Amazon Flashcards
Cloud Concepts
Q 1: According to AWS, what is the benefit of Elasticity?
B. Create systems that scale to the required capacity based on changes in demand
Billing and Pricing
Q2: Which tool can you use to forecast your AWS spending?
AWS Cost Explorer
-view data up to the last 12 months.
-forecast next 12 months
- get recommendations for what Reserved Instances to purchase
Technology
Q3: A business analyst would like to move away from creating complex database queries and static spreadsheets when generating regular reports for high-level management. They would like to publish insightful, graphically appealing reports with interactive dashboards. Which service can they use to accomplish this?
Amazon QuickSight
-fully-managed service
-graphical and interactive dashboards.
-machine learning to discover inconspicuous trends and patterns
*Amazon Redshift service is a data warehouse
*Amazon CloudWatch : monitor AWS system resources and infrastructure services
* Amazon Athena is a query service that allows for easy data analysis in Amazon S3 by using standard SQL.
Technology
Q4. What is the AWS feature that enables fast, easy and secure transfers of files over long distances between your client and your Amazon S3 bucket?
Amazon S3 Transfer Acceleration
- fast, easy, and secure transfers of files over long distances between your client and an S3 bucket.
-takes advantage of Amazon CloudFront’s globally distributed edge locations.
-As the data arrives at an edge location, data is routed to Amazon S3 over an optimized network path.
Security
Q5:What best describes the “Principle of Least Privilege”?
B. Users should be granted permission to access only resources they need to do their assigned job.
Security
Q6: A web administrator maintains several public and private web-based resources for an organisation. Which service can they use to keep track of the expiry dates of SSL/TLS certificates as well as updating and renewal?
AWS Certificate Manager
The AWS Certificate Manager allows the web administrator to maintain one or several SSL/TLS certificates, both private and public certificates including their update and renewal so that the administrator does not worry about the imminent expiry of certificates.
The AWS Lifecycle Manager creates life cycle policies for specified resources to automate operations.
AWS License Manager serves the purpose of differentiating, maintaining third-party software provisioning vendor licenses. It also decreases the risk of license expirations and the penalties.
AWS Firewall Manager aids in the administration of Web Application Firewall (WAF), by presenting a centralised point of setting firewall rules across different web resources.
Security
Q7: Which of the following is the responsibility of the customer to ensure the availability and backup of the EBS volumes?
Q7: Which of the following is the responsibility of the customer to ensure the availability and backup of the EBS volumes?
Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved.
When you create an EBS volume based on a snapshot, the new volume begins as an exact replica of the original volume that was used to create the snapshot. The replicated volume loads data in the background so that you can begin using it immediately.
Security
Q8: Which of the following services can be used as an application firewall in AWS?
B. AWS WAF
AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront or an Application Load Balancer. AWS WAF also lets you control access to your content.
Cloud
Your design team is planning to design an application that will be hosted on the AWS Cloud. One of their main non-functional requirements is given below:
Reduce inter-dependencies so failures do not impact other components.
Which of the following concepts does this requirement relate to?
B. Decoupling
The entire concept of decoupling components ensures that the different components of applications can be managed and maintained separately. If all components are tightly coupled, the entire application would go down when one component goes down. Hence it is always a better practice to decouple application components.
Billing and Pricing
Q10: A manufacturing firm has recently migrated their application servers to the Amazon EC2 instance. The IT Manager is looking for the details of upcoming scheduled maintenance activities which AWS would be performing on AWS resources, that may impact the services on these EC2 instances.
AWS Personal Health Dashboard
AWS Personal Health Dashboard provides alerts for AWS services availability & performance which may impact resources deployed in your account. Customers get emails & mobile notifications for scheduled maintenance activities which might impact services on these AWS resources.
AWS Trusted Advisor will provide notification on AWS resources created within the account for cost optimization, security, fault tolerance, performance, and service limits. It will not provide notification for scheduled maintenance activities performed by AWS on its resources.
Service Health Dashboard displays the general status of all AWS services & will not display scheduled maintenance activities.
Security
Q11: Which of the following AWS services can be used to retrieve configuration changes made to AWS resources causing operational issues?
AWS Config
AWS Config can be used to audit, evaluate configurations of AWS resources. If there are any operational issues, AWS config can be used to retrieve configurational changes made to AWS resources that may have caused these issues.
Amazon Inspector can be used to analyze potential security threats for an Amazon EC2 instance against an assessment template with predefined rules. It does not provide historical data for configurational changes done to AWS resources
AWS CloudFormation provided templates to provision and configure resources in AWS.
AWS Trusted Advisor can help optimize resources with AWS cloud with respect to cost, security, performance, fault tolerance, and service limits. It does not provide historical data for configurational changes done to AWS resources.
Security
Q12: An organization runs several EC2 instances inside a VPC using three subnets, one for Development, one for Test, and one for Production. The Security team has some concerns about the VPC configuration. It requires restricting communication across the EC2 instances using Security Groups.
You can change a Security Group associated with an instance if the instance is in the running state.
because the AWS documentation mentions it in the section called “Changing an Instance’s Security Group” using the following sentence: “After you launch an instance into a VPC, you can change the security groups that are associated with the instance. You can change the security groups for an instance when the instance is in the running or stopped state.”
Technology
Q13: Which of the following features of Amazon RDS allows for better availability of databases? Choose the answer from the options given below.
Multi-AZ
If you are looking to use replication to increase database availability while protecting your latest database updates against unplanned outages, consider running your DB instance as a Multi-AZ deployment.
For more information on AWS RDS, please visit the FAQ Link:https://aws.amazon.com/rds/faqs/
TechnologyQ14: Your company wants to move an existing Oracle database to the AWS Cloud. Which of the following services can help facilitate this move?
AWS Database Migration Service
AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data to and from the most widely used commercial and open-source databases.
Security
Q15: Which of the following services allows you to analyze EC2 Instances against pre-defined security templates to check for vulnerabilities?
AWS Inspector
Amazon Inspector enables you to analyze the behavior of your AWS resources and helps you to identify potential security issues. Using Amazon Inspector, you can define a collection of AWS resources that you want to include in an assessment target. You can then create an assessment template and launch a security assessment run of this target.