AWS Cloud Practitioner Essentials Flashcards
Is Amazon Elastic Compute Cloud (Amazon EC2) a physical server, or Virtual
Virtual
What is is a highly scalable, fast, container management service that you can use to run, stop, and manage Docker containers on a cluster of EC2 instances.
Amazon Elastic Container Service (Amazon ECS)
The process of converting data into a standard format that a service such as Amazon S3 can recognize.
Canonicalization
Covered over a 1-year or 3-year term
EC2 instances
Type of instances are more well suited for batch processing workloads than general purpose instances.
Compute optimized
Instances that are more ideal for workloads that process large datasets in memory, such as high-performance databases.
Memory optimized
EC2 instances in different Availability Zones or different instance types
Convertible Reserved Instances:
Suppose that you have an application with tightly coupled components. These components might include databases, servers, the user interface, business logic, and so on. This type of architecture can be considered a
monolithic application
publish/subscribe service»_space; Message board
Amazon Simple Notification Service (Amazon SNS)
An application sends messages into a queue. A user or service retrieves a message from the queue, processes it, and then deletes it from the queue.
Amazon Simple Queue Service (Amazon SQS).
AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances.
Elastic Load Balancing
is a service that lets you run code without needing to provision or manage servers.
AWS Lambda
open-source software that enables you to deploy and manage containerized applications at scale.
Kubernetes
fully managed service that you can use to run Kubernetes on AWS.
Amazon Elastic Kubernetes Service (Amazon EKS)
a fully isolated portion of the AWS global infrastructure
Availability Zone
is a geographical area that contains AWS resources.
Region
consists of three or more Availability Zones.
Region
a data center that an AWS service uses to perform service-specific operations.
edge location
uses to store cached copies of your content closer to your customers for faster delivery.
Amazon CloudFront
a service that you can use to run AWS infrastructure, services, and tools in your own on-premises data center in a hybrid approach.
AWS Outposts
is a web-based interface; great for learning and visual, not great for automation
AWS Management Console
enables you to control multiple AWS services directly from the command line; automate actions for AWS services and applications through scripts.
AWS Command Line Interface (AWS CLI).
make it easier for you to use AWS services through an API designed for your programming language or platform.
SDKs
you provide code and configuration settings, and this deploys the resources necessary to perform tasks
AWS Elastic Beanstalk
Treat your infrastructure as code.
AWS CloudFormation; Template»_space; API»_space; automated processes for global deploy
A networking service that you can use to establish boundaries around your AWS resources
Amazon Virtual Private Cloud (Amazon VPC)(opens in a new tab)
a section of a VPC that can contain resources such as Amazon EC2 instances, and control access permissions
Subnet
a connection between a VPC and the internet
Internet Gateway
To access private resources in a VPC, you can use a
virtual private gateway
Customer website is an example of …
Public subnet
Isolate PII Databases are an example of …
Private subnet
Create a VPN connection between the VPC and the internal corporate network.
Virtual private gateway
These remember nothing and check packets that cross the subnet border each way: inbound and outbound
stateless packet filtering
Stateless packet filtering always
checks lists
Security groups perform _____ packet filtering.
Stateful
Does not have to check lists - and deny all inbound traffic by default.
stateful packet filtering
a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications hosted in AWS.
Amazon Route 53
register new domain names directly in
Amazon Route 53
storage volumes that behave like physical hard drives.
Block-level storage
provides temporary block-level storage for an Amazon EC2 instance.
instance store
a service that provides block-level storage volumes that you can use with Amazon EC2 instances.
Amazon Elastic Block Store (Amazon EBS)
a service that provides object-level storage in buckets
Amazon A3S
an incremental backup
EBS snapshot
Designed for frequently accessed data, but requires high availability when needed
- S3 Standard: provides high availability for objects.
o infrequently accessed data
o has a lower storage price and higher retrieval price
- S3 Standard-IA
o You want to save costs on storage.
o Can easily reproduce your data in the event of an Availability Zone failure
- S3 One Zone-IA: stores data in a single Availability Zone.
o monitors objects’ access patterns.
o deal for data with unknown or changing access patterns
o Requires a small monthly monitoring and automation fee per object
- S3 Intelligent-Tiering
o Can retrieve archived data within a few milliseconds
S3 Glacier Instant: works well for archived data that requires immediate access
o Low-cost storage designed for data archiving
o Rretrieve objects within a few minutes to hours
- S3 Glacier Flexible Retrieval
supports long-term retention and digital preservation for data that might be accessed once or twice in a year.
- S3 Deep Archive - 12 to 48 hours
o requirements that must satisfy demanding performance needs by keeping data close to on-premises applications.
- Amazon S3 Outposts
individual small files
Object Storage
Smaller chunks, large files
Block Storage
A scalable file system used with AWS Cloud services and on-premises resources.
Amazon Elastic File System
use structured query language (SQL) to store and query data.
