AWS Practitioner Flashcards

Question 1

Q

What would you use to get automatic notifications if your account spending goes over a certain amount?

Answer

A

A Billing Alarm will notify you if your account spending goes over a certain amount.

Question 2

Q

What is IAM used for?

Answer

A

Identity Access Management (IAM) is used for assigning roles and permissions to users

Question 3

Q

What is an API Gateway?

Answer

A

An API Gateway acts as a reverse proxy that accepts all API calls and aggregates them to the various services.

Question 4

Q

What is Athena?

Answer

A

Athena is a query service allowing you to analyse and query data located in S3 buckets.

Question 5

Q

What is Macie?

Answer

A

Macie is a security service that uses Machine Learning and NLP (Natural Language Processing) to discover, classify and protect sensitive data stored in S3.

It provides dashboards, reports and alerts and can also analyse and query Cloudtrail logs.

Question 6

Q

What is AWS Cognito?

Answer

A

Cognito provides authentication, authorisation and user management for web and mobile apps.

It allows users to sign-in either directly or through a 3rd party such as Facebook, Amazon, Google or Apple.

Question 7

Q

What are the two main components of AWS Cognito?

Answer

A

User pools and Identity pools are the main components of AWS Cognito

Question 8

Q

What are Cognito user pools?

Answer

A

User pools is a user directory for SaaS applications.

It provides sign-up and sign-in to web and mobile applications for your users

Question 9

Q

What are Cognito identity pools?

Answer

A

Identity pools enable you to grant your users access to other AWS services.

Question 10

Q

What is AWS Config?

Answer

A

AWS Config is a service that enables you to assess, audit and evaluate the configurations of your AWS resources.

Config allows you to identify changes to various resources over time

Question 11

Q

What are AWS Organisations?

Answer

A

AWS Organisations is an account management service that enables you to consolidate multiple AWS accounts into an organisation that you create and manage centrally

Question 12

Q

What is AWS Security Hub?

Answer

A

AWS Security Hub gives you a view of your high-priority security alerts and security posture across all your AWS accounts

Question 13

Q

What is AWS Transit Gateway?

Answer

A

Transit Gateway connects VPCs and on-premises networks through a central hub.

Question 14

Q

What is CloudFront?

Answer

A

CloudFront is a fast content delivery network (CDN) that delivers data and applications globally with low latency.

Question 15

Q

What is Cloudwatch?

Answer

A

Cloudwatch monitors your AWS resources and the applications that run on it.

Cloudwatch allows billing alarms to be created if your total cost exceeds a certain value

Question 16

Q

What does Cloudwatch use to notify in the event of an alarm being triggered?

Answer

A

Cloudwatch uses SNS topics to notify in the event of an alarm being triggered

Question 17

Q

What is the key difference between Cloudwatch and Cloudtrail?

Answer

A

Cloudwatch is about performance and Cloudtrail is about auditing

Question 18

Q

What is EBS?

Answer

A

EBS (Elastic Block Store) is a high-performance, block-storage service to store data on the cloud.

It can be seen as a virtual hard disk in the Cloud.

Question 19

Q

How can you use an EBS volume to create an image?

Answer

A

You can take a snapshot of your volumes to create images to provision new EC2 instances.

Question 20

Q

What is EC2?

Answer

A

EC2 is a web service that provides resizeable compute capacity in the Cloud.

Question 21

Q

What is a security group?

Answer

A

A security group acts as a virtual firewall that controls traffic into an instance allowing different types of traffic into named port numbers

Question 22

Q

What is a Network Access Control List (NACL) ?

Answer

A

A Network Access Control Lists work on subnets and allow you to block/blacklist certain ports or ip addresses

Question 23

Q

What are AMIs?

Answer

A

AMIs (Amazon Machine Image) are images that provide all the information required to launch an instance.

Question 24

Q

What are the two types of volumes that back AMIs?

Answer

A

The two storage types are Instance Store and EBS backed volumes.

Question 25

Q

What are EBS volumes?

Answer

A

EBS volumes are stores that are created from an Amazon EBS snapshot.

Question 26

Q

What is an ENI?

Answer

A

ENI is an Elastic Network Interface - essentially a virtual network card.

Question 27

Q

What is EN?

Answer

A

EN is Enhanced Networking.

EN uses single root I/O virtualisation to provide high-performance networking on supported instance types.

Question 28

Q

What is Elastic Fabric Adapter?

Answer

A

Elastic Fabric Adapter is a network device that can be attach to your EC2 instance to accelerate High Performance Computing (HPC) and machine learning applications.

