AWS SAA, EBS, EFs, Fsx, Databases, VPC Flashcards
1
Q
What is the difference between iops and throughput ?
A
IOPs is the count of reads and writes per second so its a useful metric for low-latency transactional workloads, Throughputs is the actual measurement of read/write bits per second
2
Q
What are the 4 EBS volume types ? and what are their uses ?
A
- General Purpose SSD (gp2, gp3) - boot diskes and general applications 3000 - 16000 IOPS
- Provisioned IOPS SSD (io1, io2) - latency-sensitive applications, suitable for OLTP 64000IOPs 5’9s durability
- Throughput Optimized HDD (st1) - Suitable for big data, ETL (cannot be boot volume)
- Cold HDD (sc1) - Less frequently accessed data
3
Q
What are volumes ?
A
Volumes are like virtual hard disks
4
Q
What is the minimum number of volumes needed per EC2 instance ?
A
1 this is called the root device volume.
5
Q
What are snapshots ?
A
A snapshot is a point in time copy of a volume. A snapshot is a like a photograph of the virtual disk/volume. Snapshots exist on S3
6
Q
Why does the first snapshot take so long ?
A
Snapshots are incremental so they alway store the difference between the current snapshot and the last snapshot. Since the first snapshot doesn’t have a snapshot to diff between it takes a long time.
7
Q
What’s the process for moving a EC2 instance to a different region ?
A
- Power down your EC2 instance
- Make a snapshot of your EBS volume/s
- Copy your snapshot to your new region
- Make a image from that snapshot
- Make a new EC2 instance using that image.
8
Q
What are the limitations for sharing snapshots?
A
You can share snapshots within a region but to uses them in other regions you must first copy them to the new region
9
Q
What is the locale limitiations for EBS volumes and EC2?
A
EBS volume must be in the same AZ as the EC2 that uses it.
10
Q
What is the resizing policy for EBS volumes?
A
EBS volumes can be resized on the fly without having to stop your EC2 instance but you will need to extend the filesystem in the OS manually
11
Q
What is the policy for changing EBS volume types?
A
You can change EBS volume types on the fly without stoping or restarting the instance.
12
Q
Explain what is meant by EBS end to end encryption ?
A
- Data at rest is encypted
- Data in flight between the EC2 instance an Volume is encypted
- All snapshots taken of the volume are encrypted
- All volumes created from the snapshot are encrypted
13
Q
How would you make a encrypted EC2 instance from a non encrypted EC2 instance ?
A
- Create a snapshot of the unencrypted root device volume
- Create a copy of the snapshot and select the encryption options.
- Create a AMI from the encrypted snapshot
- Use that AMI to launch a new encrypted instances.
14
Q
What is EC2 Hibernation?
A
EC2 hibernation preserves the in-memory RAM on persistent storage (EBS)
15
Q
What is the benefit of using EC2 hibernation ?
A
Hibernating EC2 instances boot much faster because they don’t need to reload the operating system
16
Q
What are the limitations of EC2 hibernation?
A
Limit of 60 day hibernation
Instance RAM must be less than 150GB
Only available for C,M,R (3,4,5) instance families
Available for On-demand and Reserved instances
Support OS Windows, Amazon linux 2, and Ubuntu
17
Q
What is EFS?
A
Elastic File System is managed network file system that uses NFSv4 (Network File System version 4) where you only pay for the storage you use. Can scale up to petabytes and data is stored across multiple AZ’s in a region.
18
Q
What are 4 characteristics of EFS?
A
- EFS works with EC2 instance in multiple Availability Zones
- Highly available and scalable
- Expensive
- Only compatible with Linux based AMI
19
Q
What are the two types of EFS storage and what are their use cases?
A
- General Purpose ( webservers, CMS)
- Max I/O (big data, media processing)
20
Q
What are the storage tiers for EFS?
A
- Standard
- Infrequently Accessed
21
Q
What is FSx for windows?
A
Fsx for windows is a windows file server that allows you to move windows-based applications that require file storage to AWS
22
Q
What is the difference between FSx for windows and EFS?
A
FSx for windows is designed for windows and supports active directory, security policies and other windows filesystem features, EFS is designed for unix / linux
23
Q
What is amazon FSx for Lustre ?
