Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Learning > AWS: CSA > Flashcards

AWS: CSA Flashcards

1
Q

List CloudWatch EC2 metrics that are available by default

A
  • CPU utilisation
  • Network utilisation
  • Disk reads
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

List CloudWatch EC2 metrics that are not readily available by default

A
  • Memory utilisation
  • Disk swap utilisation
  • Disk space utilisation
  • Page file utilisation
  • Log collection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Amazon FSx for Lustre?

A
  • High-performance file system built on Lustre
  • Lustre is an open-source parallel file system
    • Stores data across multiple network file servers to maximise performance and reduce bottlenecks
  • Use cases
    • High performance computing where high throughput and low latency is essential for processing large datasets
    • Machine learning and analytics
    • Media processing workloads (eg. video rendering, transcoding) where fast access to large files is required
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Amazon FSx for Windows FS?

A
  • Fully managed, high performance file storage service compatible with Windows
  • Supports SMB protocol, Windows NTFS and Microsoft Active Directory integration
  • Thousands of compute instances can access a file system concurrently
  • Use cases:
    • Enterprise applications eg. Microsoft SharePoint, Exchange and Active Directory
    • Migrating existing Window-based applications to AWS
    • Line of business applications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the options to provide user authentication and access control for your file system if using Amazon FSx for Windows?

A
  • Options:
    • AWS managed Microsoft Active Directory
    • Self managed Microsoft Active Directory
  • After creating an AD config for a file system, the config can’t be changed
    • You will need to create a new file system from a backup and change the AD config for that file system
    • The configs allow users in your domain to use their existing identity to access FSx file system and control access to individual files and folders
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Amazon EFS?

A
  • Fully managed file storage service for Linux-based applications
  • Supports NFSv4 - easy to mount EFS on multiple EC2 instances simultaneously
  • High availability and durability
    • Data stored across multiple AZ within a region
    • Built-in data redundancy and automatic failover
  • Use cases:
    • Containerised applications - shared storage for containers running on multiple EC2 instances
    • CMS - multiple web servers can share access to same files and data
    • Dev and test environments - devs can share code/resources across multiple instances
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What happens when EFS is mounted on EC2 instances?

A
  • Provides file system interface
  • Multiple EC2 instances can access an EFS file system at the same time, allowing EFS to provide a common data source for workloads and applications running on more than one EC2 instance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is AWS Glue?

A
  • Fully managed ETL service
  • Serverless environment for running ETL jobs
    • Pay for resources only during job execution
  • Provides a visual interface for defining ETL jobs
  • Data can be extracted from various sources and transformed to a suitable format for analysis
  • Automatic schema discovery and mapping
  • Use cases:
    • Data integration and transformation
    • Data lakes and data warehouses
    • Serverless data processing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is AWS DMS?

A
  • Fully managed database migration service
  • Supports homogeneous and heterogeneous migrations
  • Supports schema and data transformations
    • Map data to different schema structures
    • Transform data as it is being migrated
  • Continuous data replication
  • Perform one-time migrations as well as ongoing replication to keep databases in sync
  • Use cases:
    • Cloud migration
    • Database consolidation
    • Disaster recovery
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is AWS SCT?

A
  • Standalone schema conversion tool
  • Automate process of converting db schemas from one db engine to another
  • Analyzes source schema and generates target schema compatible with chosen target db engine
  • Use cases:
    • Database migration
    • Database engine upgrades
    • Cross-platform database consolidation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is AW Elastic Beanstalk?

A
  • Fully managed platform-as-a-service
    • Developer-centric view of deploying an app on AWS
    • Once deployed, it builds the selected supported platform version and provisions one/more AWS resources (ie. EC2 instances) to run the application
  • Free service but underlying AWS resources will have costs involved
  • Use cases:
    • Web applications
    • Microservices
    • DevOps workflows
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Lambda@Edge?

A
  • Serverless compute service extending Lambda capabilities to CloudFront edge locations
  • Execute code closer to your end users to reduce latency
  • Leverages Lambda service to automatically scale functions
  • Event-driven - functions run in response to CloudFront events
  • Use cases:
    • Dynamic content personalisation
    • Security and access control
      • Protect against XSS and SQL injections
    • Content optimisation
      • Optimise content delivery by compressing images, caching frequently accessed resources
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

At which points can you use Lambda functions to change CloudFront requests/responses?

