AWS Solutions Architect Associate Flashcards

1
Q

How is the replication handled for RDS Multi-AZ?

A

Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How long will a failover of an RDS database typically complete

A

one to two minutes.

When failing over, Amazon RDS simply flips the canonical name record (CNAME) for your DB instance to point at the standby, which is in turn promoted to become the new primary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You want to attempt a cold attach for an Amazon Elastic Network Interface.

What does this mean?

A

Attach ENI when the instance is being launched.

Best practices for configuring network interfaces You can attach a network interface to an instance when it’s running (hot attach), when it’s stopped (warm attach), or when the instance is being launched (cold attach).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Application Load Balancer is to front the Auto Scaling Group and distribute the load between the instances.

The VPC is running IPv4 and IPv6.

The last thing you need to do to complete the configuration is point the domain name to the Application Load Balancer.

Using Route 53, which record type at the zone apex will you use to point the DNS name of the Application Load Balancer?

A

“AAAA” Record

“A” Record

Alias with a type “AAAA” record set and Alias with a type “A” record set are correct. To route domain traffic to an ELB, use Amazon Route 53 to create an alias record that points to your load balancer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your dev team has created a new AMI which has been hardened to meet company security standards, and this AMI needs to be deployed on all EC2 instances in the organization. What step or steps do you need to take to deploy this AMI?

A

Replace the launch configuration by a launch template using the new AMI.

AWS recommends that you create Auto Scaling groups from launch templates to ensure that you’re accessing the latest features and improvements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Using CloudFormation to migrate to the new region they’ve discovered a problem with the template.

Whenever the template is created in the new region, it’s still referencing the AMI in the old region.

What steps can you take to automatically select the correct AMI when the template is deployed?

A

Create a mapping in the template. Define the unique AMI value per region.

This is exactly what mappings are built for. By using mappings, you easily automate this issue away. Make sure to copy your AMI to the region before you try and run the template, though, as AMIs are region specific.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The server team has been using Puppet for deployment automations. The decision has been made to continue using Puppet in the AWS environment if possible. If possible, which AWS service provides integration with Puppet?

A

AWS OpsWorks for Puppet Enterprise

Fully-managed configuration management service that hosts Puppet Enterprise, a set of automation tools from Puppet for infrastructure and application management. OpsWorks also maintains your Puppet master server by automatically patching, updating, and backing up your server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which description best describes Amazon Redshift?

A

Near real-time complex querying on massive data sets.

Amazon Redshift is a fast, fully-managed cloud data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The DynamoDB table has a preconfigured read and write capacity. Users have been reporting slowdown issues, and an analysis has revealed the DynamoDB table has begun throttling during peak traffic times. What step can you take to improve game performance?

A

Adjust your auto scaling thresholds to scale more aggressively.

Amazon DynamoDB auto scaling uses the AWS Application Auto Scaling service to dynamically adjust provisioned throughput capacity on your behalf in response to actual traffic patterns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have decided to use AWS Kinesis Data Firehose to stream the data to multiple backend storing services for analytics. Which service is not a viable solution to stream the real time data to?

A

Athena

Amazon Athena is correct because Amazon Kinesis Data Firehose cannot load streaming data to Athena.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the Limit of space on a Snowcone device?

A

8 TB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

you have 25 TB of data that needs to be moved to an S3 bucket. Your company has just finished setting up a 1 GB Direct Connect drop, but you do not have a VPN currently up and running. This data needs to be encrypted during transit and at rest and must be uploaded to the S3 bucket within 21 days. How can you meet these requirements?

A

Use a Snowball device to transmit the data.

This would be the perfect choice to transmit your data. Snowball encrypts your data, so all the security and speed requirements would be met.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Configured a VPC as well as two subnets within the VPC.

Attach an internet gateway to the VPC.

In the first subnet, they create the EC2 instance which will host their web application.

Finish the configuration by making the application accessible from the Internet.

The second subnet has an instance hosting a smaller, secondary application.

But this application is not currently accessible from the Internet. What could be potential problems?

A

The second subnet does not have a route in the route table to the internet gateway.

The EC2 instance does not have a public IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A news media company is using an S3 bucket as a website to serve photos of television personalities within the company. The photos are intended to be served nationwide to local affiliates across the company. But you have found that these photos are being accessed and pirated for other websites not affiliated with the company. What can you do to stop this?

A

Remove public read access from your bucket, then provide your users with pre signed URLs to access the photos.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Security Groups act at what level?

A

The Instance Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is AWS STS?

A

AWS Security Token Service (AWS STS) is the service that you can use to create and provide trusted users with temporary security credentials that can control access to your AWS resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You have been evaluating the NACLs in your company. Most of the NACLs are configured the same:

100 All Traffic Allow
200 All Traffic Deny
* All Traffic Deny

How can the last rule * All Traffic Deny be edited?

A

You can’t modify or remove this rule.

The default network ACL is configured to allow all traffic to flow in and out of the subnets with which it is associated. Each network ACL also includes a rule whose rule number is an asterisk. This rule ensures that if a packet doesn’t match any of the other numbered rules, it’s denied. You can’t modify or remove this rule.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Route 53:

What does TTL Mean?

What does it control?

A

Time to live

Controls how long the DNS record will be Cached

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Using Route 53, how would you direct example.com traffic to various IPs based on the country the user was sending traffic from?

A

Use Geolocation Routing policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

True or False? Route 53 only provides DNS for public IPs.

A

False

Route 53 allows you to host both public and private zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Using Route 53, how would you direct example.com traffic to 1 primary IP with a second one for backup?

A

Use Failover Routing Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

If the visibility timeout on a message in an SQS queue expires, what happens to the message?

A

It’s now available in the queue to be retrieved.

If the timeout expires, the message will again be available in the queue for processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the maximum length of time a message may remain in an SQS queue?

A

14 Days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which service is SNS commonly paired with to alert users that an alarm has gone off?

A

Cloudwatch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What type of subscription can SNS retry if a message fails to deliver?

A

HTTP(S)

SNS can only immediately retry sending a message to an HTTP(S) endpoint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which tool can be used to monitor the queue depth of a DLQ (Dead Letter Queue)?

A

CloudWatch

The go-to tool for any sort of monitoring in AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

If your application needs to process 5,000 messages per second, which type of SQS queue would you use?

A

SQS Standard

This gives you a nearly unlimited number of transactions per second.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What type of service is SQS?

A

Messaging Queue

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

True or False? MFA tokens are required for all new users.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Describe the principle of least privilege?

A

Only assigning the user the minimum amount of permissions that they need to do their job.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Why are IAM users considered “permanent” users?

A

Because once their password, access key, or secret key is set, these credentials don’t automatically rotate or change without human interaction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is the single best thing you can do to secure the root account in AWS?

A

Enable MFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Why is it dangerous to use the AWS root user account?

