AWS Cloud Practitioner

Question 1

What are the 6 advantages of cloud computing?

Answer 1

Trade capital expense for variable expense

Benefit from massive economies of scale

Stop guessing about capacity

Increase speed and agility

Stop spending money running and maintaining DCs

Go global in minutes - near infinite scale

Question 2

What are the types of cloud computing?

Answer 2

IAAS - manage server and OS, e.g. EC2

PAAS - someone else manages underlying OS and machine, e.g. Elastic beanstalk

SAAS - you only use the software and how to use it, e.g. gmail

Question 3

What are the types of cloud computing deployments/

Answer 3

Public cloud - AWS, Azure, GCP

Hybrid cloud - mixture of public and private

Private cloud (on prem) - in your datacentre using Openstack or Vmware

Question 4

What’s the difference between AZs, regions and edge locations?

Answer 4

Availability zone - data centre (potentially a few near each other) - each have redundant power, networking etc.

Region - a geographical area - consists of 2 or more availability zones

Edge locations - endpoints for AWS which are used for caching content (e.g. for CloudFront CDN). Currently there are over 150 edge locations

Question 5

What are the 4 types of support plan?

Answer 5

Basic, Developer, Business and Enterprise

Question 6

What are the IAM user access types?

Answer 6

Programmatic and console access

Question 7

What are the 3 different ways to access the AWS platform?

Answer 7

Console
Programmatically
SDK

Question 8

What is best practice when creating a root account?

Answer 8

Secure password, enable MFA, create individual IAM users

Question 9

What is the structure of a policy?

Answer 9

JSON document that defines effect (allow/deny), resource and actions

Question 10

What is S3?

Answer 10

Simple Storage Service

Object based, as opposed to block-based (which is more appropriate for OS files, DB engine etc.)

Objects are stored as key/value pairs: key of the object (name) and value is the bytes (data)

Data is spread across multiple devices and facilities

Question 11

What is the maximum object size in S3?

Answer 11

Storage is unlimited (max object size of 5TiB)

Question 12

Do bucket names have to be unique?

Answer 12

Bucket name must be unique as DNS entry is created for the bucket

Question 13

What are the data consistency characteristics of S3?

Answer 13

Read after write consistency for PUTs of new objects

Eventual consistency for overwrite PUTs and DELETEs

Question 14

What are the percentage guarantees of S3 for availability and durability?

Answer 14

Built for 99.99% availability

99.9% availability guaranteed

Durability guaranteed to 99.99999999999% (11x9s) - very unlikely you will lose any data

Question 15

What are the storage classes of S3?

Answer 15

Standard - 99.99% availability and 99.99999999999% durability. Stored redundantly across multiple devices in multiple facilities - designed to sustain the loss of 2 facilities concurrently

IA (Infrequently accessed) - for data that is accessed less frequently, but requires rapid access when needed. Lower fee than S3, but changed a retrieval fee

One Zone IA - lower cost than IA, where multiple availability zone data resilience is not required

Intelligent Tiering - uses ML to automatically move data to most cost-effective access tier without performance impact or operational overhead
Glacier - for data archiving. Cheap, and retrieval time can be configured from minutes to hours

Glacier deep archive - lowest-cost storage class where a retrieval time of 12h is acceptable

Question 16

Are buckets global or per region?

Answer 16

When you view buckets, you view them globally, but you can have buckets in individual regions

Question 17

Is the storage class of S3 per-bucket or per-object/

Answer 17

When changing storage class, this is done per object in a bucket (I suppose this allows lifecycle rules to work easily)

Question 18

What are the charges for S3?

Answer 18

Storage

Requests

Storage Management Pricing

Data Transfer Pricing

Transfer Acceleration (fast, easy and secure file transfers over long distances - takes advantage of CloudFront edge locations. Data arrives at edge location and is routed to Amazon S3 over an optimized network path. There is a tool that will tell you have much faster it is to various locations from where you are)

Cross Region Replication Pricing (automatic replication of objects from a primary bucket into a secondary bucket in another region)

Question 19

What is the URL format for statically hosted S3 websites?

Answer 19

URL format: .s3-website-.amazonaws.com

Question 20

Does S3 scale automatically?

Answer 20

Yes.

