AWS SAA IAM,S3,EC2 Flashcards
1
Q
What is a AWS region ?
A
A physical location in the world that consists of two or more Availability Zones
2
Q
What is a Availibility Zone ?
A
One or more descrete data centers in a region
3
Q
What are edge locations ?
A
Edge Locations are smaller data centers used to cache your content to improve latency. They are usually closer to your user. The are used through AWS cloudfront and other services
4
Q
What is the shared responsibility model?
A
It is a framework for defining the division of responsibility between AWS and the Us.
5
Q
Under the share responsibility model what are we responsible for and what is AWS responsible for?
A
AWS is responsible for security of the cloud and we are responsible for security in the cloud.
6
Q
What does the operational excellence pillar of the well-architected framework stand for?
A
Running and monitoring systems to deliver business value and continually improving processes and procedures
6
Q
What are the six pillars of the well-architected framework?
A
- Operational Excellence
- Performance Efficiency
- Security
- Reliability
- Sustainability
- Cost Optimization
7
Q
What does the Performance Efficiency pillar of the well-architected framework stand for?
A
Using IT and computing resources efficiently
8
Q
What does the Security pillar of the well-architected framework stand for?
A
Protecting information and systems
9
Q
What does the Cost Optimization pillar of the well-architected framework stand for?
A
Avoiding unnecessary costs
10
Q
What does the Reliability pillar of the well-architected framework stand for?
A
Ensuring a workload performs its intended function correctly and consistently when it’s expected to
11
Q
What region are IAM users created in?
A
They are not created in a specific region they are created universally / globaly
12
Q
What permissions to do new users have ?
A
New users have no permissions
13
Q
What are the 7 tasks that require root user access?
A
- Changing your account, name, email address, root user password, and root user access keys.
- Restore the user permission of a IAM user if the administrator is somehow locked out.
- Activate access to the Billing and Cost Management console
- Close the AWS account
- Change the AWS support plan
- Configure S3 bucket to enable MFA
- Edit or delete S3 bucket policy that includes an invalid VPC ID/ Endpoint ID
14
Q
What are the only two things that the root user should be used for?
A
- Creating the first administrator user in IAM
- Perform tasks that can be performed only by the root user.
15
Q
What is IAM Federation?
A
A service for using Single sign-on credentials (Microsoft Active Directory) for logging into AWS using SAML.
16
Q
What is S3?
A
Simple Storage Service provides a simple, scalable, cost-effective, object storage service that is secure and allows you to store and retrieve any amount of data from anywhere on the web.
17
Q
How does S3 manage your data?
A
It manages data as objects instead of data blocks which makes it suitable for storing any file type, (videos, photos, code, documents)
18
Q
What are the 3 fundamental attributes of S3?
A
- Scalable and offers unlimited storage
- Objects up to a max of 5 TB is size
- S3 objects are stored in S3 buckets(similar to folders)
19
Q
What is the most important thing to remember about S3 namespaces?
A
S3 namespaces must be Globally/Universally unique
20
Q
What is the format of a S3 URL ?
A
https://<bucket-namespace>.s3.<Region>.amazonaws.com/<key-name(name.jpg)></Region></bucket-namespace>
21
Q
What is the success code when you upload a file to an S3 bucket?
A
HTTP 200
22
Q
What are the 4 key components of a object that is uploaded to S3?
A
- Key (Name of the object)
- Value (The data as a sequence of bytes)
- Version ID (important if you’re storing multiple versions of the same object)
- Metadata (content-type, last-modified …)
23
Q
What are 3 ways to secure S3 buckets?
A
- Server-Side Encryption (You can set default encryption on a bucket to encrypt all new objects)
- ACLs ( Access Control Lists) (Define which AWS accounts or groups have access to individual objects)
- Bucket Policies specify what actions are allowed or denied by a user (John can PUT but can’t DELETE)
24
What is the consistency model for S3?
Strong Read-After-Write Consistency (Any object are available straight after a successful write)
25
What is the default access policy for S3?
S3 buckets and the objects inside them are private by default. You have to allow public access on the both the bucket and it's objects in order to make them public
25
What is the default access policy for S3?
S3 buckets and the objects inside them are private by default. You have to allow public access on the both the bucket and it's objects in order to make them public
26
What's the difference between bucket policies and ACL?