Relational databases
is available on six database engines, which optimize for memory, performance, or input/output (I/O)
Amazon Relational Database Service (Amazon RDS)
a service that enables you to run relational databases in the AWS Cloud.
Amazon Relational Database Service (Amazon RDS)
an enterprise-class relational database
Amazon Aurora
a key-value database service
Amazon DynamoDB
a data warehousing service that you can use for big data analytics. understand relationships and trends across your data.
Amazon Redshift
enables you to migrate relational databases, nonrelational databases, and other types of data stores.
AWS Database Migration Service (AWS DMS)
is a document database service that supports MongoDB workloads.
Amazon DocumentDB
a service that adds caching layers on top of your databases to help improve the read times of common requests
Amazon ElastiCache
build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.
Amazon Neptune, a graph database service.
enables you to manage access to AWS services and resources securely.
AWS Identity and Access Management (IAM)
Makes it easier to manage accounts with similar business or security requirements
group accounts into organizational units (OUs)
affects all IAM users, groups, and roles within an account, including the AWS account root user.
service control policies (SCPs)
is a service that provides on-demand access to AWS security and compliance reports and select online agreements.
AWS Artifact
enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data.
AWS Key Management Service (AWS KMS)
lets you monitor network requests that come into your web applications.
AWS WAF - a web application firewall
is a service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment
Amazon GuardDuty
checks applications for security vulnerabilities and deviations from security best practices, such as open access to Amazon EC2 instances and installations of vulnerable software versions.
Amazon Inspector
a web service that enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics.
Amazon CloudWatch
- Monitor your resources’ utilization and performance
- Access metrics from a single dashboard
CloudWatch dashboard
- Track user activities and API requests throughout your AWS infrastructure
- Filter logs to assist with operational analysis and troubleshooting
- Not Real time – 15 minute availability
- Automatically detecting unusual account activity
AWS CloudTrail records API calls for your account. Auditing Tool
Page 9…
Allows for planning what ceiling will be for spending on a particular service
Cost Budgets
Allows for planning how much actual usage of a particular service you want to use
Usage Budgets
Track usage of saving plans based on utilization and trigger alerts when falling under the thresold
Savings Plans Utilization Budgets
Metadata assigned to AWS resources in the form of a key and value
Cost Allocation Tags
How does cloud computing help companies focus on innovation?
Cloud provider handles routine IT Tasks
AWS service that provides alerts about upcoming maintenance activities
AWS Personal Health Dashboard
AWS DAAS - Desktop as a Service
WorkSpaces
Structured in FAQ format and organized by AWS
Knowledge Center
Customer or AWS responsibility? Network Infrastructure
AWS
Customer or AWS responsibility? Physical Security of hardware
AWS
Customer or AWS responsibility? Virtualization Infrastructure
AWS
Customer or AWS responsibility? AMI - Amazon Machine Image
Customer
Customer or AWS responsibility? Applications in EC2 Instances
Customer
Provides storage for hybrid cloud services for access to on-prem resources.
AWS Storage Gateway
What two functions can subscribe to SNS
Email and AWS Lambda
AWS Program that helps the company design, build, and manage system
AWS Partner Network Consulting Partners
Ability of a cloud environment to function while some portions are unavailable
Resiliency
Pertains to the overall system being up of down
Availability
AZs automatically replicate data across zones - T|F
False - distributes resources, but users must configure replication and redundancy
AZ are connected by low-latency networks - T|F
True
Service that tracks SSL and cert renewals
AWS Certificate Manager
AWS tool best for integrating features into the application
AWS SDK
IAAS reduces need for DC space T|F
True
IAAS eliminates infra costs T|F
False
Fully Managed Services reduces operational overhead and reduced capital expenses - T|F
True - does not automate code or backups
Relational DB? DynamoDB
No
Relational DB? MariaDB
Yes, RDS
Relational DB? Oracle
Yes, RDS
Relational DB? PostgreSQL
Yes, RDS
Global in Nature (not region based)
CloudFront and IAM
Cloud Based Data warehouse solution
RedShift
Allows replacing hardcoding authentication information in code with an API call
AWS Secrets Manager
Name two benefits of deploying a relational DB on Amazon RDS
Provides automatic backups and software patching
How do you restrict access to the application for different users?
Configure ENIs aka multiple network interfaces with separate IP addresses and security groups
Customer or AWS responsibility? Encryption on S3 bucket
Customer
It is best practice to use service accounts and grant least privilage to manage access (T|F)
True
Bucket names must be globally unique and can only exist in one region (T|F)
True
A developer is planning to build a two-tier web application that has a MySQL database layer. Which of the following AWS database services would provide automated backups for the application?
A. A MySQL database installed on an EC2 instance.
B. Amazon Aurora.
C. Amazon DynamoDB.
D. Amazon Neptune.
Amazon Aurora
helps a customer view the Amazon EC2 billing activity for the past month?
AWS Cost & Usage Reports.
A company is deploying a new two-tier web application in AWS. Where should the most frequently accessed data be stored so that the application’s response time is optimal?