A
When you need high-speed, high-capacity distributed storage. Mainly used for high performance computing applications, machine learning and financial modeling. Can store directly to S3
24
Q
What is the other name for Instance store storage?
A
Ephemeral storage
25
What are the restart, stop, terminated characteristics of EC2 instances backed by a instance store?
Instance Store EC2 can be rebooted without losing data.
Instance Store EC2 cannot be stopped
When a Instance Store EC2 is terminated all the data is lost
26
What are the restart, stop, terminated characteristics of EC2 instances backed by a EBS volume?
Can be rebooted without losing data
Can be stopped without losing data
Can be configured to be deleted without deleting the underlying EBS volume
27
What is the difference between EBS and Ephemeral Storage AMI's?
Amazon EBS backed AMI is created from EBS snapshot.
Amazon Instance store backed AMI is created from a template stored in S3
28
What is a AMI?
A blueprint for an EC2 instance
29
What is AWS Backup?
It's a way to allow to consolidate your backups across multiple AWS sevices, EC2, EBS, EFS. Amazon FSx for lustre, Amazon FSx for windows file server, RDS and DynamoDB.
30
What is the benefit of AWS Backup ?
1. Central Management
2. Automation
3. Improved Compliance
4. Can be used with organizations to manage backups across multiple accounts
31
What is RDS?
RDS is amazons relational database service that supports 6 relational database engines and can be setup in minutes with Multi-AZ support and automatic failover capability.
RDS instances are just dedicated EC2 instances that are running your database engine of choice.
1. SQL Server
2. Oracle
3. MySQL
4. PostgreSQL
5. Aurora
32
What 6 database engines does RDS Support ?
1. SQL Server
2. Oracle
3. MySQL
4. PostgreSQL
5. Aurora
33
What is OLTP and OLAP ?
OLTP is online transaction processing and OLAP is online analytics processing.
OLTP is generally the processing of user transactions like payments and orders and is suitable for RDS
OLAP is the gathering of large scale statistics and metrics line net profit and is generally suitable for services like Redshift
34
What's a suitable service for OLTP ?
RDS
35
What's a suitable service OLAP?
Redshift
36
How does amazon manage multi-AZ failover for RDS?
Amazon automatically switches the server the domain name is pointing to because Amazon manages the DNS servers for your RDS instances
37
What can you use to increase read performance for RDS databases?
Read Replicas
38
What are read replicas?
Read Replicas are read-only copies of your primary database that can help you increase your read performance. Can be in the same AZ, cross-AZ or cross-region
39
Do read replicas share the same domain name as the primary database ?
No
40
What is read replica promotion and what are the consequences for actioning it?
Read replica promotion is when you turn a read replica into a primary database. This enables writing to the database but disables replication with the original primary database. A possible use case for doing this is when you are about to perform OLAP using queries on that database.
41
What are 3 key facts about read replicas ?
1. Scale for read performance not for disaster recovery.
2. Require automatic backups to be enabled
3. Up to 5 read replicas can be configured for DB instances of MySQL, MariaDB, PostgreSQL, SQL Server and Oracle
42
What is the difference between Read replicas and Multi-AZ RDS configurations?
Multi-AZ deployments are only for disaster recovery.
Read-Replicas are only for increasing read performance.
43
What is RDS Multi-AZ?
An extra copy of your production database in another availability zone used for automatic disaster recovery.
44
What is amazon aurora?
Amazon Aurora is a fast, high-availability, MySQL and PostgreSQL-compatible relational database engine
45
Whats Aurora's speed compared to MySQL and PostgreSQL ?
5x MySQL
3x PostgreSQL
46
What is the data replication policy for Aurora?
2 copies of your data are contained in each availabilty Zone, with a minimum of 3 Availabily Zones. 6 copies of your data.
47
What is the limit on read replicas for Aurora?
You can have 15 Read Replicas with Aurora that are in region.
48
What are 3 things to remember about aurora backups?
1. Automated backups are always enabled on amazon Aurora and backups do not impact performance
2. you can take snapshots with Aurora and that does not affect performance.
3. you can share aurora snapshot with other AWS accounts.
49
What is amazon aurora serverless?
A on-demand, auto-scaling MySQL, PostgreSQL compatible edition of amazon aurora that can start up, shut down and scale capacity up or down based on your application. Suitable for infrequent, intermittent, or unpredictable workloads.