S3 will scale automatically with demand - great for static sites where there will be a large number of requests (e.g. movie preview)

Question 21

What is CloudFront?

Answer 21

Cloudfront is a CDN (content delivery network). A CDN is a system of distributed servers (network) that deliver web content to a user based on the geographic locations of the user, the origin of the webpage, and a content delivery server.

Question 22

What are the types of CloudFront distribution?

Answer 22

Web Distribution - typically used for websites

RTMP - used for media streaming (adobe flash media protocol)

Question 23

What is a CloudFront edge?

Answer 23

Edge - location where content is cached (separate from AWS region or availability zone)

Question 24

What is a CloudFront origin?

Answer 24

Origin - the origin of all files that the CDN will distribute (can be S3 bucket, EC2 instance, elastic load balancer or Route53)

Question 25

What is a CloudFront distribution?

Answer 25

Distribution - name given to the CDN which consists of a collection of edge locations

Question 26

Are edge locations readonly?

Answer 26

No, edge locations are not just readonly - you can write to them, too (e.g. S3 transfer acceleration)

Question 27

Is there a charge for purging CloudFront caches?

Answer 27

Cached objects can be cleared, but there’s a charge for each purge request

Question 28

What is EC2?

Answer 28

Elastic Compute Cloud.

Virtual servers in the cloud.

Question 29

What are the pricing models for EC2?

Answer 29

On Demand

Reserved

Spot

Dedicated Host

Question 30

What is on-demand EC2 pricing? What workloads is it suitable for?

Answer 30

Payed by the hour (or second for linux).

No up-front payment.

Great for apps with short-term, spiky or unpredictable workloads that cannot be interrupted (e.g. dev/test)

Question 31

What is reserved EC2 pricing? What workloads is it suitable for?

Answer 31

provides you with a capacity reservation, but offers a significant discount on the hourly charge for an instance. Contract terms a 1 year or 3 year terms. More paid up front, more discount you get (max discount is if all is paid up-front).

Great for apps with steady state or predictable usage

Question 32

What are the 3 types of reserved EC2 pricing models?

Answer 32

Standard reserved instances - offer upto 75% off on demand instances. More you pay up front and the longer the contract, the greater the discount. Issue is that you can’t change product family (e.g. go from high performance compute to high performance memory)

Convertible reserved instances - offer upto 54% off on-demand capability to change the attributes of the RI as long as the exchange results in the creation of reserved instances of equal or greater value

Scheduled reserved instances - available to launch within time windows you reserve. Allows you to match your capacity reservation to a predictable recurring schedule that requires a fraction of a day/week/month

Question 33

What is spot EC2 pricing? What workloads is it suitable for?

Answer 33

Spot - enables you to bid whatever price you want for instance capacity - great savings if your apps have flexible start/end times (instance provisioned when spot price met, and will be lost when price exceeds your spot price)

Good for apps with flexible start/end times

Good for apps that are only feasible at very low compute prices, e.g. genomics that can be done at night

Good for users with urgent compute needs who need a large amount of additional capacity

Question 34

Does a customer pay for an hour of EC2 spot instance if the instance is interrupted?

Answer 34

If you don’t get a full hour of compute because the price goes up, you won’t be charged for a partial hour.

But if you terminate the instance, you will be charged

Question 35

What is dedicated host EC2 pricing? What workloads is it suitable for?

Answer 35

Dedicated hosts - physical dedicated servers - help reduce costs by allowing you to use your existing server-bound software licences (quite rare - often used when some software being used requires a dedicated host)

Useful for regulatory requirements that may not support multi-tenant virtualization

Great for licensing that doesn’t support multi-tenancy or cloud deployments

Can be purchased on-demand (hourly) or as a reservation for upto 70% off the on-demand price

Question 36

What are the EC2 instance types?

Answer 36

Spell out FIGHT-DR-MC-PXZ

F - FPGA
I - IOPS (I/O per second)
G - Graphics
H - High disk throughput
T - Cheap general purpose (e.g. T2 Micro)
D - Density
R - RAM
M - Main choice (general purpose)
C - Compute
P - Graphics (think pics)
X - Extreme memory
Z - Extreme memory and CPU

Question 37

What is AWS EBS?

Answer 37

Elastic Block Store.

