aws cloud guru soln architect may 19

Question 1

To which region does the IAM account apply?

Answer 1

it does not apply to any specific region at this time.

Question 2

file zie range in s3

Answer 2

0-5 tb

Question 3

what does an s3 ojcet consist of

Answer 3

key (object name), value (Object byte stream), version, metadata,

Question 4

s3 consistency model for new puts

Answer 4

read after write consistency

Question 5

s3 consistency for overwrite puts and delete

Answer 5

eventual consistency, i.e. when you access immediately sometimes the data may be stale.

Question 6

what is the difference between s3 glacier and deep archive?

Answer 6

s3 glacier has a few minutes s3 glacier archive has 12 hrs as retrieval time

Question 7

which s3 storage classes have a per GB retrieval fee?

Answer 7

all except s3 standard

Question 8

what storage class is ideal for data archiving?

Answer 8

s3 glacier and s3 glacier deep archive

Question 9

what are two strategies for encrypting s3 data at rest

Answer 9

client side and server side

Question 10

what are 3 ways to encrypt data server side. for s3

Answer 10

1. S3 managed keys (SSES3) - uses AES256
2. AWS key management service (SSE-KMS) - jointly managed - aws and customer.
3. Customer Keys (SSE-C) - managed purely by customer.

Question 11

while setting up cross-region replication on a bucket in s3 what happens to the existing objects in a bucket and what happens to a new object on the bucket?

Answer 11

The existing objects are not replicated and the new objects are

Question 12

what condition on versioning must be satisfied before cross region replication can be setup on s3 bucket

Answer 12

versioning must be setup on both the source and destination bucket

Question 13

are delete markers replicated automatically during cross region replication on s3

Answer 13

no

Question 14

are deletions in s3 bucket automatically replicated cross-region?

Answer 14

yes

Question 15

what are the two dfferent types of cloudfront delivery methods?

Answer 15

web - for static and dunamic content and media using http and https, web forms
rtmp: speed up distribution of streaming media files using adobe flash player, etc.

Question 16

what if you don’t want cloudfront to cache certian objects from the s3 bucket it is configured for?

Answer 16

you create an invalidation

Question 17

any activity on the IAM service is pertaining to which region?

Answer 17

global

Question 18

once a cloudfront distro is created hot do you access an s3 object named object?

Answer 18

cloudfrontname.cloudfront.net/object

Question 19

can multiple security groups be assigned to an ec2 instance?

Answer 19

yes

Question 20

what region will the ebs volume associated with an ec2 instance be?

Answer 20

in the same region as the ec2 instance.

Question 21

when you create an image from an EBS snapshot, what virtualization type should you chose to ensure that it works on most ec2 platforms?

Answer 21

hardware-assisted virtualization

Question 22

when you terminate an ec2 instance, what happens to the root device volume as well as the others?

Answer 22

the root device volume is deleted but others remain

Question 23

where are volumes and snapshots stored?

Answer 23

snapshots are stored in s3 and volumes are stored on EBS

Question 24

what are two ways to move an ec2 instance to a new region?

Answer 24

(option1) create snapshot-create ami-launch ami in new region
(option2) create snapshot - create ami - copy ami to new region - launch ec2 instance

Question 25

if you loose the access key and secret access key or an iam user what do you do?

Answer 25

go into IAM - select that user - make the keys inactive and generate new ones

Question 26

in what step do you mention bootstarp script for the ec2 instance?

Answer 26

step 3

Question 27

what traffic is not monitored in a VPC flow logs?

Answer 27

traffic involving amazon DNS, VPC router, instance metadata, DHCP traffic, windows instance for license activation.

Question 28

is RDS serverless?

Answer 28

no with the exception of aurora which is serverless

Question 29

who’s responsibility is it to patch RDS

Answer 29

amazon’s, in fact you cant even ssh into an rds instance.

Question 30

what are the two types of backups in rds?

Answer 30

automated and data snapshot

Question 31

what is the retention period is the context of automated backups of rds?

Answer 31

this is the amount in time since the backup is taken during which the database can be restored to a second

Question 32

what are the two parts of an automated backup?

Answer 32

a full daily snapshot and transaction logs during the day

Question 33

where are automated backups from rds stored and what is the amount limit?

Answer 33

they are stored in s3 and size = size of your database

Question 34

when are backups taken and what is the user experience during backups (in the context of rds)

Answer 34

they are taken during a defined window and any storage or IO may be suspended when data is being backed up

Question 35

when you restore wither an automated or manual snapshot of the rds, does the DNS endpoint remain the same?