A
  • Viewer request - after CloudFront receives a request from a viewer
  • Origin request - before CloudFront forwards request to origin
  • Origin response - after CloudFront receives response from origin
  • Viewer response - before CloudFront forwards response to viewer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does Lambda work with CloudFront CDN?

A
  • CloudFront functions
  • Lambda@Edge
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the differences between CloudFront functions vs Lambda@Edge?

A
  • CloudFront functions
    • Written in JS
    • Limited integration with AWS services - focused on CDN-related tasks
    • Runtime limitations - designed for lightweight, short-lived tasks that are executed quickly at the edge
    • Can be triggered by viewer requests/responses
  • Lambda@Edge
    • Supports multiple programming languages
    • Can be integrated with a lot of AWS services
    • Fewer runtime limitations - suitable for more complex and resource-intensive tasks
    • Can be triggered by all requests/responses from CloudFront (incl. origin requests/responses)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the difference between signed URLs vs signed cookies when serving private content from CloudFront?

A
  • Signed URL:
    • Embed authentication information directly into URLs making it useful for one-time or temp access to specific resources
    • Use cases:
      • RTMP distribution
  • Signed cookie:
    • Store authentication information in user’s browser to maintain session-based authentication and authorisation
    • Use cases:
      • Provide access to multiple restricted files
      • Don’t want to change current URLs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is AWS Shield?

A
  • Managed DDoS protection service
  • Automatically included at no extra cost with all AWS services that are accessible over the internet ie. CloudFront, ELB, Route53
  • Third-party DDoS providers may offer more customisation options but require more setup and may incur more costs
  • Use cases:
    • Protecting web apps
    • Ensuring high availability
    • Safeguarding against financial loss (Shield Advanced)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is the difference between AWS Shield - standard vs advanced?

A
  • Standard
    • Automatic protection against most common DDoS attacks
    • Included with all AWS services at no extra cost
  • Advanced
    • All features of standard
    • Real-time attack visibility and metrics
    • Additional cost protection features to safeguard against financial loss
    • Personalised support during attacks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is AWS Lake Formation?

A
  • Simplifies setting up and managing data lakes on AWS
  • Automates data ingestion, transformation, and access controls
  • Supports batch and real-time data ingestion
  • Includes a centralised data catalog that automatically indexes and organises metadata so it’s easy to search and analyze
  • Use cases:
    • Analytics and machine learning where there are large volumes of data from various sources
    • ETL jobs
    • Data governance and compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What are data lakes?

A

Centralised repo that allows you to store all your structured/unstructured data at any scale

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

How does AWS Lake Formation define access control policies?

A
  • IAM policies
  • Resource-based policies
    • Used to grant access to specific AWS accounts, IAM roles or federated users
  • Granular permissions
    • Granular permissions can be granted at the db, table, column level
    • Using the “grant” api operation
    • When granting permissions, you specify the resource (eg. tables, columns) and the actions the user can perform
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is the difference between FSx for Lustre vs EFS?

A
  • FSx for Lustre
    • Designed for high performance, compute-intensive workloads
  • EFS
    • General purpose file system suitable for a range of use cases
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the difference between EFS vs S3?

A
  • EFS
    • Shared file storage mounted directly to EC2 instances
    • Suitable for applications/workloads that require shared access to files
  • S3
    • Object storage service
    • Store and retrieve large amounts of unstructured data ie. images/videos/backups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What is AWS RAM?

A
  • Service that enables you to securely share your AWS resources with other AWS accounts
    • Accounts within your organisation or outside
  • Avoid overhead and complexity of duplicating resources across multiple accounts and regions
  • Centralised management and monitoring
  • Use cases:
    • Shared network resources
    • Shared DNS rules
    • Cost efficiency
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What is AWS Organisations?

A
  • Management service that enables you to consolidate AWS accounts
  • Provides framework for applying policies and permissions across accounts to simplify billing and enhance security
  • Use cases:
    • Consolidating billing
    • Centralised policy management
    • Account isolation - separate accounts to reduce risk of affecting production accidentally
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is the difference between AWS Organisations vs AWS Control Tower?