Used for VHDDs

Question 38

What are the types of volume available on EBS?

Answer 38

SSD:
General purpose SSD (GP2) - balances price and performance
Provisioned IOPS SSD (IO1) - highest-performance SSD (low latency or high throughout workloads)

Magnetic:
Throughput Optimised HDD (ST1) - low cost HDD volume designed for frequently accessed, throughout-intensive workloads
Cold HDD (SC1) - lowest cost, designed for less frequently accessed workloads (file servers)
Magnetic - previous generation

Question 39

Do EBS volumes need to be in the same AZ as an attached EC2 instance?

Answer 39

Yes

Question 40

Do EBS volumes auto-replicate?

Answer 40

Yes

Question 41

If you use a private key to SSH to an EC2 box, which user do you login with?

Answer 41

ec2-user

Question 42

What are security groups?

Answer 42

Firewalls

Question 43

Are roles more secure than id/key pairs? Why

Answer 43

Yes - don’t need to put credentials on the EC2 instance.

Question 44

How long to EC2 role changes take to become effective?

Answer 44

Role changes are effective immediately

Question 45

Is IAM per region?

Answer 45

No, it is universal

Question 46

What is AWS ELB?

Answer 46

Elastic Load Balancer?

Question 47

What are the 3 types of ELB?

Answer 47

Application load balancer - can make decisions based off application state (can see into layer 7)

Network load balancer - when you need ultra-high performance and static IP addresses

Classic - previous generation

Question 48

What is the OSI model?

Answer 48

Open Systems Interconnection - defines 7 layers of computational communication.

1 is physical layer, 7 is application layer.

4 is transport layer.

Question 49

Which DBs are available on RDS?

Answer 49

SQL Server
Oracle
MySQL Server
PostgreSQL
Aurora (invented by Amazon) - compatible with MySQL - 6 copies of DB across availability zones
MariaDB

Question 50

How many copies of data are created for Aurora?

Answer 50

6 across different AZs

Question 51

What are the two key features of RDS?

Answer 51

Multi-AZ (for disaster recovery) - apps use DNS name, not IP addresses of specific instances

Read Replicas (for performance) - replicates primary DB to read replicas. They’re NOT for failover - without Multi-AZ your DB would be down. The read-replicas have their own DNS names so things can be scaled out. Can have upto 5 copies.

Question 52

What is Amazon DynamoDB?

Answer 52

NoSQL DB as a service. Can scale automatically.

An questions around being able to auto-scale but the type of DB isn’t mentioned - go with DynamoDB

Question 53

What is Amazon Redshift?

Answer 53

Fully managed, petabyte-scale data warehouse service in the cloud

Question 54

How many GB in a Petabyte?

Answer 54

1,000,000 GBs

Question 55

What are the four main differences of cloud computing?

Answer 55

IT assets become programmable resources - no more procurement and racking/stacking servers. TIME TO MARKET MUCH QUICKER

Global, available, and unlimited capacity - can deploy around the world, don’t need to arrange in other countries

Higher level managed services - e.g. ML - don’t need to hire an ML specialist

Security build in - firewalls, DDoS protection, can security audit quickly in test environments

Question 56

What are the 11 design principles of AWS architecture best practice?

Answer 56

Scalability (up and out)
Disposable resources instead of fixed servers
Automation
Loose Coupling
Services, Not Servers
Databases
Managing Increasing Volumes of Data
Removing single points of failure
Optimize for cost
Caching
Security

Question 57

What is AWS EMR?

Answer 57

Elastic MapReduce

Question 58

What is AWS SQS?

Answer 58

Simple Queue Service

Question 59

What is the minimum number of AZs in a region?

Answer 59

2

Question 60

What is the AWS pricing philosophy?

Answer 60

AWS philosophy on pricing: pay for what you used at the end of each month, start/stop using a product at any time, no long term contracts required

Question 61

What is the AWS free tier?

Answer 61

Free tier - to get started in the cloud Can run a free EC2 micro instance for a year + other free allowances in S3, EBS, ELB, data transfer and other services

Question 62

What are the 5 AWS pricing policies?

