Appendix Flashcards
1
Q
What makes a cloud provider’s infrastructure more reliable?
A
Having globally distributed infrastructure and experienced security engineers
Metered pricing makes a wider range of workloads possible.
2
Q
True or False: Security and virtualization directly impact availability.
A
False
Both are important characteristics of successful cloud workloads.
3
Q
What are the three types of cloud service models?
A
- IaaS
- PaaS
- SaaS
Serverless architectures like AWS Lambda also allow developers to run code on cloud servers.
4
Q
Define a hypervisor.
A
Software that administers virtualized operations.
5
Q
What does elasticity in cloud computing refer to?
A
Increasing or decreasing compute resources.
6
Q
What is the maximum total EBS space allowed by the Free Tier?
A
30 GB.
7
Q
What instance type is Free Tier–eligible?
A
t2.micro.
8
Q
True or False: There is a Top Free Tier Services Dashboard available.
A
False.
9
Q
What is the primary function of a Technical Account Manager (TAM)?
A
Guidance and advocacy.
10
Q
What do budgets in AWS allow you to do?
A
Set alerts based on usage.
11
Q
What is the difference between the Basic plan and the Business plan in AWS Support?
A
The Basic plan provides no personalized support while the Business plan offers 24/7 email, chat, and phone access.
12
Q
What is the correct URL for AWS service limits?
A
https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html.
13
Q
What is the primary use of AWS Shield?
A
Countering the threat of DDoS attacks.
14
Q
Fill in the blank: The AWS _______ Dashboard is focused on account billing issues.
A
Billing.
15
Q
What is IAM primarily focused on?
A
Helping you control access to your AWS resources.
16
Q
What does MFA stand for in AWS security?
A
Multi-Factor Authentication.
17
Q
True or False: The root user should be used for day-to-day administration tasks.
A
False.
18
Q
What format is the credential report saved in?
A
Comma-separated values (CSV).
19
Q
What does PaaS stand for?
A
Platform as a Service.
20
Q
What is a key characteristic of AWS GovCloud?
A
Restricted to authorized customers only.
21
Q
What is the role of load balancers in AWS?
A
Orchestration for managing traffic among instances.
22
Q
Fill in the blank: AWS services enjoy a significant economy of scale, bringing prices down due to _____ .
A
their structure of regions.
23
Q
What is the purpose of AWS credential reports?
A
The credential report focuses only on your users’ passwords, access keys, and MFA status.
It doesn’t cover actual activities or general security settings.
24
Q
What format is the AWS credential report saved in?
A
The credential report is saved to the comma-separated values (spreadsheet) format.
25
What level of access is required for an admin user in AWS?
Your admin user will need broad access to be effective.
## Footnote
AmazonS3FullAccess and AmazonEC2FullAccess won’t be enough.
26
What is the difference between programmatic access users and console users in AWS?
Programmatic access users don’t sign in through the AWS Management Console; they access through APIs or the AWS CLI.
27
True or False: An access key ID alone is sufficient for programmatic access in AWS.
False.
## Footnote
An access key ID alone without a matching secret access key is worthless.
28
What is required for an IAM user to log in to the AWS Management Console?
An IAM user only needs to enter a username and a valid password.
29
What type of encryption is required for in-transit data in AWS?
In-transit encryption requires that the data be encrypted on the remote client before uploading.
30
What is the limit for encrypting an EBS volume in AWS?
You can only encrypt an EBS volume at creation, not later.
31
What is a client-side master key used for in AWS?
A client-side master key is used to encrypt objects before they reach AWS (specifically S3).
32
What does FedRAMP stand for?
Federal Risk and Authorization Management Program.
33
What are AWS Artifact documents focused on?
AWS Artifact documents are about AWS infrastructure compliance with external standards.
34
How long does an AWS session remain active after logging in?
Once you’re logged in, your session will remain active for 12 hours.
35
What must each resource tag in AWS have?
Each resource tag you create must have a key, but a value is optional.
36
What command is used to configure the AWS CLI?
The aws configure command.
37
What output formats does the AWS CLI support?
The AWS CLI can display output in JSON, text, or table formats.
38
Which programming languages have AWS SDKs available?
AWS offers SDKs for JavaScript, Java, and PHP.
39
True or False: AWS IoT device SDKs are available for Ruby and Swift.
False.
40
What does CloudWatch monitor?
CloudWatch metrics store performance data from AWS services.
41
What does a CloudWatch alarm do?
