific instance type

Answer 20

- Purchase types not limited to EC2 - Is used for EC2, Fargate, Lambda - No reserved capacity - Up to 72% savings compared to on-demand - 1 or 3 year terms

Answer 21

- purchase type mostly used for batch processing - up to 90% savings compared to on-demand - like stock market for instance - instances launch with highest bidder; otherwise, kicked off - 2 minutes notify

Answer 22

- most expensive purchase type - dedicated physical server - good if you have per server license

Answer 23

- service that automates deployment & scaling process on EC2 - leverages existing services; only pay for other services - handles provisioning, load balancing, scaling, and monitoring Supports Java, .NET, PHP, Node.js, Python, Ruby, Go, Docker - EC2 customization feature - to deploy apps with minimal knowledge of other services - reduces app maintenance

Answer 24

- compute service where you are charged on execution time - enables event-driven workflows - primary service for serverless architecture Advantages: reduced maintenance, fault tolerance, scales based on demand

Answer 25

Amazon Route 53, Amazon VPC, AWS Direct Connect, Amazon API Gateway, Amazon CloudFront, Elastic Load Balancing

Answer 26

- isolated section of the AWS Cloud - supports IPv4 and IPv6; can configure network settings - supports public and private subnets - can utilize Network Address Translation (NAT) for private subnets - enables connections to data center - can connect to other VPCs - supports private connection to other AWS Services

Answer 27

- service for dedicated network connection from data center to AWS

Answer 28

- highly available and scalable DNS web service - leverage edge locations - global service; highly available and rare downtimes - global resource routing - can use server fail backups

Answer 29

- Distributes traffic across multiple targets - integrates with EC2, ECS (Docker Service), Lambda - supports one of more AZs in a region

Answer 30

3 types of load balancers; default is classic (known as ELB)

Answer 31

2 EC2 scaling types

Answer 32

Scaling to better instance types

Answer 33

Adding more of the same instance type

Answer 34

- CDN - leverages edge locations - for static and dynamic content - Security features: AWS Shield for DDoS - AWS Web Application Firewall (WAF)

Answer 35

- Fully managed API management service - Can create and manage APIs - Directly integrates with other AWS services - API call monitoring and metrics - Supports VPC and on-premise private applications

Answer 36

- networking service that improves user performance up to 60% - utilizes IP addresses instead of DNS like CloudFront - once traffic reaches edge locations, traffic is routed through AWS network instead of public internet - can route to AWS resources like load balancers and EC2 instances

Answer 37

performance improvements from this service by: - minimizing distance between user and endpoint by using edge locations - optimizing traffic using AWS network - improvement of first byte latency, jitter, throughput - superior fault tolerance by not relying on DNS resolution

Answer 38

use cases for this network service: - using non-http protocols - requiring static IP - instant failover

Answer 39

Amazon S3, Amazon S3 Glacier, Amazon Elastic Block Store, Amazon Elastic File System, AWS Snowball, AWS Snowmobile

Answer 40

- storage service used to store files as objects in buckets - storage classes for different use cases - stores data across multiple AZs - URL access for files - configurable rules for data lifecycle - can serve as static web host

Answer 41

Standard, Intelligent-tiering, Standard-IA, One Zone-IA

Answer 42

- S3 default non-archival storage class - Used for frequently accessed data

Answer 43

- S3 non-archival storage class - moves data to storage class based on usage based on frequency access

Answer 44

- S3 non-archival storage class - for infrequently accessed data - spread across multiple AZs

Answer 45

- S3 non-archival storage class - for infrequently accessed data - only in one AZ

Answer 46

For S3: - bucket objects can transition or expire based on criteria - transition based on time not usage - expiration on age - policies can account for versions of an object

Answer 47

Optimized data upload using edge location as a part of CloudFront

Answer 48

- 2 services for archiving data within S3 as separate storage classes - offers configurable retrieval times - can send files directly or through lifecycle rules

