AWS Concepts Flashcards

Question 1

Q

What is an EC2 Burstable Instance?

Answer

A

It means that the instance has an okay characteristic, but can ramp up the capabilities very fast if needed

Question 2

Q

You plan on running an open source MongoDB database year-round on EC2. Which instance launch mode should you choose?

Answer

A

Reserved Instances

Question 3

Q

You would like to deploy a DB and the vendor license bills you based on the physical cores and underlying socket visibility. Which EC2 launch modes allow you to get visibility into them?

Answer

A

Dedicated hosts

Question 4

Q

You are running a critical workload of three hours per week, on Monday. Which EC2 Instance Launch Type should you choose to maximize the cost savings while ensuring the application stability?

Answer

A

Scheduled Reserved Instances

Question 5

Q

What is load balancing?

Answer

A

Load balancers are servers that forward internet traffic to multiple servers (EC2 instances) downstream

Question 6

Q

What are some reasons to use a load balancer?

Answer

A

Expose a single point of access (DNS) to your application;
Handle failures of downstream instances;
Provide SSL termination (HTTPS) for your websites;
Enforce Stickiness with cookies;
High availability across zone (can forward to instances in different AZs)
Separate public traffic from private traffic;

Question 7

Q

What is an EC2 reserved instance?

Answer

A

A reserved instance is the same as the On-Demand, however, because you have reserved it for a set period of time, it is heavily discounted

Question 8

Q

What is Load Balancer stickiness?

Answer

A

It is when the same client is always redirected to the same instance behind a load balancer;
There is a cookie that has an expiration date you control

Question 9

Q

What can you do to make sure a user doesn’t lose their session data on their server?

Answer

A

Use Load Balancer stickiness

Question 10

Q

What is Cross-Zone Load Balancing?

Answer

A

Each load balancer instance distributes evenly across all registered instances in all AZ;
otherwise, each load balancer node distributes requests evenly across the registered instances in its AZ

Question 11

Q

True or False: cross-zone load balancing is always on for Application Load Balancer and Classical Load Balancer?

Answer

A

False; Cross-Zone Load Balancing is always on for ALB (can’t be disabled) but not for CLB

Question 12

Q

What is SSL/TLS?

Answer

A

An SSL (Secure Socket Layer) Certificate allows traffic between your clients and your load balancer to be encrypted in transit (in-flight encryption);
TLS (Transport Layer Security) is the newer version

Question 13

Q

What is SNI?

Answer

A

Server Name Indication; it solves the problem of loading multiple SSL certificates onto one web server (to serve multiple websites);
Only works for ALB and NLB

Question 14

Q

How does SNI work?

Answer

A

It requires the client to indicate the hostname of the target server in the initial SSL handshake

Question 15

Q

What does a de-registration delay in load balancing help with?

Answer

A

A de-registration delay is set so that when an instance is being re-registered (or unhealthy), the load balancer can still have time to send “in-flight” requests to the target;
however new requests are not sent to the instance

Question 16

Q

When you specify an average performance of a characteristic of an ASG (ex. ASG CPU to stay around 40%), what scaling policy is this?

Answer

A

Target Tracking Scaling

Question 17

Q

Example: When a CloudWatch alarm is triggered (CPU > 70%), then add 2 units.
What Scaling Policy is this an example of?

Answer

A

Simple / Step Scaling

Question 18

Q

You can anticipate usage patterns for ASG instances; what scaling policy should you use?

Answer

A

Scheduled Actions Scaling Policy

Question 19

Q

What is the purpose of a Scaling Cooldown?

Answer

A

The cooldown period helps to ensure that your Auto Scaling group doesn’t launch or terminate additional instances before the previous scaling activity takes effect

Question 20

Q

Your application is using an Application Load Balancer. It turns out your application only sees traffic coming from private IP which are in fact your load balancer’s. What should you do to find the true IP of the clients connected to your website?

Answer

A

Look into the X-Forwarded-For header in the backend

Question 21

Q

Your boss wants to scale your ASG based on the number of requests per minute your application makes to your database. What do you do?

Answer

A

You create a CloudWatch custom metric and build an alarm on this to scale your ASG

Question 22

Q

A web application hosted in EC2 is managed by an ASG. You are exposing this application through an Application Load Balancer. The ALB is deployed on the VPC with the following CIDR: 192.168.0.0/18. How do you configure the EC2 instance security group to ensure only the ALB can access the port 80?

Answer

A

Open up the EC2 security on port 80 to the ALB’s security group

Question 23

Q

You are running an application in 3 AZ, with an Auto Scaling Group and a Classic Load Balancer. It seems that the traffic is not evenly distributed amongst all the backend EC2 instances, with some AZ being overloaded. Which feature should help distribute the traffic across all the available EC2 instances?