A
  • Organisations
    • Granular control and customisation options for advanced users
    • Suitable for users wanting detailed control over their account structures and policies
  • Control tower
    • Uses AWS Organisations under the hood
    • User-friendly with guided setup
    • Suitable for users wanting streamlined setup
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What is AWS Secret Manager?

A
  • Service for securely storing, managing and retrieving secrets
    • Secrets are stored securely using encryption keys managed by AWS KMS
    • Secrets are encrypted at rest and in transit
  • Automated secret rotation
  • Supports multiple versions of a secret
  • Use cases:
    • Storing db credentials, config secrets and API keys
    • Handle secrets in microservices architecture by enabling each service to only access the secrets it needs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is AWS Systems Manager Parameter Store?

A
  • Service providing secure, hierarchical storage for config data management and secrets management
    • Parameters can be stored as plain text or encrypted data using AWS KMS
  • Supports versioning of parameters to track changes
  • Use cases:
    • Storing application configuration settings ie. db connections, feature flags, environment-specific settings
    • Managing API keys
    • Dynamic configuration updates - retrieve config data at runtime to dynamically update configs without redeployment
29
Q

What is the difference between AWS Parameter Store vs AWS Secrets Manager?

A
  • Parameter store
    • General purpose
    • Used for config data and secrets
    • Requires custom implementation for secrets rotation
    • Free tier for standard parameters and charges for advanced parameters
  • Secrets manager
    • More robust secret management capabilities
    • Automatic secrets rotation
    • Higher cost
30
Q

What is AWS WAF?

A
  • Managed service that helps protect web applications from common web exploits ie. OWASP top 10 vulnerabilities
  • Create security rules to control traffic to your apps
    • Pre-configured managed rulesets
    • Custom rules to filter web traffic based on IP addresses, HTTP headers/body or URI strings
  • Real-time monitoring
  • Use cases:
    • Web application protection
    • DDoS protection
    • IP whitelisting/blacklisting
    • Block requests from specific countries/regions
31
Q

What is the difference between AWS WAF vs AWS Shield?

A
  • WAF
    • Protects web applications from layer 7 attacks (application layer) ie. SQL injections, XSS
    • Customisable and managed rules for application-level security
  • Shield
    • Protects against DDoS attacks at layer 3 (network layer), layer 4 (transport layer) and some layer 7 attacks (application layer)
    • AWS Shield Advanced includes DDoS cost protection and advanced metrics
32
Q

What is AWS Firewall Manager?

A
  • Security management service that provides centralised control over your organisation’s firewall rules across multiple AWS accounts/resources
  • Simplifies administration of firewall policies - manage rules for:
    • AWS WAF
    • AWS Shield
    • VPC security groups
    • AWS Network Firewall
    • Route 53 Resolver DNS Firewall
  • Use cases:
    • Org-wide security policies
    • Enforce consistent security rules and automate compliance
33
Q

What is the difference between AWS WAF vs AWS Firewall Manager?

A
  • AWS WAF
    • Protect web applications by mitigating common web exploits
    • Operates on per-application basis
  • AWS Firewall Manager
    • Centralised management for not only WAF rules but other firewall rules and security policies
    • Enforce WAF rules across AWS accounts and resources in a unified manner
34
Q

What is an egress-only internet gateway?

A
  • VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet but prevents the internet from initiating inbound IPv6 connection
  • Horizontally scaled and highly available
35
Q

What is AWS Network Firewall?

A
  • Managed network security service to protect your VPC environments
  • Supports stateful and stateless rules to allow/block traffic
    • Provides traffic flow inspection and web filtering
  • Can perform deep packet inspection
  • Use cases:
    • Detecting and blocking threats
    • Compliance
36
Q

What is the difference between AWS WAF vs AWS Network Firewall?

A
  • WAF
    • Designed for protecting applications from layer 7 threats
  • Network firewall
    • Designed to provide broader network security - layer 3, 4 and some layer 7
37
Q

What is AWS Artifact?

A
  • Free self-service portal that provides access to compliance reports and online agreements
  • Helps organisations manage compliance and regulatory requirements
  • Use cases:
    • Compliance documentation for audit preparation
    • Managing agreements
    • Customer assurance
38
Q

What is the difference between AWS Artifact vs AWS Audit Manager?

A
  • Artifact
    • Provide compliance documentation and agreements
  • Audit manager
    • Continuously audit AWS usage to simplify how you comply with regulations
39
Q

What are the 3 main components of a distributed messaging system?

