AWS SAA, EBS, EFs, Fsx, Databases, VPC

Question 1

What is the difference between iops and throughput ?

Answer 1

IOPs is the count of reads and writes per second so its a useful metric for low-latency transactional workloads, Throughputs is the actual measurement of read/write bits per second

Question 2

What are the 4 EBS volume types ? and what are their uses ?

Answer 2

1. General Purpose SSD (gp2, gp3) - boot diskes and general applications 3000 - 16000 IOPS
2. Provisioned IOPS SSD (io1, io2) - latency-sensitive applications, suitable for OLTP 64000IOPs 5’9s durability
3. Throughput Optimized HDD (st1) - Suitable for big data, ETL (cannot be boot volume)
4. Cold HDD (sc1) - Less frequently accessed data

Question 3

What are volumes ?

Answer 3

Volumes are like virtual hard disks

Question 4

What is the minimum number of volumes needed per EC2 instance ?

Answer 4

1 this is called the root device volume.

Question 5

What are snapshots ?

Answer 5

A snapshot is a point in time copy of a volume. A snapshot is a like a photograph of the virtual disk/volume. Snapshots exist on S3

Question 6

Why does the first snapshot take so long ?

Answer 6

Snapshots are incremental so they alway store the difference between the current snapshot and the last snapshot. Since the first snapshot doesn’t have a snapshot to diff between it takes a long time.

Question 7

What’s the process for moving a EC2 instance to a different region ?

Answer 7

1. Power down your EC2 instance
2. Make a snapshot of your EBS volume/s
3. Copy your snapshot to your new region
4. Make a image from that snapshot
5. Make a new EC2 instance using that image.

Question 8

What are the limitations for sharing snapshots?

Answer 8

You can share snapshots within a region but to uses them in other regions you must first copy them to the new region

Question 9

What is the locale limitiations for EBS volumes and EC2?

Answer 9

EBS volume must be in the same AZ as the EC2 that uses it.

Question 10

What is the resizing policy for EBS volumes?

Answer 10

EBS volumes can be resized on the fly without having to stop your EC2 instance but you will need to extend the filesystem in the OS manually

Question 11

What is the policy for changing EBS volume types?

Answer 11

You can change EBS volume types on the fly without stoping or restarting the instance.

Question 12

Explain what is meant by EBS end to end encryption ?

Answer 12

1. Data at rest is encypted
2. Data in flight between the EC2 instance an Volume is encypted
3. All snapshots taken of the volume are encrypted
4. All volumes created from the snapshot are encrypted

Question 13

How would you make a encrypted EC2 instance from a non encrypted EC2 instance ?

Answer 13

1. Create a snapshot of the unencrypted root device volume
2. Create a copy of the snapshot and select the encryption options.
3. Create a AMI from the encrypted snapshot
4. Use that AMI to launch a new encrypted instances.

Question 14

What is EC2 Hibernation?

Answer 14

EC2 hibernation preserves the in-memory RAM on persistent storage (EBS)

Question 15

What is the benefit of using EC2 hibernation ?

Answer 15

Hibernating EC2 instances boot much faster because they don’t need to reload the operating system

Question 16

What are the limitations of EC2 hibernation?

Answer 16

Limit of 60 day hibernation
Instance RAM must be less than 150GB
Only available for C,M,R (3,4,5) instance families
Available for On-demand and Reserved instances
Support OS Windows, Amazon linux 2, and Ubuntu

Question 17

What is EFS?

Answer 17

Elastic File System is managed network file system that uses NFSv4 (Network File System version 4) where you only pay for the storage you use. Can scale up to petabytes and data is stored across multiple AZ’s in a region.

Question 18

What are 4 characteristics of EFS?

Answer 18

1. EFS works with EC2 instance in multiple Availability Zones
2. Highly available and scalable
3. Expensive
4. Only compatible with Linux based AMI

Question 19

What are the two types of EFS storage and what are their use cases?

Answer 19

1. General Purpose ( webservers, CMS)
2. Max I/O (big data, media processing)

Question 20

What are the storage tiers for EFS?

Answer 20

1. Standard
2. Infrequently Accessed

Question 21

What is FSx for windows?

Answer 21

Fsx for windows is a windows file server that allows you to move windows-based applications that require file storage to AWS

Question 22

What is the difference between FSx for windows and EFS?

Answer 22

FSx for windows is designed for windows and supports active directory, security policies and other windows filesystem features, EFS is designed for unix / linux

Question 23

What is amazon FSx for Lustre ?

Answer 23

When you need high-speed, high-capacity distributed storage. Mainly used for high performance computing applications, machine learning and financial modeling. Can store directly to S3

Question 24

What is the other name for Instance store storage?

Answer 24

Ephemeral storage

Question 25

What are the restart, stop, terminated characteristics of EC2 instances backed by a instance store?