Question 29

Q

What are Spot Instances?

Answer

A

Spot Instances let you take advantage of unused EC2 capacity in the Cloud.

Spot instances are available at uptown a 90% discount.

Question 30

Q

What are Spot instances useful for? (examples)

Answer

A

Spot instances are useful for:

Big data and analytics
Containerised workloads
CI / CD testing
Web services

Question 31

Q

What are Spot Fleets?

Answer

A

Spot Fleets are a collection of Spot Instances.

Spot Fleets attempt to launch the number of Spot Instances and On-Demand instances to meet the target capacity specified.

Question 32

Q

What is Grafana?

Answer

A

Grafana is an open source visualisation tool that can be used on top of a variety of data stores providing dashboards.

Question 33

Q

What does IAM use to manage access?

Answer

A

IMA uses Groups (to which users can be assigned), and Roles to manage access.

Question 34

Q

What is Kinesis Firehose?

Answer

A

Kinesis Firehose is a tool to load streaming data into data lakes, data stores and analytics tools.

Firehose can capture, transform and load data enabling real-time analytics.

Question 35

Q

What is Lambda?

Answer

A

Lambda is a serverless compute function that runs code in response to events and requests without managing servers

Question 36

Q

What are Load Balancers used for?

Answer

A

Load Balancers are used to balance load across internet-facing web servers.

Question 37

Q

What are the three types of Load Balancers?

Answer

A

The three types of Load Balancers are:

Application Load Balancers
Network Load Balancers
Classic Load Balancers

Question 38

Q

What are Application Load Balancers?

Answer

A

Application Load Balancers are best suited for http and https traffic.

They are application aware and send specific requests to specific web servers.

Question 39

Q

What are Network Load Balancers?

Answer

A

Network Load Balancers are best suited for load balancing of TCP traffic where extreme performance is required.

Question 40

Q

What are Classic Load balancers?

Answer

A

Classic Load balancers are used to balance http and https traffic but are not application aware.

Classic Load balancers are typically used as a cheap option when you don’t care how the load is distributed.

Question 41

Q

What is a NAT Gateway?

Answer

A

NAT Gateways allow your private subnets to communicate out to the internet without becoming public.

Question 42

Q

What are AWS Regions?

Answer

A

An AWS Region is a geographical area

Question 43

Q

What are AWS Availability Zones?

Answer

A

Availability Zones are close proximity, but separate, data centres within AWS Regions.

Question 44

Q

What are Edge Locations?

Answer

A

Edge Locations are endpoints that are used for caching content.

Question 45

Q

What do Edge Locations consist of to enable content caching?

Answer

A

Edge Locations uses CloudFront (which is Amazons CDN) to cache content.

Question 46

Q

What is a VPC?

Answer

A

A VPC is a Virtual Private Cloud - a virtual data centre where you can deploy your Cloud assets.

Question 47

Q

What is Amazon RDS?

Answer

A

Amazon Relational Database Service is a managed service to setup and operate a relational DB in the Cloud.

Question 48

Q

What is Quicksight?

Answer

A

Quicksight is a business analytics service to build visualisations and perform ad-hoc analysis from your data.

Question 49

Q

What is S3?

Answer

A

S3 is secure, durable and highly scaleable object storage.

Question 50

Q

What are the S3 tiers?

Answer

A

The S3 tiers are:

S3 standard
S3 IA (infrequently accessed)
S3 one zone IA
S3 intelligent tiering (moves objects around based on how you use/access your data)
S3 glacier
S3 glacier deep archive
-S3 Outposts

Question 51

Q

What can you use to restrict bucket access?

Answer

A

You can restrict S3 bucket access in the following ways:

Bucket policies (that apply across the whole bucket)
Object policies (that apply to individual files)
IAM policies to users and groups

Question 52

Q

What is AWS DataSync?

Answer

A

DataSync is used to move large amounts of data from on-premise to AWS. Replication can be done hourly, daily or weekly

Question 53

Q

What is Snowball?

Answer

A

Snowball is a petabyte-scale transport solution to get data in / out of AWS

Question 54

Q

What are Snowball Edge and Snowmobile?

Answer

A

Snowball Edge is a 100TB data transfer device with compute capabilities. It can act as either a transport vehicle or support work in offline locations because it can run lambda functions etc.

Snowmobile is for data transfer 100PB and is a shipping container on a truck.

Question 55

Q

What is Storage Gateway?

Answer

A

Storage Gateway is a device used to transfer data from your on premise site to AWS Cloud-based storage to provide seamless integration.

