AWS Services Flashcards

Question

AWS Fargate

Answer 1

- Serverless compute engine for containers. - Works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS). - Removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design.

Answer 2

- Amazon Elastic Container Registry (ECR) can be used to store, manage, and deploy Docker container images. - Eliminates the need to operate your container repositories.

Answer 3

- Automated security assessment service that helps improve the security and compliance of applications

Answer 4

- Provides alerts and remediation guidance when AWS is experiencing events that might affect you.

Answer 5

- Software app that runs on a phone or other device and emulates a physical device. - Generates a six-digit numeric code based upon a time-synchronized one-time password algorithm. - The user must type a valid code from the device on a second webpage during sign-in. - Each virtual MFA device assigned to a user must be unique.

Answer 6

- Physical device that you plug into a USB port on your computer. - U2F is an open authentication standard hosted by the FIDO Alliance. - When you enable a U2F security key, you sign in by entering your credentials and then tapping the device instead of manually entering a code.

Answer 7

- Hardware device that generates a six-digit numeric code based upon a time-synchronized one-time password algorithm. - User must type a valid code from the device on a second webpage during sign-in. Each MFA device assigned to a user must be unique.

Answer 8

- Easy-to-use platform-as-a-service for deploying and scaling web applications and services. - Upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring.

Answer 9

- Highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications.

Answer 10

- Fully managed service that provides every developer and data scientist with the ability to build, train, and deploy machine learning (ML) models quickly. - Removes the heavy lifting from each step of the machine learning process to make it easier to develop high-quality models.

Answer 11

- Easy-to-use cloud platform that offers you everything needed to build an application or website, plus a cost-effective, monthly plan. - Offers several preconfigured, one-click-to-launch operating systems, development stacks, and web applications, including Linux, Windows OS, and WordPress.

Answer 12

- Amazon S3’s lowest-cost storage class and supports long-term retention and digital preservation for data that may be accessed once or twice in a year. - Designed for those in highly-regulated industries, such as the Financial Services, Healthcare, and Public Sectors — that retain data sets for 7-10 years or longer to meet regulatory compliance requirements. - Also used for backup and disaster recovery use cases. - It has a retrieval time (first byte latency) of 12 to 48 hours.

Answer 13

- Storage class offering high durability, availability, and performance object storage for frequently accessed data. - S3 Standard has a retrieval time (first byte latency) of milliseconds.

Answer 14

- Storage class designed to optimize costs by automatically moving data to the most cost-effective access tier - It works by storing objects in two access tiers: one tier that is optimized for frequent access and another lower-cost tier that is optimized for infrequent access.

Answer 15

- Secure, durable, and extremely low-cost Amazon S3 cloud storage class for data archiving and long-term backup. -Designed to deliver 99.999999999% durability, and provide comprehensive security and compliance capabilities that can help meet even the most stringent regulatory requirements. - S3 Glacier has a retrieval time (first byte latency) of minutes or a few hours.

Answer 16

- Help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. - Includes AWS CloudFormation templates that automate the deployment and a guide that discusses the architecture and provides step-by-step deployment instructions.

Answer 17

- Technical content authored by AWS and the AWS community to expand your knowledge of the cloud. - They include technical whitepapers, technical guides, reference material, and reference architectures diagrams.

Answer 18

- Monitors your applications and automatically adjusts the capacity to maintain steady, predictable performance at the lowest possible cost. - Easy to setup application scaling for multiple resources across multiple services in minutes. - Pay only for the AWS resources needed to run your applications and Amazon CloudWatch monitoring fees.

Answer 19

- AWS community platform where people can help each other.

Answer 20

- Enables you to manage access to AWS services and resources securely. - Create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources.

Answer 21

- Object storage service that offers industry-leading scalability, data availability, security, and performance.

Answer 22

- Publishes most up-to-the-minute information on the status and availability of all AWS services in tabular form for all Regions that AWS is present in. - AWS Service Health Dashboard offers the possibility to subscribe to an RSS feed to be notified of interruptions to each service.

Answer 23

- Highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications. - Can be used to deliver notifications, but it does not provide current services' status.

Answer 24

- Helps you centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts. - Using AWS Organizations, you can automate account creation, create groups of accounts to reflect your business needs, and apply policies for these groups for governance. - You can also simplify billing by setting up a single payment method for all of your AWS accounts. - AWS Organizations is available to all AWS customers at no additional charge.

