AWS Cloud Practitioner Essentials Flashcards by Zack McDaniel

Is Amazon Elastic Compute Cloud (Amazon EC2) a physical server, or Virtual

Virtual

How well did you know this?

Not at all

Perfectly

What is is a highly scalable, fast, container management service that you can use to run, stop, and manage Docker containers on a cluster of EC2 instances.

Amazon Elastic Container Service (Amazon ECS)

How well did you know this?

Not at all

Perfectly

The process of converting data into a standard format that a service such as Amazon S3 can recognize.

Canonicalization

How well did you know this?

Not at all

Perfectly

Covered over a 1-year or 3-year term

EC2 instances

How well did you know this?

Not at all

Perfectly

Type of instances are more well suited for batch processing workloads than general purpose instances.

Compute optimized

How well did you know this?

Not at all

Perfectly

Instances that are more ideal for workloads that process large datasets in memory, such as high-performance databases.

Memory optimized

How well did you know this?

Not at all

Perfectly

EC2 instances in different Availability Zones or different instance types

Convertible Reserved Instances:

How well did you know this?

Not at all

Perfectly

Suppose that you have an application with tightly coupled components. These components might include databases, servers, the user interface, business logic, and so on. This type of architecture can be considered a

monolithic application

How well did you know this?

Not at all

Perfectly

publish/subscribe service&raquo_space; Message board

Amazon Simple Notification Service (Amazon SNS)

How well did you know this?

Not at all

Perfectly

An application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.

Amazon Simple Queue Service (Amazon SQS).

How well did you know this?

Not at all

Perfectly

AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances.

Elastic Load Balancing

How well did you know this?

Not at all

Perfectly

is a service that lets you run code without needing to provision or manage servers.

AWS Lambda

How well did you know this?

Not at all

Perfectly

open-source software that enables you to deploy and manage containerized applications at scale.

Kubernetes

How well did you know this?

Not at all

Perfectly

fully managed service that you can use to run Kubernetes on AWS.

Amazon Elastic Kubernetes Service (Amazon EKS)

How well did you know this?

Not at all

Perfectly

a fully isolated portion of the AWS global infrastructure

Availability Zone

How well did you know this?

Not at all

Perfectly

is a geographical area that contains AWS resources.

Region

How well did you know this?

Not at all

Perfectly

consists of three or more Availability Zones.

Region

How well did you know this?

Not at all

Perfectly

a data center that an AWS service uses to perform service-specific operations.

edge location

How well did you know this?

Not at all

Perfectly

uses to store cached copies of your content closer to your customers for faster delivery.

Amazon CloudFront

How well did you know this?

Not at all

Perfectly

a service that you can use to run AWS infrastructure, services, and tools in your own on-premises data center in a hybrid approach.

AWS Outposts

How well did you know this?

Not at all

Perfectly

is a web-based interface; great for learning and visual, not great for automation

AWS Management Console

How well did you know this?

Not at all

Perfectly

enables you to control multiple AWS services directly from the command line; automate actions for AWS services and applications through scripts.

AWS Command Line Interface (AWS CLI).

How well did you know this?

Not at all

Perfectly

make it easier for you to use AWS services through an API designed for your programming language or platform.

SDKs

How well did you know this?

Not at all

Perfectly

you provide code and configuration settings, and this deploys the resources necessary to perform tasks

AWS Elastic Beanstalk

How well did you know this?

Not at all

Perfectly

Treat your infrastructure as code.

AWS CloudFormation; Template >> API >> automated processes for global deploy

A networking service that you can use to establish boundaries around your AWS resources

Amazon Virtual Private Cloud (Amazon VPC)(opens in a new tab)

a section of a VPC that can contain resources such as Amazon EC2 instances, and control access permissions

Subnet

a connection between a VPC and the internet

Internet Gateway

To access private resources in a VPC, you can use a

virtual private gateway

Customer website is an example of ...