Question 56

Q

What are the different types of Storage Gateways?

Answer

A

The different types of Storage Gateway are:

File Gateway
Volume Gateway
Tape Gateway

Question 57

Q

What are File Gateways?

Answer

A

File Gateways are used to store your on-premise data as files within S3. Once uploaded the files are treated as native S3 objects.

Question 58

Q

What are Volume Gateways?

Answer

A

A Volume Gateway provides cloud-backed storage volumes that you can mount as Internet Small Computer System Interface (iSCSI) devices from your on-premises application servers.

Question 59

Q

What are Taped Gateways?

Answer

A

Tape Gateway enables you to replace using physical tapes on premises with virtual tapes in AWS

Question 60

Q

What are VPC Endpoints?

Answer

A

A VPC Endpoint is essentially a configuration that allows your services in your VPC to access a service made available to you via PrivateLink.

A VPC endpoint creates a private connection between your VPC and another AWS service without requiring access over the Internet, through a NAT device, a VPN connection, or AWS Direct Connect.

Question 61

Q

What are the two types of VPC endpoints?

Answer

A

The two types of VPC endpoints are:

Interface endpoints
Gateway endpoints

Question 62

Q

What are Interface endpoints?

Answer

A

Interface endpoints are a type of VPC endpoint that creates an ENI with a private IP address in the subnet to serve as an entry point for traffic destined to another AWS service.

Question 63

Q

What is a Gateway endpoint?

Answer

A

Gateway endpoints are a type of VPC endpoint that you specify as a target for a route in the route table for traffic destined to a supporting AWS service

Question 64

Q

What is WAF?

Answer

A

WAF (Web Application Firewall) allows the monitoring of the http and https requests.

Answer 65

A

The four primary services for storing data in AWS are:

Elastic Block Store (EBS)
Elastic File System (EFS)
Amazon FSx
S3

Answer 66

A

A use case maybe for large enterprise apps to use EBS to store self-managed relational and NoSQL databases.

They may then run big data analytics engines against this information that work at lightning speed.

Answer 67

A

No, block storage contains no metadata. Object-based storage has metadata

Answer 68

A

EBS’s biggest strengths are its reliable performance and flexibility.

It’s ideal for apps that need low latency with many IO operations like database servers. It’s scalable, so you can add extra block storage volumes without dropping performance.

Answer 69

A

(EFS) is a fully managed and scalable NFS file system (for Linux) that can be mounted to EC2 instances and on-premises compute resources.

Answer 70

A

Amazon GuardDuty is an intelligent threat detection service that continuously monitors for malicious activity and unauthorised behaviour to protect your AWS accounts, workloads, and data stored in Amazon S3.

GuardDuty analyzes tens of billions of events across multiple AWS data sources, such as AWS CloudTrail event logs, Amazon VPC Flow Logs, and DNS logs.

Answer 71

A

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS.

Using AWS Direct Connect, you create a private connection between AWS and your data center, office, or colocation environment.

Answer 72

A

AWS PrivateLink is a highly available, scalable technology that enables you to privately connect your VPC to services as if they were in your VPC.

Answer 73

A

The advantages to Cloud Computing are:

Go global in minutes
Stop spending money on running and maintaining data datacentres
Benefit from massive economies of scale
Increase speed and agility
Stop guessing capacity
Trade capital expenses for variable expenses

Answer 74

A

The 4 benefits are:

High Availability
Elasticity
Agility
Durability

Answer 75

A

The 3 common Cloud computing models are:

IaaS
PaaS
SaaS

Answer 76

A

The 3 common Cloud deployment models are:

Private Cloud
Public Cloud
Hybrid Cloud

Answer 77

A

Another term for Private Cloud is ‘on-premises’

Answer 78

A

Availability Zones are:

Physically separated
Connected through low-latency links
Fault tolerant
Allow high availability

Answer 79

A

AWS Command Line Interface (CLI) is a service that allows you to programmatically access your AWS account through a terminal or command window

Answer 80

A

Software Development Kits (SDKs) allow you to access AWS Services from popular programming languages

Answer 81

A

Using Lambda you are charged based on the duration and number of requests.

You have access to 1 million free Lambda calls each month.

Answer 82

A

Fargate is a serverless compute engine for containers.

Fargate allows you to manage containers. It is serverless and scales automatically

Answer 83

A

Lightsail is a service that allows you to quickly launch all the resources needed for small projects.

Lightsail enables the deployment of preconfigured applications such as WordPress websites and comes with a VM, a static IP, SSD based storage and more.

Answer 84

A

AWS Outposts allows you to run cloud services in your internal data center.