Answer 62

Apply across all services:

Pay as you go (for EC2, linux is by the second, windows is by the hour)

Pay less when you reserve (e.g. EC2 have 12 and 36 month contracts)

Pay even less per unit by using more (e.g. for S3, price drops depending on amount stored)

Pay even less as AWS grows
Custom pricing (for enterprises spending a lot)

Question 63

What are some examples of free AWS services?

Answer 63

VPC
Elastic beanstalk (services it provisions aren’t free)
CloudFormation
IAM
Autoscaling
Opsworks
Consolidated billing (combine multiple accounts into one bill)

Question 64

What are the 3 fundamental charges in AWS?

Answer 64

Compute

Storage

Data out (NOT in)

Question 65

Is data IN typically charged for in AWS?

Answer 65

No.

Question 66

What determines the price of an EC2 instance?

Answer 66

Clock hours of server time

Machine config (about of memory and CPU)

Machine purchase type (instance types)

Number of instances

Load balancing

Detailed monitoring (monitoring by the minute instead of every 5 minutes)

Autoscaling (more instances)

Elastic IP addresses

OSs and software packages

Question 67

What determines price in S3?

Answer 67

Storage class (standard or IA)

Storage amount

Requests (GET, PUT, COPY)

Data transfer out

Question 68

What determines price in RDS?

Answer 68

Clock hours of server time

Database characteristics (e.g. multi-AZ, read-replica, licencing)

DB purchase type (instance size)

Number of DB instances

Provisioned storage

Additional storage

Requests

Deployment type (multi-AZ, read-replicas)

Data transfer out

Question 69

What determines price in CloudFront?

Answer 69

Traffic distribution

Requests

Data transfer out

Question 70

What is a tag?

Answer 70

Key/value pairs attached to AWS resources

Metadata (data about data)

Question 71

Can tags be inherited?

Answer 71

Yes - tags can sometimes be inherited (services that create other resources, e.g. autoscaling, cloudformation, elastic beanstalk)

Question 72

What is a resource group?

Answer 72

Resource groups allow easy grouping of resources using tags that are assigned to then. Can group resources that share one or more tags. Resource groups contain information such as:

Region
Name
Health checks
For EC2 - public and private IP addresses
For ELB - port configurations
For RDS - DB engine etc.

Question 73

What is AWS Organisations?

Answer 73

Account management service that enables consolidation of multiple AWS accounts into an organization that you create and centrally manage

Question 74

What are the two feature sets of AWS Organisations?

Answer 74

Consolidated billing (no policy-based features - just consolidated billing)

All features (includes policy-based features as well as consolidated billing)

Question 75

What is an OU in AWS Organisations?

Answer 75

Can apply policies to organisational units (OUs) - a root account can have many OUs and and OU can have many accounts

Question 76

Does a root account have access to the resources of other linked accounts?

Answer 76

Paying account (root account) doesn’t have access to resources of other accounts, and all linked accounts are independent of each other.

Question 77

What is the maximum number of linked accounts?

Can more be requested?

Answer 77

20.

Yes, more can be requested.

Question 78

What are the advantages of consolidated billing using AWS Organisations/

Answer 78

One bill per AWS account
Very easy to track charges and allocate costs
Volume pricing discount (e.g. aggregate amount in S3 is considered to find per GB price). Reserved instances that aren’t being used in one account can be used in another instead of on-demand

Question 79

What are the best practices for setting up AWS organisations?

Answer 79

Always enable multi-factor authentication of root account

Always use a strong and complex password on root account

Paying account should be using billing purposes only. Do not deploy resources into paying account

Question 80

Can billing alerts be configured for all linked accounts in aggregate?

Answer 80

Yes

Question 81

Is CloudTrail per account or can it be centralised?

Answer 81

CloudTrail is on a per account and per region basis but can be aggregated into a single bucket in the paying account (auditing of AWS activity)

Question 82

What is AWS QuickStart?

Answer 82

Pre-build cloud formation templates built by solution architects using AWS best practices for architecture and security

E.g. deploy Puppet, Jira, SQL Server etc.

Question 83

What are the two available calculators for AWS?

Answer 83

Simple monthly calculator

Total cost of ownership (TCO) calculator - takes into account all costs if you owned all the infrastructure, including IT labor costs (useful for comparing to the cloud)

Question 84

What are the 3 sections of AWS compliance?

