aws cloud guru soln architect may 19 Flashcards
To which region does the IAM account apply?
it does not apply to any specific region at this time.
file zie range in s3
0-5 tb
what does an s3 ojcet consist of
key (object name), value (Object byte stream), version, metadata,
s3 consistency model for new puts
read after write consistency
s3 consistency for overwrite puts and delete
eventual consistency, i.e. when you access immediately sometimes the data may be stale.
what is the difference between s3 glacier and deep archive?
s3 glacier has a few minutes s3 glacier archive has 12 hrs as retrieval time
which s3 storage classes have a per GB retrieval fee?
all except s3 standard
what storage class is ideal for data archiving?
s3 glacier and s3 glacier deep archive
what are two strategies for encrypting s3 data at rest
client side and server side
what are 3 ways to encrypt data server side. for s3
- S3 managed keys (SSES3) - uses AES256
- AWS key management service (SSE-KMS) - jointly managed - aws and customer.
- Customer Keys (SSE-C) - managed purely by customer.
while setting up cross-region replication on a bucket in s3 what happens to the existing objects in a bucket and what happens to a new object on the bucket?
The existing objects are not replicated and the new objects are
what condition on versioning must be satisfied before cross region replication can be setup on s3 bucket
versioning must be setup on both the source and destination bucket
are delete markers replicated automatically during cross region replication on s3
no
are deletions in s3 bucket automatically replicated cross-region?
yes
what are the two dfferent types of cloudfront delivery methods?
web - for static and dunamic content and media using http and https, web forms
rtmp: speed up distribution of streaming media files using adobe flash player, etc.
what if you don’t want cloudfront to cache certian objects from the s3 bucket it is configured for?
you create an invalidation
any activity on the IAM service is pertaining to which region?
global
once a cloudfront distro is created hot do you access an s3 object named object?
cloudfrontname.cloudfront.net/object
can multiple security groups be assigned to an ec2 instance?
yes
what region will the ebs volume associated with an ec2 instance be?
in the same region as the ec2 instance.
when you create an image from an EBS snapshot, what virtualization type should you chose to ensure that it works on most ec2 platforms?
hardware-assisted virtualization
when you terminate an ec2 instance, what happens to the root device volume as well as the others?
the root device volume is deleted but others remain
where are volumes and snapshots stored?
snapshots are stored in s3 and volumes are stored on EBS
what are two ways to move an ec2 instance to a new region?
(option1) create snapshot-create ami-launch ami in new region
(option2) create snapshot - create ami - copy ami to new region - launch ec2 instance
if you loose the access key and secret access key or an iam user what do you do?
go into IAM - select that user - make the keys inactive and generate new ones
in what step do you mention bootstarp script for the ec2 instance?
step 3
what traffic is not monitored in a VPC flow logs?
traffic involving amazon DNS, VPC router, instance metadata, DHCP traffic, windows instance for license activation.
is RDS serverless?
no with the exception of aurora which is serverless
who’s responsibility is it to patch RDS
amazon’s, in fact you cant even ssh into an rds instance.
what are the two types of backups in rds?
automated and data snapshot
what is the retention period is the context of automated backups of rds?
this is the amount in time since the backup is taken during which the database can be restored to a second
what are the two parts of an automated backup?
a full daily snapshot and transaction logs during the day
where are automated backups from rds stored and what is the amount limit?
they are stored in s3 and size = size of your database
when are backups taken and what is the user experience during backups (in the context of rds)
they are taken during a defined window and any storage or IO may be suspended when data is being backed up
when you restore wither an automated or manual snapshot of the rds, does the DNS endpoint remain the same?
no, a new rds instance with a new endpoint is created
who initiates rds db snapshots?
they are initiated by the user
once encryption is turned on for rds, what all are encrypted?
data stored at rest, automated backups, read replicas and snapshots
what are the differences between multiu az and read replicas?
multi az, the backup can’t be accessed until there is a failover
can read replicas be in the same region?
yes and they can also be in different region
what happens when read replicas are promoted to master?
they break the read replication.
is dynamo db serverless?
yes
what are the two read models of dyanmoDB?
eventual read consistency and strong read consistency
what kind of storage is dynamo db stored in?
SSD
How many geographical centers is dynamoDB spread across?
3
what are the two engines supported by elastic cache?
memcached and redis
which is the only serverless RDS service?
aurora
what must be turned on to enable read replicas in RDS?
autobackup
how do you force a failover from one RDS instance to another in a multi AZ setting?
by rebooting
which RDS services support encryption and using what?
using KMS - all 6 - aurora, sql server, oracle, mysql, postgresql
how many availability zones is redshift available in?
1
how many copies of your data does reshift maintain?
3 - original and replica on compute nodes and backup in s3
what can redshift do to aid disaster recovery?
asynchronously replicate your snapshot to s3 in another region.
what are the two types of replicas available with aurora and which one of them supports automated failover?
aurora replicas and mysql replicas. Automated backup supported only by aurora replicas
what dynamodb features are chargeable?
storage of data and read and write capacity
how many copies of data per AZ and across how many AZs is amazon aurora storing data in?
2 copies per AZ and 3 AZs
what are the two possible states of instances monitored by load balancers?