A

The root user account has full permissions to every service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

True or False? An allow statement in a policy document will override a explicit deny statement.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What does the “EAR” in a policy document stand for?

A

Effect, Action, Resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

How does availability and durability differ in S3?

A

Availability is the ability to access your data

Durability is the ability of AWS to ensure your data is properly stored in S3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What is the largest object you can store in S3?

A

5 TB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

True or False? Each Amazon S3 bucket name is globally unique.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Since S3 is an object-based storage solution, which type of file should never be stored in it?

A

Database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What kind of data should be stored in S3 Standard?

A

Data that is frequently used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

If you have data that needs to be instantly retrievable, but it’s not likely to be needed anytime soon, which S3 storage class would you select?

A

S3 Standard-IA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Versioning on your bucket was recently suspended and, after this, your boss deleted an object whose version ID is null and wants to restore it. What do you do?

A

It’s not possible since versioning was suspended. The object is gone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

True or False? You can create an S3 lifecycle policy to migrate objects from Glacier to Standard-IA.

A

False:

Lifecycle policies can’t work backwards. You can use a lifecycle policy to migrate objects from the more frequently accessed storage classes to the longer-term options, but not the other way around.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Why is versioning not enabled by default on new S3 buckets?

A

It costs money, as you’ll be paying for every additional copy of your objects that you upload.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What is the minimum time that AWS requires you to keep an EC2 instance online after you’ve turned it on?

A

None.

There is no min run time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

True or False? If you restart your EC2 instance the user data will rerun automatically.

A

By default, user data runs one time and one time only.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

When would you want to use a cluster placement group?

A

When you want to reduce network latency in your application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

In EC2 instances, what is user data commonly used for?

A

For bootstrapping an EC2 instance as it comes online

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

You have a small number of critical instances that should be kept separate from each other. You want to ensure that each instance is placed on distinct underlying hardware. What kind of placement group would you pick?

A

A spread placement group would be the best fit.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Why would you want to spin up an EC2 Dedicated Host?

A

Because your application has hardware-specific licensing requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What is NOT a valid use case for IAM roles?

A

Assuming a role to allow a user to SSH into an EC2 instance and install updates.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What are IAM Roles used for?

A

IAM roles are designed to be used with AWS API calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What type of storage does EFS offer?

A

File

Can only be used natively with Linux based OS

Elastic File System / Elastic File Storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

True or False? You can create an unencrypted EBS volume from an encrypted snapshot by unselecting the “encryption” check box when restoring it.

A

False. You cannot unencrypt with this method.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

True or False? Amazon Machine Images are Region specific. To use one in another Region, it needs to be explicitly copied there.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

You’re trying to mount an EBS volume in Availability Zone (AZ) A to an EC2 instance in AZ B. Why isn’t it working?

A

EC2 instances must be in the same AZ as the EBS volumes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

True or False? Only certain types of EC2 instances support hibernation.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

You just took a snapshot of an EBS volume. Where is it stored?

A

S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

You’ve been tasked with creating a file system for a Linux workload that should handle massive datasets, up to hundreds of gigabytes per second. What AWS service would you use?

A

FSx for Lustre is built for just this kind of task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

True or False? EBS volumes are encrypted by default.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

You’ve been tasked with creating a highly performant database on your EC2 instance. What type of EBS volume will support the high level of IOPS that you require?

A

Provisioned IOPS would be the best option in this instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

True or False? Amazon FSx for Lustre can’t store data directly on Amazon S3.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Why would you consider hibernating an EC2 instance over stopping and starting it?

A

You have an application that takes a long time to load. Hibernating the instance prevents you from having to reload it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What is the purpose of an Amazon Machine Image (AMI)?

A

It’s a template to create a new EC2 instance from.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What is a feature that does RDS Aurora NOT support?

A

Universal HA is not a feature of Aurora.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

What should you do to scale out an RDS database that has a read-heavy workload?

A

Add additional read replicas.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

True or False? RDS read replicas have their own endpoints.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What is NOT a supported RDS database engine?

A

IBM Db2 is not a supported database engine

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

True or False? RDS read replicas can be created in different Regions from the source DB instance.

A

True

You may use a read replica for disaster recovery of the source DB instance, either in the same AWS Region or in another Region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

True or False? DynamoDB lives in your VPC.

A

False

DynamoDB is not deployed into your VPC. Your VPC must have an internet gateway or a VPC endpoint configured to access resources such as Amazon DynamoDB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Fill in the blank: DynamoDB is a ____ database.

A

Non-Relational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

What is the longest you can store an automatic RDS backup?

A

35 Days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Amazon Aurora is compatible with which database engines?

A

MySQL and Postrgres

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

What type of read would you use with DynamoDB if you can’t have stale data in your application?

A

Strongly Consistent Reads

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

True or False? Direct Connect provides you with an encrypted connection to your AWS account by default.

A

False.

Direct Connect is not encrypted by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

How do you scale a NAT Gateway?

A

You don’t. AWS does this automatically for you.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

Your security team will only approve S3 usage if your EC2 instances don’t transmit data over the public internet. What service can you use to comply with this requirement?

A

VPC Endpoints are used to keep your traffic to AWS services out of public networking space.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

Network Access Control Lists (NACLs) are Stateful or Stateless?

A

Stateless

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

By default, what range of IP addresses and ports do security groups leave open for inbound traffic?

A

None. They are closed by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Where are Network Access Control Lists (NACLs) located?

A

NACLs are located at the subnet level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

Why would you use Transit Gateway over VPC peering?

A

Transit Gateway is designed for when you have too many VPCs to peer together

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

What is the IPv4 CIDR block of the default VPC?

A

172.31.0.0/16 is the IPv4 CIDR block for the Default VPC provided by AWS out of the box.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

When would you want to use Direct Connect?

A

When you need a high-speed private connection from your on-premises environment to AWS

Direct Connect is designed for on-premises to AWS communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
84
Q

What is a reason that VPC peering could fail?

A

VPCs have overlapping IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
85
Q

What instance will a NLB (network load balancer) load balancer send traffic to if no hosts are healthy?

A

It will try to send traffic to all the instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
86
Q

What kind of ELB load balancer would you select if you need to route traffic based on the contents of the request?

A

Application Load Balancer (ALB)

Routing based on the type of request (GET, POST, etc)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
87
Q

If you’re building an application that needs to support an extreme level of networking traffic, which type of ELB load balancer would you pick?

A

Network Load Balancer (NLB)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
88
Q

Which layer of the OSI model does the ALB function on?

A

Layer 7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
89
Q

True or False? By default, ELB load balancers will use static IPs and these will not change.

A

False:

IPs will change unless you specifically configure static IPs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
90
Q

What benefit do you get from configuring health checks on an ELB load balancer?

A

Instances that fail the health check will not receive traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
91
Q

Which layer of the OSI model does the NLB function on?

A

Layer 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
92
Q

Which kind of ELB load balancer would you use if you need extreme levels of performance?

