AWS Cloud Practicioner

Question 1

AWS Cloud Shell

Answer 1

AWS CLI in the browser

Question 2

Pricing calculator

Answer 2

Allows to create an estimated price for an infrastructure (fe. the cost of 3 EC2 instances and 100GB of EBS for 1 year)

Question 3

Billing Dashboard

Answer 3

Your bills for the previous months + forecast for the next month, less detailed

Question 4

Cost explorer

Answer 4

Dashboard for filtering and sorting costs + forecast for the next 12 months, more detailed

Question 5

Cost & Usage reports

Answer 5

Generates a regular .csv report (to an s3 bucket) about the costs of the AWS account, most detailed

Question 6

Tags (Costs & Billing)

Answer 6

Adding tags to the resources will make the bills easier to read (fe. tagging instances by projects makes easier to see project total cost)

Question 7

AWS Budget

Answer 7

Allow (email) notifications when you are near your budget, more complex, can work with forecasts

Question 8

Billing alarms

Answer 8

Cloud watch based less complex version of budgets (notifications when you spent an amount of money), can’t work with forecasts (just the actual consumption)

Question 9

Consolidated Billing

Answer 9

Creating a single bill for all accounts.

Question 10

AWS Health dashboard

Answer 10

Lists all maintenance events effecting the used by the account (personal), also have a general version (every service)

Question 11

Service quotas

Answer 11

You have some default limits for some resources (like number of EC2 instances)

Question 12

Six pillars of cloud architecture (The Well-Architected Framework)

Answer 12

• Operational Excellence
• Security
• Reliability
• Performance Efficiency
• Cost optimisation
• Sustainability

Question 13

The Well-Architected Tool

Answer 13

List of questions helping to evaluate the challenges during the designing phase of the application (how to follow the six pillars of cloud architecture)

Question 14

Thrusted Advisor

Answer 14

Checks the system via Machine Learning to check does the system respects:
* Security
* Fault tolerance (similar to Reliability)
* Performance (similar to Performance Efficiency)
* Cost optimisation
* Service limits (similar to Sustainability)

Question 15

Acceptable Use Policy

Answer 15

The list of forbidden actions via AWS

Question 16

AWS Organisations

Answer 16

Allows to supervise user accounts from a centralised place

Question 17

Service Control Policy

Answer 17

With Service Control Policies you can control which policies (and permissions) can be added to IAM users of an account (disabling root permissions is a good idea).

Question 18

AWS Control Tower

Answer 18

It is technically a wizard which helps to set up the default best practices for AWS organisations

Question 19

Cloud Formation

Answer 19

AWS-s built in Infrastructure as code Solution

Question 20

Cloud Formation Designer

Answer 20

“Draw” an infrastructure as code template instead of writing it

Question 21

AWS CDK

Answer 21

Allows you to write infrastructure as code via java/python/C# etc. code instead of .yaml or .json files

Question 22

Resource Access manager

Answer 22

manage shared cloud resources

Question 23

AWS Config

Answer 23

manage and control configurations on a central place

Question 24

AWS Licence Manager

Answer 24

manage licences on multiple accounts

Question 25

Systems Manager

Answer 25

Helps to manage large scale server fleets (or even multi account resources), and multiple applications running on them

Question 26

Session Manager

Answer 26

Allows to connect EC2 instances (similar to EC2 Instance connect just more advanced) from the browser

Question 27

AWS OpsWork

Answer 27

Non managed alternative of System Manager.
It uses Puppet or Chef for platform automation.
(Helps to manage large scale server fleets (or even multi account resources), and multiple applications running on them)

Question 28

Service Catalog

Answer 28

creates configurable “templates” (using CloudFormation)

Question 29

Proton

Answer 29

creates templates for serverless & container related tasks (subset of service catalog, they can be combined)

Question 30

Launch Wizard

Answer 30

pre built (application) templates created by AWS

Question 31

CloudWatch

Answer 31

Cloud watch collects application logs
Cloud watch also allows to see different metrics (cpu utilisation, number of uploaded files etc.)

