AWS Cloud Practiioner

Question 1

Describe the role of Security Groups in AWS.

Answer 1

Security Groups are fundamental to network security in AWS, controlling inbound and outbound traffic to EC2 instances.

Question 2

What do Security Groups in AWS primarily consist of?

Answer 2

Security groups in AWS primarily consist of rules that dictate how traffic is allowed into or out of EC2 instances.

Question 3

How can Security Group rules in AWS be referenced?

Answer 3

Security Group rules in AWS can be referenced by IP or by another Security Group.

Question 4

Define Inbound traffic in the context of Security Groups in AWS.

Answer 4

Inbound traffic in Security Groups refers to traffic coming into the EC2 instance.

Question 5

Explain the significance of Outbound traffic in Security Groups in AWS.

Answer 5

Outbound traffic in Security Groups determines the traffic leaving the EC2 instance.

Question 6

Describe the role of security groups in EC2 instances.

Answer 6

Security groups as a ‘firewall’ on EC2 instances, regulating access to ports, authorized IP ranges (IPv4 and IPv6), inbound network control, and outbound network control.

Question 7

What aspects of network traffic do security groups regulate in AWS EC2 instances?

Answer 7

Security groups in AWS EC2 instances regulate access to ports, authorized IP ranges (IPv4 and IPv6), inbound network traffic (from other to the instance), and outbound network traffic (from the instance to other).

Question 8

What is the purpose of Security Groups in AWS?

Answer 8

Security Groups in AWS act as virtual firewalls that control inbound and outbound traffic for EC2 instances.

Question 9

Describe the concept of Inbound and Outbound rules in Security Groups.

Answer 9

Inbound rules in Security Groups control the incoming traffic to an EC2 instance, while Outbound rules manage the outgoing traffic from the instance.

Question 10

How do Security Groups in AWS help in enhancing network security?

Answer 10

Security Groups in AWS help enhance network security by allowing users to define rules that filter traffic based on IP addresses and ports, thereby restricting unauthorized access to EC2 instances.

Question 11

Describe Security Groups in AWS.

Answer 11

Security Groups in AWS can be attached to multiple instances, are locked down to a region/VPC combination, and control inbound and outbound traffic.

Question 12

How does a security group function in relation to EC2 instances?

Answer 12

A security group in AWS functions outside the EC2 instance; if traffic is blocked by the security group, the EC2 instance won’t receive it.

Question 13

What is the recommended practice regarding SSH access in security groups?

Answer 13

It is recommended to maintain a separate security group specifically for SSH access.

Question 14

What could be the issue if an application is not accessible and times out?

Answer 14

If an application is not accessible and times out, it could be due to a security group issue.

Question 15

What is the default setting for inbound and outbound traffic in security groups?

Answer 15

All inbound traffic is blocked by default, while all outbound traffic is authorized by default.

Question 16

Describe the concept of referencing other security in AWS.

Answer 16

Referencing security groups in AWS involves allowing inbound traffic from instances associated with one security group to instances associated with another security group.

Question 17

Define an EC2 Instance in AWS.

Answer 17

An EC2 Instance is a virtual server in the Amazon Elastic Compute Cloud (EC2) service that can run applications and host data on the AWS infrastructure.

Question 18

How can security groups be used to control inbound traffic in AWS?

Answer 18

Security groups in AWS can be used to control inbound traffic by specifying rules that allow or deny traffic based on protocols, ports, and source/destination IP addresses.

Question 19

Do security groups in AWS support cross-referencing each other?

Answer 19

Yes, security groups in AWS support cross-referencing each other, allowing instances associated with one security group to communicate with instances associated with another security group by authorizing the necessary inbound rules.

Question 20

Describe the relationship between EC2 instances and security groups in AWS.

Answer 20

In AWS, EC2 instances can be associated with one or more security groups, which act as virtual firewalls to control inbound and outbound traffic to the instances based on defined rules.

