AWS SA Professional Exam Flashcards
How long does it take to get data out of Glacier?
It can take AT LEAST 3 hours
What storage type provides the ability to create point-in-time snapshots of data volumes?
EBS
Which three services have automated backups?
RDS
Elasticache (Redis only)
Redshift
Which service does not have automated backups?
EC2
In Read Replicas vs Multi-AZ; Which is used for scaling?
Read Replicas
In Read Replicas vs Multi-AZ; Which is used for DR?
Multi-AZ
How many read replicas can you have?
Up to 5
Can you have read replicas in different regions?
Yes - With the exception of SQL Server and Oracle
Are read replicas synchronous or asynchronous?
Asynchronous
[T/F] Read Replicas can be made off of Multi-AZ’s database
True
[T/F] Read Replicas can be in Multi-AZ.
True
Can you have a read replica of a read replica? Will this increase latency?
Yes, but only for MySQL and this will increase latency
DB Snapshots and Automated backups [can/cannot] be taken of read replicas.
Can - but are not enabled by default
If you application does not require transaction support, Atomicity, Consistency, Isolation, Durability (ACID) compliance, joins & SQL… What should you consider using instead of RDS?
DynamoDB
What are the 4 different Storage Gateway Types?
File Gateway
Gateway-Cached Volumes
Gateway-Stored Volumes
Gateway-Virtual Tape Library
How long does it take to access virtual tapes in your virtual tape library?
Instantaneous
How long does it take to access your virtual tapes from your virtual tape shelf?
It can take 24 hours
How is Storage Gateway encrypted?
Encrypted using SSL for transit
Encrypted at rest in S3 using AES-256
How are Gateway-Stored Volumes stored?
Stored data as Amazon EBS Snapshots in S3.
Gateway Storage snapshots [can/cannot] be scheduled.
Gateway Storage Volumes can be scheduled.
Gateway Storage bandwidth [can/cannot] be throttled.
Gateway storage can be throttled - which is great for remote sites
_______ make it easy to group your resources using the tags that are assigned to them. You can group resources that share one or more tags.
Resource groups
_________ allows you to get volume discounts on all your accounts.
Consolidated billing
With consolidated billing, _____ is on a per account and per region basis but can be aggregated into a single bucket in the paying account.
CloudTrail
The contract length for Reserved Instances is between __ and __ years.
1 & 3
What are the 3 types of RIs?
-Standard
- Convertible
- Scheduled
Which of the RIs offers the largest discount?
All Upfront RIs
Standard RIs for EC2 can be modified, but only if they are in the same _______ and only if the ______ factors are equal and only for the Linux operating system.
Family; Normalization;
You can switch EC2 RIs between ______, but not between ______.
AZs; Regions
EC2 RIs [can/cannot] be sold on the marketplace.
can
Can you have reserved RDS instances?
Yes
With RDS reserved instances, you can move ______ but not _______.
AZ’s but not regions.
Elastic Beanstalk [can/cannot] provision RDS instances.
can
Elastic Beanstalk [does/does not] support IAM.
does
You have ___ access to the resources under Elastic Beanstalk.
full
Elastic Beanstalk code is stored in ___.
S3
With Elastic Beanstalk, ________ environments are allowed to support version control.
multiple
Elastic Beanstalk [can/cannot] roll back changes.
can
With Elastic Beanstalk, ______ the changes from ____ repositories are replicated.
Only the changes from Git repositories
Amazon Elastic Beanstalk supports which AMIs?
Linux AMI & Windows 2012 R2
OpsWork consists of ________ and ________.
Stacks; Layers
OpsWorks runs on _____.
Chef
In OpsWork, layers contain AWS resources such as…
EC2 ELB RDS
In OpsWork, layers are like _____, ______, and _______ layer.
Web; Application; Database
In OpsWork, each stack will have how many layers?
1 or more
What happens to any EC2 instance added outside of the OpsWork stack in ELB?