Answer 25

Instance Store EC2 can be rebooted without losing data.
Instance Store EC2 cannot be stopped
When a Instance Store EC2 is terminated all the data is lost

Question 26

What are the restart, stop, terminated characteristics of EC2 instances backed by a EBS volume?

Answer 26

Can be rebooted without losing data
Can be stopped without losing data
Can be configured to be deleted without deleting the underlying EBS volume

Question 27

What is the difference between EBS and Ephemeral Storage AMI’s?

Answer 27

Amazon EBS backed AMI is created from EBS snapshot.
Amazon Instance store backed AMI is created from a template stored in S3

Question 28

What is a AMI?

Answer 28

A blueprint for an EC2 instance

Question 29

What is AWS Backup?

Answer 29

It’s a way to allow to consolidate your backups across multiple AWS sevices, EC2, EBS, EFS. Amazon FSx for lustre, Amazon FSx for windows file server, RDS and DynamoDB.

Question 30

What is the benefit of AWS Backup ?

Answer 30

1. Central Management
2. Automation
3. Improved Compliance
4. Can be used with organizations to manage backups across multiple accounts

Question 31

What is RDS?

Answer 31

RDS is amazons relational database service that supports 6 relational database engines and can be setup in minutes with Multi-AZ support and automatic failover capability.
RDS instances are just dedicated EC2 instances that are running your database engine of choice.
1. SQL Server
2. Oracle
3. MySQL
4. PostgreSQL
5. Aurora

Question 32

What 6 database engines does RDS Support ?

Answer 32

1. SQL Server
2. Oracle
3. MySQL
4. PostgreSQL
5. Aurora

Question 33

What is OLTP and OLAP ?

Answer 33

OLTP is online transaction processing and OLAP is online analytics processing.
OLTP is generally the processing of user transactions like payments and orders and is suitable for RDS
OLAP is the gathering of large scale statistics and metrics line net profit and is generally suitable for services like Redshift

Question 34

What’s a suitable service for OLTP ?

Answer 34

RDS

Question 35

What’s a suitable service OLAP?

Answer 35

Redshift

Question 36

How does amazon manage multi-AZ failover for RDS?

Answer 36

Amazon automatically switches the server the domain name is pointing to because Amazon manages the DNS servers for your RDS instances

Question 37

What can you use to increase read performance for RDS databases?

Answer 37

Read Replicas

Question 38

What are read replicas?

Answer 38

Read Replicas are read-only copies of your primary database that can help you increase your read performance. Can be in the same AZ, cross-AZ or cross-region

Question 39

Do read replicas share the same domain name as the primary database ?

Answer 39

No

Question 40

What is read replica promotion and what are the consequences for actioning it?

Answer 40

Read replica promotion is when you turn a read replica into a primary database. This enables writing to the database but disables replication with the original primary database. A possible use case for doing this is when you are about to perform OLAP using queries on that database.

Question 41

What are 3 key facts about read replicas ?

Answer 41

1. Scale for read performance not for disaster recovery.
2. Require automatic backups to be enabled
3. Up to 5 read replicas can be configured for DB instances of MySQL, MariaDB, PostgreSQL, SQL Server and Oracle

Question 42

What is the difference between Read replicas and Multi-AZ RDS configurations?

Answer 42

Multi-AZ deployments are only for disaster recovery.
Read-Replicas are only for increasing read performance.

Question 43

What is RDS Multi-AZ?

Answer 43

An extra copy of your production database in another availability zone used for automatic disaster recovery.

Question 44

What is amazon aurora?

Answer 44

Amazon Aurora is a fast, high-availability, MySQL and PostgreSQL-compatible relational database engine

Question 45

Whats Aurora’s speed compared to MySQL and PostgreSQL ?

Answer 45

5x MySQL
3x PostgreSQL

Question 46

What is the data replication policy for Aurora?

Answer 46

2 copies of your data are contained in each availabilty Zone, with a minimum of 3 Availabily Zones. 6 copies of your data.

Question 47

What is the limit on read replicas for Aurora?

Answer 47

You can have 15 Read Replicas with Aurora that are in region.

Question 48

What are 3 things to remember about aurora backups?

Answer 48

1. Automated backups are always enabled on amazon Aurora and backups do not impact performance
2. you can take snapshots with Aurora and that does not affect performance.
3. you can share aurora snapshot with other AWS accounts.

Question 49

What is amazon aurora serverless?

Answer 49

A on-demand, auto-scaling MySQL, PostgreSQL compatible edition of amazon aurora that can start up, shut down and scale capacity up or down based on your application. Suitable for infrequent, intermittent, or unpredictable workloads.

Question 50

What is dynamoDB?