Outposts support workloads that need to remain on-premise for latency or data sovereignty needs. AWS delivers and installs the servers in your data center.

Answer 85

A

AWS Batch allows you to process large workloads in smaller chunks (or batches).

AWS Batch can run hundreds / thousands of smaller batch processing jobs and can dynamically provision instances based on volume.

Answer 86

A

You are only responsible for your application code. AWS manages servers, coding environment, and language support

Answer 87

A

S3 Access logs are used to track the access to your buckets and objects

Answer 88

A

S3 is a regional service but bucket names must be globally unique

Answer 89

A

Durability means your objects are never lost or compromised.

Amazon S3 Standard
is designed for 99.999999999%
(11 9’s) of durability.

Answer 90

A

Availability means you can access your data quickly when you need it.

Amazon S3 Standard is designed for 99.99% availability.

Answer 91

A

S3 Standard is recommended for frequently accessed data

Answer 92

A

S3 Intelligent Tiering is recommended for data with unknown or changing access patterns

Answer 93

A

S3 Infrequent Access is recommended for long-lived data that is not frequently accessed yet gives millisecond access when needed

Answer 94

A

S3 One Zone IA is recommended for re-creatable data, infrequently accessed with millisecond access but where availability and durability is not essential

Answer 95

A

S3 Glacier is recommended for long term backups and cheaper storage options

Answer 96

A

S3 Glacier Deep Archive is used for long-term data archival accessed once or twice a year, or retaining data for regulatory compliance needs.

Answer 97

A

S3 Outposts is recommended for data that needs to be kept local or has demanding application performance needs.

Answer 98

A

4 common real world usage scenarios include:

Static websites (deploy to S3 and distribute with Cloudfront)
Data archival ( store in S3 Glacier)
Analytics systems (store in S3 and use analytic services like Redshift and Athena)
Mobile applications (App users can upload to S3 buckets)

Answer 99

A

The supported storage options are :

Elastic Block Store (EBS)
Elastic File System (EFS)
Instance Store

Answer 100

A

The key attributes of note for EBS are:

The data persists when the instance is not running
It is tied to one AZ
It can only be attached to 1 instance in the same AZ

Answer 101

A

EBS is recommended for
- Quickly accessible data
- Running a database on an instance
- Long-term data storage

Answer 102

A

EC2 instance store is local storage that is physically attached to the host computer and cannot be removed.

Answer 103

A

The key attributes of note for EC2 instance store are:

Storage on disks physically attached to an instance
Storage is temporary with the data being lost when the EC2 is stopped
EC2 instance store is fast with high I/O speeds

Answer 104

A

EC2 instance stores are recommended for:

temporary storage data needs
data replicated across multiple instances

Answer 105

A

The key attributes of note for EFS are:

It only supports the Linux file system
It is accessible across different AZ’s in the same region
It is more expensive than EBS

Answer 106

A

EFS is recommended for:

Main directories for business-critical apps
Lift and shift existing enterprise apps

Answer 107

A

The key attributes of note for storage gateway are:

That it connects on-premise and cloud data
and that it is a hybrid storage model

Answer 108

A

Storage gateway is recommended for:

Moving backups to the cloud
Reducing costs for hybrid cloud storage
Low latency access to data

Answer 109

A

AWS Backup is a service that lets you manage data backups across multiple AWS Services.

Answer 110

A

AWS Backup integrates with EC2, EBS, EFS and more.

Backup plans can include both frequency of backup and retention period

Answer 111

A

4 key attributes of CloudFront are:
- makes content available globally or restricts it based on location
- provides security features like DDoS protection and geo-restriction
- speeds up delivery of static and dynamic web content
- uses edge locations to cache content

Answer 112

A

Global Accelerator sends your users through the AWS global network when accessing content, speeding up delivery.

Global Accelerator provides low latency.

Answer 113

A

Global Accelerator provides:

improved latency and availability of single-region applications
60% performance boost
sending traffic through AWS infrastructure
re-routing of traffic to healthy available regional endpoints

Answer 114

A

S3 Transfer Acceleration improves content uploads and downloads to and from S3 buckets.