OpsWork will remove
CloudFormation uses ________ to resolve dependency between resource creation.
wait condition
What is mandatory for a CloudFormation template?
Resources
With CloudFormation, you can create multiple ____ inside of one template.
VPCs
If you wanted to connect VPCs in your CloudFormation template. You can enable _____________ using CloudFormation.
VPC Peering
CloudFormation supports _____, ________, and _____ scripts.
Chef; Puppet; Bootstrap
With CloudFormation, you can use ________ to output data.
Fn:GetAtt
By default, the _______________ feature is enabled in CloudFormation.
“automatic rollback on error”
CloudFormation itself costs what?
Nothing
_______ is completely supported with CloudFormation. This includes creating new hosted zones or updating existing ones.
Route53
If you are accessing services using HTTPs endpoints (think DynamoDB, S3) use public ____.
VIFs
Direct Connect. If you are accessing VPCs using private IP address ranges, use private ______.
VIFs
In the US, you need ___ direct connect connection(s) to connect to all 4 US regions.
1
Does data transferred between regions go over public internet?
No
Layer 2 connections [are/are not] supported by direct connect.
Are not
What is the difference between a Customer Gateway and a Virtual Private Gateway?
Customer Gateway - Customer side Virtual Private Gateway - AWS Side
Which ports does EC2-VPC ELB support?
1-65536
Can you assign an Elastic IP to an Elastic Load Balancer?
No
You can load balance to the _________ of your domain name with ELBs.
Zone Apex
If you have multiple SSL certifications you should use ________ Elastic Load Balancers, unless you have a wildcard certificate.
Multiple
A placement group [can/cannot] span availability zones but it [can/cannot] span subnets, provided that they are in the same VPC.
cannot; can
You [can/cannot] move existing instances to placement groups.
cannot
How can you reduce bottlenecks with NATs?
Scale up and Scale out; If you scale out, add an additional NAT & subnet and migrate half your workload to the new subnet.
Can you peer VPCs from different regions?
YES
If you peer two VPCs, what needs to be updated?
Security groups & make sure that a route table has been created in both VPCs to allow traffic.
If your application is more oriented toward indexing and querying data, it may be better to use this Amazon DB for your needs.
DynamoDB
If your application has number BLOB data (binary large objects) then what would be a good choice for storage?
S3
If you need fully automated scaling, which DB is best?
DynamoDB
If you’re looking to scale your database up you should use ________, if you’re looking to scale out use ________.
RDS; DynamoDB
Databases that require Joins and/or complex transactions should look to utilize what database options with AWS?
Amazon RDS or Amazon EC2 with self-managed database
If you plan to store very large amounts of data that are infrequently accessed (Low I/O rates) where should you store that data?
S3
Use _______ to optimize both GETs & PUTs with S3.
Parallelization
S3 stores data in __________ order so you have to __________ the data.
Lexicographical; randomize
You can secure S3 by doing what 3 things?
- Using Bucket policies
- Using MFA Delete
- Backing your Bucket Up to Another S3 Bucket Owned by a separate account
CloudHSM is _____ tenanted.
Single Tenanted (1 physical device, for you only)
CloudHSM must be used in _____.
a VPC
You can use ___________ to connect o a CloudHSM from another VPC.
VPC Peering
IF you need fault tolerance with your CloudHSM, you need to build a ________.
Cluster
Which databases & warehouses CloudHSM can integrate with:
- RDS (Oracle & SQL)
- Redshift
You monitor CloudHSM via ______.
Syslog
The two types of directory services are ____ and ________.
AD Connector; Simple AD
By default, CloudWatch Logs will store your log data for how long?
Indefinitely
The default CloudWatch Alarm History is only how many days?
14
Step 1 of 3 for developing an Identity Broker is:
Develop an Identity Broker to communicate with LDAP & AWS STS
Step 2 of 3 for developing an Identity Broker is:
Identity Broker always communicates with LDAP first, THEN with AWS STS
Step 3 of 3 for developing an Identity Broker is:
Application then gets temporary access to AWS resources.