Answer

A

Cross Zone Load Balancing

Question 24

Q

True or False: An EBS volume is locked to an AZ

Question 25

Q

What is the GP2 (SSD) EBS Volume

Answer

A

General purpose SSD volume that balances price and performance for a wide variety of workloads

Question 26

Q

What is the IO1 (SSD) EBS Volume

Answer

A

Highest-performance SSD volume for mission-critical low-latency or high-throughput workloads which is I/O intensive;
Good for large DB workloads such as MongoDB, PostgreSQL, etc.;

Question 27

Q

What is the ST1 (HDD) EBS Volume

Answer

A

Low cost HDD volume designed for frequently accessed, throughput-intensive workloads

Question 28

Q

What is the SC1 (HHD) EBS Volume

Answer

A

Lowest cost HDD volume designed for less frequently accessed workloads

Question 29

Q

What is a main difference of EBS vs Instance Store

Answer

A

Instance store is physically attached to the machines (EBS is a network drive);
Data stored on the Instance Store is not persistent through instance stops, terminations or hardware failures.
We can also encrypt data in the EBS

Question 30

Q

If you need high IOPS would you use ESB or EC2 Instance Store?

Answer

A

EC2 Instance Store. It has much higher IOPS because it is a physical drive

Question 31

Q

Between EBS and EFS, which service can be mounted accross AZs?

Question 32

Q

What are the 6 relational databases that AWS RDS supports?

Answer

A

Postgres, MySQL, MariaDB, Oracle, Microsoft SQL Server and Aurora

Question 33

Q

How many read replicas can you have for RDS?

Answer

A

Up to 5. They can be Within AZ, Cross AZ or Cross Region. Up to 15 with Aurora.

Question 34

Q

Business users want analytics on data from an RDS database. What architecture change can we make?

Answer

A

Make a replica of the RDS DB instance so that the reporting application that draws analytics does not disrupt or overflow traffic to the RDS DB instance; instead it reads from the replica

Question 35

Q

Read replicas can be encrypted without master encryption.

Answer

A

False. The master must be encrypted for the read replicas to be encrypted and vice-versa.

Question 36

Q

How do we encrypt the master and read replicas at rest?

Answer

A

AWS KMS. Encryption is defined at launch time.

Question 37

Q

How do we encrypt the RDS in-flight?

Answer

A

SSL Certificates. Provide SSL options with trust certificate when connecting to the database

Question 38

Q

You need to encrypt an un-encrypted RDS backup. How would you do it?

Answer

A

You can copy an unencrypted snapshot into an encrypted one.

Question 39

Q

How would we encrypt an un-encrypted RDS database?

Answer

A

Create a snapshot. Copy the snapshot and enable encryption for the snapshot. Restore the database from the encrypted snapshot. Migrate applications to the new database and delete the old database

Question 40

Q

What are IAM policies used for with AWS RDS?

Answer

A

It is used to decide who can manage the RDS;

Can be used to authenticate API calls to RDS;

Question 41

Q

Which two DBs do IAM authentication work with?

Answer

A

MySQL and PostgreSQL

Question 42

Q

What are the three benefits of IAM Authentication for RDS? What two databases support it?

Answer

A

Network in/out must be encrypted using SSL;
IAM to centrally manage users instead of managing access individually on each DB instance;
For applications running on Amazon EC2, you can use profile credentials specific to your EC2 instance to access your database instead of a password, for greater security;
MySQL and PostgreSQL;

Question 43

Q

What are four responsibilities that fall on the user for RDS security?

Answer

A

Check the ports / IP / security group inbound rules in DB’s SG;
In-database user creation and permissions or manage through IAM;
Creating a database with or without public access;
Ensure parameter groups or DB is configured to only allow SSL connections;

Question 44

Q

When faced with infrequent, intermittent or unpredictable workloads when it comes to AWS Databases, what should you use?

Answer

A

Aurora Serverless

Question 45

Q

How is Aurora Global Database distributed?

Answer

A

There is 1 primary region (read/write) and up to five secondary regions (read only) and up to 16 read replicas per secondary region

Question 46

Q

Explain User Session Store with ElastiCache

Answer

A

A user logs into any application instance. The application writes the session data to ElastiCache. The user hits another instance of the application and the instance can retrieve the data and the user does not have to re-authenticate.

Question 47

Q

True or False: MemcacheD is non persistent and has no backup and restore

Question 48

Q

True or False: Redis does not have backup and restore features

Question 49

Q

What type of data is caching effective for?

Answer

A

Data that changes slow and few keys are frequently needed

Question 50

Q

What is Lazy Loading / Cache-Aside / Lazy Population for ElastiCache?

Answer

A

It is when data is not stored in cache (a cache hit) it will read from the DB and then the application will write to the cache

Question 51

Q

What are two cons for Lazy Loading Cache data?

Answer

A

Cache miss penalty that results in 3 round trips (noticeable delay for that request);
Stale data: data can be updated in the database and outdated in the cache

Question 52

Q

What is a write through for ElastiCache?