Amazon ElastiCache.
You want to run a questionnaire application for only one day (without interruption), which Amazon EC2 purchase option should you use?
On-demand instances.
What can be described as a global content delivery network (CDN) service?
Amazon CloudFront.
Which security service automatically recognizes and classifies sensitive data or intellectual property on AWS?
Amazon Macie
service that provides intelligent threat detection for your AWS infrastructure and resources. It identifies threats by continuously monitoring the network activity and account behavior within your AWS environment.
Amazon GuardDuty
automatically perform actions if the value of your metric has gone above or below a predefined threshold.
Alarms
feature enables you to access all the metrics for your resources from a single location.
CloudWatch dashboard
a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices.
AWS Trusted Advisor
predicted AWS usage will incur by the end of the month
AWS Budgets - updates three times a day
a tool that lets you visualize, understand, and manage your AWS costs and usage over time.
- 12 months historical spending
AWS Cost Explorer
Support plans include all AWS Trusted Advisor
Business, Enterprise On-Ramp, and Enterprise Support. Developer does not.
Organizes guidance into six areas of focus, called Perspectives. Each Perspective addresses distinct responsibilities.
AWS Cloud Adoption Framework (AWS CAF) In general, the Business, People, and Governance Perspectives focus on business capabilities, whereas the Platform, Security, and Operations Perspectives focus on technical capabilities.
helps you to move from a model that separates business and IT strategies into a business model that integrates IT strategy.
Business Perspective
helps Human Resources (HR) employees prepare their teams for cloud adoption by updating organizational processes and staff skills to include cloud-based competencies.
People Perspective
focuses on the skills and processes to align IT strategy with business strategy. This ensures that you maximize the business value and minimize risks.
Governance Perspective
includes principles and patterns for implementing new solutions on the cloud, and migrating on-premises workloads to the cloud.
Platform Perspective
ensures that the organization meets security objectives for visibility, auditability, control, and agility.
Security Perspective
focuses on operating and recovering IT workloads to meet the requirements of your business stakeholders
Operations Perspective
Name the 6 Rs of migration strategies
- Rehosting – Lift and Shift
- Replatforming - Or lift, tinker, and shift.
- Refactoring/re-architecting - Now, you’re writing new code. This is driven by a strong business need to add features or performance that might not be possible on prem, but now are within your reach.
- Repurchasing – This is common for companies looking to abandon legacy software vendors and get a fresh start as part of migration. – AKA moving to a different product
- Retaining – Some applications are about to be deprecated but maybe not just yet.
- Retiring - - Sometimes you just have to turn off the lights.
a small, rugged, and secure edge computing and data transfer device.
AWS Snowcone - It features 2 CPUs, 4 GB of memory, and up to 14 TB of usable storage.
You can transfer up to 100 petabytes of data per _______, a 45-foot long ruggedized shipping container, pulled by a semi trailer truck.
Snowmobile
Quickly build, train, and deploy machine learning models at scale.
SageMaker - You do not need to follow the traditional process of manually bringing together separate tools and workflows.
service that enables you to build conversational interfaces using voice and text.
- Amazon Lex, the heart of Alexa.
machine learning service that automatically extracts text and data from scanned documents.
- Amazon Textract
Amazon Q Developer is a machine learning-powered code generator that …
provides you with code recommendations in real time. analyzes your code and comments as you write code in your integrated development environment (IDE).
helps you understand how to design and operate reliable, secure, efficient, and cost-effective systems in the AWS Cloud. It provides a way for you to consistently measure your architecture against best practices and design principles and identify areas for improvement.
AWS Well-Architected Framework
Name the six pillars of AWS Well-Architected Framework
- Operational excellence: The Operational Excellence pillar includes the ability to run workloads effectively, gain insights into their operations, and continuously improve supporting processes to deliver business value.
- Security - The Security pillar includes protecting data, systems, and assets, and using cloud technologies to improve the security of your workloads.
- Reliability - focuses on the ability of a workload to consistently and correctly perform its intended functions
- Performance efficiency - The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.
- Cost optimization
- Sustainability
Six advantages of cloud computing:
- Trade upfront expense for variable expense.
- Benefit from massive economies of scale.
- Stop guessing capacity.
- Increase speed and agility.
- Stop spending money running and maintaining data centers.
- Go global in minutes.
Six Pillars - includes checks that review permissions and identify which AWS security features to enable.
Security category
Six Pillars -includes checks for unused or idle resources that could be eliminated and provide cost savings.
Cost Optimization
Six Pillars -includes checks to help improve an application’s availability and redundancy.
Fault Tolerance
Six Pillars -focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.
Performance Efficiency
Six Pillars - includes the ability to run workloads effectively, gain insights into their operations, and continuously improve supporting processes to deliver business value.
Operational Excellence
Six Pillars - focuses on protecting data, systems, and assets. It also focuses on using cloud technologies to improve the security of your workloads.
Security pillar
Six Pillars -
Reliability pillar
