AWS SAA IAM,S3,EC2 Flashcards

Question 1

Q

What is a AWS region ?

Answer

A

A physical location in the world that consists of two or more Availability Zones

Question 2

Q

What is a Availibility Zone ?

Answer

A

One or more descrete data centers in a region

Question 3

Q

What are edge locations ?

Answer

A

Edge Locations are smaller data centers used to cache your content to improve latency. They are usually closer to your user. The are used through AWS cloudfront and other services

Question 4

Q

What is the shared responsibility model?

Answer

A

It is a framework for defining the division of responsibility between AWS and the Us.

Question 5

Q

Under the share responsibility model what are we responsible for and what is AWS responsible for?

Answer

A

AWS is responsible for security of the cloud and we are responsible for security in the cloud.

Question 6

Q

What does the operational excellence pillar of the well-architected framework stand for?

Answer

A

Running and monitoring systems to deliver business value and continually improving processes and procedures

Question 7

Q

What are the six pillars of the well-architected framework?

Answer

A

Operational Excellence
Performance Efficiency
Security
Reliability
Sustainability
Cost Optimization

Question 8

Q

What does the Performance Efficiency pillar of the well-architected framework stand for?

Answer

A

Using IT and computing resources efficiently

Question 9

Q

What does the Security pillar of the well-architected framework stand for?

Answer

A

Protecting information and systems

Question 10

Q

What does the Cost Optimization pillar of the well-architected framework stand for?

Answer

A

Avoiding unnecessary costs

Question 11

Q

What does the Reliability pillar of the well-architected framework stand for?

Answer

A

Ensuring a workload performs its intended function correctly and consistently when it’s expected to

Question 12

Q

What region are IAM users created in?

Answer

A

They are not created in a specific region they are created universally / globaly

Question 13

Q

What permissions to do new users have ?

Answer

A

New users have no permissions

Question 14

Q

What are the 7 tasks that require root user access?

Answer

A

Changing your account, name, email address, root user password, and root user access keys.
Restore the user permission of a IAM user if the administrator is somehow locked out.
Activate access to the Billing and Cost Management console
Close the AWS account
Change the AWS support plan
Configure S3 bucket to enable MFA
Edit or delete S3 bucket policy that includes an invalid VPC ID/ Endpoint ID

Question 15

Q

What are the only two things that the root user should be used for?

Answer

A

Creating the first administrator user in IAM
Perform tasks that can be performed only by the root user.

Question 16

Q

What is IAM Federation?

Answer

A

A service for using Single sign-on credentials (Microsoft Active Directory) for logging into AWS using SAML.

Question 17

Q

What is S3?

Answer

A

Simple Storage Service provides a simple, scalable, cost-effective, object storage service that is secure and allows you to store and retrieve any amount of data from anywhere on the web.

Question 18

Q

How does S3 manage your data?

Answer

A

It manages data as objects instead of data blocks which makes it suitable for storing any file type, (videos, photos, code, documents)

Question 19

Q

What are the 3 fundamental attributes of S3?

Answer

A

Scalable and offers unlimited storage
Objects up to a max of 5 TB is size
S3 objects are stored in S3 buckets(similar to folders)

Question 20

Q

What is the most important thing to remember about S3 namespaces?

Answer

A

S3 namespaces must be Globally/Universally unique

Question 21

Q

What is the format of a S3 URL ?

Answer

A

https://<bucket-namespace>.s3.<Region>.amazonaws.com/<key-name(name.jpg)></Region></bucket-namespace>

Question 22

Q

What is the success code when you upload a file to an S3 bucket?

Question 23

Q

What are the 4 key components of a object that is uploaded to S3?

Answer

A

Key (Name of the object)
Value (The data as a sequence of bytes)
Version ID (important if you’re storing multiple versions of the same object)
Metadata (content-type, last-modified …)

Question 24

Q

What are 3 ways to secure S3 buckets?

Answer

A

Server-Side Encryption (You can set default encryption on a bucket to encrypt all new objects)
ACLs ( Access Control Lists) (Define which AWS accounts or groups have access to individual objects)
Bucket Policies specify what actions are allowed or denied by a user (John can PUT but can’t DELETE)

Question 25

Q

What is the consistency model for S3?

Answer

A

Strong Read-After-Write Consistency (Any object are available straight after a successful write)

Question 26

Q

What is the default access policy for S3?

Answer

A

S3 buckets and the objects inside them are private by default. You have to allow public access on the both the bucket and it’s objects in order to make them public

Question 27

Q

What is the default access policy for S3?