Answer 84

Certifications/attestations (e.g. ISO 27001, PCI DSS level 1, SOC 1/2/3)
Laws, regulations and privacy (HIPAA (USA healthcare), GDPR)
Alignments/frameworks (G-Cloud UK - for uk gov to host in cloud)

Question 85

What is SOC 1/2/3?

Answer 85

SOC is Service Organization Control - making sure systems are set up so they assure security, availability, processing integrity, confidentiality, and privacy of customer data.

Question 86

What is the name of the US regulation for storing personal healthcare information?

Answer 86

HIPAA

Question 87

What is the shared responsibility model of security in AWS?

Answer 87

AWS manages security of the cloud - e.g. patching OSs that customers can’t access (like those for RDS), physical security at datacentres etc.

Security IN the cloud is responsibility of the customer - they chose to implement security measures to protect their own content, platform, apps, system, networks etc. no differently than they would on-premise

Essentially - if the customer has control over it, they are responsible for it

Good analogy: cloud is your house. AWS is responsible for the walls, doors, floors etc. But it’s up to you to lock the front door and look after everything you put in the house

Question 88

What is WAF?

Answer 88

WAF (web application firewall) helps protect web apps from common web exploits that could affect app availability, compromise security, or consume excessive resources.

ELBs and security groups operate at layer 4 - let in this particular port. But we have no idea what data is being transmitted. This wouldn’t defend an exploit like SQL injection.

This could be mitigated by implementing WAF - this operates at layer 7, so it can read the actual data of the request. It will prevent dangerous traffic from reaching its destination

Question 89

What is AWS Shield?

Answer 89

AWS Shield is a DDoS protection service for apps running on AWS. It provides always-on detection and automatic inline mitigations that minimize apps downtime and latency (so no need to engage AWS support to benefit from DDoS protection). There are two tiers:

Standard - free - get this automatically

Advanced - around $3,000 per month

Question 90

What is AWS inspector?

Answer 90

AWS Inspector is an automated security assessment service that helps improve the security and compliance of apps deployed on AWS. It automatically assesses apps for vulnerabilities or deviations from best practices.
After performing an assessment, it produces a detailed list of security findings prioritized by level of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API.

It’s essentially an agent installed on EC2 instances that reports back.

Question 91

What is AWS trusted advisor?

Answer 91

AWS Trusted Advisor is an online resource to help reduce cost, increase performance, and improve security by optimizing your AWS environment. It provides real-time guidance to help you provision your resources following AWS best practices. It will advise on cost optimization, performance, security and fault tolerance (e.g. multi-AZ).

So, it’s not just a security advisor, and isn’t only for EC2 (like inspector).

Two types:
Core checks and recommendations: free, everyone gets this
Full Trusted Advisor - business and enterprise customers only

Question 92

What are the two levels of AWS Trusted Advisor?

Answer 92

Core checks and recommendations: free, everyone gets this

Full Trusted Advisor - business and enterprise customers only

Question 93

Which native AWS service will act as a file system mounted on an S3 bucket?

Answer 93

AWS Storage Gateway.

Question 94

What is EFS?

Answer 94

EFS (Elastic File System) is mountable file storage for EC2

Question 95

What is EBS?

Answer 95

EBS is block level storage for EC2

Question 96

Which AWS services should you use if you’d like to be notified when you have crossed a billing threshold?

Answer 96

CloudWatch and AWS Budget

Question 97

What’s a good way to assign permissions to IAM users?

Answer 97

Via groups

Question 98

True or False: There are more Regions than there are Availability Zones.

Answer 98

False

Question 99

Which of the following AWS Support levels offers the assistance of a Technical Account Manager?

Answer 99

Enterprise

Question 100

What is the definition of availability zones?

Answer 100

Distinct locations from within an AWS region that are engineered to be isolated from failures.

Question 101

What is the definition of a region?

Answer 101

A distinct location within a geographic area designed to provide high availability to a specific geography.

Question 102

What are the possible CloudFront Origins?

Answer 102

S3 bucket
EC2 instance
Elastic Load Balancer
Route53

Question 103

Where is CloudFront content cached?

Answer 103

Edge Locations

Question 104

What is elasticity?

Answer 104

Being able to change capacity easily

Question 105

What is a CloudFront Distribution?

Answer 105

A series of edge locations that make up a CDN

Question 106

Is IAM a global service?

