AWS Services

Question 1

Inspector

Answer 1

Inspects EC2 Instances

Network Assessments - Agentless
Host Assessments - With Agen (Installed on OS)

Question 2

Macie

Answer 2

• Discovers & protects sensitive data in AWS

Think personal info. (PII)

Question 3

GuardDuty

Answer 3

Threat detection

Analyse logs uses machine learning to detect threats.

Question 4

Macie

Answer 4

Uses ML to find and protect sensitive data - PII

Question 5

GuardDuty

Answer 5

Uses ML to analyse logs to detect an attack.

Question 6

WAF - Web App Firewall

Answer 6

Web Exploits - Layer 7. App Load Balancer, API GW, CloudFront

Think SQL Injection & Cross-Site Scripting - XSS

Blacklist threats - Geo Match - Rate-based rules.

Question 7

SSM Parameter Store

Answer 7

Store config & secrets. Can use KMS. CloudFormation Intergration.

Think encrypt parameters in Lambda.

Question 8

Neptune

Answer 8

Graph database

Common uses-
Social Networking - Think likes & Comments

Question 9

Step Functions

SWF - Simple WorkFlow

Answer 9

SF
State Machine, Workflow, Orchestrate Lambda funct. - Think Step Functions.

SWF - Now legacy unless external signals and child processes

Question 10

AppSync

Answer 10

Store and sync data across web app and mobile apps

Uses GraphQL

Question 11

Transit Gateway

Answer 11

Connects VPC’s and On-Prem networks

Question 12

PrivateLink

Answer 12

Expose service to VPC e.g. MSP serving app in their VPC to customers VPC.

Question 13

Resource Access Manager - RAM

Answer 13

Share AWS resources with other AWS accounts

Share VPC
AWS Transit GW
Route53 Resolver Rules
Licence Manager Configs

Question 14

CloudTrail

Answer 14

Log events and API calls. Think audit, compliance and governance.

Question 15

EventBridge

Answer 15

NextGen CloudWatch Events

Event Bus - AWS Events - CloudWatch Events

Partner Event Bus - Saas Providers can send events i.e. ZenDesk, DataDog

Custom Events - Custom application events.

Question 16

Glue

Answer 16

ETL - Extract Transform Load

Data from S3/RDS to Glue for ETL then to RedShift Data Warehouse

Question 17

OpenSearch/Elastic Search

Answer 17

Search any field for partial matches in databases

Question 18

Secrets Manager

Answer 18

Store Secrets - Force rotation of secrets.

Integrated with RDS using KMS

Question 19

DataSync

Answer 19

More large amounts of data from on-prem to AWS

The agent needs to be installed.

Question 20

EMR - Elastic MapReduce

Answer 20

Analyse and process big data - Hadoop Clusters

Question 21

Global Accelerator

Answer 21

Uses AWS network route to the application, reduces latency and hops to the destination

Uses AnyCast IP to work

Question 22

SQS Long Polling

Answer 22

Enabled at queue lvl or API lvl using WaitTimeSeconds

Must be set to more than 0 and less than 20

Question 23

AWS Config

Answer 23

Assess, Audit, Evaluate AWS resources.

e.g. Is there unrestricted SSH access to my security groups?

Per Region basis

Can have notifications sent to SNS

Question 24

CloudWatch Metrics

Answer 24

EC2 Default - 5 mins
Detailed - 1 min

Custom Metrics -

RAM, Disk Metrics, In-Depth CPU, NetStat. Processes, Swap Space - Can be installed with SSM

Question 25

SSD Uses & HDD Uses

Answer 25

SSD - small random I/O operations

HDD - large sequential I/O operations

Question 26

Can EBS volumes be edited on the fly?

Answer 26

Yes

Question 27

Geolocation Routing Policy vs Geoproximity

Answer 27

Geolocation - routes traffic based on the location of the users

Geoproximity - routes based on the location of resources

Question 28

Simple, Step, Target Tracking & Scheduled Scaling

Answer 28

Simple - Relies on a metric e.g. CloudWatch alarm for CPU usage over 80%, must wait for the checks and cooldown to complete before scaling further.

Step - Improves simple, scaling happens in stages. It can continue to scale as it triggers more alarms.

Target Tracking - Allows specifying a scaling metric value that the ASG needs to stick to e.g. set the CPU limit to 80% and it will scale out AND in to keep it running at 80%

Scheduled - Set times in the day to scale in and out - Predict demand