Answer

A

S3 buckets and the objects inside them are private by default. You have to allow public access on the both the bucket and it’s objects in order to make them public

Question 28

Q

What’s the difference between bucket policies and ACL?

Answer

A

Access control lists set access to objects while bucket policies affect every object within a bucket except previous versions of objects

Question 29

Q

Whats the best way to setup a static website?

Answer

A

Use S3 bucket

Question 30

Q

What is the scaling policy for S3?

Answer

A

S3 Scales automatically to meet demand

Question 31

Q

What is S3 versioning?

Answer

A

It’s a way to version control objects in a S3 bucket

Question 32

Q

What are the 5 key aspects of S3 versioning ?

Answer

A

All versions of an object are stored in S3 including all writes and deletes
Great tool for backup
Cannot be disabled (once enabled it can only be suspended)
Can integrate with life cycle rules
5 Supports MFA

Question 33

Q

What is the default S3 Storage Class and what are its 3 properties?

Answer

A

S3 Standard:
1. High Availability (99.99%) and (>=3 AZ) Durability (11 9’s)
2. Designed for frequent access
3. Suitable for most workloads (static website, content distribution, big data analytics)

Question 34

Q

What is the S3 class most suitable for data that is accessed less frequently but requires rapid access and what are its 4 properties?

Answer

A

S3 Standard Infrequent Access
1. High Availability (99.99%) and (>=3 AZ) Durability (11 9’s)
2. Rapid access
3. Pay to Access the data (low per GB storage price and per retrieval fee)
4. Great for long-term storage, backups, and data-store for disaster recovery

Question 35

Q

What are the 4 properties of S3 one zone infrequent access?

Answer

A

like S3 Standard-IA but data is stored redundantly within a single AZ
High Availability (99.5%) and (1 AZ) Durability (11 9’s)
Costs 20% less than regular S3 Standard-IA
Great for long-lived, infrequently access non critical data

Question 36

Q

What its the S3 Class that offers the most cost-effective solution for data that may be accessed Frequently and Infrequently and what are its 3 properties?

Answer

A

S3 Intelligent-Tiering
1. High Availability (99.99%) and (>=3 AZ) Durability (11 9’s)
2. Rapid access

Question 37

Q

What are the 4 properties of Glacier S3 Storage

Answer

A

you pay each time you access your data
Use only for archiving
Glacier is cheap storage
Optimized for data that is very infrequently accessed

Question 38

Q

What are the 3 Glacier options and their properties?

Answer

A

Glacier Instant retrieval
long-term data archiving with instant retrieval time for your data.
Glacier Flexible retrieval
Ideal storage class for archive data that does not require immediate
access but needs the flexibility to retrieve large sets at no cost. Can be
minutes or up to 12 hours access time
Glacier Deep Archive
Cheapest storage class and designed for customers that retain data
sets for 7-10 years retrieval time of 12 - 48 hours

Question 39

Q

What is lifecycle management?

Answer

A

Automatically moving your data (objects) through the storage classes to maximize cost-effectiveness
1. can be used in conjunction with versioning
2. can be applied to current versions or previous versions

Question 40

Q

What is a WORM model?

Answer

A

Write once read many. Once data is written it cannot be modified. This gaurantees that data cannot be tampered with.

Question 41

Q

What is S3 Object Lock?

Answer

A

It is a feature that allows you to store object using a write once read many model. It can help prevent objects or buckets from being deleted or modified for a fixed amount of time or indefinetly. you can use it to meet regulatory requirements and it have two modes Governance mode and Compliance mode.

Question 42

Q

What is S3 Object Lock Governance Mode?

Answer

A

Users cant overwrite or delete an object version or alter its lock settings unless they have special permissions

Question 43

Q

What is S3 Object Lock Compliance Mode?

Answer

A

It inforces that a object cannot be modified or deleted by any user including the root user until the retention period has expired.

Question 44

Q

What is the S3 Legal Hold?

Answer

A

S3 legal hold prevents an object version from being modified or deleted, unlike a retention period it does not expire after a set period and must be removed by a user with adequate permissions for the object to be unlocked

Question 45

Q

What is a S3 Object Lock Retention Period ?

Answer

A

S3 Retention Period is a fixed amount of time where a object is protected from modification or deletion

Question 46

Q

What is a Glacier Vault Lock?

Answer

A

S3 Glacier Vault Lock allows you to easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy. You can specifiy controls, such as WORM, in a vault lock policy and lock the policy from future edits. once locked the policy cannot be changed.