Public subnet

Isolate PII Databases are an example of ...

Private subnet

Create a VPN connection between the VPC and the internal corporate network.

Virtual private gateway

These remember nothing and check packets that cross the subnet border each way: inbound and outbound

stateless packet filtering

Stateless packet filtering always

checks lists

Security groups perform _____ packet filtering.

Stateful

Does not have to check lists - and deny all inbound traffic by default.

stateful packet filtering

a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications hosted in AWS.

Amazon Route 53

storage volumes that behave like physical hard drives.

Block-level storage

provides temporary block-level storage for an Amazon EC2 instance.

instance store

a service that provides block-level storage volumes that you can use with Amazon EC2 instances.

Amazon Elastic Block Store (Amazon EBS)

a service that provides object-level storage in buckets

Amazon A3S

an incremental backup

EBS snapshot

Designed for frequently accessed data, but requires high availability when needed

- S3 Standard: provides high availability for objects.

o infrequently accessed data o has a lower storage price and higher retrieval price

- S3 Standard-IA

o You want to save costs on storage. o Can easily reproduce your data in the event of an Availability Zone failure

- S3 One Zone-IA: stores data in a single Availability Zone.

o monitors objects’ access patterns. o deal for data with unknown or changing access patterns o Requires a small monthly monitoring and automation fee per object

- S3 Intelligent-Tiering

o Can retrieve archived data within a few milliseconds

S3 Glacier Instant: works well for archived data that requires immediate access

o Low-cost storage designed for data archiving o Rretrieve objects within a few minutes to hours

- S3 Glacier Flexible Retrieval

supports long-term retention and digital preservation for data that might be accessed once or twice in a year.

- S3 Deep Archive - 12 to 48 hours

o requirements that must satisfy demanding performance needs by keeping data close to on-premises applications.

- Amazon S3 Outposts

individual small files

Object Storage

Smaller chunks, large files

Block Storage

A scalable file system used with AWS Cloud services and on-premises resources.

Amazon Elastic File System

use structured query language (SQL) to store and query data.

Relational databases

is available on six database engines, which optimize for memory, performance, or input/output (I/O)

Amazon Relational Database Service (Amazon RDS)

a service that enables you to run relational databases in the AWS Cloud.

Amazon Relational Database Service (Amazon RDS)

an enterprise-class relational database

Amazon Aurora

a key-value database service

Amazon DynamoDB

a data warehousing service that you can use for big data analytics. understand relationships and trends across your data.

Amazon Redshift

enables you to migrate relational databases, nonrelational databases, and other types of data stores.

AWS Database Migration Service (AWS DMS)

is a document database service that supports MongoDB workloads.

Amazon DocumentDB

a service that adds caching layers on top of your databases to help improve the read times of common requests

Amazon ElastiCache

build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.

Amazon Neptune, a graph database service.

enables you to manage access to AWS services and resources securely.

AWS Identity and Access Management (IAM)

Makes it easier to manage accounts with similar business or security requirements

group accounts into organizational units (OUs)

affects all IAM users, groups, and roles within an account, including the AWS account root user.

service control policies (SCPs)

is a service that provides on-demand access to AWS security and compliance reports and select online agreements.

AWS Artifact

enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data.

AWS Key Management Service (AWS KMS)

lets you monitor network requests that come into your web applications.

AWS WAF - a web application firewall

is a service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment

Amazon GuardDuty

checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions.

Amazon Inspector

a web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics.

Amazon CloudWatch

* Monitor your resources’ utilization and performance * Access metrics from a single dashboard

CloudWatch dashboard

* Track user activities and API requests throughout your AWS infrastructure * Filter logs to assist with operational analysis and troubleshooting * Not Real time – 15 minute availability * Automatically detecting unusual account activity

AWS CloudTrail records API calls for your account. Auditing Tool Page 9...