Answer 25

- Enables you to makes it easy to centrally manage access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place. - Easily manage SSO access and user permissions to all of your accounts in AWS Organizations centrally. - You can use AWS SSO to quickly and easily assign and manage your employees’ access to multiple AWS accounts.

Answer 26

- Add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. - Authenticate users through social identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions, or by using your own identity system. - It is an identity management solution for customers/developers building B2C or B2B apps for their customers.

Answer 27

- Unified tool to manage your AWS services. - Control multiple AWS services from the command line and automate them through scripts. - Access keys consist of an access key ID and secret access key, which are used to sign programmatic requests to AWS using the CLI or the SDK.

Answer 28

- Helps you ensure that you have the correct number of EC2 instances available to handle the load for your application. - Create collections of EC2 instances, called Auto Scaling groups.

Answer 29

- Load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic where extreme performance is required. - It distributes traffic, does not scale resources.

Answer 30

- Serves as the single point of contact for clients. - Distributes incoming application traffic across multiple targets, such as EC2 instances, in multiple Availability Zones. - It distributes traffic, does not scale resources.

Answer 31

- Fully-managed service that provides you with an interactive browser-based shell and CLI experience. - It helps provide secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, and manage SSH keys.

Answer 32

- Simple and secure way to connect to your Linux instances using Secure Shell (SSH). - Use AWS Identity and Access Management (IAM) policies and principals to control SSH access to your instances, removing the need to share and manage SSH keys.

Answer 33

- Automated security assessment service that helps improve the security and compliance of applications - Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices.

Answer 34

- Highly available and scalable cloud Domain Name System (DNS) web service. - Designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications through domain addresses

Answer 35

- Configuration management service that provides managed instances of Chef and Puppet. - Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. - OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.

Answer 36

- Enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS.

Answer 37

- Monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources such as on-premises servers. - Enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service.

Answer 38

- Enables governance, compliance, operational auditing, and risk auditing of your AWS account. - Log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. - Provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

Answer 39

- Ffor data that is accessed less frequently but requires rapid access when needed. - Unlike other S3 Storage Classes which store data in a minimum of three Availability Zones (AZs), S3 One Zone-IA stores data in a single AZ and costs 20% less than S3 Standard-IA. - S3 One Zone-IA offers the same high durability, high throughput, and low latency of S3 Standard, with a low per GB storage price and per GB retrieval fee.

Answer 40

- For data that is accessed less frequently but requires rapid access when needed. - Matches the high durability, high throughput, and low latency of S3 Standard, with a low per GB storage price and per GB retrieval fee.

Answer 41

- Global partner program for technology and consulting businesses that leverage Amazon Web Services to build solutions and services for customers. - APN Consulting Partners are professional services firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their migration to AWS cloud.

Answer 42

- Provide hardware, connectivity services, or software solutions that are either hosted on or integrated with, the AWS Cloud.

Answer 43

- AWS billing and account experts that specialize in working with enterprise accounts. - They will quickly and efficiently assist you with your billing and account inquiries. - The Concierge Support Team is only available for the Enterprise Support plan.

Answer 44

- Automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses. - Handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. - Three types: Application Load Balancer (best suited for HTTP and HTTPS traffic), Network Load Balancer (best suited for TCP traffic), and Classic Load Balancer.

Answer 45

- Provides the information required to launch an instance. - The AMI must be in the same region as that of the EC2 instance to be launched.

Answer 46

- Fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. - Automatically provides an inventory of Amazon S3 buckets - Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as personally identifiable information (PII).

Answer 47

- Fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics. - AWS Glue job is meant to be used for batch ETL data processing.

Answer 48

- Service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled products. - Polly's Text-to-Speech (TTS) service uses advanced deep learning technologies to synthesize natural sounding human speech.

Answer 49

- Hhelps you protect secrets needed to access your applications, services, and IT resources. - Enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. - Users and applications retrieve secrets with a call to Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text.

Answer 50

- Digital catalog with thousands of software listings from independent software vendors that make it easy to find, test, buy, and deploy software that runs on AWS. - The AWS Marketplace enables qualified partners to market and sell their software to AWS Customers. - AWS Marketplace offers two ways for sellers to deliver software to customers: Amazon Machine Image (AMI) and Software as a Service (SaaS).