Question 32

VPC Flow logs

Answer 32

Flow logs are capturing all incoming and outgoing IP traffic of a, VPC/Subnet
It can be exported to CloudWatch

Question 33

CloudWatch Dashboards

Answer 33

It is possible to set up dashboards in the CloudWatch (aggregating multiple charts in the same page)

Question 34

CloudWatch Alarms

Answer 34

When a metrics (bytes stored in the bucket, cpu utilisation etc.) reaches a condition (5gb, 95% etc.) an alarm is triggered (SNS notification sent, auto scale triggered)

Question 35

CloudWatch Agent

Answer 35

If we install CloudWatch Agent on an EC2 instance it allows more detailed logging

Question 36

X-Ray

Answer 36

Follow data flowing trough your applications

Question 37

IAM User

Answer 37

person

Question 38

IAM User Group

Answer 38

put users into a user group and give/take permissions to ALL of them

Question 39

IAM Roles

Answer 39

giving permissions to a service (fe to access another service)

Question 40

IAM Permission

Answer 40

a single permission

Question 41

IAM policy

Answer 41

group of permissions

Question 42

IAM Identity Center

Answer 42

a more powerful way to allow signing in into multiple aws accounts

Question 43

AWS Directory Service

Answer 43

he built in support for Microsoft Active Directory

Question 44

CloudTrail

Answer 44

allows to follow the actions of the user accounts (who created/modified a resource/configuration), literally an uncleanable “history”

Question 45

GuardDuty

Answer 45

allows to automatically detect suspicious activities (powered by machine learning)

Question 46

AWS Config

Answer 46

forces compliance on services (shows if some resource is not compient) - enforcing compliance

Question 47

AWS Artifact

Answer 47

download compliance reports (for example GDPR) - showing that AWS is compliant

Question 48

AWS Audit Manager

Answer 48

generating Compliance reports (about your own implementations) - showing that you are compliant

Question 49

AWS Inspector

Answer 49

scans containers and EC2 instances to discover vulnerabilities (like unpatched software backdoor) - preventive

Question 50

AWS Detectie

Answer 50

investigating incidents (like CloudTrail, but not just for users but for instances too) - when the problem happened

Question 51

WAF

Answer 51

Web Application Firewall - attachable to some services (like cloud front distributions) block requests based on their metadata (detecting an sql injection fe.)

Question 52

NetworkFirewall

Answer 52

managed firewall provided by AWS, it protects entire networks (like NACL on steroids)

Question 53

Firewall Manager Service

Answer 53

a centralised service to manage firewalls

Question 54

Shield

Answer 54

protection agains DDoS attacks

Question 55

KMS

Answer 55

Key Manage Service - data encryption, managed key storage (all services have a built in support, you just need to enable it)

Question 56

CloudHSM

Answer 56

Cloud Hardware Security Module - data encryption, custom key storage

Question 57

ACM

Answer 57

Aws Certificate Manager - transfer encryption, get and use ssl certificates to en-/decrypt all incoming/outgoing data

Question 58

Secrets Manager

Answer 58

built in support for storing secrets (credentials) hidden from most of the users

Question 59

AWS Macie

Answer 59

scans S3 buckets to discover vulnerabilities (like unprotected sensitive data fe. username/password pairs), or unintentionally public sensitive data

Question 60

Security Hub

Answer 60

Central dashboard for the other security services:
* GuardDuty
* Inspector
* Macie
* IAM access analyser
* Firewall manager
* System manager

Question 61

Credentials report

Answer 61

Generates a csv report about all users and their credentials (not the concrete values)

Question 62

Access advisor

Answer 62

Shows which policies a user have, and when was it used last time

Question 63

Access analyser

Answer 63

Shows which are potential unwanted (too much) policies of a user

Question 64

AMI

Answer 64

Amazon Machine Image - image of a “VM” (OS + pre built software

Question 65

User data

Answer 65

Scripts (shell/bash commands) executed on startup of the EC2 instance (optional)

Question 66

EC2 Instance connect

Answer 66

Online “SSH” from the browser (like the AWS web console)

Question 67

Pricing - On Demand

Answer 67

Pay what you use

Question 68

Pricing - Spot Instances

Answer 68

Discounted, but lower priority (you get it if there is free capacity, but AWS will take it away if somebody else needs it, and pays more)

Question 69

Pricing - Savings plan

Answer 69

Paying in advance for a year (for a minimal amount of compute power, every instance have a concrete amount of compute power required) getting a discount, but paying at least that amount even if you are not using it

Question 70

Pricing - Reserved instances

Answer 70

Paying in advance, and specifying the concrete instance types (fe. “5* t2.micro”) similar to savings plan, but even less flexible

Question 71

Pricing - Dedicated hosts

Answer 71

Dedicated hosts - renting a complete server (fe. compliance reasons, performance)

Question 72

Pricing - Capacity reservation

Answer 72

Guarantees that there will be an instance available, but you pay “reservation fee”