Allows for planning what ceiling will be for spending on a particular service

Cost Budgets

Allows for planning how much actual usage of a particular service you want to use

Usage Budgets

Track usage of saving plans based on utilization and trigger alerts when falling under the thresold

Savings Plans Utilization Budgets

Metadata assigned to AWS resources in the form of a key and value

Cost Allocation Tags

How does cloud computing help companies focus on innovation?

Cloud provider handles routine IT Tasks

AWS service that provides alerts about upcoming maintenance activities

AWS Personal Health Dashboard

AWS DAAS - Desktop as a Service

WorkSpaces

Structured in FAQ format and organized by AWS

Knowledge Center

Customer or AWS responsibility? Network Infrastructure

AWS

Customer or AWS responsibility? Physical Security of hardware

AWS

Customer or AWS responsibility? Virtualization Infrastructure

AWS

Customer or AWS responsibility? AMI - Amazon Machine Image

Customer

Customer or AWS responsibility? Applications in EC2 Instances

Customer

Provides storage for hybrid cloud services for access to on-prem resources.

AWS Storage Gateway

What two functions can subscribe to SNS

Email and AWS Lambda

AWS Program that helps the company design, build, and manage system

AWS Partner Network Consulting Partners

Ability of a cloud environment to function while some portions are unavailable

Resiliency

Pertains to the overall system being up of down

Availability

AZs automatically replicate data across zones - T|F

False - distributes resources, but users must configure replication and redundancy

AZ are connected by low-latency networks - T|F

True

Service that tracks SSL and cert renewals

AWS Certificate Manager

AWS tool best for integrating features into the application

AWS SDK

IAAS reduces need for DC space T|F

True

IAAS eliminates infra costs T|F

False

Fully Managed Services reduces operational overhead and reduced capital expenses - T|F

True - does not automate code or backups

Relational DB? DynamoDB

Relational DB? MariaDB

Yes, RDS

Relational DB? Oracle

Yes, RDS

Relational DB? PostgreSQL

Yes, RDS

Global in Nature (not region based)

CloudFront and IAM

Cloud Based Data warehouse solution

RedShift

Allows replacing hardcoding authentication information in code with an API call

AWS Secrets Manager

Name two benefits of deploying a relational DB on Amazon RDS

Provides automatic backups and software patching

How do you restrict access to the application for different users?

Configure ENIs aka multiple network interfaces with separate IP addresses and security groups

Customer or AWS responsibility? Encryption on S3 bucket

Customer

It is best practice to use service accounts and grant least privilage to manage access (T|F)

True

Bucket names must be globally unique and can only exist in one region (T|F)

True

A developer is planning to build a two-tier web application that has a MySQL database layer. Which of the following AWS database services would provide automated backups for the application? A. A MySQL database installed on an EC2 instance. B. Amazon Aurora. C. Amazon DynamoDB. D. Amazon Neptune.

Amazon Aurora

helps a customer view the Amazon EC2 billing activity for the past month?

AWS Cost & Usage Reports.

A company is deploying a new two-tier web application in AWS. Where should the most frequently accessed data be stored so that the application’s response time is optimal?

Amazon ElastiCache.

You want to run a questionnaire application for only one day (without interruption), which Amazon EC2 purchase option should you use?

On-demand instances.

What can be described as a global content delivery network (CDN) service?

Amazon CloudFront.

Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS?

Amazon Macie

service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.

Amazon GuardDuty

automatically perform actions if the value of your metric has gone above or below a predefined threshold.

Alarms

feature enables you to access all the metrics for your resources from a single location.

CloudWatch dashboard

a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices.

AWS Trusted Advisor

predicted AWS usage will incur by the end of the month

AWS Budgets - updates three times a day

a tool that lets you visualize, understand, and manage your AWS costs and usage over time. - 12 months historical spending

AWS Cost Explorer

Support plans include all AWS Trusted Advisor

Business, Enterprise On-Ramp, and Enterprise Support. Developer does not.