Answer 115

A

S3 Transfer Acceleration provides:

improved speed in the transfer of files over long distances
enables customers worldwide to upload to a central bucket
uses CloudFronts globally distributed edge locations

Answer 116

A

EC2 instances can be accessed by:

AWS Management Console
Secure Shell (SSH)
EC2 Instance Connect (EIC)
AWS Systems Manager

Answer 117

A

EC2 Instance Connect allows you to use IAM policies to control SSH access to your instances, removing the need to manage SSH keys

Answer 118

A

Systems Manager allows you to manage your EC2 instances via a web browser or the AWS CLI

Answer 119

A

The steps to connect to an EC2 using SSH are:

generate a key pair
use the private key to connect to the EC2 (public key)

Answer 120

A

You should use on-demand instances when:

you care about low cost without upfront payment or long-term commitment
your applications have unpredictable workloads that can’t be interrupted
your applications are under development
your workloads will not run any longer than a year

Answer 121

A

You should use Spot instances when:

you are not concerned about the start or stop time of your application
your workloads can be interrupted
your application is only feasible at very low compute prices

Answer 122

A

You can save up to 90% by using Spot instances

Answer 123

A

You should use EC2 Reserved Instances when:

your application has a steady state usage and you can commit to 1 - 3 years
you can pay money upfront in order to receive a discount on on-demand prices
your application requires a capacity reservation

(you need to sign a contract)

Answer 124

A

You can save up to 75% on on-demand prices using reserved instances.

Answer 125

A

You should use EC2 Dedicated Hosts when:

you want to bring your own server-bound software licences
you have regulatory or corporate compliance requirements around tenancy models

Answer 126

A

You can save up to 70% on on-demand prices using dedicated hosts.

Answer 127

A

You should use EC2 Savings Plans when:

you want to lower your bill across multiple compute services.
you want the flexibility to change compute services, instance types, OS’s or regions
savings can be shared across various compute services like EC2, Fargate and Lambda

Answer 128

A

You can save up to 72% on on-demand prices using EC2 Savings Plans.

Answer 129

A

Elastic Load Balancing automatically distributes your incoming application traffic across multiple EC2 instances.

Answer 130

A

EC2 auto-scaling adds or replaces EC2 instances automatically across AZs based on need and changing demand.

Answer 131

A

Horizontal scaling (or scaling out) adds or replaces instances, while vertical scaling (or scaling up) upgrades existing instances.

Answer 132

A

Lambda is a sever less compute service that lets you run code without managing servers.

Answer 133

A

The key features of Lambda are:

the support of popular programming languages such as Java, Powershell and Python
coding via IDEs or in the console
Lambda can execute in response to events
Lambda functions have a 15 minute timeout

Answer 134

A

S3 versioning allows you to create multiple versions of your file in order to protect against accidental deletion or to use previous versions.

Answer 135

A

S3 access logs allow you to track the access to your buckets and objects.

Answer 136

A

A CDN is a mechanism to deliver content quickly and efficiently based on geographic location.

Answer 137

A

Latency is the time it takes to respond to a request.

Answer 138

A

CloudFront:

makes content available globally or restricts it based on location
uses edge locations to cache content
speeds-up delivery of static and dynamic web content

Answer 139

A

3 use cases for CloudFront are:

S3 Static websites
Prevent attacks (can stop DDOS attacks)
IP address blocking (geo-restrictions prevents users in certain areas accessing content)

Answer 140

A

A Network ACL is an access control list to ensure that the proper traffic is allowed into a subnet.

Answer 141

A

An internet gateway allows public traffic to the internet from a VPC.

Answer 142

A

DNS stands for Domain Name System and directs internet traffic by connecting domain names with servers.

Answer 143

A

Route 53 is a DNS service that routes users to applications.

Answer 144

A

Direct Connect provides:

a dedicated physical network connection
a means for data to travel over a private network
connects on premise and AWS
supports a hybrid model

Answer 145

A

AWS VPN creates a secure connection between your internal networks and your AWS VPCs.

Answer 146

A

AWS VPN provides:

connectivity between your on-premise data to AWS
similar features to Direct Connect but the data travels over the public internet
encrypted data
support for a hybrid model

Answer 147

A

A Virtual Private Gateway is a VPN connector on the AWS side.

Answer 148

A

A Customer Gateway is a VPN connector on the customer side.

Answer 149

A

An API Gateway is a mechanism to build and manage APIs.

Answer 150

A

RDS is Amazon Relational Database Service that makes it easy to launch and manage relational databases.

Answer 151

A

The key features of RDS are:

it supports popular database engines
AWS manages the databases with automated patching, backups and maintenance etc
it offers high availability and fault tolerance using multi-AZ deployment options
Read replicas can be used across regions to provide enhanced performance and durability.

Answer 152

A

Amazon Aurora is a relation db compatible with MySQL and PostgreSQL created by AWS.