Answer

A

When data is written to the Amazon RDS, it is also written to ElastiCache

Question 53

Q

How can you mitigate missing data in Cache on a Write Through?

Answer

A

You can implement Lazy Loading strategy. That way, if you don’t find the data, it will go to the database.

Question 54

Q

Cache eviction can occur in what three ways?

Answer

A

Delete the item explicitly;
Item is evicted because memory is full and it’s not recently been used;
You set an item time-to-live;

Question 55

Q

Is data asynchronously or synchronously copied when Multi-AZ is enabled in RDS?

Answer

A

Synchronous (except for Aurora). RDS creates a primary DB Instance and synchronously replicates the data to the standby instance in a different AZ.

Question 56

Q

Is data asynchronously or synchronously copied when a read replica is created?

Answer

A

Asynchronously

Question 57

Q

What is a negative in doing Read Replicas in multi-AZ?

Answer

A

There is a network cost in going from one AZ to another

Question 58

Q

What is the major differences between Multi-AZ for availability and Read Replicas

Answer

A

Multi-AZ for availability hosts a stand by instance that can not be read/write other than from the Master RDS instance. It is not used for scaling. Read replicas are used for scaling. They are async when written to. They can be used as backups, but are primarily there for easing burden on a master DB.

Read Replicas with Multi-AZ is now available. Your read replicas in another AZ can be used as a standby.

Question 59

Q

Which Elesticache service is multi-threaded, Redis or Memcached?

Answer

A

Memcached. It is the only feature that Redis does not have

Question 60

Q

For AWS Route 53, what are the most common records?

Answer

A

A (host name to IPv4), AAAA (host name to IPv6), CNAME (host name to host name) and Alias (host name to AWS resource)

Question 61

Q

What is a DNS Records TTL?

Answer

A

Time to Live. It is a duration that is specified back to the client to be cached. Helps the load on the DNS. It is mandatory.

Question 62

Q

A CNAME and Alias can point to a root hostname true or false?

Answer

A

False; an Alias can point to root and non-root but a CNAME must point to a non-root domain

Question 63

Q

An alias must point a hostname to an AWS Resource true or false

Question 64

Q

Multiple values are returned to the client using a simple routing policy. Which route is chosen?

Answer

A

It is chosen by random by the client

Answer 60

A

It controls the percentage of the requests that go to a specific endpoint

Answer 61

A

Redirect to the server that has the least latency close to us

Answer 62

A

Endpoint, status of other health checks, or state of a CloudWatch alarm

Answer 63

A

Route 53 will perform a health check on a primary resource, and if unhealthy, will route to the secondary, disaster-recovery resource.

Answer 64

A

Routes the user based on location

Answer 65

A

Geo location does not care about latency. Users in latency can be sent to resources not in their nearest geo-location.

Answer 66

A

In Multi-Value, you can associate your routing records with a Route53 health check.

Answer 67

A

It enables instances in a private subnet to initiate communication to the internet, but doesn’t allow the internet to initiate communication to the private subnet.

Answer 68

A

You allow all traffic to flow through your load balancer. It is redirected to your target group. Change the security group of the EC2 (or Target Group?) to accept traffic from ELB in the Source field.

Answer 69

A

A Target Group tells the load balancer where to direct to a group of instances based on path, hostname or query string and headers

Answer 70

A

To forward TCP & UDP traffic to your instances

Answer 71

A

False. They provide a static DNS.

Answer 72

A

The Load Balancer does not have stickiness enabled

Answer 73

A

Look into the X-Forwarded-For header in the backend

Answer 74

A

The ASG will terminate the EC2 Instance. Remember, the ELB is not in charge of scaling instances.

Answer 75

A

Vertical Scaling

Answer 76

A

Network Load Balancer. The Network Load Balancer exposes a static IP, whereas an Application or Classic Load Balancer expose a static DNS (URL)

Answer 77

A

Use SNI. Server Name Indication is a feature allowing you to expose multiple SSL certs if the client supports it

Answer 78

A

Server Name Indication (SNI)

Answer 79

A

Target Tracking

Answer 80

A

It checks for connection requests from clients, using the protocol and port that you configure. The rules that you define for the listener determine how the load balancer routes requests to its registered targets.

Answer 81

A

Use HHD when you want to optimize for large streaming workloads where the dominant performance attribute is throughput;
Use SSD when you want to optimize for transactional workloads involving frequent read/write operations with small I/O size, where the dominant performance attribute is IOPS;

Answer 82

A

Postgres in aws RDS console: rds.force_ssl=1

MySQL within db: GRANT USAGE ON . ‘mysqluser’@’%’ REQUIRE SSL;

Brainscape's Knowledge GenomeTM

AWS Concepts Flashcards

Brainscape's Knowledge Genome^TM