Answer 35

no, a new rds instance with a new endpoint is created

Question 36

who initiates rds db snapshots?

Answer 36

they are initiated by the user

Question 37

once encryption is turned on for rds, what all are encrypted?

Answer 37

data stored at rest, automated backups, read replicas and snapshots

Question 38

what are the differences between multiu az and read replicas?

Answer 38

multi az, the backup can’t be accessed until there is a failover

Question 39

can read replicas be in the same region?

Answer 39

yes and they can also be in different region

Question 40

what happens when read replicas are promoted to master?

Answer 40

they break the read replication.

Question 41

is dynamo db serverless?

Answer 41

yes

Question 42

what are the two read models of dyanmoDB?

Answer 42

eventual read consistency and strong read consistency

Question 43

what kind of storage is dynamo db stored in?

Answer 43

SSD

Question 44

How many geographical centers is dynamoDB spread across?

Answer 44

3

Question 45

what are the two engines supported by elastic cache?

Answer 45

memcached and redis

Question 46

which is the only serverless RDS service?

Answer 46

aurora

Question 47

what must be turned on to enable read replicas in RDS?

Answer 47

autobackup

Question 48

how do you force a failover from one RDS instance to another in a multi AZ setting?

Answer 48

by rebooting

Question 49

which RDS services support encryption and using what?

Answer 49

using KMS - all 6 - aurora, sql server, oracle, mysql, postgresql

Question 50

how many availability zones is redshift available in?

Answer 50

1

Question 51

how many copies of your data does reshift maintain?

Answer 51

3 - original and replica on compute nodes and backup in s3

Question 52

what can redshift do to aid disaster recovery?

Answer 52

asynchronously replicate your snapshot to s3 in another region.

Question 53

what are the two types of replicas available with aurora and which one of them supports automated failover?

Answer 53

aurora replicas and mysql replicas. Automated backup supported only by aurora replicas

Question 54

what dynamodb features are chargeable?

Answer 54

storage of data and read and write capacity

Question 55

how many copies of data per AZ and across how many AZs is amazon aurora storing data in?

Answer 55

2 copies per AZ and 3 AZs

Question 56

what are the two possible states of instances monitored by load balancers?

Answer 56

InService, OutOfService

Question 57

how to delete all instances under an autoscaling group?

Answer 57

just delete the autoscaling group itself.

Question 58

what is quick start

Answer 58

a bunch of cloudformation templates built by aws architects to allow you to build complex environments quickly

Question 59

what programming languages does lambda support?

Answer 59

node.js, java, python, c#, go and powershell

Question 60

what is pricing model for lambda?

Answer 60

based on the number of requests and duration

Question 61

what aws service allow you to debug complex architectures?

Answer 61

aws x ray

Question 62

can RDS trigger a lambda?

Answer 62

no

Question 63

which aws service is appropriate for identity federation?

Answer 63

amazon cognito

Question 64

what is the 4 step process Cognito works

Answer 64

1. facebook provides authentication token to cognito pool when user logs in.
2. cognito converts uthentication key to jwt token
3. user provides jwt token to cognito identitiy pool which responds with an IAM role to access specific AWS resource
4. user access spcific aws resource using theIAM role provided.

Question 65

what does cognito use to synchronize user data across multiple devices?

Answer 65

push synchronization.

Question 66

what is the difference between user pool and identity pool in the context of amazon Cognito?

Answer 66

user pool handle user registration, authentication and account recovery
identity pool authorizes access to aws resources.

Question 67

what is topic in the context of SNS

Answer 67

group of all devices which will receive a notification at the same time

Question 68

what is the difference between SNS and SQS?

Answer 68

SNS is push based and SQS is poll based.

Question 69

what are the two different types of queue in SQS?

Answer 69

standard and fifo queue

Question 70

whats the different between a standard and fifo queue?

Answer 70

standrad queue - best effort usually in the same order as sent and messages can be delivered more than once. FIFO queue- strict ordering with no dups.

Question 71

how long are messages kept in the queue?

Answer 71

1 minute to 14 days

Question 72

what is the default retention period for SQS?

Answer 72

4 days

Question 73

what is visibility timeout in the context of SQS?

Answer 73

Amount of time a message is invisible after a reader picks up message. If the message is not processed within visibility timeout (e.g. ec2 instance has to delete the message), it becomes visible again. There is a possibility that the same mesage can be processed more than once.

Question 74

what is one way to save money pent during SQS polling?

Answer 74

use long polling.

Question 75

what is kinesis

Answer 75

a platform for sending streaming data to

Question 76

what are the three different types of kinesis?