Access control lists set access to objects while bucket policies affect every object within a bucket except previous versions of objects
27
Whats the best way to setup a static website?
Use S3 bucket
28
What is the scaling policy for S3?
S3 Scales automatically to meet demand
29
What is S3 versioning?
It's a way to version control objects in a S3 bucket
30
What are the 5 key aspects of S3 versioning ?
1. All versions of an object are stored in S3 including all writes and deletes
2. Great tool for backup
3. Cannot be disabled (once enabled it can only be suspended)
4. Can integrate with life cycle rules
5 Supports MFA
31
What is the default S3 Storage Class and what are its 3 properties?
S3 Standard:
1. High Availability (99.99%) and (>=3 AZ) Durability (11 9's)
2. Designed for frequent access
3. Suitable for most workloads (static website, content distribution, big data analytics)
32
What is the S3 class most suitable for data that is accessed less frequently but requires rapid access and what are its 4 properties?
S3 Standard Infrequent Access
1. High Availability (99.99%) and (>=3 AZ) Durability (11 9's)
2. Rapid access
3. Pay to Access the data (low per GB storage price and per retrieval fee)
4. Great for long-term storage, backups, and data-store for disaster recovery
33
What are the 4 properties of S3 one zone infrequent access?
1. like S3 Standard-IA but data is stored redundantly within a single AZ
2. High Availability (99.5%) and (1 AZ) Durability (11 9's)
3. Costs 20% less than regular S3 Standard-IA
4. Great for long-lived, infrequently access non critical data
34
What its the S3 Class that offers the most cost-effective solution for data that may be accessed Frequently and Infrequently and what are its 3 properties?
S3 Intelligent-Tiering
1. High Availability (99.99%) and (>=3 AZ) Durability (11 9's)
2. Rapid access
35
What are the 4 properties of Glacier S3 Storage
1. you pay each time you access your data
2. Use only for archiving
3. Glacier is cheap storage
4. Optimized for data that is very infrequently accessed
36
What are the 3 Glacier options and their properties?
1. Glacier Instant retrieval
long-term data archiving with instant retrieval time for your data.
2. Glacier Flexible retrieval
Ideal storage class for archive data that does not require immediate
access but needs the flexibility to retrieve large sets at no cost. Can be
minutes or up to 12 hours access time
3. Glacier Deep Archive
Cheapest storage class and designed for customers that retain data
sets for 7-10 years retrieval time of 12 - 48 hours
37
What is lifecycle management?
Automatically moving your data (objects) through the storage classes to maximize cost-effectiveness
1. can be used in conjunction with versioning
2. can be applied to current versions or previous versions
38
What is a WORM model?
Write once read many. Once data is written it cannot be modified. This gaurantees that data cannot be tampered with.
39
What is S3 Object Lock?
It is a feature that allows you to store object using a write once read many model. It can help prevent objects or buckets from being deleted or modified for a fixed amount of time or indefinetly. you can use it to meet regulatory requirements and it have two modes Governance mode and Compliance mode.
40
What is S3 Object Lock Governance Mode?
Users cant overwrite or delete an object version or alter its lock settings unless they have special permissions
41
What is S3 Object Lock Compliance Mode?
It inforces that a object cannot be modified or deleted by any user including the root user until the retention period has expired.
42
What is the S3 Legal Hold?
S3 legal hold prevents an object version from being modified or deleted, unlike a retention period it does not expire after a set period and must be removed by a user with adequate permissions for the object to be unlocked
43
What is a S3 Object Lock Retention Period ?
S3 Retention Period is a fixed amount of time where a object is protected from modification or deletion
44
What is a Glacier Vault Lock?
S3 Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy. You can specifiy controls, such as WORM, in a vault lock policy and lock the policy from future edits. once locked the policy cannot be changed.
45
What are the 3 types of Encryption?
1. Encryption in Transit
2. Encryption at Rest: Server-Side Encryption
3. Encryption at Rest: Client-Side Encryption
46
What are technologies used for Encryption in Transit ?
HTTPS, SSL/TLS
47
What are 3 technologies used for Server-side encryption at rest?
SSE (Server Side Encyrption)
1. SSE-S3: S3-managed keys, using AES 256-bit encryption
2. SSE-KMS: AWS Key Management Service-managed keys
3. SSE-C: Customer-provided keys
48
What is Client Side Encryption at rest?