A

Network Load Balancer

NLB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
93
Q

Which type of ELB load balancer has AWS deprecated and should not be used?

A

Classic Load Balancer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
94
Q

Which tool would you use to monitor the CPU usage on an EC2 instance?

A

CloudWatch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
95
Q

Which web service and feature can be used to monitor, store, and access your log files from Amazon EC2 instances, AWS CloudTrail, Route 53, and other sources?

A

CloudWatch Logs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
96
Q

What is the default CloudWatch metric interval?

A

5 minutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
97
Q

True or False? CloudWatch Logs allows you to create event patterns that look for certain things happening in your logs.

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
98
Q

What are the W’s of scaling?

A

What

When

Where

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
99
Q

What setting in your Amazon EC2 Auto Scaling group determines how many instances you need online right now?

A

Desired Capacity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
100
Q

You would select _____ capacity for a DynamoDB table with a predictable workload.

A

Provisioned is the best option for a predictable workload.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
101
Q

What type of capacity should be selected for a DynamoDB table with a sporadic workload?

A

On-Demand

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
102
Q

What tool can be used to notify you of scaling events?

A

SNS

Simple Notification Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
103
Q

What RDS database engine offers a serverless scaling option?

A

Aurora is the only engine that offers a serverless scaling option

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
104
Q

What AWS resource defines the configuration of instances created by EC2 Auto Scaling?

A

Launch templates are the best way to define what your instances will look like.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
105
Q

If you need to change the AMI included in a launch template, what should you do?

A

Create a new version of the launch template with the updated AMI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
106
Q

How can you automatically register EC2 instances with an ELB load balancer when they are launched?

A

Attach the Load Balancer to an Auto Scaling group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
107
Q

How can you create a highly available application using EC2 Auto Scaling?

A

Define multiple AZs in your Auto Scaling group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
108
Q

What setting would prevent a launch template from being used with EC2 Auto Scaling?

A

Including networking information

You can include EC2 size, ELB, and user Data (start up scripting).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
109
Q

Amazon _____ is the most common service used to trigger a scaling event in an EC2 Auto Scaling group.

A

CloudWatch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
110
Q

Which layers of our applications need to be loosely coupled?

A

Internal and external

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
111
Q

What is the largest message size you can store in SQS?

A

256KB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
112
Q

What kind of architecture does AWS recommend building?

A

Loosely Coupled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
113
Q

How can you ensure that your SQS messages arrive in the correct order?

A

SQS FIFO guarantees that your messages will arrive in the correct order

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
114
Q

API Gateway is commonly built __ your applications.

A

in front of

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
115
Q

What type of firewall can be used in conjunction with API Gateway to help prevent DDoS attacks?

A

Web Application Firewall (WAF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
116
Q

SNS is a _____-based messaging service.

A

Push

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
117
Q

Which tool can be used to sideline malformed SQS messages?

A

Dead Letter Queue

DLQ

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
118
Q

_____ allows you to transform data using SQL as it’s being passed through Kinesis.

A

Kinesis Data Analytics

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
119
Q

You can use _ to build a schema for your data, and _ to query the data that’s stored in S3.

A

Glue - Build Schema or “glue data together”

Athena - Ability to query data with SQL in S3 buckets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
120
Q

What type of database is Redshift?

A

Relational

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
121
Q

True or False? You are responsible for scaling Glue performance.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
122
Q

What service allows you to directly visualize your data in AWS?

A

QuickSight

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
123
Q

How much data can a Redshift database hold per cluster?

A

16 PetaBytes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
124
Q

True or False? Redshift supports multi-AZ deployments.

A

False

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
125
Q

What service would you use in combination with Kibana and Logstash to create an ELK stack?

A

Elasticsearch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
126
Q

What type of work does EMR perform?

A

Extract Transform, and Load

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
127
Q

_____ provides real-time streaming of data.

A

Kinesis Data Streams

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
128
Q

How long are automatic Redshift backups retained by default?

A

1 day.

This can be increased to 35 days.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
129
Q

Which service provides the easiest way to run ad-hoc queries across multiple objects in S3 without the need to setup or manage any servers?

A

Athena

Allows you to query info in S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
130
Q

What AWS service can create EC2 instances and place containers in them based on your task definitions?

A

ECS

Elastic Container Service?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
131
Q

Which open-source container management engine powers EKS?

A

Kubernetes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
132
Q

What feature of ECS and EKS allows you to run containers without having to manage the underlying hosts?

A

Fargate allows you to run containers without using EC2 instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
133
Q

Which IAM entity is assigned to a Lambda function to provide it with permissions to access other AWS APIs?

A

Role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
134
Q

What is the maximum length of time Lambda can run?

A

15 minutes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
135
Q

Which of the following is a common trigger for Lambda?

A

Cloud Watch Events (EventBridge)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
136
Q

Which AWS service allows you to use Fargate without needing ECS or EKS?

A

None.

Fargate requires either ECS or EKS. Cannot run by itself

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
137
Q

What is the maximum amount of RAM you can allocate to a single Lambda function?

A

10 GB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
138
Q

Where are container images stored?

A

In a container registry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
139
Q

What type of file is used to build a container image?

A

Dockerfile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
140
Q

What is one thing EC2 instances allow you to configure but a serverless application doesn’t?

A

Operating System

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
141
Q

What is NOT a supported Lambda runtime?

A

COBOL

Can run:

Java
Node.js
Python

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
142
Q

Your boss requires automatic key rotation for your encrypted data. Which AWS service supports this?

A

KMS

Key Management Service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
143
Q

What is the best way to deliver content from an S3 bucket that only allows users to view content for a set period of time?

A

Create a presigned URL using S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
144
Q

What is the easiest way to log API calls in AWS?

A

Enable CloudTrail and pick an S3 bucket to store the logs in.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
145
Q

What is NOT a data source for GuardDuty?

A

RDS Event History

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
146
Q

True or False? Amazon Inspector requires an agent for host assessment rules packages.

A

True

The agent is required for host assessment rules packages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
147
Q

What kind of findings can AWS Inspector discover?

A

Insufficient patching of applications on an EC2 instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
148
Q

What service does Macie monitor once you’ve enabled it?

A

S3

Macie Inspects S3 buckets for PII with machine learning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
149
Q

What is the easiest way to ensure your CloudTrail logs haven’t been tampered with?

A

Enable log file validation in your trail.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
150
Q

What three components are required in all IAM policy documents?

A

Effect, Action, Resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
151
Q

Which Layers does Shield provide protection on?

A

Layers 3 and 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
152
Q

What is the minimum length of time before you can schedule a KMS key to be deleted?

A

7 Days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
153
Q

Where is the most cost effective place to store your database passwords in a secure manner?

A

Parameter Store

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
154
Q

Which AWS service supports automatic rotation of RDS security credentials?

A

Secrets Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
155
Q

In general, what does a DDoS attack entail?