Answer 50

DynamoDB is a proprietary, fully managed, NoSQL database service that supports both document and key-value data models.

Question 51

What are 4 facts about dynamoDB?

Answer 51

1. Stored on SSD storage
2. Spread across 3 geographically distinct data centers
3. Eventually consistent reads by default
4. Can be set for strongly consistent reads

Question 52

What is the difference between Eventually consistent reads and Strongly consistent reads?

Answer 52

For eventually consistent reads consistency across all copies of data is usually reached within a second
For strongly consistent reads a result reflects all writes that were received successfully prior to the read

Question 53

What is DAX ?

Answer 53

DAX is dynamoDB accelerator is a fully managed, highly available, in-memory cache that reduces latency and can yield a 10x performance improvement.

Question 54

What is A.C.I.D?

Answer 54

Transactions are completed successfully or not at all.
1. Atomic (Changes are performed successfully or not at all)
2. Consistent (data is consistent before and after a transaction)
3. Isolated (No other process can change the data while the transaction is running)
4. Durable (The changes made by a transaction must persist)

Question 55

What is dynamoDB transactions and what is it used for?

Answer 55

DynamoDB transactions provides developers with a ACID guarantee on their database inserts, updates, and deletes across one or more tables and is suitable for processing financial transactions, fulfilling and managing orders, building multiplayer game engines.

Question 56

What are the 3 read policies for dynamoDB?

Answer 56

1. Eventual Consistency
2. Strong Consistency
3. Transactional

Question 57

What are the 2 write policies for dynamoDB?

Answer 57

1. standard
2. transactional

Question 58

What are the two backup types available with DynamoDB?

Answer 58

1. On-Demand Backups
2. Point in time Backups

Question 59

What are 4 characteristics of on-demand DynamoDB backups?

Answer 59

1. Full backups at anytime
2. Zero impact on performance or availablity
3. Consistent within seconds and retained until deleted
4. Operates within the same region as the source table

Question 60

What are 5 characteristics of (PITR) point-in-time recovery?

Answer 60

1. Not enabled by default
2. Protects against accidental writes or deletes
3. Restore to any point in the last 35 days
4. incremental backups
5. Last restorable 5 minutes in the past

Question 61

What are DynamoDB Streams?

Answer 61

A time-ordered sequence of item-level changes (updates, inserts, deletes) on a table.

Question 62

What are DynamoDB Global tables and what is a good use case for it?

Answer 62

It is a feature that allows you to globally distribute your data using managed multi-master. multi-region replications. It is suitable for globally distributed applications.

Question 63

What are 4 key facts about dynamoDB Global tables?

Answer 63

1. DynamoDB streams must be enabled
2. Based on DynamoDB streams
3. Fully-managed so no application rewrites needed
4. Multi-region redundancy for disaster recovery or high availability.
5. Replication latency under 1 second

Question 64

What is apache cassandra?

Answer 64

An open-source distributed NoSQL database management system.

Question 65

What is Amazon Keyspace?

Answer 65

Amazons apache Cassandra database service. It allows you to run Cassandra workloads on AWS and is a fully managed database service.

Question 66

What is documentDB and what is the benefit of using it?

Answer 66

DocumentDB allows you to run MongoDB on AWS cloud. It’s a managed database service that scales with your workload. Its major benefit is the decreased operational workload compared to a MongoDB deployment

Question 67

What is Amazon Neptune?

Answer 67

Neptune is a graph based database by Amazon

Question 68

What is QLDB ?

Answer 68

Quantum Ledger database is an immutable no sql database that is suitable for record keeping applications like financial transactions.

Question 69

What is Amazon Time Series?

Answer 69

It is a serverless, fully managed database service for time series data. it is up to 1000times faster than a traditional relational database at 1/10th of the cost. use case are IOT, Analytics

Question 70

What is a VPC?

Answer 70

Virtual Private Cloud allows a user to set up a secure private network in the cloud where you launch your resources. It has subnetting and security features like NACL and Security groups that enable fully customizable networking.

Question 71

What does a VPC Consist of ?

Answer 71

1. Internet Gateways
2. Route Tables
3. Network access control lists
4. Subnets
5. Security Groups

Question 72

What is the location policy for subnets in AWS ?

Answer 72

1 subnet is always in 1 Availability Zone

Question 73

What are the 3 things that are created when you create a new VPC?

Answer 73

1. Main route table
2. Main Network ACL
3. Security group

Question 74

What are the IP address block limits for a default VPC?

Answer 74

0.0.0.0/16 - 0.0.0.0/28

Question 75

If you allocate a subnet with a block x.x.x.x/24 how many IP address will you have available ?

Answer 75

251 because aws will reserve.
x.x.x.0 Network address
x.x.x.1 VPC router
x.x.x.2 DNS server
x.x.x.3 Future use
x.x.x.255 vpc does not support broadcast

Question 76

What component can use to provide or deny internet access to a subnet in a VPC?