Answer 51

- AWS Enterprise Support provides customers with concierge-like service where the main focus is on helping the customer achieve their outcomes and find success in the cloud. - With Enterprise Support, you get access to online training with self-paced labs, 24x7 technical support from high-quality engineers, tools and technology to automatically manage the health of your environment, consultative architectural guidance, a designated Technical Account Manager (TAM) to coordinate access to proactive/preventative programs and AWS subject matter experts.

Answer 52

- AWS recommends Developer Support if you are testing or doing early development on AWS and want the ability to get technical support during business hours as well as general architectural guidance as you build and test.

Answer 53

- AWS recommends Business Support if you have production workloads on AWS and want 24x7 access to technical support and architectural guidance in the context of your specific use-cases.

Answer 54

- Basic support plan is included for all AWS customers.

Answer 55

- Networking connection between two VPCs that enables you to route traffic between them privately. - Instances in either VPC can communicate with each other as if they are within the same network.

Answer 56

- Creates a secure connection between your data center or branch office and your AWS cloud resources. - This connection goes over the public internet.

Answer 57

- Creates a dedicated private connection from a remote network to your VPC. - This is a private connection and does not use the public internet. - Takes at least a month to establish this connection.

Answer 58

- Enables you to privately connect your VPC to supported AWS services and VPC endpoint services powered by AWS PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection.

Answer 59

- Hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. - All data transferred between the gateway and AWS storage is encrypted using SSL (for all three types of gateways - File, Volume and Tape Gateways). - Data encryption is automatically enabled

Answer 60

- Fully-managed petabyte-scale cloud-based data warehouse product designed for large scale data set storage and analysis. - Amazon Redshift requires a well-defined schema.

Answer 61

- Service that enables you to assess, audit, and evaluate the configurations of your AWS resources. - Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

Answer 62

- Provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources. - It is built to scale on-demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth.

Answer 63

- Cloud-based Hardware Security Module (HSM) that enables you to easily generate and use your encryption keys on the AWS Cloud. - Manage your encryption keys using FIPS 140-2 Level 3 validated HSMs. - Fully-managed service that automates time-consuming administrative tasks for you, such as hardware provisioning, software patching, high-availability, and backups.

Answer 64

- Makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. - AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys.

Answer 65

- Weighted routing lets you associate multiple resources with a single domain name (example.com) or subdomain name (acme.example.com) and choose how much traffic is routed to each resource.

Answer 66

- Analyze and debug serverless and distributed applications such as those built using a microservices architecture - With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors

Answer 67

- Allows marketers and developers to deliver customer-centric engagement experiences by capturing customer usage data to draw real-time insights

Answer 68

- Continuous delivery service that enables you to model, visualize, and automate the steps required to release your software. - With AWS CodePipeline, you model the full release process for building your code, deploying to pre-production environments, testing your application and releasing it to production.

Answer 69

- Allow you to use select AWS services, like compute and storage services, closer to more end-users, providing them very low latency access to the applications running locally. - AWS Local Zones are also connected to the parent region via Amazon’s redundant and very high bandwidth private network, giving applications running in AWS Local Zones fast, secure, and seamless access to the rest of AWS services. - You should use AWS Local Zones to deploy workloads closer to your end-users for low-latency requirements.

Answer 70

- Extends the AWS cloud to a global network of 5G edge locations to enable developers to innovate and build a whole new class of applications that require ultra-low latency. - Wavelength Zones provide a high-bandwidth, secure connection to the parent AWS Region, allowing developers to seamlessly connect to the full range of services in the AWS Region through the same APIs and toolsets.

Answer 71

- MFA in which the IAM user settings include the phone number of the user's SMS-compatible mobile device. - When the user signs in, AWS sends a six-digit numeric code by SMS text message to the user's mobile device. - The user is required to type that code on a second webpage during sign-in.

Answer 72

- Cloud service that links your network directly to AWS, bypassing the internet to deliver more consistent, lower-latency performance.

Answer 73

- Service Quotas enables you to view and manage your quotas for AWS services from a central location. - Quotas, also referred to as limits in AWS, are the maximum values for the resources, actions, and items in your AWS account. - Each AWS service defines its quotas and establishes default values for those quotas.

Answer 74

- Easy to use, high-performance block storage service designed for use with Amazon Elastic Compute Cloud (EC2) for both throughput and transaction-intensive workloads at any scale. - A broad range of workloads, such as relational and non-relational databases, enterprise applications, containerized applications, big data analytics engines, file systems, and media workflows are widely deployed on Amazon EBS.