Answer 49

- Service for archival data - 90 day min storage duration change - Retrieved in minutes or hours - Retrieval fee per GB - 5x LESS expensive than S3 standard storage class

Answer 50

- For archival data - 180 day min storage duration change - Retrieved in hours - Retrieval free per GB - 23x LESS expensive than S3 standard storage class

Answer 51

- Persistent storage; separate from host - Persistent block storage for use with a single EC2 instance - Scales to support PB of data & multiple volume types - Redundancy within AZ - Allows snapshots of data - Offers encryptions

Answer 52

1. General purpose SSD 2. Provisioned IOPS SSD; high performance for low latency apps 3. Throughput optimized HDD; frequently accessed data 4. Cold HDD; less frequently accessed workloads

Answer 53

- Fully managed Network File System (NFS) - Designed for Linux workloads - Supports PB of data - Stores data across multiple AZs - Provides configurable lifecycles rules

Answer 54

2 EBS Storage Classes

Answer 55

- fully managed native Windows file system - Utilizes SSDs for low latency - Native Windows features like: - SMB (Server Message Block) support - Active Directory Integration - Windows NTFS

Answer 56

- large scale data transfer - PB scale transfers - physical device delivered by AWS to office location - connect Snowball to your network and upload data - Device is returned by local carrier to AWS - AWS receives device and loads data into S3

Answer 57

- large scale data transfer - EB scale transfers - shipping container delivered to location - AWS sets up connection to network - loads data onto snowmobile - AWS loads data into S3 when the container is at AWS location - can do multiple trips

Answer 58

Amazon RDS, Amazon Aurora, Amazon DynamoDB, Amazon Redshift, Elasticache, AWS Database Migration Service

Answer 59

- Fully managed service for relational databases - Handles provisioning, patching, backups, and recovery - Can deploy across multiple AZs - Supports read replicas for some platforms - Launches into VPC - Provides both GP SSD and provisioned IOPS SSDs

Answer 60

MySQL, PostgresSQL, MariaDB, Oracle, SQL Server, Amazon Aurora

Answer 61

- Service to move data into AWS from existing data - supports one time and continual migration - supports popular commercial and open source databases - only pay for computation in migration process

Answer 62

- fully managed NoSQL database service - provides key-value and document DB - low latency at any scale - supports automated scaling based on config - offers in-memory cache with DynamoDB Accelerator (DAX) - Handles 20 mil reqs/sec and 10 tril reqs/day

Answer 63

- NoSQL database service use cases: - scaling without excessive maintenance - serverless applications - implementations that require low latency - data models without BLOB (Binary Large Object) storage

Answer 64

- fully managed in-memory data store - supports both Memcached and Redis - low latency - enables scaling and replicas to meet demand - handles common use cases: - DB layer caching - session storage

Answer 65

- scalable data warehouse service - supports PB scale warehousing - high performance disks and columnar storage - offers full encryption for content - provides isolation with a VPC - enables querying of EB of data in S3 using Redshift Spectrum

Answer 66

- relational DB engine compatible with MySQL and PostgreSQL

Answer 67

Amazon SNS (Simple Notification Service), Amazon SQS (Simple Queue Service), AWS Step Functions

Answer 68

- fully managed publish and subscribe messaging service - can create decoupled application - organized based on topics - integrates with other AWS services - provides end user notification via SMS, email, and push * - short lived messages; if not subbed, completely miss the info

Answer 69

- like a mailbox - fully managed message queue service - can create decoupled and fault tolerant apps - up to 256KB per message - message can be stored up to 14 days

Answer 70

Standard (cannot guarantee order), FIFO (guarantees order)

Answer 71

- orchestration of workflows through fully managed service - supports serverless architecture - supports complex workflows including error handling - charged per state transition and other AWS services used - workflows defined using Amazon States Lanauge (kind of like JSON)

Answer 72

- Service integrates with: - Compute services (like lambda) - DB services (like dynamoDB) - Messaging services (SNS & SQS) - ML services

Answer 73

AWS CloudTrail, AWS CloudFormation, AWS CloudWatch, AWS Config, AWS Systems Manager, AWS Control Tower