Question 21

Describe SSH and its typical use.

Answer 21

SSH stands for Secure Shell and is used to log into a Linux instance securely.

Question 22

What is the purpose of FTP and how is it commonly used?

Answer 22

FTP, or File Transfer Protocol, is used to upload files into a file share.

Question 23

Define SFTP and explain its relationship with SSH.

Answer 23

SFTP stands for Secure File Transfer Protocol and is used to upload files using SSH for added security.

Question 24

How is HTTP typically used and what does it allow users to do?

Answer 24

HTTP is used to access unsecured websites, allowing users to view web content.

Question 25

Explain the significance of HTTPS and its common application.

Answer 25

HTTPS is used to access secured websites, providing a secure connection for sensitive data transmission.

Question 26

What is the purpose of SSH?

Answer 26

Securely connect to remote servers.

Question 27

Describe the SSH Summary Table provided in the content.

Answer 27

It lists the SSH clients for different operating systems like Mac, Linux, Windows < 10, and Windows >= 10, along with2 Instance and Putty for connecting.

Question 28

How can SSH be used to connect to an EC2 Instance?

Answer 28

By using an SSH client like Putty on Windows or the built-in terminal on Mac and Linux to establish a secure connection to the EC2 Instance.

Question 29

Describe the purpose of SSH in the context of EC2 instances.

Answer 29

SSH allows users to remotely control a machine using the command line, such as accessing and managing an EC2 instance.

Question 30

How can you SSH into an EC2 instance from a Windows machine?

Answer 30

You can SSH into an EC2 instance from a Windows machine by configuring the necessary parameters using a tool like Putty.

Question 31

Define the significance of Port 22 in the context of SSH and EC2 instances.

Answer 31

Port 22 is the default port used for SSH connections to EC2 instances, allowing secure communication between the local and remote machines.

Question 32

What is the importance of a Public IP in SSH connections to EC2 instances?

Answer 32

A Public IP is essential for establishing a connection to an EC2 instance over the internet, enabling remote access via SSH.

Question 33

How does SSH facilitate remote machine control in the context of EC2 instances?

Answer 33

SSH enables users to securely access and manage their EC2 instances from a remote location, providing command-line control over the instance’s operations.

Question 34

What is EC2 Instance Connect?

Answer 34

A feature that allows users to connect to their EC2 instance within a browser without the need for the downloaded key file, as AWS uploads a temporary key onto the instance.

Question 35

Describe how EC2 Instance Connect works.

Answer 35

EC2 Instance Connect enables users to connect to their EC2 instance through a browser by uploading a temporary key onto the instance, eliminating the need for the downloaded key file. It is compatible out-of-the-box with Amazon Linux 2, but users must ensure that port 22 is open.

Question 36

Describe On-Demand Instances in AWS EC2

Answer 36

On-Demand Instances are suitable for short workloads with predictable pricing, where users pay by the second.

Question 37

What are Savings Plans in AWS EC2?

Answer 37

Savings Plans involve committing to a specific amount of usage for 1 or 3 years, ideal for long workloads.

Question 38

Define Spot Instances in AWS EC2

Answer 38

Spot Instances are cost-effective but less reliable, suitable for short workloads where instances can be lost.

Question 39

How do Reserved Instances differ from Convertible Reserved Instances in AWS EC2?

Answer 39

Reserved Instances are for long workloads, while Convertible Reserved Instances offer flexibility for changing instance types.

Question 40

Do Dedicated Hosts in AWS EC2 allow users to control instance placement?

Answer 40

Yes, Dedicated Hosts enable users to book an entire physical server and have control over where instances are placed.

Question 41

Describe EC2 On Demand pricing model.

Answer 41

Pay for what you use, with billing per second for Linux or Windows after the first minute, and billing per hour for all other operating systems.

Question 42

What are the characteristics of EC2 On Demand instances in terms of cost and commitment?