Answer 153

A

The key features of Aurora are:

it supports MySQL and PostgreSQL
it scales automatically while providing durability and high availability
its is 5x faster than normal mySQL and 3x faster than PostgreSQL
it is managed by RDS

Answer 154

A

DynamoDB is a fully managed NoSQL key-value and document database

Answer 155

A

The key features of DynamoDB are:

it is a NoSQL key-value database
it is non-relational
it is fully managed and serverless
it scales automatically to massive workloads and fast performance

Answer 156

A

Amazon DocumentDB is a fully managed document database that supports MongoDB.

Answer 157

A

The key features of DocumentDB are:

it is a document database
it is fully managed and serverless
it is MongoDB compatible
it is non-relational

Answer 158

A

Elasticache is a web service to deploy, operate and scale an in-memory cache in the Cloud.

The service improves the performance of web applications by retrieving information from managed in-memory caches, instead of relying entirely on slower disk-based databases

Answer 159

A

The key features of Elasticache are:

it is an in-memory datastore
it is compatible with Redis or Memcached engines
it offers high performance and low latency

Answer 160

A

Amazon Neptune is a fully managed graph database that supports highly connected datasets.

Answer 161

A

The key features of Neptune are:

it is a graph database service
it is fully managed and serverless
it supports highly connected datasets like social media networks
it is fast and reliable

Answer 162

A

RDS is the best choice to migrate an on-premise Oracle db to the cloud

Answer 163

A

Either RDS or Aurora are the best choices to migrate an on-premise postgreSQL db to the cloud

Answer 164

A

Elasticache is the best choice to alleviate database load for data that is accessed often

Answer 165

A

Neptune is the best choice to process large sets of user profiles and social interactions

Answer 166

A

DynamoDB is the best choice for a NoSQL db that can handle millions of requests a second

Answer 167

A

DocumentDB is the best choice to operate MongoDB workloads at scale

Answer 168

A

RDS supports:

Amazon Aurora
PostgreSQL
MySQL
MariaDB
Oracle
SQLServer

Answer 169

A

DMS helps you to migrate databases to or from AWS.

Answer 170

A

The key features of DMS are:

it migrates on-premise dbs to AWS
it supports homogeneous and heterogeneous migrations
it provides continuous data replication
it has virtually no downtime

Answer 171

A

SMS allows you to migrate on-premise servers to AWS.

Answer 172

A

The Snow family consists of SnowCone, Snowball and Snowball Edge, and SnowMobile

Answer 173

A

SnowCone is the smallest member of the data transport devices. It provides up to 8TB of storage and can be shipped offline or uploaded using DataSync.

Answer 174

A

Snowball and Snowball Edge are petabyte scale data transport solutions.

Snowball Edge also supports EC2 and Lambda

Answer 175

A

Snowball is a multi-petabyte or exabyte scale transport solution on a truck. The data can be loaded into S3.

Answer 176

A

A data warehouse is a data storage solution that aggregates massive amounts of historical data from disparate sources.

Data Warehouses support querying, reporting, analytics and business intelligence.

Answer 177

A

A
Redshift is a fully managed petabyte scale data warehouse service in the cloud.

Redshift allows you to perform business intelligence operations on historical data to answer business questions.

Answer 178

A

You would use Redshift when you need to consolidate multiple data sources for reporting, or if you want to run a db that doesn’t require real-time transactional updates.

Answer 179

A

Glue prepares your data for analytics.

It extracts the data from different data sources, transforms it, and then saves it in the data warehouse.

Answer 180

A

Elastic MapReduce helps you to process large amounts of data.

It works with big data frameworks and allows you to analyse data with Hadoop.

Answer 181

A

Data Pipeline helps you move data between compute and storage services running on AWS or on-premise.

Data Pipeline moves data at specific intervals and on certain conditions and sends notification of success or failure

Answer 182

A

QuickSight helps you to visualise your data.

It lets you build interactive dashboards and embed them within your applications

Answer 183

A

You would use Athena to query historical data in S3.

Answer 184

A

You would use Kinesis to analyse logs.

Answer 185

A

Recognition is a service that enables the automation of image and video analysis

Answer 186

A

Comprehend is a natural language processing service that finds relationships in text.

Answer 187

A

Polly is a service that turns text into speech

Answer 188

A

SageMaker is a service that helps you build, train and deploy machine learning models quickly.

Answer 189

A

Translate is a service that provides language translation

Answer 190

A

Lex is a service that lets you build conversational interfaces like chatbots.

Answer 191

A

Cloud9 allows you to write code in an IDE within your web browser.

Answer 192

A

CodeCommit is a source control system for private GIT repos.