Question 47

Q

What are the 3 types of Encryption?

Answer

A

Encryption in Transit
Encryption at Rest: Server-Side Encryption
Encryption at Rest: Client-Side Encryption

Question 48

Q

What are technologies used for Encryption in Transit ?

Answer

A

HTTPS, SSL/TLS

Question 49

Q

What are 3 technologies used for Server-side encryption at rest?

Answer

A

SSE (Server Side Encyrption)
1. SSE-S3: S3-managed keys, using AES 256-bit encryption
2. SSE-KMS: AWS Key Management Service-managed keys
3. SSE-C: Customer-provided keys

Question 50

Q

What is Client Side Encryption at rest?

Answer

A

It’s when the encryption is fully managed locally before uploading to AWS.

Question 51

Q

What are the two ways of enforcing server-side encryption?

Answer

A

Console: Select the encryption setting on you S3 bucket
Bucket Policy: Enforce Encryption using a bucket policy

Question 52

Q

How does a bucket policy enforce SSE during upload ?

Answer

A

It looks for the x-amz-server-side-encryption: (ASE256/ aws:kms) property in the header of a PUT request and it will deny any requests that don’t have it

Question 53

Q

What are S3 prefixes?

Answer

A

S3 Prefixes are like subdirectories in your bucket.
ex. mybucketname/<folder1/subfolder1/myfile.jgp> Prefix is (/folder1/subfolder)

Question 54

Q

Is S3 latency High, Medium, or Low ?

Answer

A

Low 100 - 200 milliseconds

Question 55

Q

What is the throughput for PUT/COPY/POST/DELETE requests on S3 ?

Answer

A

3500 requests per second per prefix

Question 56

Q

What is the throughput for GET/HEAD resquests on S3?

Answer

A

5500 requests per second per prefix

Question 57

Q

What is one strategy for increasing throughput using prefixes?

Answer

A

Spread our data across prefixes because request bandwidth is per prefix.

Question 58

Q

What is the limitation imposed by using SSE-KMS on S3?

Answer

A

All uploads and downloads call the Key management service API which has a region specific quota of 5500, 10000, or 30000 requests per second. KMS quotas cannot be increased.

Question 59

Q

What is a strategy for increasing upload performance for S3?

Answer

A

For files over 100MB it is recommended to use S3 Multipart Uploads. For Files over 5GB this is required.

Question 60

Q

What is a strategy for increasing download performance for S3?

Answer

A

Use S3 Byte-Range Fetches (Multipart downloads)

Question 61

Q

What is S3 Replication and what are the requirement/limitations for enabling it?

Answer

A

S3 Replication is a feature that allows you to automatically have objects copied into one bucket get replicated into another.
1. To activate it Versioning must be enabled.
2. It is important to remember that objects in an existing bucket aren’t automatically replicated
3. By default delete markers aren’t automatically replicated

Question 62

Q

What is EC2?

Answer

A

EC2(Elastic Compute Cloud) is Secure, Resizable compute capacity in the cloud that is designed to make web-scale cloud computing easier for developers.

Question 63

Q

What are the four pricing options for EC2?

Answer

A

On-Demand (Pay by the hour or Second)
Reserved ( 1 - 3 Reservations up %72 discount) The longer you reserve for and more money you pay up front the greater the discount.
Spot (Purchase unused capacity at a discount up to %90)
Dedicated (A physical EC2 server is dedicated for your use)

Question 64

Q

What are the 3 benefits of On-Demand EC2 Instances?

Answer

A

Flexible (low cost, without any up-front payment or long-term commitment)
Short-term (good for spiky or unpredicatble workloads that cannot be interrupted)
Testing (Ideal for test / developing applications)

Answer 64

A

Flexible (low cost, without any up-front payment or long-term commitment)
Short-term (good for spiky or unpredictable workloads that cannot be interrupted)
Testing (Ideal for test / developing applications)

Answer 65

A

Ideal for predictable usage
Ideal when you know specific capacity requirements
Ideal when you can pay up front.
4 A Standard RIs (Reserved instances) can be up to 72% cheaper than a on-demand instance.
Convertible Reserved Instances are available that allow you to change to a different EC2 type that is equal to or greater than the original and still can save up to %54 compared to on-deman instances
Scheduled RIs Are cost effective if you have scheduled workloads that peak at predictable times.
7.Locked to a region

Answer 66

A

Applications that have a flexible start and end time.
Applications that are only feasible at low compute prices.
Users with a urgent need for large amounts of compute.