Question 73

Step functions

Answer 73

Allows the user to divide a complex tasks into steps
Defines how the steps can call each other (Azure Logic App)

Question 74

Fargate

Answer 74

Serverless Container Execution Environment

Question 75

ECS task

Answer 75

Instructions (code) to create a container from an image and run it

Question 76

ECS service

Answer 76

A running task (container)

Question 77

ECR

Answer 77

Elastic Container Registry is a managed container registry (like Docker Hub)

Question 78

AWS batch

Answer 78

Tool to run batch operations
A batch operations requires running multiple complex workflows, sometimes involving multiple systems on regular (daily, monthly) basis

Question 79

AWS Compute Optimizer

Answer 79

Uses Machine Learning to analyse the CloudWatch metrics of the compute services, and helps to optimise them (giving suggestions to upscale or downscale)

Question 80

EBS

Answer 80

Elastic Block Store -
It is possible to add hard drives (volumes) to EC2 instances on start or later.

Question 81

EC2 Instance store

Answer 81

The hard disk which is part of the machine running the EC2 instance

Question 82

EFS

Answer 82

Elastic File System -
It possible to add a file system to any kind of application (EC2, ECS, Lambda etc.).

Question 83

FSx for Lustre

Answer 83

A file system optimised for high performance file access workloads

Question 84

EC2 Auto Scaling Group

Answer 84

AWS allows to dynamically adjust the capacity of the servers when you have huge load spikes.

Question 85

Application Load Balancer

Answer 85

Load Balancer, better for web servers (HTTP/HTTPS), more configurable

Question 86

Network Load Balancer

Answer 86

Load Balancer, better for “just data” (TCP/UDS), very fast

Question 87

Target Group

Answer 87

Group of services (instances) which could get a delegated “work” by the load balancer.

Question 88

S3 - Buckets

Answer 88

“entry points” of the storage, with globally unique name

Question 89

S3 - bucket policies

Answer 89

Similar to security groups for other instances / or IAM policies for users

Question 90

S3 - ACLs

Answer 90

The alternative of group policies (not recommended)

Question 91

S3 storage type - standard

Answer 91

• Accessed multiple times
  
  • Flexible, but expensive

Question 92

S3 storage type - IA

Answer 92

• Accessed occasionally
  
  • Cheaper, but reading the files costs extra money

Question 93

S3 storage type - Glacier

Answer 93

• Nearly never accessed
  
  • The cheapest option, but reading the file costs extra money
  • You need to wait for the file (minutes to days)

Question 94

S3 storage type - Inteligent tiering

Answer 94

• AWS analyses access patterns on the file, and decides which category is the best for it

Question 95

S3 - Versioning

Answer 95

storing different versions of the file with the same name

Question 96

S3 - Lifecycle management

Answer 96

moving files to a less expensive storage class after some time, fe. Logs can go to IA after a month, probably nobody opens them anyway

Question 97

S3 - Inventory & Analytics

Answer 97

statistic about the files stored on the bucket

Question 98

S3 - Object lock

Answer 98

making files non changeable/deletable, useful for compliance/legal reasons

Question 99

S3 - Replication

Answer 99

making cross bucket replicas, even between buckets in different regions, requires enabled versioning

Question 100

S3 - Data Encryption

Answer 100

data automatically encrypted on upload, and decrypted on download

Question 101

S3 - Static website hosting

Answer 101

using S3 as a server for hosting a simple static website

Question 102

RDS

Answer 102

Managed SQL Databases (running on an EC2 instance in the background)

Question 103

Amazon Aurora

Answer 103

Fully PostgreSQL and MySql compatible database optimised for AWS with great scaleability and performance
It also have a serverless version

Question 104

ElastiCache

Answer 104

Amazons managed implementation of in memory cache.
Supports Redis and Memcache

Question 105

DynamoDB

Answer 105

Managed high performance NoSQL key-value Databases

Question 106

DAX

Answer 106

DynamoDB Accelerator Built in Managed in memory cache for DynamoDB (like ElastiCache for RDS)

Question 107

MemoryDB

Answer 107

key-value db, PERSISTENT in-memory storage

Question 108

DocumentDB

Answer 108

document db, MongoDB compatible

Question 109

Keyspaces

Answer 109

wide column db (flexible column format like Cassandra)

Question 110

Neptune

Answer 110

Graph database

Question 111

TimeStream

Answer 111

Time serve DB

Question 112

Quantum Ledger

Answer 112

Immutable log data changes (centralised blockchain)

Question 113

Managed Blockchain

Answer 113

Decentralised blockchain (ethereal compatible)

Question 114

AWS Kinesis

Answer 114

When we need to store high frequency data (devices/sensors) we can use Kinesis service.
We don’t need that middle layer for less frequent data, but for high frequency data we need Kinesis to work as a buffer.