Answer 76

streams, firehose,analytics

Question 77

what is kinesis streams?

Answer 77

an aws service that stores data for a period of 24 hours to 7 days. Within this time a consumer (typically an ec2 instance) is supposed to read and process the data and put it into redshift, emr, etc.

Question 78

what are shards in the context of kinesis streams?

Answer 78

data put into a kinesis stream is stored in shards.

Question 79

what is maximum read rate for kinesis?

Answer 79

5 transaction per second; max of 2MB persecond per shard

Question 80

what is the max write rate for kinesis?

Answer 80

1000 records per-second;max of 1 MB per second per shard

Question 81

what is the difference between kinesis firehose and streams?

Answer 81

in firehose something needs to be done to the data immediately (by triggering a lambda function to store to s3 or redshift) whereas in a stream there is data persistence. Firehose, however, scales automatically whereas streams doesn’t

Question 82

what is kinesis analytics?

Answer 82

do analysis within Kinesis streams or firehose inside of kinesis service.

Question 83

what is simple workflow service?

Answer 83

managing workflows involving both human and technology components. (e.g. placing order on amazon web site)

Question 84

other than the human element what are some other differences between sqs and swf?

Answer 84

sqs has a retention period of 14 days and swf has a retention period of up to 1 iyear
swf offers a task oriented api whereas sqs offers a message-oriented api
swf task is not duplicated whereas sqs task can be duplicated and application must handle this.

Question 85

what are three different types of actors in swf?

Answer 85

workflow starters, deciders, and activity workers

Question 86

what are some services that can be there behind an API Gateway?

Answer 86

lambda, ec2 and dynamoDB

Question 87

does api gateway enable caching?

Answer 87

yes

Question 88

in the context of api gateway, when resources are requested from multiple sources, what do you need to enable so that this is supported?

Answer 88

enable CORS on the api gateway

Question 89

if CORS is not enabled, what is the typical error message?

Answer 89

Origin policy cannot be read at the remote resource

Question 90

what do you do to api gateways to prevent DoS attacks?

Answer 90

throttle

Question 91

can ALB load balance across regions?

Answer 91

no

Question 92

what is elastic transcoder service?

Answer 92

changes the source format of a video so it’s compatible with different devices. (android, ios smartphone, etc)

Question 93

can dynamodb trigger a lambda function?

Answer 93

yes

Question 94

does lamda support hyperthreading?

Answer 94

yes

Question 95

on what factors does lambda billing depend?

Answer 95

MB of ram served and execution duration in milliseconds

Question 96

how to speed up uploads to s3?

Answer 96

use transfer acceleration

Question 97

if you don’t want to wait for TTL to expire before a new object from s3 shows up, what do you do?

Answer 97

you invalidate it on cloudfront

Question 98

Can you move AMIs created from EBS volume snapshots across regions or only across availability zones?

Answer 98

across regions also

Question 99

difference between s3 IA and one zone IA

Answer 99

one zone IA is less expensive but does not provide the same availability or durability as that of S3 IA

Question 100

storage classes for infrequently accesed data (latency same as standard)

Answer 100

s3 IA and s3 one zone IA

Question 101

whats the difference between memcache and redis?

Answer 101

redis has multi AZ, has more features and is more complex

Question 102

how are EBS snapshots backed into s3?

Answer 102

incrementally

Question 103

what is the underlying hypervisor for ec2?

Answer 103

xen and niro

Question 104

how do you programatically figure out the public and private IP address of EC2 instance?

Answer 104

by querying the instance metadata at

http://169.254.169.254/latest/meta-data/

Question 105

placement groups can be spread across what and not spread across what?

Answer 105

spread across AZs and not spread across regions

Question 106

how many running instances can you have in a placement group?

Answer 106

7

Question 107

can you take a snapshot of an EBS without stopping the ec2 instance it is attached to?

Answer 107

yes, but it can take some time.

Question 108

What is the limit on the number of domain names that you can configure via DNS?

Answer 108

50, but you can contact AWS support and increase this.

Question 109

what is allowed by default in a security group?

Answer 109

all outbound traffic.

Question 110

what is created by default when you create VPC?

Answer 110

route table, security groups and access control lists

Question 111

at what levels can VPC flow logs be created?

Answer 111

VPC level, subnet level and network interface level

Question 112

how many VPCs are allowed in each AWS region?

Answer 112

5

Question 113

what is the purpose of an egress only internet gateway?

Answer 113

allow only IPv6 based connections from inside and prevent IPv6 connections from outside.