A

A large number of connections overwhelms your architecture. Your application is unable to answer the legitimate requests that are sent to it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
156
Q

Which Layers does WAF provide protection on?

A

Layer 7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
157
Q

True or False? You must explicitly deny all API calls that a user shouldn’t be able to make.

A

False

All API calls are set to Deny, you must explicitly enable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
158
Q

What part of a CloudFormation template allows you to pass values into the template?

A

Parameters

159
Q

Your brand new CloudFormation stack just encountered an error. What happens to the resources that it had created?

A

They are terminated

160
Q

What does it mean to have “immutable pattern”?

A

It can be destroyed and rebuilt with relative ease using automated processes.

161
Q

What is a common use case for the AWS Systems Manager Parameter Store “SecureString” parameter?

A

For storing values that need to be encrypted and referenced in a secure manner.

162
Q

Whenever possible, we should focus on __ processes over doing things ____.

A

automating

manually

163
Q

ElasticBeanstalk is an example of ___.

A

Platform as a Service (PaaS)

164
Q

What is NOT a benefit of using ElasticBeanstalk to deploy your application?

A

It will not rewrite your applications from any language into python.

It can:

Deploy and update your application for you

Maintain full control over all your architecture

Automatically replace instances that fail

165
Q

Systems Manager can be used to patch and update _ and __.

A

EC2 instances, on-premise instances

166
Q

How do caches help improve performance?

A

They reduce the amount of trips that are required to the source of the data.

167
Q

CloudFront is commonly used to front ____.

A

S3 Buckets

168
Q

DAX is designed to sit in front of what AWS data service?

A

DynamoDB

169
Q

What 2 types of caches are supported by ElastiCache?

A

Redis and Memcached

170
Q

What AWS service allows you to easily deal with public IP caching issues?

A

Global Accelerator

171
Q

What’s the place where caches can be best used?

A

Anywhere possible!

172
Q

True or False? Global Accelerator is the only AWS service that allows you to create weights for your application endpoints.

A

False

Route 53 can do this as well.

173
Q

What type of physical AWS architecture does CloudFront use to improve performance?

A

Edge Locations

174
Q

Where should AWS SSO NOT be used?

A

For external users authenticating to a mobile application

175
Q

Where is the account ID placed when setting up cross-account role access?

A

In the role trust policy.

176
Q

True or False? Config offers real-time evaluation of rule violations.

A

False

Config doesn’t evaluate in real time

177
Q

How can you stop a root user from terminating EC2 instancesHow can you stop a root user from terminating EC2 instances?

A

Apply a service control policy (SCP) to the account to deny this action

178
Q

True or False? Other accounts can automatically assume your roles.

A

False

Roles access needs to be given out. Not there by default.

179
Q

True or False? An Allow permission in a IAM Policy Document will override a Deny in a service control policy (SCP).

A

False

180
Q

What are the versions of Directory Service?

A

AD Connector

Managed Microsoft AD

Simple AD

181
Q

What AWS service should be used to assist with managing Active Directory?

A

Directory Service

182
Q

Cognito is designed to be used with ____.

A

Mobile applications

183
Q

True or False? By default, Trusted Advisor will send you alerts when it finds an issue.

A

False

This doesn’t happen by default. You would have to set up the alerts.

184
Q

Config can be used to _ and __.

A

Config can be used to track AWS resources and enforce best practices.

185
Q

How can you consolidate the AWS bill for your organization?

A

Enable Consolidated Billing

186
Q

True or False: DataSync is an agentless data migration solution.

A

False.

DataSync requires an agent

187
Q

Which tool would you use for a one-time migration of data into AWS if cost is a factor?

A

AWS DataSync

188
Q

Which tool would you use to organize and track your cloud migration?

A

Migration Hub

189
Q

What would be the best way to migrate 80TB of data into S3 if you have limited bandwidth at your datacenter?

A

Snowball

190
Q

What tool would you use to migrate from an Oracle database to Aurora?

A

Schema Conversion Tool

191
Q

What is the easiest way to start sending your tape backups into AWS rather than keeping them on prem?

A

Tape Gateway

192
Q

Which tool would you use to migrate a database from on-premises to RDS?

A

Database Migration Service

193
Q

What is the easiest way to keep a copy of your data cached locally as well as backed up in S3, where you can store and retrieve objects using industry-standard file protocols such as Network File System (NFS) and Server Message Block (SMB)?

A

File Gateway

194
Q

Which AWS tool would you use to integrate S3 and an application that only supports FTPS transfers?

A

Transfer Family

195
Q

What can an EBS volume do when snapshotting the volume is in progress?

A

The volume can be used normally while the snapshot is in progress.

Read and write is possible while snapshotting is occurring.

196
Q

You have many Auto Scaling Groups that utilize launch configurations.

Many of these launch configurations are similar yet have subtle differences.

You’d like to use multiple versions of these launch configurations.

An ideal approach would be to have a default launch configuration and then have additional versions that add additional features.

Which option best meets these requirements?

A

Use Launch Templates Instead

Contain AMI, Instance type, key pair, sec group, and other parameters. Automatically supports versioning.

197
Q

You have many Auto Scaling Groups that you need to create.

One requirement is that you need to reuse some software licenses and therefore need to use dedicated hosts on EC2 instances in your Auto Scaling Groups.

What step must you take to meet this requirement?

A

Use Launch Templates to use more advanced AWS EC2 configurations.

This allows you to specify Dedicated Hosts

198
Q

You have configured an Auto Scaling Group of EC2 instances fronted by an Application Load Balancer and backed by an RDS database.

You want to begin monitoring the EC2 instances using CloudWatch metrics.

Which metric is not readily available out of the box?

A

Memory utilization

Memory utilization is not available as an out of the box metric in CloudWatch. You can, however, collect memory metrics when you configure a custom metric for CloudWatch.

199
Q

What are Custom Metrics that you can set up for CloudWatch?

A

Memory utilization

Disk swap utilization

Disk space utilization

Page file utilization

Log collection

200
Q

What is DynamoDB?

A

DynamoDB is a NoSQL database that supports key-value and document data structures.

Good for Web Session Data

Good For storing Metadata for S3 Objects

201
Q

A key component in the Disaster Recovery plan will be the database instances and their data.

An aggressive Recovery Time Objective (RTO) dictates that the database needs to be synchronously replicated. Which configuration can meet this requirement?

A

RDS Multi AZ

Provide enhanced availability and durability for RDS DB.

202
Q

The company wants to establish Recovery Time and Recovery Point Objectives.

The RTO and RPO can be pretty relaxed.

The main point is to have a plan in place, with as much cost savings as possible.

Which AWS disaster recovery pattern will best meet these requirements?

A

Backup and Restore.

Least expensive option available to have back up and recovery options with loose RTO and RPO.

203
Q

Which Type of Load Balancer can support Path based and Host based Routing?