Organizes guidance into six areas of focus, called Perspectives. Each Perspective addresses distinct responsibilities.

AWS Cloud Adoption Framework (AWS CAF) In general, the Business, People, and Governance Perspectives focus on business capabilities, whereas the Platform, Security, and Operations Perspectives focus on technical capabilities.

helps you to move from a model that separates business and IT strategies into a business model that integrates IT strategy.

Business Perspective

helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies.

People Perspective

focuses on the skills and processes to align IT strategy with business strategy. This ensures that you maximize the business value and minimize risks.

Governance Perspective

includes principles and patterns for implementing new solutions on the cloud, and migrating on-premises workloads to the cloud.

Platform Perspective

ensures that the organization meets security objectives for visibility, auditability, control, and agility.

Security Perspective

focuses on operating and recovering IT workloads to meet the requirements of your business stakeholders

Operations Perspective

Name the 6 Rs of migration strategies

* Rehosting – Lift and Shift * Replatforming - Or lift, tinker, and shift. * Refactoring/re-architecting - Now, you're writing new code. This is driven by a strong business need to add features or performance that might not be possible on prem, but now are within your reach. * Repurchasing -- This is common for companies looking to abandon legacy software vendors and get a fresh start as part of migration. – AKA moving to a different product * Retaining -- Some applications are about to be deprecated but maybe not just yet. * Retiring - - Sometimes you just have to turn off the lights.

a small, rugged, and secure edge computing and data transfer device.

AWS Snowcone - It features 2 CPUs, 4 GB of memory, and up to 14 TB of usable storage.

You can transfer up to 100 petabytes of data per _______, a 45-foot long ruggedized shipping container, pulled by a semi trailer truck.

Snowmobile

Quickly build, train, and deploy machine learning models at scale.

SageMaker - You do not need to follow the traditional process of manually bringing together separate tools and workflows.

service that enables you to build conversational interfaces using voice and text.

* Amazon Lex, the heart of Alexa.

machine learning service that automatically extracts text and data from scanned documents.

* Amazon Textract

Amazon Q Developer is a machine learning-powered code generator that ...

provides you with code recommendations in real time. analyzes your code and comments as you write code in your integrated development environment (IDE).

helps you understand how to design and operate reliable, secure, efficient, and cost-effective systems in the AWS Cloud. It provides a way for you to consistently measure your architecture against best practices and design principles and identify areas for improvement.

AWS Well-Architected Framework

Name the six pillars of AWS Well-Architected Framework

* Operational excellence: The Operational Excellence pillar includes the ability to run workloads effectively, gain insights into their operations, and continuously improve supporting processes to deliver business value. * Security - The Security pillar includes protecting data, systems, and assets, and using cloud technologies to improve the security of your workloads. * Reliability - focuses on the ability of a workload to consistently and correctly perform its intended functions * Performance efficiency - The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve. * Cost optimization * Sustainability

Six advantages of cloud computing:

* Trade upfront expense for variable expense. * Benefit from massive economies of scale. * Stop guessing capacity. * Increase speed and agility. * Stop spending money running and maintaining data centers. * Go global in minutes.

Six Pillars - includes checks that review permissions and identify which AWS security features to enable.

Security category

Six Pillars -includes checks for unused or idle resources that could be eliminated and provide cost savings.

Cost Optimization

Six Pillars -includes checks to help improve an application's availability and redundancy.

Fault Tolerance

Six Pillars -focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

Performance Efficiency

Six Pillars - includes the ability to run workloads effectively, gain insights into their operations, and continuously improve supporting processes to deliver business value.

Operational Excellence

Six Pillars - focuses on protecting data, systems, and assets. It also focuses on using cloud technologies to improve the security of your workloads.

Security pillar

Six Pillars -

Reliability pillar

AWS Cloud Practitioner Essentials Flashcards

(149 cards)