It is a service similar to GIThub

Answer 193

A

CodeBuild allows you to build and test your application source code

Answer 194

A

CodeDeploy manages the deployment of code to compute services in the cloud (EC2, Fargate and Lambda) or on-premises

Answer 195

A

CodePipeline automates the software release process.

CodePipeline integrates with CodeCommit to retrieve source code, with CodeBuild to run builds and tests, and CodeDeploy to deploy the changes.

Answer 196

A

X-Ray helps you to debug production applications. For example by tracing calls to an RDS database

Answer 197

A

CodeStar helps developers work collaboratively on development projects.

CodeStar can manage the development pipeline of CodeCommit, CodeBuild and CodeDeploy

Answer 198

A

CloudFormation is a service that allows you to provision AWS resources using IaC

Answer 199

A

Elastic Beanstalk allows you to deploy your web applications and web services to AWS.

For example, after you upload your Java code, Elastic Beanstalk deploys it and handles capacity provisioning, load balancing, and Auto Scaling. Elastic Beanstalk even monitors the health of your application.

Elastic Beanstalk deploys to the Cloud only, not on-premises.

Answer 200

A

OpsWorks allows you to use Chef or Puppet to automate the config of your servers and deploy code.

OpsWorks allows you to define software installation scripts and automate configuration for your application servers.

OpsWorks can deploy applications on-premises.

Answer 201

A

Coupling defines the interdependencies or connections between components of a system.

Loose coupling helps reduce the risk
of cascading failures between components.

Answer 202

A

SQS is a message queuing service that allows you to build loosely coupled systems.

SQS works in a FIFO order

Answer 203

A

SNS allows you to send emails and text messages from your applications.

For example, you can have emails sent when a CPU utilisation goes above 80%. SNS works with CloudWatch when an alarm’s metric threshold is breached to send an email.

Answer 204

A

SES is an email service that allows you to send richly formatted HTML emails from your applications

Answer 205

A

CloudWatch is a collection of services that help you to monitor and observe your Cloud resources.

Answer 206

A

CloudTrail tracks user activity and API calls within your account.

CloudTrail can:

log and retain account activity
identify which user made changes
track activity through the console, SDKs and CLI
detect unusual activity in your account

Answer 207

A

CloudTrail can track:

user name
event time and name
IP address
access key
region
error code

Answer 208

A

Shield is a managed Distributed Denial of Service (DDOS) protection service

Answer 209

A

Shield provides DDoS protection and works with:

-CloudFront
-Route 53
-Elastic Load Balancing
-AWS Global Accelerator.

Answer 210

A

Inspector works with EC2 instances (only) to uncover and report vulnerabilities

Answer 211

A

Artefact offers on-demand access to AWS security and compliance reports

Artifact provides a central repository for AWS’ security and compliance reports via a self-service portal.

Answer 212

A

Data encryption encodes data so it
cannot be read by unauthorized users.

Answer 213

A

Key Management Service (KMS) allows you to generate and store encryption keys

Answer 214

A

CloudHSM is a hardware security module (HSM) used to generate and manage encryption keys.

CloudHSM allows you to meet corporate, contractual, and regulatory compliance requirements for data security by using
dedicated hardware in the cloud.

Answer 215

A

Secrets Manager allows you to manage and retrieve secrets (passwords or keys)

It integrates with services such as RDS, Redshift and DocumentDB and encrypts secrets at rest

Answer 216

A

The Application Discovery Service helps you plan
migration projects to the AWS Cloud.

Answer 217

A

The AWS Price List API allows you to query the price of AWS Services

Answer 218

A

The Pricing Calculator can be used to calculate the TCO

Answer 219

A

The 4 support plan levels are:

basic
developer
business
enterprise

Answer 220

A

You can open the following types of case with AWS Support:

account and billing
service limit increase
technical support

Answer 221

A

Budgets allows you to set custom budgets that alert you when your costs or usage exceed your budgeted amount.

Answer 222

A

The 3 budget types are:

cost budgets
usage budgets
reservation budgets

Answer 223

A

The Cost and Usage Report contains the most
comprehensive set of cost and usage data.

The Cost and Usage Report gives you the ability to do a deep dive into your AWS cost and usage data. Once set up, you can download the report using the Amazon S3 console.

Answer 224

A

Cost Explorer allows you to visualize and
forecast your costs and usage over time.

Answer 225

A

Cost Allocation Tags allow you to label resources using key value pairs and then report on those labels.