Answer 42

Highest cost with no upfront payment and no long-term commitment.

Question 43

How is EC2 On Demand usage recommended to be utilized?

Answer 43

Recommended for short-term and uninterrupted workloads where the application behavior is unpredictable.

Question 44

Define the billing structure for Linux or Windows on EC2 On Demand instances.

Answer 44

Billing is per second after the first minute.

Question 45

What is the billing structure for all other operating systems on EC2 On Demand instances?

Answer 45

Billing is per hour for all other operating systems.

Question 46

Describe EC2 Reserved Instances.

Answer 46

EC2 Reserved Instances offer discounts of up to 72% compared to On-demand pricing. Users reserve specific instance attributes for a set period with various payment options.

Question 47

What is the Reservation Period for EC2 Reserved Instances?

Answer 47

The Reservation Period can be 1 year (+discount) or 3 years (+++discount).

Question 48

How do Convertible Reserved Instances differ from standard Reserved Instances?

Answer 48

Convertible Reserved Instances allow changing instance type, family, OS, scope, and tenancy, offering discounts of up to 66%.

Question 49

Define the scope options for Reserved Instances.

Answer 49

Reserved Instances can have a Regional scope or a Zonal scope, where the latter reserves capacity in a specific Availability Zone.

Question 50

What are some recommended use cases for EC2 Reserved Instances?

Answer 50

They are recommended for steady-state usage applications, such as databases, and can be bought and sold in the Reserved Instance Marketplace.

Question 51

Describe EC2 Savings Plans.

Answer 51

EC2 Savings Plans offer discounts based on long-term usage, requiring a commitment to a certain type of usage for 1 or 3 years.

Question 52

What does EC2 Savings Plans lock to a specific instance family and AWS region?

Answer 52

EC2 Savings Plans are locked to a specific instance family and AWS region, such as M5 in us-east-1.

Question 53

How does billing work for usage beyond EC2 Savings Plans?

Answer 53

Usage beyond EC2 Savings Plans is billed at the On-Demand price.

Question 54

Define tenancy options available with EC2 Savings Plans.

Answer 54

EC2 Savings Plans offer flexibility in tenancy options, including Host, Dedicated, and Default.

Question 55

What are the factors that EC2 Savings Plans are flexible across?

Answer 55

EC2 Savings Plans are flexible across instance size, operating system, and tenancy options.

Question 56

Describe EC2 Spot Instances in AWS.

Answer 56

EC2 Spot Instances in AWS offer a discount of up to 90% compared to On-demand. These instances can be terminated at any time if the current spot price exceeds your maximum price.

Question 57

What workloads are EC2 Spot Instances suitable for?

Answer 57

EC2 Spot Instances are suitable for workloads that are resilient to failure, batch jobs, data analysis, image processing, distributed workloads, and workloads with flexible start and end times.

Question 58

How cost-efficient are EC2 Spot Instances in AWS?

Answer 58

EC2 Spot Instances are considered the most cost-efficient instances in AWS, offering significant discounts compared to On-demand instances.

Question 59

Define the main drawback of EC2 Spot Instances.

Answer 59

The main drawback of EC2 Spot Instances is that they are not suitable for critical jobs or databases due to the possibility of termination at any time.

Question 60

Do EC2 Spot Instances require a specific workload type?

Answer 60

Yes, EC2 Spot Instances are best suited for workloads that can tolerate interruptions and are not critical in nature, such as batch jobs, data analysis, and image processing.

Question 61

Describe EC2 Dedicated Hosts.

Answer 61

EC2 Dedicated Hosts are physical with EC2 instance capacity fully dedicated to a user, allowing for compliance with regulations and utilization of existing server-bound software licenses.

Question 62

What are the purchasing options for EC2 Dedicated Hosts?

Answer 62

The purchasing options include On-demand (pay per second for active Dedicated Host) and Reserved (1 or 3 years with options like No Upfront, Partial Upfront, All Upfront).