A

Application Load Balancer (ALB)

204
Q

What Amazon Database option can support 24,000 read units per second and 3,300 write units per second, and scale for spikes and off-peak?

A

DynamoDB

205
Q

An Application Load Balancer is fronting an Auto Scaling Group of EC2 instances, and the instances are backed by an RDS database.

The Auto Scaling Group has been configured to use the Default Termination Policy.

You are testing the Auto Scaling Group and have triggered a scale-in. Which instance will be terminated first?

A

The instance launched from the oldest launch configuration.

206
Q

In Auto Scaling Groups, what is the difference between a Launch Configuration and a Launch Template?

A

Launch Configurations are an older model used for Auto Scaling Groups. These do not support Versioning.

Launch Templates are newer, and are able to work with more AWS resources and services and are recommended. Launch Templates support Versioning.

207
Q

Your boss has tasked you with decoupling your existing web frontend from the backend.

Both applications run on EC2 instances.

After you investigate the existing architecture, you find that (on average) the backend resources are processing about 5,000 requests per second and will need something that supports their extreme level of message processing.

It’s also important that each request is processed only 1 time. What can you do to decouple these resources?

A

Use SQS Standard.

Include a unique ordering ID in each message, and have the backend application use this to deduplicate messages.

208
Q

What is the SQS FIFO (First in First Out) Messaging limit?

A

3000 messages per second

209
Q

What are two key concepts regarding subnets?

A

Every subnet you create is associated with the main route table for the VPC.

Each subnet maps to a single Availability Zone.

210
Q

You have configured a VPC with both a public and a private subnet.

You need to deploy a web server and a database. You want the web server to be accessed from the Internet by customers.

Which is the proper configuration for this architecture?

A

Web server in public subnet.

Database in private subnet.

211
Q

An organization of about 100 employees has performed the initial setup of users in IAM.

All users except administrators have the same basic privileges. But now it has been determined that 50 employees will have extra restrictions on EC2.

They will be unable to launch new instances or alter the state of existing instances. What will be the quickest way to implement these restrictions?

A

Create the appropriate policy.

Create a new group for the restricted users.

Place the restricted users in the new group and attach the policy to the group.

212
Q

You are managing S3 buckets in your organization.

This management of S3 extends to Amazon Glacier.

For auditing purposes you would like to be informed if an object is restored to S3 from Glacier.

What is the most efficient way you can do this?

A

Configure S3 notifications for restore operations from Glacier.

213
Q

A consultant is hired by a small company to configure an AWS environment.

The consultant begins working with the VPC and launching EC2 instances within the VPC.

The initial instances will be placed in a public subnet.

The consultant begins to create security groups. How many security groups can be attached to an EC2 instance?

A

You can assign up to five security groups to the instance.

214
Q

What is an AWS Security Group

A

A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.

215
Q

What is true of security group rules for allow and deny?

A

You can specify Allow rules but not Deny Rules

216
Q

Describe AWS Direct Connect.

A

A private, dedicated network connection between your facilities and AWS

217
Q

You have been put in charge of configuring a hybrid environment for the company’s compute resources.

The main requirements to drive this selection are overall cost considerations and the ability to reuse existing internet connections. Which technology best meets these requirements?

A

AWS VPN

Lets you reuse existing VPN equipment and processes, and reuse existing internet connections.

It is an AWS-managed high availability VPN service.

It supports static routes or dynamic Border Gateway Protocol (BGP) peering and routing policies.

218
Q

You are working in a large healthcare facility which uses EBS volumes on most of the EC2 instances.

The CFO has approached you about some cost savings and it has been decided that some of the EC2 instances and EBS volumes would be deleted.

What step can be taken to preserve the data on the EBS volumes and keep the data available on short notice?

A

Take point-in-time snapshots of your Amazon EBS volumes.

You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots.

219
Q

What is an AWS Region?

A

A Region is a physical location in the world

that consists of 2 or more Availability Zones.

220
Q

What is an AWS Availability Zone?

A

1 or more discrete data centers,
each with redundant power, networking, and connectivity,
which is housed in separate facilities.

221
Q

What is the minimum number of AZs in a Region?

A

2 Availability Zones

in a Region.

222
Q

In the Shared Responsibility model, is Encryption -

AWS responsibility

Client responsibility

Shared Responsibility

A

Shared.

AWS encrypts specific things, it’s up to you to create settings that encrypt data that is uploaded and in transit depending on service.

223
Q

What format are IAM Policy Documents in?

A

Java Script Object Notation

JSON

224
Q

is IAM Universal or Regional?

A

Universal

225
Q

When you create a user, what permissions do they start with?

A

None.

You must add them to a group where they will then inherit permissions from that group.

226
Q

Can you apply an IAM Policy Document to a User?

A

Yes you can, but this is not best practice

227
Q

What do users need for programmatic access to AWS resources?

A

You will need an Access Key and a Secret Access Key.

These are not the same as Usernames and Passwords

228
Q

How many times can you see your Secret Access Key and Access Key?

A

Only once. If you do not have these for some reason you’ll need to recreate them, and this can only be viewed once as well.

229
Q

What is IAM Federation?

A

The ability to combine your existing user accounts with AWS. Using something like MS Active Directory.

This allows your users to have the same credentials across both enviros

230
Q

What protocol does IAM Federation use for Authentication?

A

SAML

Security Authentication Markup Language

231
Q

What Kind of Storage is S3?

A

Object Based Storage

It’s not suitable for operating systems or database storage

232
Q

What is the Max Individual File size for S3?

A

5TB

Overall storage is unlimited

233
Q

When you upload files to S3, what code do you receive?

A

HTTP 200 status code

234
Q

What is the Key for the objects in S3?

A

The Key is the file name

The Value is the data itself

235
Q

When you create an S3 bucket, is it private or public by default?

A

Private by default. You must enable public access

236
Q

What is something you can use with your S3 buckets and objects in them to restrict access?

A

Access Control List (ACL)

This is a way of giving permissions or preventing deletion of the ojbect

237
Q

What are S3 Bucket Policies?

A

You can use bucket policy to enforce entire bucket wide rules like anti deletion, or to make the bucket public.

238
Q

In S3, can you turn versioning off?

A

No.

You can suspend versioning, but you cannot turn it off once enabled.

239
Q

What is S3 Standard Storage good for?

A

Most workloads–

websites

content distribution

mobile and gaming applications.

240
Q

What is S3 Standard-Infrequent Access good for?

A

Long-term, infrequently accessed but critical data.

Backups, your data store
for your disaster recovery, etc.

241
Q

What is S3 One Zone-Infrequent Access is great

for?

A

long-term, infrequently accessed but non-critical data

because it is only going to be in 1 Availability Zone

242
Q

What is the retrieval time for S3 Glacier?

A

Under 12 hours

243
Q

What is the retrieval time for S3 Glacier Deep Archive?

A

12 Hours or more

244
Q

What is S3 Intelligent-Tiering?