Answer 226

A

Organizations allows you to save money using Reserved Instance (RI) sharing. RI sharing allows all accounts in the organization to receive the hourly cost-benefit of RIs purchased by any other account. You can always turn off RI sharing using the master payer (or root) organization.

Answer 227

A

Control Tower helps you ensure your accounts conform to company-wide policies by enabling cross-account security audits or preventing or detecting security issues through mandatory or optional guardrails.

Answer 228

A

Systems Manager gives you visibility and
control over your AWS resources.

For example, Systems Manager allows you to auto-patch software running on EC2 instances according to a schedule.

Answer 229

A

AWS Trusted Advisor provides recommendations that help you follow AWS best practices.

Trusted Advisor evaluates your account by using checks. These checks identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas.

Answer 230

A

Licence Manager helps you manage software licences.

Answer 231

A

Certificate manager helps you to provision and manage SSL/TLS certificates

Answer 232

A

AWS Managed Services is a set of services and tools that automate infrastructure management tasks for Amazon Web Services (AWS) deployments.

Answer 233

A

Professional Services helps enterprise customers
move to a cloud-based operating model.

Answer 234

A

APN is a global community of approved partners that offer software solutions and consulting services for AWS.

Answer 235

A

Marketplace is a digital catalog of prebuilt solutions you can purchase or license. You may also sell your own solutions to others via Marketplace.

Answer 236

A

Personal Health Dashboard alerts you to events that might impact your AWS environment.

Answer 237

A

An endpoint enables instances in your VPC to use their private IP addresses to communicate with resources in other services.

Your instances do not require public IP addresses, and you do not need an Internet gateway, a NAT device, or a virtual private gateway in your VPC.

Answer 238

A

An internet gateway is used by EC2 instances in a public subset to access the internet.

EC2 instances in a private subnet cannot use an internet gateway to access the internet, instead they need to use a NAT Gateway.

Answer 239

A

NAT Gateways allow EC2 instances in Private subnets to access the internet but they are themselves located in Public Subnets.

Answer 240

A

WAF protects against SQL injection and cross-site scripting attacks.

Answer 241

A

CloudWatch can monitor the state of your AWS resources and can notify you when an EC2 is approaching 100% utilization

Answer 242

A

IAM allows you to create and manage access keys for an IAM user.

Answer 243

A

AWS maintains the configuration of its infrastructure devices. Don’t forget AWS is responsible for its global infrastructure elements: Regions, edge locations, and Availability Zones.

Answer 244

A

This Performance Efficiency pillar focuses on the effective use of resources to meet demand.

In this pillar, you would use the information gathered through the evaluation process to actively drive adoption of new services or resources. You would also define a process to improve workload performance, and you would need to stay up-to-date on new resources and services.

Answer 245

A

IAM policy

Policies can be attached to a group to ensure all users in the group have the same access. AWS even has a managed policy, Administrator Access, you can use.

Answer 246

A

Service control policies (SCPs)

AWS Organizations provides central governance and management for multiple accounts. Organization SCPs allow you to create permissions guardrails that apply to all accounts within a given organization. Service control policies (SCPs)

Answer 247

A

AWS Auto Scaling will ensure you have the optimal number of EC2 instances to handle your application’s load, based on rules you specify. The other services mentioned can help distribute load amongst existing resources, but they do not have the ability by themselves to create new resources. Reference: AWS Auto Scaling

Answer 248

A

Direct Connect is a private (bypasses the public internet), dedicated physical network connection from your on-premises data center to AWS. Since the connection is private, it is extremely fast.

Answer 249

A

Any object uploaded to S3 is automatically stored in multiple Availability Zones in the Region in which it was uploaded.

This means that if any single AZ in a Region is experiencing issues, objects stored in S3 will still be available. Although objects in S3 can be made to be accessible globally, by default they are always stored in a redundant fashion in only the Region they were uploaded, ruling out the other answers

Answer 250

A

DMS supports homogeneous migrations like Oracle to Oracle and heterogeneous migrations like Oracle to Aurora, with minimal downtime.

Answer 251

A

The Pricing Calculator provides an estimate of AWS fees and charges. Since the company knows the workload details, the AWS Pricing Calculator can also help with calculating the total cost of ownership.

Answer 252

A

Organizations

Organizations allows you to centrally manage multiple AWS accounts under 1 umbrella. You can allocate resources and apply policies across accounts.

Control Tower

Control Tower helps you ensure your accounts conform to company-wide policies. Control Tower actually sits on top of Organizations.

Brainscape's Knowledge GenomeTM

AWS Practitioner Flashcards

Brainscape's Knowledge Genome^TM