Question 63

How can EC2 Dedicated Hosts be beneficial for companies?

Answer 63

EC2 Dedicated Hosts are useful for companies with complicated software licensing models (BYOL - Bring Your Own License) or strong regulatory and compliance needs.

Question 64

Define BYOL in the context of EC2 Dedicated Hosts.

Answer 64

BYOL stands for Bring Your Own License and refers to the practice of using existing software licenses on EC2 Dedicated Hosts.

Question 65

What are some key features of EC2 Dedicated Hosts?

Answer 65

EC2 Dedicated Hosts provide fully dedicated server capacity, compliance with regulations, utilization of existing software licenses, and purchasing options like On-demand and Reserved.

Question 66

Describe EC2 Dedicated Instances.

Answer 66

EC2 Dedicated Instances run on hardware that is exclusively dedicated to a single account, although this hardware may be shared with other instances within the same account.

Question 67

What is a key characteristic of EC2 Dedicated Instances regarding hardware placement?

Answer 67

Users have no control over the placement of their instances and the hardware may be moved after a Stop/Start operation.

Question 68

What is an EC2 Capacity Reservation?

Answer 68

Reserving On-Demand instances capacity in a specific Availability Zone for any duration.

Question 69

How does EC2 Capacity Reservation work in terms of billing?

Answer 69

You are charged at the On-Demand rate whether you run instances or not, with no billing discounts.

Question 70

Describe the flexibility of EC2 Capacity Reservations.

Answer 70

There is no time commitment, allowing you to create or cancel reservations anytime.

Question 71

What is the recommended use case for EC2 Capacity Reservations?

Answer 71

Suitable for short-term, uninterrupted workloads that need to be in a specific Availability Zone.

Question 72

How can EC2 Capacity Reservations be optimized for cost savings?

Answer 72

They can be combined with Regional Reserved Instances and Savings Plans to benefit from billing discounts.

Question 73

Describe the ‘On demand’ purchasing option for resort stays.

Answer 73

Customers can come and stay in the resort whenever they like, paying the full price each time.

Question 74

What is the concept behind ‘Spot instances’ in resort purchasing options?

Answer 74

Customers bid for empty rooms, with the highest bidder securing the room, but they can be asked to leave at any time.

Question 75

Define ‘Capacity Reservations’ in the context of resort stays.

Answer 75

It involves booking a room for a period at full price, even if the customer does not stay in it during that time.

Question 76

How does the ‘Savings Plans’ purchasing option work for resort stays?

Answer 76

Customers pay a certain amount per hour for a specific period and can stay in any room type available, such as King, Suite, or Sea View.

Question 77

Do you stay in a specific room type with the ‘Savings Plans’ purchasing option for resort stays?

Answer 77

No, customers can stay in any room type available, such as King, Suite, or Sea View.

Question 78

Describe the Shared Responsibility Model for EC2.

Answer 78

The Shared Responsibility Model for EC2 outlines the division of security responsibilities between AWS and the customer, specifying which security aspects are managed by each party.

Question 79

Define IAM Roles in the context of EC2.

Answer 79

IAM Roles in EC2 refer to the permissions and policies that can be assigned to an EC2 instance, allowing it to interact securely with other AWS services.

Question 80

How does the Shared Responsibility Model for EC2 address compliance validation?

Answer 80

The Shared Responsibility Model for EC2 includes compliance validation as a responsibility of the customer, emphasizing the need for customers to ensure their instances comply with relevant regulations and standards.

Question 81

Describe an EC2 Instance.

Answer 81

An EC2 Instance consists of an AMI (OS), Instance Size (CPU + RAM), Storage, security groups, and EC2 User Data.

Question 82

How does EC2 User Data function in AWS?

Answer 82

EC2 User Data allows for the execution of a script at the first start of an instance, enabling customization and automation.

Question 83

Define SSH in the context of AWS EC2.