Answer 75

- Provides temporary block-level storage for your EC2 instance. - This storage is located on disks that are physically attached to the host computer. - Instance store is ideal for the temporary storage of information that changes frequently - Instance storage is temporary, data is lost if instance experiences failure or is terminated

Answer 76

- Highly scalable, high-performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances

Answer 77

- Provide you with significant savings (up to 75%) on your Amazon EC2 costs compared to On-Demand Instance pricing. - Reserved Instances are not physical instances, but rather a billing discount applied to the use of On-Demand Instances in your account.

Answer 78

- You have full control over its lifecycle — you decide when to launch, stop, hibernate, start, reboot, or terminate it. - There is no long-term commitment required when you purchase On-Demand Instances. - There is no upfront payment and you pay only for the seconds that your On-Demand Instances are running. - On-demand instances cannot be interrupted.

Answer 79

- Unused EC2 instance that is available for less than the On-Demand price. - Because Spot Instances enable you to request unused EC2 instances at steep discounts (up to 90%), you can lower your Amazon EC2 costs significantly. - Spot Instances are well-suited for data analysis, batch jobs, background processing, and optional tasks. - These can be terminated at short notice, so these are not suitable for critical workloads that need to run at a specific point in time.

Answer 80

- Allow you to use your eligible software licenses from vendors such as Microsoft and Oracle on Amazon EC2 so that you get the flexibility and cost-effectiveness of using your licenses, but with the resiliency, simplicity, and elasticity of AWS. - Physical server fully dedicated for your use, so you can help address corporate compliance requirement.

Answer 81

- The Acceptable Use Policy describes prohibited uses of the web services offered by Amazon Web Services, Inc. and its affiliates (the “Services”) and the website located at http://aws.amazon.com (the “AWS Site”).

Answer 82

- Add speech-to-text capability to your applications. - Amazon Transcribe uses a deep learning process called automatic speech recognition (ASR) to convert speech to text quickly and accurately. - Amazon Transcribe can be used to transcribe customer service calls, to automate closed captioning and subtitling, and to generate metadata for media assets.

Answer 83

- Use to turn text into lifelike speech thereby allowing you to create applications that talk. - Polly's Text-to-Speech (TTS) service uses advanced deep learning technologies to synthesize natural sounding human speech.

Answer 84

- AWS Compute Optimizer helps you identify the optimal AWS resource configurations, such as Amazon EC2 instance types, Amazon EBS volume configurations, and AWS Lambda function memory sizes, using machine learning to analyze historical utilization metrics. - AWS Compute Optimizer delivers recommendations for selected types of EC2 instances, EC2 Auto Scaling groups, EBS volumes, and Lambda functions.

Answer 85

- Fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. - Accelerate static website content delivery, Live & on-demand video streaming, Security, Customizable content delivery with Lambda@Edge

Answer 86

- Customer Data - Platform, Identity & Access Management, Applications - OS, Netowrk, Firewall Configuration - Client Side Data Encryption & Data Integrity Authentication - Server Side Encryption - Netowrking Traffic Protection

Answer 87

- Software: Compute, Storage, Database, Networking - Hardware: Regions, AZ, Edge Locations

Answer 88

- Outline the architectures for popular enterprise solutions on AWS and provide AWS CloudFormation templates to automate their deployment. - Each Partner Solution launches, configures, and runs the AWS compute, network, storage, and other services required to deploy a specific workload on AWS, using AWS best practices for security and availability.

Answer 89

- Petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. - Addresses common challenges with large-scale data transfers, including high network costs, long transfer times, and security concerns. - Migrate analytics data, genomics data, video libraries, image repositories, and backups. Transferring data with Snowball is simple, fast, secure, and can cost as little as one-fifth the cost of using high-speed internet.

Answer 90

- Apply to both the infrastructure layer and customer layers, but in completely separate contexts or perspectives. - AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services. Examples include: Patch Management, Configuration Management, Awareness & Training

Answer 91

- AWS Managed Service - Launches clusters in minutes. You don’t need to worry about node provisioning, infrastructure setup, Hadoop configuration, or cluster tuning. - Amazon EMR takes care of these tasks so you can focus on analysis.

Answer 92

- When your needs change, you can exchange your Convertible Reserved Instances and continue to benefit from the reservation's pricing discount. - With Convertible RIs, you can exchange one or more Reserved Instances for another Reserved Instance with a different configuration, including instance family, operating system, and tenancy.