A
  1. Components of your distributed system (which can be hosted on EC2 instances
  2. Queue
  3. Messages in the queue
40
Q

For a ASG scale-in policy, which EC2 instance will be the first to be terminated by default?

A

The EC2 instance launched from oldest launch template

41
Q

What are the different types of ASG scaling policies and their use cases?

A
  • Dynamic scaling
    • Target tracking scaling
      • Adjusts instances to keep at or near target value
      • Use case: consistent performance
    • Step scaling
      • Adjusts instances by specified amount based on thresholds
      • Use case: scale in a controlled or gradual manner
    • Simple scaling
      • Single scaling adjustment
      • Less flexibility than step scaling
      • Use case: basic scaling needs
  • Scheduled scaling
    • Adjusts instances based on a schedule
    • Can specify start time, end time and recurrence
    • Use case: predictable traffic patterns
  • Predictive scaling
    • Use machine learning to predict future traffic and adjustments
    • Analyses historical data and patterns to forecast demand
    • Use case: proactive scaling
42
Q

What is the difference between AWS EBS vs instance store?

A
  • EBS
    • Persistent block storage
    • Data persists even after an instance is stopped or terminated
  • Instance store
    • Temporary block storage
    • Data is lost when instance is stopped or terminated
43
Q

What is the difference between AWS EBS vs EFS

A
  • EBS
    • Suitable for high performance, low latency workloads
  • EFS
    • Suitable for applications requiring shared file storage
44
Q

What is AWS DLM?

A
  • Tool that helps automate creation, retention and deletion of EBS snapshots
  • Simplifies management of data lifecycle policies
  • Automatic backup policies
  • Ensures backups are regularly created and old ones are deleted according to specified retention rules
  • Use cases:
    • Regular backups
    • Retention policies
    • Disaster recovery
45
Q

What are the different performance modes for EFS?

A
  • General purpose mode
  • Max I/O mode
46
Q

What are the different throughput modes for EFS?

A
  • Bursting throughput
    • Throughput scales as amount of data grows
    • Designed to burst to high throughput levels for periods of time
  • Provisioned throughput
    • Designed for high throughput to storage ratios
47
Q

What is AWS Macie?

A
  • Fully managed data security and data privacy service
  • Uses machine learning and pattern matching to protect sensitive data (PII) stored in S3
  • Continuous monitoring and provide alerts to mitigate potential threats
  • Use cases:
    • Data privacy and compliance
    • Data security
48
Q

What is the difference between AWS Macie vs GuardDuty?

A
  • Macie
    • Focuses on discovering and protecting sensitive data in S3
  • GuardDuty
    • Focuses on malicious or unauthorised behaviour across AWS environments
49
Q

What is AWS ALB?

A
  • Service that automatically distributes incoming application traffic across multiple targets within one/more AZ
  • Operates at the application layer (layer 7) - enables it to route traffic based on rule-based routing configurations
    • Supports host-based, path-based and header-based routing
  • SSL/TLS termination
  • Use cases:
    • Microservices architecture to route traffic to different microservices
    • Distribute traffic to containers running across multiple instances for high availability and scalability
    • Perform A/B testing and blue/green deployments using traffic splitting
50
Q

What is the difference between ALB vs NLB?

A
  • ALB
    • Operates at layer 7
    • Designed for HTTP/HTTPS applications needing content-based routing
  • NLB
    • Operates at layer 4
    • Designed for TCP/UDP applications needing ultra-low latency and high throughput
51
Q

What is the difference between ALB vs CLB?

A
  • ALB
    • Operates at layer 7
    • Supports host-based, path-based and header-based routing
  • CLB
    • Operates at layer 4 and layer 7 but with limited features
    • Basic load balancing functionality
52
Q

What are the different S3 storage classes and their use cases?

A
  • S3 standard
    • Suitable for frequently accessed data
    • Most expensive
  • S3 standard-IA (infrequent access)
    • Suitable for data that is accessed less frequently but requires rapid access when needed
  • S3 intelligent-tiering
    • Automatically moves data between access tiers (frequent and infrequent access) based on changing access patterns
    • Suitable for data with unpredictable access patterns
  • S3 one zone-IA
    • Suitable for infrequently accessed data that does not require multiple AZ resilience
  • S3 glacier
    • Suitable for data archiving where retrieval times of minutes to hours are acceptable
  • S3 glacier deep archive
    • Suitable for long-term data archiving with retrieval times within 12 hours
53
Q

What is the cooldown period for ASG?