Answer 74

- log, continuously monitor, retain account activity - event history throughout all tools and services - audit trails go to S3 bucket or into CloudWatch logs - logs events in the regions they occur - meets many compliance requirements for auditing * - should be enabled on every AWS account - can consolidate into an Organizational trail using AWS Organizations

Answer 75

- Service's use cases: - Compliance requirement - Forensic analysis - Operational analysis - Troubleshooting

Answer 76

Amazon CloudWatch, AWS Config, AWS Systems Manager

Answer 77

- first class citizen service, meaning it integrates by default - monitoring and management service - collects logs, metrics, and events from most AWS services - enables alarms based on metrics - provides visualization for metrics - can create custom dashboards based on metrics

Answer 78

- Continuously monitors and records AWS resource configs - Provides config history - Works with custom rules and custom validation - Has conformance packs for compliance standard including PCI-DSS (used for payment info) - Works with AWS Organizations; both cross-region and cross-account - Provides remediation steps for infrastructure not meeting criteria

Answer 79

- view operational data from AWS services and automate operational tasks across AWS resources - to manage AWS infrastructure - automation for common maintenance actions (like library updates on multiple servers) - secure way to access servers using AWS credentials - stores commonly used params securely for operational use

Answer 80

- service for provisioning infrastructure based on templates - Free - Templates: YAML, JSON - enables infrastructure as code - provides drift detection to find changes in the infrastructure

Answer 81

- configuration management service - managed instances of Chef and Puppet - config defined as code for servers - Chef and Puppet manage lifecycles of config changes with servers - works in hybrid cloud architecture for both cloud-based and on-premise servers

Answer 82

Chef Automate, Puppet Enterprise, OpsWorks Stacks

Answer 83

- creates multi-account environments on AWS that follows best practices - centralizes users across all AWS accounts - provides creation of new accounts based on templates - has Guardrails for account, which are like permissions - include dashboard for operational insight

Answer 84

- sending unsolicited mass emails is prohibited - hosting or distributing harmful content - pen tests are allowed for a list of specific services

Answer 85

- only grant permissions to do task and no more - Don't use own root account for daily tasks

Answer 86

- security and compliance is shared between AWS and user - AWS has responsibility for security OF the cloud - user has responsibility for security IN the cloud

Answer 87

- access and training for Amazon employees - global data enter and underlying network - hardware for global infrastructure - configuration management for infrastructure - patching cloud infrastructure and services

Answer 88

- individual access to cloud resources and training - data security and encryption (in transit and rest) - OS, network, and firewall config - all code deployed onto cloud infrastrucutre - patching guest OS and custom apps

Answer 89

- collection of best practices across the five pillars: 1. Operation Excellence - running and monitoring systems for business value 2. Security - protecting info and assets 3. Reliability - recovery from disruptions 4. Performance Efficiency - using resources efficiently 5. cost Optimization - minimal costs

Answer 90

- entire solution is running in an expected manner despite possible issues

Answer 91

- supporting component failures

Answer 92

- Most managed AWS Services provide high availability out of the box - EC2 fault tolerance must be implemented - Multiple AZs should be leveraged - Some services can enable fault tolerance in custom apps: SQS, Route 53

Answer 93

PCI-DSS, HIPAA, SOC 112/3, FedRamp, ISO 27018

Answer 94

- For processing credit cards - Payment Card Industry Data Security Standard

Answer 95

- For healthcare data - Health Insurance Portability and Accountability Act

Answer 96

- For operational processes

Answer 97

- For US government data - Federal Risk and Authorization Management Program

Answer 98

- For personally identifiable info

Answer 99

AWS Config, AWS Artifact, Amazon GuardDuty

Answer 100

Service that provides conformance packs

Answer 101

- service that provides access to compliance reports

Answer 102

- Intelligent threat detection service

Answer 103

- Identity and Access Management - service that controls access to AWS resources - FREE - manages authentication (login) & authorization (permissions) - supports identity federation through SAML provides including Active Directory (external identity provider)