A

Uses machine learning
to move your objects between the different tiers
to save you the most amount of money.

245
Q

What is S3 Object Lock?

A

Uses the WORM Model

(Write Once Read Many)

Can be used on objects or as a bucket policy.

246
Q

How many modes does S3 Object Lock have, and what are they?

A

2 modes:

Compliance Mode - Bans all users
from being able to access or to be able to write
and delete those object including the root account.

Governance Mode - users can’t overwrite
or delete an object version after its lock settings
unless they have special permission

247
Q

What is S3 Glacier Vault Lock?

A

Similar to S3 Object lock.

Easily deploy and enforce compliance controls
for individual S3 Glacier vaults with a vault lock policy.

After specifying a control, such as a WORM model,
in a vault lock policy, you cannot edit after locking the policy

248
Q

What are the two methods for Encryption with S3?

A

Encryption in Transit - Sending data to S3

Encryption at Rest - Server Side Encryption (SSE)

249
Q

How many types of Server Side Encryption for S3 are there?

A

3 types -

AES 256 handled by AWS

KMS - Key Management Service (AWS External Service Service)

Client side encryption - SSE-C - Encrypt the files yourself before uploading.

250
Q

What are S3 Prefixes?

A

Prefix is simply the folder
and then subfolder within a S3 bucket.

3,500 put, copy, post, deletes
and then 5,500 get and head requests
per second, per prefix.

251
Q

In S3 using SSE (server-side
encryption) KMS to encrypt your objects in S3,
what are the request limits generally?

A

The built-in limits are region specific,
but it’s either going to be 5,500,
10,000, or 30,000 requests per second. Upload or download.

252
Q

How can you increase S3 Upload Performance?

A

Use Multi Part upload. Required for files over 5 GB

253
Q

How can you increase S3 Download Performance?

A

Use S3 byte-range fetches to increase performance

to download our files from S3.

254
Q

S3 replication can be where?

A

Cross Region or in the Same Region

255
Q

EC2, what is On-Demand Pricing?

A

Pay by the second or the hour
depending on the type of instance that you run.
And it’s great for flexibility.
No long-term contracts

256
Q

EC2, what are Spot Instances?

A

Purchase unused capacity
at a discount of up to 90%.

And the prices fluctuate with supply and demand.

And it’s great for applications
with flexible start and end times.

257
Q

EC2, what are Reserved instances?

A

Reserve your capacity
for 1 to 3 years.

The more you pay up front
the greater savings that you have.

You can save up to 72% discount on the hourly charge.

Great if you’ve got known or fixed requirements.

258
Q

EC2, What are Dedicated Instances?

A

Physical EC2 server
that’s dedicated for your use.

And it’s great if you have server-bound licenses to reuse or compliance requirements

259
Q

IAM Policies can control what permissions?

A

Roles

Users

Groups

260
Q

When you update an IAM Policy, when does this take effect?

A

Immediately

261
Q

When you change a Security Group, when do those changes take effect?

A

Immediately

262
Q

How many EC2 Instances can you have in a security group?

A

Any Number of Instances

263
Q

When you create a Security Group, what traffic is configured by default?

A

All Inbound traffic is blocked

All Outbound traffic is allowed

264
Q

With EC2 instances, what is metadata?

A

Metadata is data about your EC2 instances.

This is IP Addresses and other useful information about your instance

265
Q

What is ENI

A

Elastic Network Interface.

This is for basic networking.

266
Q

What is Enhanced Networking

A

When you need speeds between 10 gigabits per second and 100 gigabits per second.

Reliable and high throughput

267
Q

with Networking, What are EFAs?

A

Elastic Fabric Adapters

Where you need to have
high-performance computing and machine-learning applications bypass OS level to have more throughput and better performance

268
Q

With EC2, what is a placement group?

A

logical grouping of EC2 instances.

269
Q

With EC2, what is a spread placement group?

A

EC2 instances on separate hardware

270
Q

With EC2, where would you want to use a Partition Placement Group?

A

Multiple EC2 instance with something like HDFS, HBase, and Cassandra

271
Q

True or False:

With EC2, Cluster Placement groups can span multiple AZs?

A

False

272
Q

With EC2, can any type of instances be launched into placement groups?

A

No, only specific types of instances can be placed into Placement Groups:

Compute Optimized

GPU Optimized

Memory Optimized

Storage Optimized

273
Q

True or False:

With EC2 Placement groups, you cannot merge groups?

A

True

274
Q

What is EC2 Spot Block?

A

This stops spot instances from being terminated at the specific threshold.

275
Q

In EBS, what are GP2 and GP3 devices?

A

General purpose SSDs, GP3 is the improved next generation storage

276
Q

In EBS, what is io1 and io2?

A

Provisioned IOPS SSD. More throughput and performance

io2 is the new version of this drive

277
Q

In EBS, what is sc1

A

Less frequently accessed drive ability. Cannot be a boot volume.

One of the lowest costs.

278
Q

Where do EBS snapshots live?

A

S3

279
Q

True or False:

You can share EBS snapshots between Accounts and Regions?

A

True.

You need to be able to move those to the target region.

280
Q

What else are Instance Store Volumes called?

A

Ephemeral Storage

281
Q

What is an AMI?

A

An EC2 Blueprint containing information about architecture, OS, and other details to spin up exact EC2 instance configurations you need.

282
Q

How do you encrypt a root volume that IS NOT already encrypted?

A

Create a snapshot of the unencrypted root device volume.

Create a copy of that snapshot selecting the encrypt option.

Create an AMI from the encrypted snapshot,

Use that AMI to launch a new encrypted instance.

283
Q

What does EC2 Hibernation mean?

A

Preserves the in-memory RAM
on the EBS Disk

Faster boot up with no need to reload the operating system.

284
Q

What Class of EC2 instances support Hibernation?

A

C, M, and R class instances

285
Q

What is EFS?

A

Elastic File Service.

Auto adjust Network File System.

Read after write consistency

286
Q

What is AWS FSx ?

A

Centralized storage for windows based applications.

287
Q

What is Amazon FSx for Lustre?

A

High capacity, high speed, distributed storage for high performance computing.

Can store data directly on S3

288
Q

What are the RDS Database flavors?

A

SQL Server

Oracle

MySQL

PostgresSQL

MariaDB

Aurora

289
Q

What is RDS primarily designed for?

A

online transaction processing workloads.
So, this is where you are basically processing lots
of small transactions like customer orders,
banking transactions, payments, and booking systems.

290
Q

What are Read Replicas?

A

Where you need to increase read performance from your DB solution.

This is an exact copy of all your data, but specifically used as a read point.

291
Q

How many Read Replicas can you have for your RDS?

A

5 Read Replicas are supported per DB

292
Q

What is Multi AZ vs. Read Replica with RDS?

A

Read Replicas increase performance for read operations.