Answer 67

A

Image rendering
Genomic sequencing
Algorithmic trading engines

Answer 68

A

Ideal for Compliance or applications where there are regulations against multi-tenant virtualization
Ideal for Licensing and software with licenses that don’t support cloud deployments.
Can be purchased on demand
Can be Reserved for a discount up to 70% compared to on-demand

Answer 69

A

Amazon Machine Image is the OS running on your EC2

Answer 70

A

Always give your users the minimum amount of access required to do the job.

Answer 71

A

The AWS CLI is a command line tool that allows you to interact and manage your AWS resources using the command line. It is supported on Linux, Windows and MacOS

Answer 72

A

Its a credential used to identify a user when using the AWS CLI

Answer 73

A

A role is an identity you can create in IAM that has specific permissions. A role is similar to a AWS user but roles are designed to be for temporary access to certain privileges

Roles can be assumed by people, AWS architecture, or other system-level accounts

Roles can also allow cross-account access.

Answer 74

A

Preferred option for granting priveldges.
Avoid hard-coding your credentials (roles allow you to provide access without the use of access key IDs and secret access keys)
3 Polices control role’s permissions
Updates to role’s take immediate effect
You can attach and detach roles without stoping or terminating a running instance.

Answer 75

A

Security groups are like virtual firewalls and allow you to open / restrict certain ports and IP address.
Changes to security groups take effect immediately
you can have any number of EC2 instance within a security group
you can have multiple security groups attached to EC2 instances
All inbound traffic is blocked by default
All outbound traffic is allowed.

Answer 76

A

It is a script that runs when your instance first starts and passes user data to the EC2 instance and can be used to install applications as well as do updates.

Answer 77

A

EC2 Metadata is data about your EC2 Instance.
- Public/Private IP addresses
- hostname
- security groups
- instance Id

Answer 78

A

Curl http://169.254.169.254/latest/metadata/public-ipv4

Answer 79

A

ENI (Elastic Network Interface)
EN (Enhanced Networking)
EFA (Elastic Fabric Adapter)

Answer 80

A

Elastic Network interface is good for every day networking.

Answer 81

A

Enhance Networking is best for when you need high throughput between 10Gbps and 100Gbps.
The two types
- ENA Elastic Network Adapter
- VF Intel 82599 Virtual Function Interface

Answer 82

A

Elastic Fabric adapter best for when you need to accelerate High Performance Computing and machine learning applications

Answer 83

A

ENA (Elastic network Adapter) is newer and supports up to 100 Gbps and (VF) is older and only supports up to 10Gbps

Answer 84

A

Cluster
Spread
Partition

Answer 85

A

Cluster placement is a group of EC2 instance that are in the same availability zone to lower latency and increase throughput
Spread Placement Groups Are each placed on distinct underlying hardware.
-Partitioned placement groups has its own set of racks each rack has its own network and power source. This allows you to isolate the impact of hardware failures.

Answer 86

A

You move the instance into a stopped state then place the instance into a placement group useing the AWS CLI or AWS SDK.

Answer 87

A

AWS recommends that instance in a cluster a homogenous

Answer 88

A

Yes,
- Compute optimized,
- GPU,
- memory optimized
- storage optimized

Answer 89

A

To use a spot instance you must first decide on the maximum spot price that you want to pay and submit a spot request. The instance will be provisioned so as long as the spot price is below you maximum spot price.

Answer 90

A

Spot blocks stop your instances from being terminated even if the spot price goes over you max price. Blocks can be between 1 to 6 hours.

Answer 91

A

On-time
Persistent
The difference is, to terminate a persistent spot request you must first terminate the request before you terminate the instance otherwise it will continue to reprovision instances

Answer 92

A

A spot fleet is a collection of spot instances and on Demand instances that will automatically deploy to meet capacity targets within your price restraints.

Answer 93

A

CapacityOptimized
Diversified
Lowest Price
InstancePoolsToUseCount

Answer 94

A

AWS outposts brings the AWS data center to you, on-premises. You can have outposts in sizes such as 1U all the way up to 42U racks

Answer 95

A

Aws Outposts rack are for large deployments (in a on premises data center)
AWS Outposts Servers are individual server in 1U or 2U form factor (small space requirements such as retail stores)

Brainscape's Knowledge GenomeTM

AWS SAA IAM,S3,EC2 Flashcards

Brainscape's Knowledge Genome^TM