Answer 104

Users, Groups, Roles

Answer 105

A person or application that can authenticate with an AWS account

Answer 106

- A collection of users under one set of permissions - Permission per group

Answer 107

- Enables user or AWS service to assume permission for a task

Answer 108

- JSON that defines permissions for an AWS IAM Identity - defines accessible services and actions for that service - can be customer managed or AWS managed

Answer 109

MFA, Least Privilege Access

Answer 110

- like IAM but for own apps - service that enables handling of authentication and aspects of authorization for apps via AWS - provides UI for many platforms - provides security features to control account access - enabled controlled access to AWS resources; like IAM - works with social and enterprise identity providers: like Google, Amazon, Facebook, Microsoft Active Directory, SAML 2.0 Provider

Answer 111

AWS Storage Gateway, AWS DataSync

Answer 112

- integrates cloud storage into local network - deployed as VM or specific hardware appliance - integrates with S3 and EBS

Answer 113

Tape, File, Volume

Answer 114

- Tape backups process store data in cloud on virtual tapes

Answer 115

Stores files on S3 while providing cache low latency local access

Answer 116

iSCSI (Internet Small Computer System Interface) volumes on cloud to local applications

Answer 117

- Agent is deployed as VM on local network - Integrates with S3, EFS, FSx for Windows File Server on AWS - Improved transfer speed due to custom protocols and optimizations - Charged per GB of transferred data

Answer 118

AWS Glue, Amazon EMR, AWS Pipeline

Answer 119

- Fully managed Extract, Transform, Load (ETL) service - Supports data in RDS, DynamoDB, Redshift, S3 - Serverless model of execution (manages infrastructure automatically)

Answer 120

- Elastic Map Reduce - big-data processing on EC2 and S3 - supports popular open-source frameworks and tools - Operates in a clustered environment without additional config - Supports many use cases

Answer 121

- managed ETL service - manages data workflow through AWS services - support S3, EMR, Redshift, DynamoDB, RDS - able to integrate on-premise data stores

Answer 122

Amazon Athena, Amazon Quicksight, Amazon CloudSearch

Answer 123

- fully managed serverless service - enables querying of large-scale data stored in S3 - queries are written in standard SQL - charged based on data scanned for query

Answer 124

- Fully managed BI service - Enables dynamic data dashboard based on stored data - Charged on a per-user & per-session pricing model - Multiple versions provided based on needs

Answer 125

- fully managed search service - supports scaling of search infrastructure to meet demand - charged per hour and instance type of search infrastructure *- enables developers to integrate search in custom apps

Answer 126

Amazon Rekognition, Amazon Translate, Amazon Transcribe

Answer 127

- fully managed image and video deep learning service - identifies objects in images - identifies objects and actions in videos - can detect specific people using facial recognition - supports custom labels for business objects (cashier-less shopping)

Answer 128

- fully managed test translator service - currently support 54 languages - language identification both batch and real time

Answer 129

- fully managed speech recognition service - recorded speech converted into text - has sub-service for medical use - supports batch and real time transcription - currently supports 31 languages

Answer 130

Backup and Restore, Pilot light, Warm Standby, Multisite

Answer 131

- production data is backed up into S3 - standard or archival storage class - EBS data can be stored as snapshots in S3 - Disaster Recovery event uses process of launching a new environment - longest recovery time; cheapest

Answer 132

- key infrastructure components are kept running in the cloud - to reduce recovery time compared to B&R - cost builds up for running in the cloud - AMIs (Amazon Machine Image) prepared for additional systems and can be launched quickly *- core pieces of the system are always running

Answer 133

- scaled down version of full environment in the cloud - critical systems can run on less capable instance types - instance types and other systems can be upgraded for disaster recovery - cost builds up for running infrastructure in the cloud

Answer 134

- Full environment running at all times in the cloud - Utilizes instance types needed for production, not just recovery - Near seamless recovery; expensive