Multi AZ is in place as a disaster recovery option and an exact copy. RDS will automatically fail over to the copy when needed

293
Q

What is AWS Aurora?

A

Aurora is Amazon’s proprietary database
that’s something that they have created themselves
it’s compatible with MySQL, as well as PostgreSQL.

294
Q

With AWS Aurora, how many copies are kept of your database?

A

2 Copies in each availability zone with minimum of 3 zones. Essentially 6 copies of your data

295
Q

When would you use Aurora Serverless DB?

A

Host effective option

for infrequent intermittent or unpredictable workloads

296
Q

What is the difference between eventually consistent and strongly consistent reads?

A

Eventually consistent means that consistency
across all copies of data is usually reached
within about a second and repeating a read
after a short time should return the updated data.

Strongly consistent reads return a result that reflects all rights that have received a successful response prior to the read.

297
Q

What is DynamoDB “Transactions” ?

A

Multiple all-or-nothing operations.

Good for things like financial transactions
or fulfilling orders.

This writes to all tables before any reads. If a write fails, it fails across all tables to keep the tables consistent.

298
Q

What are ACID Requirements?

A

Requiring:

Atomicity,
Consistency,
Isolation,
Durability across one or more tables.

Think DynamoDB Transactions.

299
Q

What are DynamoDB On-Demand backups and restore?

A

Where you can backup your DynamoDB database
with full backups at any time.

It has zero impact on your table performance

300
Q

What is DynamoDB Point-in-Time Recovery?

A

Protects against accidental writes or deletes

Can restore your DynamoDB database to any point
in the last 35 days. As recent as 5 minutes ago.

301
Q

What is DynamoDB streams?

A

Where you can maintain First in First Out Records of your data.

302
Q

What is DynamoDB Global Tables?

A

managed Multi-Master, Multi-Region Replication for globally distributed usage

303
Q

True or False:

A Subnet can span multiple AZs?

A

False

304
Q

If you have resources in multiple AZs, tied to one NAT gateway, what happens if the AZ where the NAT gateway resides goes down?

A

All the resources tied to that gateway, even in other AZs that are not down, go out.

305
Q

Are security groups stateful or stateless?

A

Stateful

306
Q

What does it mean to be stateful?

A

If you send a request from your instance,
the response traffic to that request is allowed to flow in
regardless of the inbound security group rules.
And responses to allowed inbound traffic are allowed
to flow out regardless of the outbound rules.

307
Q

True or False:

Default Network ACLs allow all traffic in and out?

A

True

308
Q

True or False:

Custom Network ACLs allow all traffic in and out?

A

False

309
Q

True or False:

Each subnet in VPC must be associated with a network ACL.

A

True

310
Q

In networking, if you need to block a hacker or malicious traffic, at what level do you do that?

A

Network ACL

311
Q

A subnet can be associated with how many Network ACLs?

A

One at a time.

312
Q

Network ACL’s contain a numbered list of rules

that are evaluated in what order?

A

Starting with Lowest Number first

313
Q

Are Network ACLs stateful or stateless?

A

Stateless

So responses to allowed inbound traffic subject to the rules for outbound traffic and vice versa.

314
Q

What is AWS Direct Connect?

A

This is a way of directly connecting
your data center to AWS.

high-throughput workloads, lots of network traffic.

For when you need a stable and reliable,
secure connection.

315
Q

What is a VPC Endpoint?

A

When you want to connect AWS services

without leaving the Amazon’s internal network.

316
Q

What is VPC Peering?

A

this allows you to connect one VPC with another
via a direct network route using private IP addresses,
instances behave as if they were on the same
private network,
and you can peer VPCs with other AWS accounts
as well as other VPCs in the same account.

317
Q

What is AWS PrivateLink?

A

Peering VPCs to tens, hundreds, and thousands of customer VPCs,

Requires Network Load Balancer on the service VPC and ENI on the customer VPC

318
Q

What are AWS Transit Gateways?

A

Where you can connect all your VPCs without needing to peer them individually

Works with Direct Connect and VPN connections.

Supports IP multicast.

319
Q

What is VPN Hub?

A

Simplifies VPN network topology connecting to AWS and using their service

320
Q

What are the common DNS record types?

A

Start of Authority

CNAME

Name Server Record or NS Record

A Records

321
Q

What is a DNS A Record?

A

Essentially turns a web address into an IP address

322
Q

What are the 6 routing policies?

A

simple routing

weighted routing

latency based routing,

failover routing,

geolocation routing,

geoproximity routing.

323
Q

What is Simple Routing Policy?

A

one record with multiple IP addresses.

Route 53 will grab one of the addresses and return it at random witthis.

324
Q

What is Weighted routing policy?

A

You can determine the percentage of traffic sent to different IP addresses.

325
Q

What is latency based routing policy?

A

Route 53 selects the lowest latency response destination and sends the traffic there.

326
Q

What is Failover routing policy?

A

Health Checks on each end point and if you lose a region it will fail over to another region

327
Q

What is Geolocation routing policy?

A

Where the location of the user determines where the traffic is sent.

328
Q

What is an Application Load Balancer “Listener” ?

A

A listener checks for connection requests
from clients using the protocol
and the port that you configure.
So, it’s either going to be port 80 or port 443.

329
Q

What are Load Balancer Rules?

A

These determine how the load balancer
routes your request to its registered target.

Consist of:

Priority

Action (one or more)

Conditions (One or more)

330
Q

With Load Balancers, what is a Target Group?

A

Target group routes requests
to one or more registered targets,
such as our EC2 instances,
using the protocol and port numbers that you specify.

331
Q

Application Load Balancers only support what type of requests?

A

HTTP and HTTPS

Must deploy one SSL cert on your LB

332
Q

What are Network Load Balancers?

A

You’re going to use them when you need extreme performance.
Other use cases are where you need protocols
that are not supported by Application Load Balancers.

333
Q

What does a 504 Error mean on Classic Load Balancers?

A

Gateway Time out.

334
Q

If you need the IPv4 address of your end user, what will you need to look for?

A

You need the X-Forwarded-For header.

335
Q

What are Sticky Sessions?

A

They enable your users to stick to the same EC2 instance.

336
Q

What is deregistration delay or connection draining?

A

These keep existing connections open if the EC2 instance becomes unhealthy.

337
Q

What can you use for monitoring in regards to AWS Standards and Best Practice adherence?

A

AWS Config

338
Q

What is the CloudWatch default metric delivery interval?

A

5 minutes

Additional Charge to reduce that to 1 minute

339
Q

What do you use CloudWatch Logs Insights for?

A

SQL Logs

340
Q

What service can be in an Auto Scaling Group?

A

EC2 Only

341
Q

How can you improve your Auto Scaling Group provisioning time?

A

Bake in as much as possible into your AMI to reduce provisioning time.

342
Q

In Auto Scaling Groups, what is a Steady State Group?

A

This is where you set the Minimum, Maximum, and Desired Capacity to 1.