Question 115

Redshift

Answer 115

• Storing the data in structured and formatted
• It is great for reporting & visualisation
• It is queryable (sql based)

Question 116

Glue

Answer 116

Glue is a Serverless Managed Extract/Transform/Load service

Question 117

EMR

Answer 117

Elastic Map Reduce -
Non managed Extract/Transform/Load service (you can use the Big Data platform preferred by you, fe. Hadoop)

Question 118

Athena

Answer 118

Athena allows to query the extracted data from S3 / DynamoDB / CloudWatch (or other sources) via SQL (even if they are not an SQL DB)

Question 119

Open Search

Answer 119

managed search service to search and analyse the data (runs on an instance in the background), elastic search alternative

Question 120

QuickSight

Answer 120

can be used to build charts, reports and dashboard

Question 121

ECR

Answer 121

Elastic Container Registry - a managed container registry (like Docker Hub)

Question 122

Grafana

Answer 122

Grafana creates live interactive data visualisation, it is a QuickSight alternative

Question 123

SQS

Answer 123

Simple Queue Service
- Pull / Push messages via a Queue
- Asynchronous processing
- Directly triggered from the code

Question 124

SNS

Answer 124

Simple Notification Service
- Push messages directly to the subscribers
- Synchronous processing
- Directly triggered from the code

Question 125

Event Bridge

Answer 125

Listens to events -> triggers actions
Synchronous processing
Indirectly triggered from the code (the code does not needs to know that the event is listened to and an action is triggered)

Question 126

SES

Answer 126

Simple Email Service
Helps the user to send batch (mass) e-mails.

Question 127

CloudMap

Answer 127

Registry of (assigned) resource names
It makes the creation of a micro service application easier (by registering/naming all the services)

Question 128

API Gateway

Answer 128

It is a managed serverless RestAPI service (Helps creating RestAPIs without writing code)

Question 129

AppSync

Answer 129

It is a managed GraphQL API service (It is a managed GraphQL API service)

Question 130

Cognito

Answer 130

Cognito is a managed user authentication service (like the one in firebase)

Question 131

Amplify

Answer 131

We can use it to “generate” back end services (for FE developers who have little AWS knowledge).

Question 132

Elastic Beanstalk

Answer 132

Elastic Beanstalk helps to deploy web apps, and general workflows to the cloud in the simplest way.
It allows the user to configure everything (computing, storage, db, hosting, load balancing etc.) in a single place
It even allows to add Load Balancers and AutoScaling groups (more advanced use cases)

Question 133

Lightsail

Answer 133

It is a web hosting provider (simple with lots of default options, but little configurability)

Question 134

AppRunner

Answer 134

AppRunner simplifies deploying containers to the cloud via AWS.

Question 135

Copilot

Answer 135

Copilot is a CLI that simplifies container and app creation & deployment to the cloud

Question 136

Cloud9

Answer 136

Cloud based IDE, it runs on an EC2 instance under the hood

Question 137

CodeGuru

Answer 137

Machine learning based, managed Sonar alternative

Question 138

DevOpsGuru

Answer 138

Machine learning based cloud infrastructure analizator (Sonar for DevOps)

Question 139

CloudCommit

Answer 139

A private Git repo in the cloud

Question 140

CodeBuild

Answer 140

Managed execution environment (builds the code)

Question 141

CodeArtifact

Answer 141

A managed artifact repository Nexus alternative

Question 142

CodeDeploy

Answer 142

Allows to deploy code for different target (EC2, ECS, Lambda) with different strategies, manually or automated

Question 143

CodePipeline

Answer 143

A managed Jenkins alternative

Question 144

CodeStar

Answer 144

A simplified version of Code Pipeline (A managed Jenkins alternative) with lots of pre-configured blueprints

Question 145

VPC

Answer 145

We can create a VPN like setup in the cloud.
Region based, every element of the VPC can communicate with each other.
Contains subnets.

Question 146

Subnet

Answer 146

Inside VPCs we can group our instances into subnets, and control the connectivity of those subnets
AZ based (every subnet is in a single AZ)
We have two main type of subnets:
* Private subnet - only internal network access
* Public subnet - internet access
However all instances of a VPC can talk to each other, even if they are not on the same subnet

Question 147

Elastic IP address

Answer 147

a “fix” (public) IP address

Question 148

Security Groups

Answer 148

Security Group is like a firewall, controls the incoming and outgoing messages.
By default a security group filters the inbound traffic, but allows all outbound traffic.
Security Groups are stateful (if a request went out a response for it can come in).
Attached to instances.
Recommended way of security.