50
What is dynamoDB?
DynamoDB is a proprietary, fully managed, NoSQL database service that supports both document and key-value data models.
51
What are 4 facts about dynamoDB?
1. Stored on SSD storage
2. Spread across 3 geographically distinct data centers
3. Eventually consistent reads by default
4. Can be set for strongly consistent reads
52
What is the difference between Eventually consistent reads and Strongly consistent reads?
For eventually consistent reads consistency across all copies of data is usually reached within a second
For strongly consistent reads a result reflects all writes that were received successfully prior to the read
53
What is DAX ?
DAX is dynamoDB accelerator is a fully managed, highly available, in-memory cache that reduces latency and can yield a 10x performance improvement.
54
What is A.C.I.D?
Transactions are completed successfully or not at all.
1. Atomic (Changes are performed successfully or not at all)
2. Consistent (data is consistent before and after a transaction)
3. Isolated (No other process can change the data while the transaction is running)
4. Durable (The changes made by a transaction must persist)
55
What is dynamoDB transactions and what is it used for?
DynamoDB transactions provides developers with a ACID guarantee on their database inserts, updates, and deletes across one or more tables and is suitable for processing financial transactions, fulfilling and managing orders, building multiplayer game engines.
56
What are the 3 read policies for dynamoDB?
1. Eventual Consistency
2. Strong Consistency
3. Transactional
57
What are the 2 write policies for dynamoDB?
1. standard
2. transactional
58
What are the two backup types available with DynamoDB?
1. On-Demand Backups
2. Point in time Backups
59
What are 4 characteristics of on-demand DynamoDB backups?
1. Full backups at anytime
2. Zero impact on performance or availablity
3. Consistent within seconds and retained until deleted
4. Operates within the same region as the source table
60
What are 5 characteristics of (PITR) point-in-time recovery?
1. Not enabled by default
2. Protects against accidental writes or deletes
3. Restore to any point in the last 35 days
4. incremental backups
5. Last restorable 5 minutes in the past
61
What are DynamoDB Streams?
A time-ordered sequence of item-level changes (updates, inserts, deletes) on a table.
62
What are DynamoDB Global tables and what is a good use case for it?
It is a feature that allows you to globally distribute your data using managed multi-master. multi-region replications. It is suitable for globally distributed applications.
63
What are 4 key facts about dynamoDB Global tables?
1. DynamoDB streams must be enabled
2. Based on DynamoDB streams
3. Fully-managed so no application rewrites needed
4. Multi-region redundancy for disaster recovery or high availability.
5. Replication latency under 1 second
64
What is apache cassandra?
An open-source distributed NoSQL database management system.
65
What is Amazon Keyspace?
Amazons apache Cassandra database service. It allows you to run Cassandra workloads on AWS and is a fully managed database service.
66
What is documentDB and what is the benefit of using it?
DocumentDB allows you to run MongoDB on AWS cloud. It's a managed database service that scales with your workload. Its major benefit is the decreased operational workload compared to a MongoDB deployment
67
What is Amazon Neptune?
Neptune is a graph based database by Amazon
68
What is QLDB ?
Quantum Ledger database is an immutable no sql database that is suitable for record keeping applications like financial transactions.
69
What is Amazon Time Series?
It is a serverless, fully managed database service for time series data. it is up to 1000times faster than a traditional relational database at 1/10th of the cost. use case are IOT, Analytics
70
What is a VPC?
Virtual Private Cloud allows a user to set up a secure private network in the cloud where you launch your resources. It has subnetting and security features like NACL and Security groups that enable fully customizable networking.
71
What does a VPC Consist of ?
1. Internet Gateways
2. Route Tables
3. Network access control lists
4. Subnets
5. Security Groups
72
What is the location policy for subnets in AWS ?
1 subnet is always in 1 Availability Zone
73
What are the 3 things that are created when you create a new VPC?
1. Main route table
2. Main Network ACL
3. Security group
74
What are the IP address block limits for a default VPC?
0.0.0.0/16 - 0.0.0.0/28
75
If you allocate a subnet with a block x.x.x.x/24 how many IP address will you have available ?