Answer 106

Yes

Question 107

How can you restrict access to an entire S3 bucket and an individual object in the bucket

Answer 107

Whole thing - bucket policies

Individual objects - Access Control Lists (ACLs)

Question 108

Which data archival service is extremely inexpensive, but has a several hour data-retrieval window?

Answer 108

Glacier

Question 109

Which AWS Support levels offers 24x7 support via phone or chat?

Answer 109

Business and Enterprise

Question 110

What is Amazon Lightsail, and what type of cloud computing is it?

Answer 110

You can get preconfigured virtual private server plans that include everything to easily deploy and manage your application. Lightsail is best suited to projects that require a few virtual private servers and users who prefer a simple management interface. Common use cases for Lightsail include running websites, web applications, blogs, e-commerce sites, simple software, and more.

It’s PaaS.

Question 111

How does S3 Transfer Acceleration work?

Answer 111

It uses Amazon’s network of edge locations to allow users to upload/download files from a nearby location, and then send the file across Amazon’s private optimized network.

Question 112

Which of the following support plans features a < 4-hour response time in the event of an impaired production system?

Answer 112

Business and enterprise

Question 113

Which of the following support plans features a < 15-minute response time in the event of a down business-critical system?

Answer 113

Enterprise

Question 114

Is VPC free?

Answer 114

Yes, but the resources in it might not be

Question 115

What’s the difference between AWS Organisations and Consolidated Billing?

Answer 115

Consolidated Billing is a feature of AWS Organisations.

Question 116

What is a resource group?

Answer 116

A resource group is a collection of resources that share one or more tags (or portions of tags.)

Question 117

Is “Options” a valid CloudFormation template section?

Answer 117

In total there are 9 valid sections allowed within a CloudFormation template. In the answers above, only “Parameters”, “Resources” and “Outputs” are considered valid. “Options” is not a template section.

Question 118

Which Route 53 policies allow you to a) route data to a second resource if the first is unhealthy, and b) route data to resources that have better performance?

Answer 118

Failover Routing and Latency-based Routing are the only two correct options, as they consider routing data based on whether the resource is healthy or whether one set of resources is more performant than another. Any answer containing location based routing (Geoproximity and Geolocation) cannot be correct in this case, as these types only consider where the client or resources are located before routing the data. They do not take into account whether a resource is online or slow. Simple Routing can also be discounted as it does not take into account the state of the resources.

Question 119

Which support plans features access to AWS Support during business hours via email?

Answer 119

The Developer support plan features access to AWS support explicitly during business hours via email. With the AWS exams you need to be careful of wording. Business and Enterprise offer 24x7 access not just business hours. If you were asked to provide three answers those might be included, but with only 1 answer, you must chose the most precise answer.

Question 120

What is AWS’ managed DDoS protection service?

Answer 120

AWS Shield

Question 121

You need to use an AWS service to assess the security and compliance of your EC2 instances. Which service should you use?

Answer 121

AWS Inspector

Question 122

Which service will help you optimize your entire AWS environment in real time following AWS best practices?

Answer 122

AWS Trusted Advisor

Question 123

True or False: Security in the cloud is the responsibility of AWS.

Answer 123

False

Question 124

True or False: The Standard version of AWS Shield offers automated application (layer 7) traffic monitoring.

Answer 124

False - Only AWS Shield Advanced offers automated application layer monitoring.

Standard does give basic DDoS protection.

Question 125

Which service can help you assess the fault-tolerance of your AWS environment?

Answer 125

AWS Trusted Advisor

Question 126

The AWS Web Application Firewall can go down to which OSI layer?

Answer 126

7

Question 127

You have a project that will require 90 hours of computing time. There is no deadline, and the work can be stopped and restarted without adverse effect. Which computing option offers the most cost-effective solution?

Answer 127

Spot instances would be the most cost-effective solution.

Question 128

Which AWS service should you use to migrate an existing database to AWS?

Answer 128

The AWS Database Migrations Service is the best choice for conventional data migrations.

Question 129

How much faster is Aurora than traditional MySQL?

Answer 129

x5 faster

Question 130

You have a mission-critical application which must be globally available at all times. Which deployment strategy should you follow?