A CloudWatch alarm monitors a metric and triggers when that metric exceeds a specified threshold.
42
What is the primary function of CloudTrail?
The CloudTrail event history log stores the last 90 days of management events for each region.
43
What is log file integrity validation in AWS?
Log file integrity validation uses cryptographic hashing to help you assert that no CloudTrail log files have been deleted from S3.
44
What is the purpose of AWS Reserved Instances?
RDS lets you purchase reserved instances to save money.
45
What is a dedicated host in AWS?
An EC2 instance that runs on a physical host reserved for and controlled by a single AWS account.
46
What type of storage does S3 provide?
S3 is an object storage service.
47
What are object life-cycle configurations used for in AWS S3?
They can perform transition or expiration actions based on an object’s age.
48
What must bucket names in S3 be?
Bucket names must be globally unique across AWS, regardless of region.
49
What does object life-cycle configurations in S3 allow?
They can perform transition or expiration actions based on an object’s age.
## Footnote
Transition actions can move objects between storage classes, such as STANDARD and GLACIER. Expiration actions can delete objects and object versions.
50
Can bucket policies or access control lists (ACLs) grant anonymous users access to an object in S3?
Yes, bucket policies or ACLs can grant anonymous users access.
## Footnote
User policies cannot be used to grant anonymous access, but they can grant IAM principals access.
51
What is the maximum size of objects that can be stored in S3?
5 TB.
## Footnote
Glacier can store archives up to 40 TB.
52
How long does the Standard retrieval option for data in Glacier typically take?
3 to 5 hours.
## Footnote
Expedited takes 1 to 5 minutes, and Bulk takes 5 to 12 hours.
53
What types of configurations does the volume gateway type offer?
Stored volumes and cached volumes.
## Footnote
Stored volumes store all data locally and back up to S3 as EBS snapshots. Cached volumes store only frequently used data.
54
What is the maximum usable storage of the 80 TB Snowball device?
72 TB.
## Footnote
The 50 TB Snowball offers 42 TB of usable space.
55
What does AWS Snowball enforce regarding data security?
Encryption at rest and in transit.
## Footnote
It uses a TPM chip to detect unauthorized changes.
56
What does a primary key do in a nonrelational database?
Uniquely identifies each item in a table.
57
What is the minimum monthly availability for DynamoDB?
99.99 percent in a single region.
58
What are the two types of nodes in Amazon Redshift?
Dense compute nodes and dense storage nodes.
59
What is the purpose of a VPC peering connection?
It is a private connection between only two VPCs.
60
What is a Multivalue Answer routing policy in Route 53?
It can return a set of multiple values, sorted randomly.
61
What is the function of a private hosted zone in Route 53?
Allows resources in a VPC to resolve private domain names.
62
What does CloudFront use to deliver content?
Edge locations.
63
What is a CloudFormation stack?
A collection of AWS resources managed collectively.
64
Can CloudFormation create resources outside of AWS?
No.
65
What is the SQL command for adding data to a relational database?
INSERT.
66
What type of database is schemaless?
Nonrelational database.
67
What is unique about a primary key in a DynamoDB table?
It must be unique within a table.
68
What must a security group contain by default?
An outbound rule that allows access to any IP address.
69
What type of firewall does a network access control list (ACL) operate at?
Subnet level.
70
What is the maximum size of a VPC or subnet CIDR?
/16 to /28 inclusive.
71
What is the maximum storage capacity for Amazon Aurora?
Up to 64 TB.
72
What does a weighted routing policy in Route 53 do?
Distributes traffic to endpoints according to a defined ratio.
73
What can be an origin for AWS services?
An EC2 instance or a public S3 bucket
## Footnote
A private S3 bucket cannot be used as an origin.
74
What language are CloudFormation templates written in?
YAML or JSON format
## Footnote
CloudFormation templates are not written in Python.
75
What does CloudFormation manage collectively?
AWS resources in a stack
76
What do parameters in CloudFormation allow you to do?
Input customizations when creating a CloudFormation stack
77
True or False: CloudFormation prevents manual changes to resources in a stack.
False
78
What is CodeCommit?
A private Git repository that offers versioning and differencing
79
What does differencing in CodeCommit allow you to do?
See the differences between two versions of a file
80
What is continuous integration?
The practice of running code through a build or test process as soon as it’s checked into a repository
81
Which operating systems do build.general1.medium and build.general1.large support?
Windows and Linux operating systems
82
What is CodeDeploy used for?