Answer 83

SSH (Secure Shell) is used to start a terminal into EC2 Instances, typically on port 22 for secure remote access.

Question 84

Explain the concept of EC2 Instance Role in AWS.

Answer 84

An EC2 Instance Role in AWS is a link to IAM roles, providing permissions and access to AWS resources for the instance.

Question 85

Describe an EBS Volume.

Answer 85

An EBS (Elastic Block Store) Volume is a network drive that can be attached to instances while they are running, allowing them to persist data even after termination.

Question 86

What is the limitation regarding the attachment of EBS Volumes to instances?

Answer 86

EBS Volumes can only be mounted to one instance at a time at the CCP level.

Question 87

Define the concept of EBS Volumes being bound to a specific availability zone.

Answer 87

EBS Volumes are associated with and limited to a particular availability zone within a region.

Question 88

How can EBS Volumes be analogously compared to for better understanding?

Answer 88

EBS Volumes can be thought of as a ‘network USB stick’ in terms of their functionality.

Question 89

Do EBS Volumes offer any free storage options? If so, what are they?

Answer 89

Yes, EBS Volumes provide a free tier offering 30 GB of General Purpose (SSD) or Magnetic storage per month.

Question 90

Describe an EBS Volume in AWS.

Answer 90

An EBS Volume is a network drive in AWS that can be detached from one EC2 instance and attached to another quickly, but is locked to a specific Availability Zone.

Question 91

How can you move an EBS Volume across Availability in AWS?

Answer 91

To move an EBS Volume across Availability Zones, you first need to snapshot it.

Question 92

Define provisioned capacity in relation to EBS Volumes in AWS.

Answer 92

Provisioned capacity for EBS Volumes refers to the size in GBs and IOPS allocated to the volume, for which you will be billed.

Question 93

What is the billing model for provisioned capacity of EBS Volumes in AWS?

Answer 93

You get billed for all the provisioned capacity of an EBS Volume.

Question 94

How can you increase the capacity of an EBS Volume over time in AWS?

Answer 94

You can increase the capacity of an EBS Volume gradually as needed.

Question 95

What is the content indicating?

Answer 95

The content is a disclaimer that it is not for distribution and providing contact information.

Question 96

Describe the components mentioned in the content.

Answer 96

The content mentions EBS Volumes of various sizes (10 GB, 100 GB, 50 GB) in a specific AWS region and availability zone, labeled as unattached.

Question 97

Define the term ‘EBS Volume’ based on the content.

Answer 97

An EBS Volume refers to a block storage device in AWS that can be attached to EC2 instances for persistent storage.

Question 98

What does the EBS - Delete on Termination attribute control?

Answer 98

Controls the EBS behavior when an EC2 instance terminates.

Question 99

How does the EBS - Delete on Termination attribute handle the root EBS volume by default?

Answer 99

By default, the root EBS volume is deleted when the attribute is enabled.

Question 100

Describe the default behavior of attached EBS volumes with the EBS - Delete on Termination attribute.

Answer 100

By default, any other attached EBS volume is not deleted when the attribute is disabled.

Question 101

How can the EBS - Delete on Termination attribute be controlled?

Answer 101

It can be controlled through the AWS console or AWS CLI.

Question 102

Provide a use case for preserving the root volume when an instance is terminated using the EBS - Delete on Termination attribute.

Answer 102

The use case is to preserve the root volume when an instance is terminated.

Question 103

What is an EBS Snapshot used for?

Answer 103

To make a backup of an EBS volume at a specific point in time.

Question 104

Describe the process of creating an EBS Snapshot.

Answer 104

It involves capturing the state of an EBS volume without the need to detach it, although it is recommended to do so before taking the snapshot.

Question 105

Define the flexibility of EBS Snapshots in terms of copying them.

Answer 105

EBS Snapshots can be copied across Availability Zones (AZ) or Regions for redundancy and disaster recovery purposes.