InService, OutOfService
how to delete all instances under an autoscaling group?
just delete the autoscaling group itself.
what is quick start
a bunch of cloudformation templates built by aws architects to allow you to build complex environments quickly
what programming languages does lambda support?
node.js, java, python, c#, go and powershell
what is pricing model for lambda?
based on the number of requests and duration
what aws service allow you to debug complex architectures?
aws x ray
can RDS trigger a lambda?
no
which aws service is appropriate for identity federation?
amazon cognito
what is the 4 step process Cognito works
- facebook provides authentication token to cognito pool when user logs in.
- cognito converts uthentication key to jwt token
- user provides jwt token to cognito identitiy pool which responds with an IAM role to access specific AWS resource
- user access spcific aws resource using theIAM role provided.
what does cognito use to synchronize user data across multiple devices?
push synchronization.
what is the difference between user pool and identity pool in the context of amazon Cognito?
user pool handle user registration, authentication and account recovery
identity pool authorizes access to aws resources.
what is topic in the context of SNS
group of all devices which will receive a notification at the same time
what is the difference between SNS and SQS?
SNS is push based and SQS is poll based.
what are the two different types of queue in SQS?
standard and fifo queue
whats the different between a standard and fifo queue?
standrad queue - best effort usually in the same order as sent and messages can be delivered more than once. FIFO queue- strict ordering with no dups.
how long are messages kept in the queue?
1 minute to 14 days
what is the default retention period for SQS?
4 days
what is visibility timeout in the context of SQS?
Amount of time a message is invisible after a reader picks up message. If the message is not processed within visibility timeout (e.g. ec2 instance has to delete the message), it becomes visible again. There is a possibility that the same mesage can be processed more than once.
what is one way to save money pent during SQS polling?
use long polling.
what is kinesis
a platform for sending streaming data to
what are the three different types of kinesis?
streams, firehose,analytics
what is kinesis streams?
an aws service that stores data for a period of 24 hours to 7 days. Within this time a consumer (typically an ec2 instance) is supposed to read and process the data and put it into redshift, emr, etc.
what are shards in the context of kinesis streams?
data put into a kinesis stream is stored in shards.
what is maximum read rate for kinesis?
5 transaction per second; max of 2MB persecond per shard
what is the max write rate for kinesis?
1000 records per-second;max of 1 MB per second per shard
what is the difference between kinesis firehose and streams?
in firehose something needs to be done to the data immediately (by triggering a lambda function to store to s3 or redshift) whereas in a stream there is data persistence. Firehose, however, scales automatically whereas streams doesn’t
what is kinesis analytics?
do analysis within Kinesis streams or firehose inside of kinesis service.
what is simple workflow service?
managing workflows involving both human and technology components. (e.g. placing order on amazon web site)
other than the human element what are some other differences between sqs and swf?
sqs has a retention period of 14 days and swf has a retention period of up to 1 iyear
swf offers a task oriented api whereas sqs offers a message-oriented api
swf task is not duplicated whereas sqs task can be duplicated and application must handle this.
what are three different types of actors in swf?
workflow starters, deciders, and activity workers
what are some services that can be there behind an API Gateway?
lambda, ec2 and dynamoDB
does api gateway enable caching?
yes
in the context of api gateway, when resources are requested from multiple sources, what do you need to enable so that this is supported?
enable CORS on the api gateway
if CORS is not enabled, what is the typical error message?
Origin policy cannot be read at the remote resource
what do you do to api gateways to prevent DoS attacks?
throttle
can ALB load balance across regions?
no
what is elastic transcoder service?
changes the source format of a video so it’s compatible with different devices. (android, ios smartphone, etc)
can dynamodb trigger a lambda function?
yes
does lamda support hyperthreading?
yes
on what factors does lambda billing depend?
MB of ram served and execution duration in milliseconds
how to speed up uploads to s3?
use transfer acceleration
if you don’t want to wait for TTL to expire before a new object from s3 shows up, what do you do?
you invalidate it on cloudfront
Can you move AMIs created from EBS volume snapshots across regions or only across availability zones?
across regions also
difference between s3 IA and one zone IA
one zone IA is less expensive but does not provide the same availability or durability as that of S3 IA
storage classes for infrequently accesed data (latency same as standard)
s3 IA and s3 one zone IA
whats the difference between memcache and redis?
redis has multi AZ, has more features and is more complex
how are EBS snapshots backed into s3?
incrementally
what is the underlying hypervisor for ec2?
xen and niro
how do you programatically figure out the public and private IP address of EC2 instance?
by querying the instance metadata at
http://169.254.169.254/latest/meta-data/
placement groups can be spread across what and not spread across what?
spread across AZs and not spread across regions
how many running instances can you have in a placement group?
7
can you take a snapshot of an EBS without stopping the ec2 instance it is attached to?
yes, but it can take some time.
What is the limit on the number of domain names that you can configure via DNS?
50, but you can contact AWS support and increase this.
what is allowed by default in a security group?
all outbound traffic.
what is created by default when you create VPC?
route table, security groups and access control lists
at what levels can VPC flow logs be created?
VPC level, subnet level and network interface level
how many VPCs are allowed in each AWS region?
5
what is the purpose of an egress only internet gateway?
allow only IPv6 based connections from inside and prevent IPv6 connections from outside.