Answer 135

Recovery Time Objective (RTO), Recovery Point Objective (RPO)

Answer 136

- Time is takes to get systems back up and running

Answer 137

- Amount of data loss (in terms of time) during disaster recovery

Answer 138

Auto Scaling Group, Elastic Load Balancer

Answer 139

- launch template for the group's instance configuration - define the min, max, and desired number of instances - performs health checks on each instance; status codes - exists within one of more AZs in a region - works with on-demand and spot instances

Answer 140

- secure way to integrate credentials, API keys, tokens, and other secret content - integrates natively with RDS, DocumentDB, and Redshift - can auto-rotate credentials with integrated services - enables fine-grained access control to secrets

Answer 141

Security Groups, Network ACLs, AWS VPN

Answer 142

- Serves as a firewall for EC2 instances - Control inbound and outbound traffic - Works at instance level; not subnet level - EC2 instances can belong to multiple security groups - VPCs have default security group - Must be explicitly associated with an EC2 instance - Defaulted to allow all outbound traffic

Answer 143

- Access Control List - works at subnet level within a VPC - enables you to allow and deny traffic - each VPC has default ACL, which allows all inbound and outbound - custom ACLs deny all traffic until rules are added

Answer 144

- goes over public internet; DirectConnect uses AWS network - encrypted tunnel into VPC - used to connect own data center or individual client machines - support services: Site-to-site VPN, Client VPN

Answer 145

AWS Shield, Amazon Macie, Amazon Inspector

Answer 146

- Provides protection against DDoS for apps running on AWS - Enables on-going threat detection and mitigation - 2 service levels: standard and advanced

Answer 147

- Utilizes ML to analyze data stored in S3 - Detects personal info and intellectual property in S3 - Provides dashboards that show how data is being stored and accessed - Alerts if it detects anything unusual about data access

Answer 148

- Scanning of EC2 instances for security vulnerabilities - Charged by instance per assessment run

Answer 149

Network Reachability Assessment, Host Assessment

Answer 150

- Determines what servers provide to the internet

Answer 151

- Vulnerability and config scanning

Answer 152

AWS Service Catalog, AWS Marketplace

Answer 153

- Serves as an organizational service catalog for the cloud - Can be single server image to multi-tier custom app - Enables organizations to use services that meet compliance - Supports lifecycles for services in catalog (update notification)

Answer 154

- Curated catalog of third-party solutions for customer to run on AWS - Provides AMIs, CloudFormation stacks, and SaaS solutions - Enables different pricing options to overcome licensing in the cloud - Charges appear on AWS bill (but some are free)

Answer 155

AWS CodeCommit, AWS CodeBuild, AWS CodeDeploy, AWS CodePipeline, AWS CodeStar

Answer 156

- Managed source control service that utilizes Git for repos - Control access with IAM policies - Alternative to GitHub and Bitbucket

Answer 157

- Managed build and continuous integration service on AWS - No worries about infrastructure maintenance - Charged per minute for compute resources utilized

Answer 158

- Managed deployment service for deploying custom apps -Deploys to EC2, Fargate (container service), Lambda, and on-premise servers - Provides dashboard for deployments in AWS console

Answer 159

- Fully managed continuous delivery service on AWS - Provides capabilities to automate building, testing, and deploying - Integrates with other dev tools and GitHub

Answer 160

- Workflow tool that automates the use of the other dev services - Create complete continuous delivery toolchain for custom apps - Charged for the other leveraged services

Answer 161

Cons: - Large investment - difficult demand forecasting - slow to deploy - expensive maintenance - own all security burden

Answer 162

- On-demand delivery of comp power, db, apps, and IT through internet Pros: - Variable expense not capital - Economies of scale

Answer 163

Ability to acquire and release resources efficiently

Answer 164

The full application and dependencies on the cloud

Answer 165

Cloud services like email

Answer 166

Wordpress, Elastic Beanstalks

Answer 167

Public, Private, Hybrid are types of...

Answer 168

Regions, Availability Zones, Edge Locations