Answer 130

Multi-region

Question 131

Which AWS service is specifically designed to assist you in processing large data sets?

Answer 131

EMR (Elastic MapReduce)

Question 132

What is AWS’ Data Warehousing service?

Answer 132

Redshift

Question 133

Which native AWS service will act as a file system mounted on an S3 bucket?

Answer 133

The Storage Gateway service is primarily used for attaching infrastructure located in a Data centre to the AWS Storage infrastructure. The AWS documentation states that; “You can think of a file gateway as a file system mount on S3.” Amazon Elastic File System (EFS) is a mountable file storage service for EC2, but has no connection to S3 which is an object storage service. Amazon Elastic Block Store (EBS) is a block level storage service for use with Amazon EC2 and again has no connection to S3.

Question 134

Which support service do all accounts receive as standard?

Answer 134

Billing support

Question 135

Which support plans features unlimited (customer-side) contacts and unlimited support cases?

Answer 135

Business and Enterprise

Question 136

What is FPGA?

Answer 136

Field programmable gate array

Question 137

What are the 5 pillars of the AWS well architected framework?

Answer 137

Security

Reliability

Performance efficiency

Cost optimisation

Operational excellence

Question 138

AWS framework: what are the 4 areas of security to consider?

Answer 138

Data Protection

Privilege Management

Infrastructure Protection

Detective Controls

Question 139

AWS framework: what are the 3 areas of reliability to consider?

Answer 139

Foundations (e.g. bandwidth)

Change Management

Failure Management

Question 140

AWS framework: what are the 4 areas of performance efficiency to consider?

Answer 140

Compute

Storage

Database

Space-time tradeoff

Question 141

AWS framework: what are the 4 areas of cost optimization to consider?

Answer 141

Matched supply and demand

Cost-effective resources

Expenditure Awareness

Optimizing over time

Question 142

AWS framework: what are the 3 areas of operational excellence to consider?

Answer 142

Preparation

Operation

Response

Question 143

In EC2, what is the difference between EBS-backed and instance-backed storage?

Answer 143

EBS backed volumes are persistent (can be detached and attached to another instance). When instance is stopped, data will persist.

Instance store backed volumes are ephemeral (so can’t attach to another EC2 instance - it’s only there for life of instance). When instance is stopped, data is wiped

EBS = long term storage

Instance storage - shouldn’t be used for long-term data storage

Question 144

What is OpsWorks?

Answer 144

Orchestration service that uses Chef and Puppet

A way of using infrastructure as code to ensure desired state across resources

Contains “recipes” to maintain a consistent state

Look for terms chef, recipes or “cook books” and think OpsWorks

Question 145

In EC2, what is the difference between EBS-backed and instance-backed storage?

Answer 145

EBS backed volumes are persistent (can be detached and attached to another instance). When instance is stopped, data will persist.

Instance store backed volumes are ephemeral (so can’t attach to another EC2 instance - it’s only there for life of instance). When instance is stopped, data is wiped

EBS = long term storage

Instance storage - shouldn’t be used for long-term data storage

Question 146

What is OpsWorks?

Answer 146

Orchestration service that uses Chef and Puppet

A way of using infrastructure as code to ensure desired state across resources

Contains “recipes” to maintain a consistent state

Look for terms chef, recipes or “cook books” and think OpsWorks

Question 147

What are the two main feature sets of AWS Organisations?

Answer 147

Consolidated billing (just having a single payer and consolidated bill)

All features (consolidated billing features AND policy-based controls and hierarchical management of accounts)

Question 148

What is an Organisational Unit?

Answer 148

A way in AWS Organisations to group accounts together

Question 149

What is the default maximum limit for linked accounts for consolidated billing?

Answer 149

20 accounts

Question 150

How does volume discounting work with AWS linked accounts?

Answer 150

You will get volume discount based on the usage across all accounts

Question 151

How do reserved instances work with AWS linked accounts?

Answer 151

If one linked account is not using an RI, another account can use it

Question 152

Can you consolidate CloudTrail logs?

Answer 152

CloudTrail is per AWS account and enabled per region, but you can consolidate using an S3 bucket:

1. Turn on CloudTrail in paying account
2. Create bucket policy that allows cross-account access
3. Turn on CloudTrail in other accounts and use bucket in paying account