251 because aws will reserve.
x.x.x.0 Network address
x.x.x.1 VPC router
x.x.x.2 DNS server
x.x.x.3 Future use
x.x.x.255 vpc does not support broadcast
76
What component can use to provide or deny internet access to a subnet in a VPC?
RouteTable
77
What is a component that allows you to enable communication between two subnets?
Security Groups
78
What is a NAT gateway and what can it be used for?
A network address translation gateway translates IP addresses and it can be used to allow a private subnet in a VPC to gain internet access with out making it publicly accessible. (Adding the gateway to the routing table of the private subnet)
79
What is the patching policy on NAT gateways?
NAT gateway are fully managed and don't need any patching
80
What security groups do you need to setup with NAT gateways?
NAT gateways aren't associated with security groups
81
How do you make a NAT gateway redundant inside the availibiltiy zone ?
NAT gateways are automatically redundant in a AZ
82
Whats the throughput of a NAT gateway?
5Gbps to 45 Gbps
83
What are security groups?
Security groups are stateful virtual firewall. It allows you to block in bound and out bound traffic on certain ports
84
What makes a security group stateful?
If an inbound port is blocked but the corresponding outbound port is not blocked a server sends out a request data will still be allowed to flow in on that port.
85
What is a NACL?
Network access control lists are stateless and act as a virtual firewall. All rules are executed from smallest id to largest. NACL allow you to block IP addresses
86
What is meant by NACL's are stateless?
For communication to occur through a network access control list both the in-bound and out-bound IP/Ports must be allowed
87
What is the difference between NACLs and Security groups
NACL are the first layer of defence and are stateless. Security groups are downstream from NACL and are stateful
88
What is the best mechanism/component for blocking specific IP addresses?
Network access control lists
89
What are the subnet associations for NACL?
A NACL maybe associated with multiple subnets but every subnet is only associated with one ACL
90
What are VPC endpoints?
VPC endpoint enabled you to connect to supported AWS service privately through the AWS network. For example connecting a EC2 in your VPC to a S3 bucket without sending your traffic through the internet
91
What is the availability policy for VPC endpoints?
VPC endpoints scale horizontally, are redundant, and are highly available. allow communication between instances in your VPC and services without imposing availability risks or bandwidth constraints (A better altenative to send all the data through a NAT gateway)
92
What are the two types of VPC endpoints?
1. Interface endpoints - elastic network interface with a private IP address.
2. Gateway endpoints - similar to NAT gateways supports S3 and DynamoDB
93
What is VPC peering ?
VPC peering is a mechanism for connecting a VPC to another VPC via a direct network route using pirvate IP addresses, Transitive peering is not allowed, you can peer between regions. No overlapping CIDR address ranges are allowed. Works on a hub and spoke model.
94
What is AWS Private link?
It is a feature that allows you to connect tens, hundreds, or thousands of customer VPC's, it only requires a network load balancer on the service VPC and a ENI Elastic Network interface on the customer VPC
95
What is AWS VPN CloudHub?
Its a feature that allows you to connect multiple VPNs together. it works on a hub and spoke model
96
What is AWS Direct Connect?
It is a service that allows you to establish a direct physical connection from your data center to AWS. It is useful for reducing costs for high-throughput workloads and helpful when you need a stable reliable secure connection
97
What are the two types of AWS Direct Connect ?
1. Dedicated Connection
2. Hosted Connection (through AWS partner i.e Horizon)
98
What is AWS Transit Gateway?
It is a service that connects VPCs and on-premises network through a central hub to simplify networks ( removing the need for complicated VPC peering configurations)
99
What is a service that allows you to simplifiy your networks, works with direct connect and supports multicast ?
AWS transit Gateway
100
What is a service that a service for increasing application speed at the edge using mobile networks?
AWS Wavelength
101
What is the problem with high Availability with NAT Gateway?
If you have resources in multiple AZs and they share a NAT gateway in 1 az and that AZ goes down then all AZ's will lose internet access. To ensure high availiablity architecture create a NAT gateway in each AZ
102
What is the difference between Default Network ACL and Custom Network ACL?
Default network ACL allow all traffic by default Custom network ACL deny all traffic by default.
103
What is the data flow path through a VPC
Router-> Route table -> NACL -> Security Group -> Subnet -> instance