Question 149

NACL

Answer 149

Network ACLs are firewalls for entire subnets.
By default NACLs are allowing all inbound and outbound traffic.
NACLs are stateless (we need to define rules for requests and responses too)
Security Groups are preferred over NACLs

Question 150

VPC Peering

Answer 150

VPC Pairing opens a “channel” between 2 VPCs, aka. allows the instances of the VPCs to communicate with each other like they would be in a single VPC.

Question 151

Transit gateways

Answer 151

Transit gateway does the same as VPC Pairing for multiple VPCs.
VPC Pairing opens a “channel” between 2 VPCs, aka. allows the instances of the VPCs to communicate with each other like they would be in a single VPC.

Question 152

VPC Endpoints

Answer 152

You can create a VPC endpoint, and reach other AWS services (without going trough the global internet).

Question 153

AWS PrivateLink

Answer 153

Amazons “intranet” around the globe. Provides faster and safer way of communication than the “real” internet.

Question 154

AWS Direct Connect

Answer 154

Physical cable based connection between AWS and your data-center. Ultra fast, ultra safe, ultra expensive.

Question 155

Internet Gateway

Answer 155

Connecting the (public) subnet to it will give internet access (in and out) to all instances of the subnet

Question 156

NAT Gateway

Answer 156

Creates a one way (outgoing requests only) connection for the instances of the (private) subnet

Question 157

S3 gateway

Answer 157

One type of VPC Endpoints, allows instances of a subnet to communicate with the S3 service via AWS PrivateLink.

Question 158

Route 53

Answer 158

Domain Name System translates domains to IP addresses.
AWS Route 53 is Amazons own managed DNS.

Question 159

Hosted zone

Answer 159

Configuration container, automatically created for every domain.
Add new records to the hosted zone to route incoming requests.

Question 160

Records (routing)

Answer 160

Add new records to the hosted zone (to route incoming requests - coming from the internet trough that domain - to one of your services).

Question 161

CloudFront

Answer 161

CloudFront is the managed CDN service of AWS.

If we are trying to access some web hosted content from far away (USA based server from Europe) it can cause high latency.
CDN networks are solving this problem by caching the content in various locations in the world, and routing the client to the closest cache (instead of the real server)

Question 162

Edge Locations

Answer 162

Edge Locations are the “caches” used by CloudFront.

If we are trying to access some web hosted content from far away (USA based server from Europe) it can cause high latency.
CDN networks are solving this problem by caching the content in various locations in the world, and routing the client to the closest cache (instead of the real server)

Question 163

AWS Global Accelerator

Answer 163

Improve user traffic performance via the AWS network (instead of the global internet)

Question 164

S3 Transfer Acceleration

Answer 164

Improve network file speed to an AWS edge locations, and forward it via the AWS global network

Question 165

ACM

Answer 165

Amazon Certificate Manager, allows to generally manage ssl certificates (and encryption) between services

Question 166

Regions (Building blocks of the AWS infrastructure)

Answer 166

• The highest level of abstraction in AWS
• There are multiple Regions around the world (us-east-1, west-eu-2 etc.)
• Most of the services are region based, there are some exceptions (Global services like billing)

Question 167

Availability zones (Building blocks of the AWS infrastructure)

Answer 167

• Every region contains at least 3 availability zones.
• They are fully independent (if one AZ goes down the others should remain active)
Every AZ contains 1 or more data centres.
• Some services are AZ based (like VPCs)

Question 168

Edge Locations (Building blocks of the AWS infrastructure)

Answer 168

• Edge Locations are the “caches” used by CloudFront.

Question 169

Local Zones (Building blocks of the AWS infrastructure)

Answer 169

Small AWS “regions” close to big metropolitan areas
* extra fast
* limited set of supported services
* Extends VPCs

Question 170

Outposts (Building blocks of the AWS infrastructure)

Answer 170

• AWS servers, which you can add to your datacenter
• AWS managed infrastructure
• Hybrid system
• limited set of supported services
• Extends VPCs

Question 171

Wavelength Zones (Building blocks of the AWS infrastructure)

Answer 171

• AWS servers, embedded into 5G networks (extremely fast)
• limited set of supported services
• Connectible into other services running in the region