AWS Security Token Service returns which four values upon request for a federated token?
A Token
A Secret Access Key
Access Key ID
A Duration
True or False: To minimize the attack surface area, servers can be placed behind a bastion host, through which all traffic must pass.
False
If you want Intrusion Prevention AND Intrusion Detection you should use what?
A IPS tool
SNS Can SNS push notification to mobile devices (“Mobile Push”)?
Yes
What elements of a CloudFormation template are required?
Resources
How can I configure a CloudFormation template to pause while an application is configured on a template-created EC2 instance?
Using wait conditions
Using creation policies
cfn-signal CreationPolicies are the preferred mechanism
Can you copy EBS snapshots across regions?
Yes
ElasticBeanstalk rolling update types
- based on health
- based on time
- Immutable
ElasticBeanstalk environment types
- single-instance
- load-balancing
- autoscaling
How to preserve/backup CloudFormation resource when the stack is deleted
DeletionPolicy attribute
In which parts of CloudFormation template can intristic function be used?
resource properties,
outputs,
metadata attributes
update policy attributes
Simple, automated way to back up data stored on Amazon EBS volumes
Amazon Data Lifecycle Manager (DLM) for EBS Snapshots
Two ways to install security update on the running OpsWorks instances
- Create and start new instances to replace your current online instances. Then delete the current instances. - On Linux-based instances in Chef 11.10 or older stacks, run the Update Dependencies stack command
What is CFN Hup?
The cfn-hup helper is a daemon that detects changes in resource metadata and runs user-specified actions when a change is detected.
Three CI/CD stages
- Source
- Build/test
- Deploy
ElasticBeanstalk source bundle requirements
- Consist of a single ZIP file or TAR file
- Not exceed 512 MB
- Not include a parent folder or top-level directory
Describe durability in Kinesis
Kinesis synchronously replicates the streaming data across three data centres within single AWS region and preserves the data for up to 24H
How do you scale Kinesis?
Adding more shards
What’s the processing rate of 1 shard in Kinesis
1MB/sec data input and 2MB/sec data output
Which CloudFormation resource is used to create nested stacks?
AWS::CloudFormation::Stack
Three source repositories of CodeDeploy
- Github
- S3
- Bitbucket
Two types of deployments in CodeDeploy
- in-place
- blue/green
Directory for awslogs service
/etc/awslogs/
What is the maximum amount of data that can be stored in a Gateway-Stored volume?
16TB
How to ensure Redshift is capable of parallel processing?
By configuring workload management (WLM) in Amazon Redshift
What is HLS?
HTTP Live Streaming - protocol that segments media files for optimization during streaming. HLS enables media players to play segments with the highest quality resolution that is supported by their network connection during playback
What is WOWZA Streaming Engine
Wowza Streaming Engine is the gold standard of customizable streaming server software for building and delivering professional-grade streaming at any scale
Can you modify DHCP options in VPC?
If you want your VPC to use a different set of DHCP options, you must create a new set and associate them with your VPC.
What to do when you receive a capacity error when launching an instance in a placement group
stop and start all of the instances in the placement group, and try the launch again
Can read replica of RDS on VMware be assigned ty any region?
YES
Two use cases for HLS
view an Amazon Kinesis video stream for: - live playback - view archived video
Is retention schedule carried over to the snapshot copy?
NO
When can you enable EFS encryption at rest?
When creating EFS file system
When can you enable encryption in transit on EFS
When mounting the EFS volume
Can you snapshot instance-store volume?
NO. Other method need to be used (backing up to EBS)
What is TLS?
Transport Layer Security
What is ETL shortcut form?
Extract, transform, load
Where you can put policy variables in CF?
- in the Resource element
- in string comparisons in the Condition element
Default maximum number of customer managed policies in an AWS account
1500
Default maximum number of Groups in AWS account
300
Default maximum number of roles in AWS account
1000
Maximum number of users in AWS account
5000 (and cannot be changed)
3 Support plans in AWS
- Developer
- Business
- Enterprise