Answer 76

RouteTable

Question 77

What is a component that allows you to enable communication between two subnets?

Answer 77

Security Groups

Question 78

What is a NAT gateway and what can it be used for?

Answer 78

A network address translation gateway translates IP addresses and it can be used to allow a private subnet in a VPC to gain internet access with out making it publicly accessible. (Adding the gateway to the routing table of the private subnet)

Question 79

What is the patching policy on NAT gateways?

Answer 79

NAT gateway are fully managed and don’t need any patching

Question 80

What security groups do you need to setup with NAT gateways?

Answer 80

NAT gateways aren’t associated with security groups

Question 81

How do you make a NAT gateway redundant inside the availibiltiy zone ?

Answer 81

NAT gateways are automatically redundant in a AZ

Question 82

Whats the throughput of a NAT gateway?

Answer 82

5Gbps to 45 Gbps

Question 83

What are security groups?

Answer 83

Security groups are stateful virtual firewall. It allows you to block in bound and out bound traffic on certain ports

Question 84

What makes a security group stateful?

Answer 84

If an inbound port is blocked but the corresponding outbound port is not blocked a server sends out a request data will still be allowed to flow in on that port.

Question 85

What is a NACL?

Answer 85

Network access control lists are stateless and act as a virtual firewall. All rules are executed from smallest id to largest. NACL allow you to block IP addresses

Question 86

What is meant by NACL’s are stateless?

Answer 86

For communication to occur through a network access control list both the in-bound and out-bound IP/Ports must be allowed

Question 87

What is the difference between NACLs and Security groups

Answer 87

NACL are the first layer of defence and are stateless. Security groups are downstream from NACL and are stateful

Question 88

What is the best mechanism/component for blocking specific IP addresses?

Answer 88

Network access control lists

Question 89

What are the subnet associations for NACL?

Answer 89

A NACL maybe associated with multiple subnets but every subnet is only associated with one ACL

Question 90

What are VPC endpoints?

Answer 90

VPC endpoint enabled you to connect to supported AWS service privately through the AWS network. For example connecting a EC2 in your VPC to a S3 bucket without sending your traffic through the internet

Question 91

What is the availability policy for VPC endpoints?

Answer 91

VPC endpoints scale horizontally, are redundant, and are highly available. allow communication between instances in your VPC and services without imposing availability risks or bandwidth constraints (A better altenative to send all the data through a NAT gateway)

Question 92

What are the two types of VPC endpoints?

Answer 92

1. Interface endpoints - elastic network interface with a private IP address.
2. Gateway endpoints - similar to NAT gateways supports S3 and DynamoDB

Question 93

What is VPC peering ?

Answer 93

VPC peering is a mechanism for connecting a VPC to another VPC via a direct network route using pirvate IP addresses, Transitive peering is not allowed, you can peer between regions. No overlapping CIDR address ranges are allowed. Works on a hub and spoke model.

Question 94

What is AWS Private link?

Answer 94

It is a feature that allows you to connect tens, hundreds, or thousands of customer VPC’s, it only requires a network load balancer on the service VPC and a ENI Elastic Network interface on the customer VPC

Question 95

What is AWS VPN CloudHub?

Answer 95

Its a feature that allows you to connect multiple VPNs together. it works on a hub and spoke model

Question 96

What is AWS Direct Connect?

Answer 96

It is a service that allows you to establish a direct physical connection from your data center to AWS. It is useful for reducing costs for high-throughput workloads and helpful when you need a stable reliable secure connection

Question 97

What are the two types of AWS Direct Connect ?

Answer 97

1. Dedicated Connection
2. Hosted Connection (through AWS partner i.e Horizon)

Question 98

What is AWS Transit Gateway?

Answer 98

It is a service that connects VPCs and on-premises network through a central hub to simplify networks ( removing the need for complicated VPC peering configurations)

Question 99

What is a service that allows you to simplifiy your networks, works with direct connect and supports multicast ?

Answer 99

AWS transit Gateway

Question 100

What is a service that a service for increasing application speed at the edge using mobile networks?

Answer 100

AWS Wavelength

Question 101

What is the problem with high Availability with NAT Gateway?

Answer 101

If you have resources in multiple AZs and they share a NAT gateway in 1 az and that AZ goes down then all AZ’s will lose internet access. To ensure high availiablity architecture create a NAT gateway in each AZ

Question 102

What is the difference between Default Network ACL and Custom Network ACL?

Answer 102

Default network ACL allow all traffic by default Custom network ACL deny all traffic by default.

Question 103

What is the data flow path through a VPC

Answer 103

Router-> Route table -> NACL -> Security Group -> Subnet -> instance