It's when the encryption is fully managed locally before uploading to AWS.
49
What are the two ways of enforcing server-side encryption?
1. Console: Select the encryption setting on you S3 bucket
2. Bucket Policy: Enforce Encryption using a bucket policy
50
How does a bucket policy enforce SSE during upload ?
It looks for the x-amz-server-side-encryption: (ASE256/ aws:kms) property in the header of a PUT request and it will deny any requests that don't have it
51
What are S3 prefixes?
S3 Prefixes are like subdirectories in your bucket.
ex. mybucketname/ Prefix is (/folder1/subfolder)
52
Is S3 latency High, Medium, or Low ?
Low 100 - 200 milliseconds
53
What is the throughput for PUT/COPY/POST/DELETE requests on S3 ?
3500 requests per second per prefix
54
What is the throughput for GET/HEAD resquests on S3?
5500 requests per second per prefix
55
What is one strategy for increasing throughput using prefixes?
Spread our data across prefixes because request bandwidth is per prefix.
56
What is the limitation imposed by using SSE-KMS on S3?
All uploads and downloads call the Key management service API which has a region specific quota of 5500, 10000, or 30000 requests per second. KMS quotas cannot be increased.
57
What is a strategy for increasing upload performance for S3?
For files over 100MB it is recommended to use S3 Multipart Uploads. For Files over 5GB this is required.
58
What is a strategy for increasing download performance for S3?
Use S3 Byte-Range Fetches (Multipart downloads)
59
What is S3 Replication and what are the requirement/limitations for enabling it?
S3 Replication is a feature that allows you to automatically have objects copied into one bucket get replicated into another.
1. To activate it Versioning must be enabled.
2. It is important to remember that objects in an existing bucket aren't automatically replicated
3. By default delete markers aren't automatically replicated
60
What is EC2?
EC2(Elastic Compute Cloud) is Secure, Resizable compute capacity in the cloud that is designed to make web-scale cloud computing easier for developers.
61
What are the four pricing options for EC2?
1. On-Demand (Pay by the hour or Second)
2. Reserved ( 1 - 3 Reservations up %72 discount) The longer you reserve for and more money you pay up front the greater the discount.
3. Spot (Purchase unused capacity at a discount up to %90)
4. Dedicated (A physical EC2 server is dedicated for your use)
62
What are the 3 benefits of On-Demand EC2 Instances?
1. Flexible (low cost, without any up-front payment or long-term commitment)
2. Short-term (good for spiky or unpredicatble workloads that cannot be interrupted)
3. Testing (Ideal for test / developing applications)
63
What are the 3 benefits of On-Demand EC2 Instances?
1. Flexible (low cost, without any up-front payment or long-term commitment)
2. Short-term (good for spiky or unpredictable workloads that cannot be interrupted)
3. Testing (Ideal for test / developing applications)
64
What are the 7 attributes of Reserved EC2 Instances?
1. Ideal for predictable usage
2. Ideal when you know specific capacity requirements
3. Ideal when you can pay up front.
4 A Standard RIs (Reserved instances) can be up to 72% cheaper than a on-demand instance.
5. Convertible Reserved Instances are available that allow you to change to a different EC2 type that is equal to or greater than the original and still can save up to %54 compared to on-deman instances
6. Scheduled RIs Are cost effective if you have scheduled workloads that peak at predictable times.
7.Locked to a region
65
What type of applications are best suited for spot instances?
1. Applications that have a flexible start and end time.
2. Applications that are only feasible at low compute prices.
3. Users with a urgent need for large amounts of compute.
66
What are some specific examples of applications that could benefit from spot instances.
1. Image rendering
2. Genomic sequencing
3. Algorithmic trading engines
67
What are the 4 attributes of Dedicated Hosts?
1. Ideal for Compliance or applications where there are regulations against multi-tenant virtualization
2. Ideal for Licensing and software with licenses that don't support cloud deployments.
3. Can be purchased on demand
4. Can be Reserved for a discount up to 70% compared to on-demand
68
What is AMI ?
Amazon Machine Image is the OS running on your EC2
69
What is the Principle of least privilege?
Always give your users the minimum amount of access required to do the job.
70
What is the AWS CLI ?
The AWS CLI is a command line tool that allows you to interact and manage your AWS resources using the command line. It is supported on Linux, Windows and MacOS
71
What is a secret access key?