Deploying application files to Linux or Windows EC2 instances and Docker containers to ECS
83
What must a CodePipeline at the very least consist of?
A source stage and a deploy stage
84
What does a launch template do?
Tells Auto Scaling how to configure the instances it provisions
85
What does dynamic scaling in Auto Scaling do?
Controls how Auto Scaling scales in and out based on CloudWatch metrics
86
What is predictive scaling?
Creates a scheduled scaling action based on past usage patterns
87
What is AWS OpsWorks Stacks known for?
Using Chef recipes
88
What pillars are part of the Well-Architected Framework?
* Reliability
* Performance efficiency
* Security
* Cost optimization
* Operational excellence
* Sustainability
89
What does operational excellence focus on?
Strengthening the other pillars of reliability, performance efficiency, security, cost optimization, and sustainability
90
What happens if you delete an empty S3 bucket?
It doesn’t help with data confidentiality, integrity, or availability
91
What is a static website?
Serves content just as it’s stored without changing the content on the fly
92
What is required to have S3 host your static website?
Enable bucket hosting in the S3 service console
93
What is AWS Activate designed for?
Supporting startups and early-stage companies
94
What does EventBridge do?
Takes a predefined action based either on specific events or on a schedule
95
What service does Amazon AppStream 2.0 provide?
Streaming high-performance applications to any device, anywhere
96
What does Athena allow you to do?
Use SQL queries to find data stored in S3
97
What does AWS Amplify enable developers to do?
Build and host full-stack applications on AWS
98
What technology does AWS AppSync use?
GraphQL, a data transformation language
99
What is AppSync?
AppSync is a fully managed, serverless GraphQL service that allows data transformation from one format to another.
100
What does AWS Batch do?
AWS Batch allows you to run thousands of batch computing jobs on AWS without building infrastructure.
101
What is CloudShell?
CloudShell is a browser-based Amazon Linux 2 shell for administering your AWS environment, preinstalled with AWS CLI and other tools.
102
What is the purpose of AWS Device Farm?
AWS Device Farm allows developers to test applications on a variety of virtual devices quickly and simultaneously.
103
What is AWS Step Functions?
Step Functions is a low-code platform for designing and deploying distributed applications through a visual workflow interface.
104
What does AWS Backup do?
AWS Backup enables centralized configuration of backup policies and monitoring of backup activity for AWS data.
105
What is Cognito used for?
Cognito adds user access control to applications and integrates with various identity providers.
106
What is Amazon Connect?
Amazon Connect is a cloud-based call center service that allows businesses to manage customer contact centers.
107
What does Database Migration Service (DMS) do?
DMS facilitates data migration from one database to another, supporting both relational and non-relational databases.
108
What is the Elastic File System (EFS)?
EFS is a scalable filesystem for Linux instances that allows multiple instances to share the same files.
109
What is Elastic MapReduce (EMR)?
EMR lets you analyze large amounts of data stored in the cloud using big data platforms.
110
What is AWS Glue used for?
AWS Glue discovers, cleans, and brings data together for analysis using the Apache Spark framework.
111
What does AWS Inspector do?
Inspector analyzes EC2 instances for security vulnerabilities and common misconfigurations.
112
What is Amazon IoT Core?
IoT Core enables developers to connect and manage IoT devices at scale, providing data processing tools.
113
What is AWS IoT Greengrass?
Greengrass is a cloud-connected runtime for edge devices that allows local processing and cloud intelligence.
114
What is AWS IQ?
AWS IQ is a marketplace connecting AWS experts with users needing technical assistance.
115
What does Kinesis do?
Kinesis ingests and processes large amounts of real-time streaming data.
116
What is Amazon Macie?
Macie automatically finds and classifies sensitive data stored in AWS using machine learning.
117
What are AWS Managed Services (AMS)?
AMS is a suite of fully managed services for migrating, managing, and operating IT infrastructure on AWS.
118
What is Amazon Neptune?
Neptune is a graph database used to store and query highly connected datasets.
119
What does Simple Queue Service (SQS) do?
SQS is a message broker that enables decoupled, distributed applications in the cloud.
120
What is Amazon WorkDocs?
WorkDocs is a secure content sharing and collaboration service for storing and commenting on files.
121
What is Amazon WorkSpaces?
WorkSpaces is a fully managed desktop computing service allowing access to virtual desktops from any device.
122
What does AWS X-Ray do?
X-Ray is a distributed tracing service that detects errors and measures function latencies in applications.