If this instances fails, the ASG will automatically recover that architecture.

Usually Legacy Systems that cannot have more than one online.

343
Q

How do you Horizontally Scale a relational DB?

A

Read Replicas

344
Q

In DynamoDB, what are the 2 types of scaling?

A

Auto Scaling

On Demand Scaling (for unpredictable workloads)

345
Q

If SQS is seeing consistent message duplication, what is likely wrong?

A

Misconfigured visibility timing

346
Q

True or False:

SQS Queues are Bi Directional?

A

False.

347
Q

What do you use for SQS if message order is important?

A

SQS FIFO

First in First out

348
Q

If SQS message order is important, and you can’t use FIFO, what is an option?

A

You can tag numerical order with the message and have it read in the tagged order. This takes configuration.

349
Q

What is the recommended push notification service?

A

SNS

Simple Notification Service

350
Q

What is AWS API Gateway?

A

It acts as a secure front door to handle

that external communication coming into your environment.

351
Q

True or False

Redshift is a single availability zone service?

A

True.

Can be duplicated elsewhere, but not an HA solution

352
Q

What is AWS EMR

A

A managed cluster platform that simplifies running big data frameworks, such as Apache Hadoop and Apache Spark

Made up of EC2 instances

353
Q

What is Kinesis Data Firehose

A

Amazon Kinesis Data Firehose is a automatic scaling managed service for delivering real-time streaming data to destinations.

354
Q

How can you create a schema for your data in S3 storage?

A

AWS Glue

Creates the schema, and you can query with Athena

355
Q

What does AWS Fargate need to work with containers?

A

It requires ECS and EKS.

356
Q

True or False

Elastic Container Service is cross platform (on prem and in cloud)?

A

False.

ECS is AWS only

357
Q

What is AWS Certificate Manager and what does it provide?

A

Creates SSL Certificates.

Automatically renew your SSL certificates
and rotate the old certificates with new certificates
so long as it’s with the supported AWS services

ELB, CloudFront, and API Gateway

358
Q

True or False:

IAM Policy Documents only work when they’re attached to groups.

A

True

359
Q

What is AWS Secrets Manager?

A

Secrets Manager can be used to securely
store and rotate your application secrets, your database credentials,
your API keys, SSH keys, passwords, et cetera.

Paid Service

360
Q

What is AWS CloudHSM?

A

Cloud Hardware Security Module.

This creates the core customer key as well as generates other secrets

361
Q

What is AWS KMS?

A

Key Manager Service.

Using shared Tenancy of a Hardware Security Module, you can automatically Rotation and Key Generation.

362
Q

What are the 3 ways to control permissions within KMS?

A

Key Policy Controlling access.

IAM Policy

Grants with Key Policy.

363
Q

What is AWS Inspector?

A

It’s used to perform a vulnerability scans
on both EC2 instances and your VPCs.

Can be run once or weekly

364
Q

What is AWS GuardDuty?

A

It uses AI to learn what normal behavior looks
like in your account to alert you
of any abnormal or malicious behavior.

365
Q

What is AWS Shield?

A

Shield protects against Layer 3 and Layer 4 attacks only. Used to protect against DDoS attacks.

366
Q

What is AWS Systems Manager?

A

They are automation documents can be used
to configure the insides of EC2 instances,
as well as parts of the AWS environment.

Jack of all trades automation

367
Q

What is the difference between Elastic Beanstalk and Cloudformation?

A

CloudFormation is for slightly more complex architecture. SQS queues, Lambda functions, LBs, Api Gateway, ETC

Elastic BeanStalk is for quick set up of simple architecture. Web Servers with DBs and such.

368
Q

What is AWS Parameter Store?

A

Universal Key Value storage.

Referenceable by CloudFormation for key values and parameters needed instead of hard coding. Requires mapping the values for reference

369
Q

True or False:

Memcached and DAX support backups?

A

False

370
Q

What are the two versions of Elasticache?

A

Memcached and Redis

371
Q

What is the primary difference between Memcached and Redis?

A

Memcached is purely memory cache

Redis has the ability to be a database and has more features. Supports backups

372
Q

What are 2 in memory Databases?

A

Redis

DynamoDB

373
Q

What does AWS Global Accelerator fix?

A

Fixes IP caching for your clients by giving you 2 static IP addresses that the architecture behind can rotate without issues.

374
Q

What is AWS Trusted Advisor?

A

Checks:

Cost Optimization

Performance

Fault Tolerance

Security

Service Limits

375
Q

How do you get additional checks in Trusted Advisor?

A

You have to upgrade to a paid support plan.

376
Q

What is a limit of Trusted Advisor?

A

It only TELLS you something is wrong, you’ll need to go actually fix it or automate a Lambda response to fix this.

377
Q

In Automation, what would you use to notify users of thresholds?

A

SNS can notify users based on limitations and set thresholds.

378
Q

with IAM, how do you give someone cross account access for something like an audit?

A

You use a cross role account. Always assign roles instead of duplicate log in.

379
Q

What are the Active Directory Options?

A

AD Connector - On prem AD but used with AWS

AWS Microsoft AD - Fully managed AWS MS AD

380
Q

What Sign on service do you use for External Mobile users?

A

AWS Cognito

381
Q

What AWS service helps you enforce standards in your AWS Account?

A

AWS Config.

Can create a rule, and check if it’s set up. And if the rule is broken, can enforce with Lambda

382
Q

How can you centralize all your logging?

A

Using CloudTrail with AWS Organizations.

383
Q

What are Service Control Policies?

A

This is the way to restrict the root account.

The policies are the ultimate and final say, and override all other permission sets.

384
Q

What is File Gateway?

A

Hybrid Storage Solution for files

385
Q

What is one of the requirements for Storage Gateway when creating a hybrid environment?

A

You have to have a VM on prem that runs the software for the gateway transfers.

386
Q

What is AWS DataSync?

A

Agent based, one time transfer of data to AWS. Primarily for File Shares. Can transfer to EFS and FSx

387
Q

What is AWS Transfer Family?

A

FTPS and SFTP for legacy application transfer protocols

388
Q

What is Migration Hub?

A

Organization tool where you can track the migration progress.

389
Q

What is Database Migration Service?

A

Migrates your Database to AWS

Has tools to convert Oracle or MySQL Servers to any database engine, primarily Aurora.

390
Q

What is Server Migration Service?

A

Moving servers from VMware to AWS.

Can create AMIs from the VMware information.

391
Q

True or False:

A User can belong to more than one group?

A

True

392
Q

What defines AWS Direct Connect?

A

Private Dedicated network connection from your facilities to AWS

393
Q

In Databases, promoting a Read Replica to Primary during failure is automatic or manual?

A

Manual process.

394
Q

Which Item can an identity-based policy not be attached to?

Roles

Users

Groups

Resources

A

Resources.

Only Resource based bolicies are attached to resources.