Its a credential used to identify a user when using the AWS CLI
72
What is a IAM Role?
A role is an identity you can create in IAM that has specific permissions. A role is similar to a AWS user but roles are designed to be for temporary access to certain privileges
Roles can be assumed by people, AWS architecture, or other system-level accounts
Roles can also allow cross-account access.
73
What are the 5 attributes of IAM Roles?
1. Preferred option for granting priveldges.
2. Avoid hard-coding your credentials (roles allow you to provide access without the use of access key IDs and secret access keys)
3 Polices control role's permissions
4. Updates to role's take immediate effect
5. You can attach and detach roles without stoping or terminating a running instance.
74
What are security groups ?
Security groups are like virtual firewalls and allow you to open / restrict certain ports and IP address.
Changes to security groups take effect immediately
you can have any number of EC2 instance within a security group
you can have multiple security groups attached to EC2 instances
All inbound traffic is blocked by default
All outbound traffic is allowed.
75
What is a bootstrap script?
It is a script that runs when your instance first starts and passes user data to the EC2 instance and can be used to install applications as well as do updates.
76
What is EC2 Metadata and give some examples?
EC2 Metadata is data about your EC2 Instance.
- Public/Private IP addresses
- hostname
- security groups
- instance Id
77
What command do you use to get your EC2 MetaData?
Curl http://169.254.169.254/latest/metadata/public-ipv4
78
What are the 3 virtual networking cards available for EC2 instances ?
1. ENI (Elastic Network Interface)
2. EN (Enhanced Networking)
3. EFA (Elastic Fabric Adapter)
79
What is the ideal situation for use ENI ?
Elastic Network interface is good for every day networking.
80
What is the ideal situation to use EN
Enhance Networking is best for when you need high throughput between 10Gbps and 100Gbps.
The two types
- ENA Elastic Network Adapter
- VF Intel 82599 Virtual Function Interface
81
What is the best use for EFA?
Elastic Fabric adapter best for when you need to accelerate High Performance Computing and machine learning applications
82
What's the difference between ENA and Intel 82599 Virtual function
ENA (Elastic network Adapter) is newer and supports up to 100 Gbps and (VF) is older and only supports up to 10Gbps
83
What are the 3 types of EC2 Placement Groups ?
1. Cluster
2. Spread
3. Partition
84
What is the difference between the 3 types of EC2 Placement Groups ?
- Cluster placement is a group of EC2 instance that are in the same availability zone to lower latency and increase throughput
- Spread Placement Groups Are each placed on distinct underlying hardware.
-Partitioned placement groups has its own set of racks each rack has its own network and power source. This allows you to isolate the impact of hardware failures.
85
How do you move an existing instance into a placement group ?
You move the instance into a stopped state then place the instance into a placement group useing the AWS CLI or AWS SDK.
86
Can you merge placement groups ?
No
87
What is AWS recommendation about instances in a cluster group?
AWS recommends that instance in a cluster a homogenous
88
Is it true that certian types of instances can be launched in a placement group ?
Yes,
- Compute optimized,
- GPU,
- memory optimized
- storage optimized
89
How do spot instances work?
To use a spot instance you must first decide on the maximum spot price that you want to pay and submit a spot request. The instance will be provisioned so as long as the spot price is below you maximum spot price.
90
What is a spot block ?
Spot blocks stop your instances from being terminated even if the spot price goes over you max price. Blocks can be between 1 to 6 hours.
91
What are the two request types for spot requests and what's the difference?
1. On-time
2. Persistent
The difference is, to terminate a persistent spot request you must first terminate the request before you terminate the instance otherwise it will continue to reprovision instances
92
What is a spot fleet?
A spot fleet is a collection of spot instances and on Demand instances that will automatically deploy to meet capacity targets within your price restraints.
93
What are the 4 different strategies available for spot fleet pools?
1. CapacityOptimized
2. Diversified
3. Lowest Price
4. InstancePoolsToUseCount
94
What is AWS Outposts ?
AWS outposts brings the AWS data center to you, on-premises. You can have outposts in sizes such as 1U all the way up to 42U racks
95
What is the difference between AWS Outposts rack and AWS Outposts servers?
Aws Outposts rack are for large deployments (in a on premises data center)
AWS Outposts Servers are individual server in 1U or 2U form factor (small space requirements such as retail stores)