A
  • Cooldown period is a configurable setting
  • Ensures ASG does not launch/terminate additional instances before before previous scaling activity takes effect
  • Default value is 300 seconds
54
Q

What is the message retention period for SQS?

A
  • Message retention period
    • Default: 4 days
    • Maximum: 14 days
  • SQS automatically deletes messages in the queue for more than 4 days
55
Q

What is the S3 Object Lock feature?

A
  • Store objects using a WORM (write once read many) model
  • Unable to upload new versions of an object
  • Useful when you want to prevent objects from being deleted/overwritten
56
Q

What is SWF?

A
  • Fully managed service for coordinating work across distributed components
  • Ensures tasks are executed in correct sequence
  • Facilitates decoupling of application components by allowing workflows to run independently
  • Use cases:
    • Business process automation
    • Background job processing
    • Microservice orchestration
57
Q

What is the difference between SWF vs Step Functions?

A
  • SWF
    • More flexible and suitable for complex workflows
    • More manual coding and management
    • Requires custom integration efforts with AWS services
  • Step functions
    • Easier to implement workflows but with less fine-grained control
    • Built-in integrations with many AWS services
58
Q

What is the difference between Gateway VPC endpoint vs Interface VPC endpoint?

A
  • Gateway VPC endpoint
    • Supports S3 and DynamoDB services
    • Adds a route in VPC route table, no additional ENIs are created
    • Traffic to services is routed directly by gateway
    • Generally cheaper as it does not involve ENIs
  • Interface VPC endpoint
    • Supports a wider range of AWS services
    • Creates ENIs in specified subnets
    • Traffic to services is directed to ENIs which then connects to services
    • Incur additional costs due to usage of ENIs
59
Q

What is AWS Aurora?

A
  • Fully managed relational database
    • Designed for MySQL and PostgreSQL compatibility
  • High performance and scalability
  • High availability
  • Use cases:
    • Enterprise applications
    • SaaS applications
    • Analytics and reporting
60
Q

What is the difference between Active-Active Failover vs Active-Passive Failover?

A
  • Active-Active failover
    • All instances are active and handling traffic
    • More complex to set up
    • Higher cost
  • Active-Passive failover
    • One instance is active while others are on standby
    • Easier to set up
    • More cost-effective
61
Q

What is the difference between Aurora vs RDS?

A
  • Aurora
    • Significantly higher performance
    • Automatically scales storage without downtime
    • Supports up to 15 read replicas
    • Multi-region replication
    • More cost-effective when at scale
  • RDS
    • Requires manual intervention to scale
    • Supports fewer read replicas
    • Less flexible replication options
62
Q

What is the difference between Aurora vs Redshift?

A
  • Aurora
    • Designed for transactional OLTP workloads
    • Relational data model
  • Redshift
    • Designed for analytical OLAP workloads
    • Columnar data model for efficient query performance on large datasets
63
Q

What is S3 Select?

A
  • Feature to retrieve a subset of data from S3 using SQL
  • More efficient data retrieval
  • Reduce data transfer and processing costs
  • Use cases:
    • Log analysis
    • Ad-hoc queries
64
Q

What is the difference between S3 Select vs Athena?

A
  • S3 select
    • Ideal for simple queries on individual S3 objects
    • Optimised for quick and efficient retrieval since it uses subset of data
    • Cheaper as it only scans the relevant data in the object
  • Athena
    • Ideal for running queries across large datasets
    • Scales automatically to handle large queries and can be overkill for simple queries
    • Charged based on amount of data scanned by queries
65
Q

What is the difference between S3 Select vs Redshift Spectrum?

A
  • S3 select
    • Ideal for simple queries on individual S3 objects
    • Faster and more cost-effective for lightweight querying needs
  • Redshift spectrum
    • Ideal for large-scale queries
    • More expensive
66
Q

What are the common reasons for EC2 instances not being accessible from the internet?

A
  • Route table is not configured properly
  • EC2 instance does not have a public IP address or EIP associated with it
67
Q

Which protocol does SSH use?

A
  • TCP
68
Q
A

Learning (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions