AWS Solutions Architect Associate Flashcards

1
Q

How is the replication handled for RDS Multi-AZ?

A

Amazon RDS automatically provisions and maintains a synchronous standby replica in a different Availability Zone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How long will a failover of an RDS database typically complete

A

one to two minutes.

When failing over, Amazon RDS simply flips the canonical name record (CNAME) for your DB instance to point at the standby, which is in turn promoted to become the new primary.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

You want to attempt a cold attach for an Amazon Elastic Network Interface.

What does this mean?

A

Attach ENI when the instance is being launched.

Best practices for configuring network interfaces You can attach a network interface to an instance when it’s running (hot attach), when it’s stopped (warm attach), or when the instance is being launched (cold attach).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Application Load Balancer is to front the Auto Scaling Group and distribute the load between the instances.

The VPC is running IPv4 and IPv6.

The last thing you need to do to complete the configuration is point the domain name to the Application Load Balancer.

Using Route 53, which record type at the zone apex will you use to point the DNS name of the Application Load Balancer?

A

“AAAA” Record

“A” Record

Alias with a type “AAAA” record set and Alias with a type “A” record set are correct. To route domain traffic to an ELB, use Amazon Route 53 to create an alias record that points to your load balancer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Your dev team has created a new AMI which has been hardened to meet company security standards, and this AMI needs to be deployed on all EC2 instances in the organization. What step or steps do you need to take to deploy this AMI?

A

Replace the launch configuration by a launch template using the new AMI.

AWS recommends that you create Auto Scaling groups from launch templates to ensure that you’re accessing the latest features and improvements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Using CloudFormation to migrate to the new region they’ve discovered a problem with the template.

Whenever the template is created in the new region, it’s still referencing the AMI in the old region.

What steps can you take to automatically select the correct AMI when the template is deployed?

A

Create a mapping in the template. Define the unique AMI value per region.

This is exactly what mappings are built for. By using mappings, you easily automate this issue away. Make sure to copy your AMI to the region before you try and run the template, though, as AMIs are region specific.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The server team has been using Puppet for deployment automations. The decision has been made to continue using Puppet in the AWS environment if possible. If possible, which AWS service provides integration with Puppet?

A

AWS OpsWorks for Puppet Enterprise

Fully-managed configuration management service that hosts Puppet Enterprise, a set of automation tools from Puppet for infrastructure and application management. OpsWorks also maintains your Puppet master server by automatically patching, updating, and backing up your server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which description best describes Amazon Redshift?

A

Near real-time complex querying on massive data sets.

Amazon Redshift is a fast, fully-managed cloud data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The DynamoDB table has a preconfigured read and write capacity. Users have been reporting slowdown issues, and an analysis has revealed the DynamoDB table has begun throttling during peak traffic times. What step can you take to improve game performance?

A

Adjust your auto scaling thresholds to scale more aggressively.

Amazon DynamoDB auto scaling uses the AWS Application Auto Scaling service to dynamically adjust provisioned throughput capacity on your behalf in response to actual traffic patterns.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You have decided to use AWS Kinesis Data Firehose to stream the data to multiple backend storing services for analytics. Which service is not a viable solution to stream the real time data to?

A

Athena

Amazon Athena is correct because Amazon Kinesis Data Firehose cannot load streaming data to Athena.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the Limit of space on a Snowcone device?

A

8 TB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

you have 25 TB of data that needs to be moved to an S3 bucket. Your company has just finished setting up a 1 GB Direct Connect drop, but you do not have a VPN currently up and running. This data needs to be encrypted during transit and at rest and must be uploaded to the S3 bucket within 21 days. How can you meet these requirements?

A

Use a Snowball device to transmit the data.

This would be the perfect choice to transmit your data. Snowball encrypts your data, so all the security and speed requirements would be met.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Configured a VPC as well as two subnets within the VPC.

Attach an internet gateway to the VPC.

In the first subnet, they create the EC2 instance which will host their web application.

Finish the configuration by making the application accessible from the Internet.

The second subnet has an instance hosting a smaller, secondary application.

But this application is not currently accessible from the Internet. What could be potential problems?

A

The second subnet does not have a route in the route table to the internet gateway.

The EC2 instance does not have a public IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A news media company is using an S3 bucket as a website to serve photos of television personalities within the company. The photos are intended to be served nationwide to local affiliates across the company. But you have found that these photos are being accessed and pirated for other websites not affiliated with the company. What can you do to stop this?

A

Remove public read access from your bucket, then provide your users with pre signed URLs to access the photos.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Security Groups act at what level?

A

The Instance Level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is AWS STS?

A

AWS Security Token Service (AWS STS) is the service that you can use to create and provide trusted users with temporary security credentials that can control access to your AWS resources.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

You have been evaluating the NACLs in your company. Most of the NACLs are configured the same:

100 All Traffic Allow
200 All Traffic Deny
* All Traffic Deny

How can the last rule * All Traffic Deny be edited?

A

You can’t modify or remove this rule.

The default network ACL is configured to allow all traffic to flow in and out of the subnets with which it is associated. Each network ACL also includes a rule whose rule number is an asterisk. This rule ensures that if a packet doesn’t match any of the other numbered rules, it’s denied. You can’t modify or remove this rule.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Route 53:

What does TTL Mean?

What does it control?

A

Time to live

Controls how long the DNS record will be Cached

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Using Route 53, how would you direct example.com traffic to various IPs based on the country the user was sending traffic from?

A

Use Geolocation Routing policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

True or False? Route 53 only provides DNS for public IPs.

A

False

Route 53 allows you to host both public and private zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Using Route 53, how would you direct example.com traffic to 1 primary IP with a second one for backup?

A

Use Failover Routing Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

If the visibility timeout on a message in an SQS queue expires, what happens to the message?

A

It’s now available in the queue to be retrieved.

If the timeout expires, the message will again be available in the queue for processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is the maximum length of time a message may remain in an SQS queue?

A

14 Days

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Which service is SNS commonly paired with to alert users that an alarm has gone off?

A

Cloudwatch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What type of subscription can SNS retry if a message fails to deliver?
HTTP(S) SNS can only immediately retry sending a message to an HTTP(S) endpoint.
26
Which tool can be used to monitor the queue depth of a DLQ (Dead Letter Queue)?
CloudWatch The go-to tool for any sort of monitoring in AWS
27
If your application needs to process 5,000 messages per second, which type of SQS queue would you use?
SQS Standard This gives you a nearly unlimited number of transactions per second.
28
What type of service is SQS?
Messaging Queue
29
True or False? MFA tokens are required for all new users.
False
30
Describe the principle of least privilege?
Only assigning the user the minimum amount of permissions that they need to do their job.
31
Why are IAM users considered "permanent" users?
Because once their password, access key, or secret key is set, these credentials don't automatically rotate or change without human interaction.
32
What is the single best thing you can do to secure the root account in AWS?
Enable MFA
33
Why is it dangerous to use the AWS root user account?
The root user account has full permissions to every service.
34
True or False? An allow statement in a policy document will override a explicit deny statement.
False
35
What does the "EAR" in a policy document stand for?
Effect, Action, Resource
36
How does availability and durability differ in S3?
Availability is the ability to access your data Durability is the ability of AWS to ensure your data is properly stored in S3.
37
What is the largest object you can store in S3?
5 TB
38
True or False? Each Amazon S3 bucket name is globally unique.
True
39
Since S3 is an object-based storage solution, which type of file should never be stored in it?
Database
40
What kind of data should be stored in S3 Standard?
Data that is frequently used
41
If you have data that needs to be instantly retrievable, but it's not likely to be needed anytime soon, which S3 storage class would you select?
S3 Standard-IA
42
Versioning on your bucket was recently suspended and, after this, your boss deleted an object whose version ID is null and wants to restore it. What do you do?
It's not possible since versioning was suspended. The object is gone.
43
True or False? You can create an S3 lifecycle policy to migrate objects from Glacier to Standard-IA.
False: Lifecycle policies can't work backwards. You can use a lifecycle policy to migrate objects from the more frequently accessed storage classes to the longer-term options, but not the other way around.
44
Why is versioning not enabled by default on new S3 buckets?
It costs money, as you'll be paying for every additional copy of your objects that you upload.
45
What is the minimum time that AWS requires you to keep an EC2 instance online after you've turned it on?
None. There is no min run time.
46
True or False? If you restart your EC2 instance the user data will rerun automatically.
By default, user data runs one time and one time only.
47
When would you want to use a cluster placement group?
When you want to reduce network latency in your application
48
In EC2 instances, what is user data commonly used for?
For bootstrapping an EC2 instance as it comes online
49
You have a small number of critical instances that should be kept separate from each other. You want to ensure that each instance is placed on distinct underlying hardware. What kind of placement group would you pick?
A spread placement group would be the best fit.
50
Why would you want to spin up an EC2 Dedicated Host?
Because your application has hardware-specific licensing requirements
51
What is NOT a valid use case for IAM roles?
Assuming a role to allow a user to SSH into an EC2 instance and install updates.
52
What are IAM Roles used for?
IAM roles are designed to be used with AWS API calls
53
What type of storage does EFS offer?
File Can only be used natively with Linux based OS Elastic File System / Elastic File Storage
54
True or False? You can create an unencrypted EBS volume from an encrypted snapshot by unselecting the "encryption" check box when restoring it.
False. You cannot unencrypt with this method.
55
True or False? Amazon Machine Images are Region specific. To use one in another Region, it needs to be explicitly copied there.
True
56
You're trying to mount an EBS volume in Availability Zone (AZ) A to an EC2 instance in AZ B. Why isn't it working?
EC2 instances must be in the same AZ as the EBS volumes.
57
True or False? Only certain types of EC2 instances support hibernation.
True
58
You just took a snapshot of an EBS volume. Where is it stored?
S3
59
You've been tasked with creating a file system for a Linux workload that should handle massive datasets, up to hundreds of gigabytes per second. What AWS service would you use?
FSx for Lustre is built for just this kind of task.
60
True or False? EBS volumes are encrypted by default.
False
61
You've been tasked with creating a highly performant database on your EC2 instance. What type of EBS volume will support the high level of IOPS that you require?
Provisioned IOPS would be the best option in this instance.
62
True or False? Amazon FSx for Lustre can't store data directly on Amazon S3.
False
63
Why would you consider hibernating an EC2 instance over stopping and starting it?
You have an application that takes a long time to load. Hibernating the instance prevents you from having to reload it.
64
What is the purpose of an Amazon Machine Image (AMI)?
It's a template to create a new EC2 instance from.
65
What is a feature that does RDS Aurora NOT support?
Universal HA is not a feature of Aurora.
66
What should you do to scale out an RDS database that has a read-heavy workload?
Add additional read replicas.
67
True or False? RDS read replicas have their own endpoints.
True
68
What is NOT a supported RDS database engine?
IBM Db2 is not a supported database engine
69
True or False? RDS read replicas can be created in different Regions from the source DB instance.
True You may use a read replica for disaster recovery of the source DB instance, either in the same AWS Region or in another Region.
70
True or False? DynamoDB lives in your VPC.
False DynamoDB is not deployed into your VPC. Your VPC must have an internet gateway or a VPC endpoint configured to access resources such as Amazon DynamoDB
71
Fill in the blank: DynamoDB is a ____ database.
Non-Relational
72
What is the longest you can store an automatic RDS backup?
35 Days
73
Amazon Aurora is compatible with which database engines?
MySQL and Postrgres
74
What type of read would you use with DynamoDB if you can't have stale data in your application?
Strongly Consistent Reads
75
True or False? Direct Connect provides you with an encrypted connection to your AWS account by default.
False. Direct Connect is not encrypted by default.
76
How do you scale a NAT Gateway?
You don't. AWS does this automatically for you.
77
Your security team will only approve S3 usage if your EC2 instances don't transmit data over the public internet. What service can you use to comply with this requirement?
VPC Endpoints are used to keep your traffic to AWS services out of public networking space.
78
Network Access Control Lists (NACLs) are Stateful or Stateless?
Stateless
79
By default, what range of IP addresses and ports do security groups leave open for inbound traffic?
None. They are closed by default.
80
Where are Network Access Control Lists (NACLs) located?
NACLs are located at the subnet level.
81
Why would you use Transit Gateway over VPC peering?
Transit Gateway is designed for when you have too many VPCs to peer together
82
What is the IPv4 CIDR block of the default VPC?
172.31.0.0/16 is the IPv4 CIDR block for the Default VPC provided by AWS out of the box.
83
When would you want to use Direct Connect?
When you need a high-speed private connection from your on-premises environment to AWS Direct Connect is designed for on-premises to AWS communication.
84
What is a reason that VPC peering could fail?
VPCs have overlapping IP addresses
85
What instance will a NLB (network load balancer) load balancer send traffic to if no hosts are healthy?
It will try to send traffic to all the instances
86
What kind of ELB load balancer would you select if you need to route traffic based on the contents of the request?
Application Load Balancer (ALB) Routing based on the type of request (GET, POST, etc)
87
If you're building an application that needs to support an extreme level of networking traffic, which type of ELB load balancer would you pick?
Network Load Balancer (NLB)
88
Which layer of the OSI model does the ALB function on?
Layer 7
89
True or False? By default, ELB load balancers will use static IPs and these will not change.
False: IPs will change unless you specifically configure static IPs
90
What benefit do you get from configuring health checks on an ELB load balancer?
Instances that fail the health check will not receive traffic.
91
Which layer of the OSI model does the NLB function on?
Layer 4
92
Which kind of ELB load balancer would you use if you need extreme levels of performance?
Network Load Balancer NLB
93
Which type of ELB load balancer has AWS deprecated and should not be used?
Classic Load Balancer
94
Which tool would you use to monitor the CPU usage on an EC2 instance?
CloudWatch
95
Which web service and feature can be used to monitor, store, and access your log files from Amazon EC2 instances, AWS CloudTrail, Route 53, and other sources?
CloudWatch Logs
96
What is the default CloudWatch metric interval?
5 minutes
97
True or False? CloudWatch Logs allows you to create event patterns that look for certain things happening in your logs.
True
98
What are the W's of scaling?
What When Where
99
What setting in your Amazon EC2 Auto Scaling group determines how many instances you need online right now?
Desired Capacity
100
You would select _____ capacity for a DynamoDB table with a predictable workload.
Provisioned is the best option for a predictable workload.
101
What type of capacity should be selected for a DynamoDB table with a sporadic workload?
On-Demand
102
What tool can be used to notify you of scaling events?
SNS Simple Notification Service
103
What RDS database engine offers a serverless scaling option?
Aurora is the only engine that offers a serverless scaling option
104
What AWS resource defines the configuration of instances created by EC2 Auto Scaling?
Launch templates are the best way to define what your instances will look like.
105
If you need to change the AMI included in a launch template, what should you do?
Create a new version of the launch template with the updated AMI.
106
How can you automatically register EC2 instances with an ELB load balancer when they are launched?
Attach the Load Balancer to an Auto Scaling group
107
How can you create a highly available application using EC2 Auto Scaling?
Define multiple AZs in your Auto Scaling group.
108
What setting would prevent a launch template from being used with EC2 Auto Scaling?
Including networking information You can include EC2 size, ELB, and user Data (start up scripting).
109
Amazon _____ is the most common service used to trigger a scaling event in an EC2 Auto Scaling group.
CloudWatch
110
Which layers of our applications need to be loosely coupled?
Internal and external
111
What is the largest message size you can store in SQS?
256KB
112
What kind of architecture does AWS recommend building?
Loosely Coupled
113
How can you ensure that your SQS messages arrive in the correct order?
SQS FIFO guarantees that your messages will arrive in the correct order
114
API Gateway is commonly built __ your applications.
in front of
115
What type of firewall can be used in conjunction with API Gateway to help prevent DDoS attacks?
Web Application Firewall (WAF)
116
SNS is a _____-based messaging service.
Push
117
Which tool can be used to sideline malformed SQS messages?
Dead Letter Queue DLQ
118
_____ allows you to transform data using SQL as it's being passed through Kinesis.
Kinesis Data Analytics
119
You can use _ to build a schema for your data, and _ to query the data that's stored in S3.
Glue - Build Schema or "glue data together" Athena - Ability to query data with SQL in S3 buckets
120
What type of database is Redshift?
Relational
121
True or False? You are responsible for scaling Glue performance.
False
122
What service allows you to directly visualize your data in AWS?
QuickSight
123
How much data can a Redshift database hold per cluster?
16 PetaBytes
124
True or False? Redshift supports multi-AZ deployments.
False
125
What service would you use in combination with Kibana and Logstash to create an ELK stack?
Elasticsearch
126
What type of work does EMR perform?
Extract Transform, and Load
127
_____ provides real-time streaming of data.
Kinesis Data Streams
128
How long are automatic Redshift backups retained by default?
1 day. This can be increased to 35 days.
129
Which service provides the easiest way to run ad-hoc queries across multiple objects in S3 without the need to setup or manage any servers?
Athena Allows you to query info in S3
130
What AWS service can create EC2 instances and place containers in them based on your task definitions?
ECS Elastic Container Service?
131
Which open-source container management engine powers EKS?
Kubernetes
132
What feature of ECS and EKS allows you to run containers without having to manage the underlying hosts?
Fargate allows you to run containers without using EC2 instances.
133
Which IAM entity is assigned to a Lambda function to provide it with permissions to access other AWS APIs?
Role
134
What is the maximum length of time Lambda can run?
15 minutes
135
Which of the following is a common trigger for Lambda?
Cloud Watch Events (EventBridge)
136
Which AWS service allows you to use Fargate without needing ECS or EKS?
None. Fargate requires either ECS or EKS. Cannot run by itself
137
What is the maximum amount of RAM you can allocate to a single Lambda function?
10 GB
138
Where are container images stored?
In a container registry
139
What type of file is used to build a container image?
Dockerfile
140
What is one thing EC2 instances allow you to configure but a serverless application doesn't?
Operating System
141
What is NOT a supported Lambda runtime?
COBOL Can run: Java Node.js Python
142
Your boss requires automatic key rotation for your encrypted data. Which AWS service supports this?
KMS Key Management Service
143
What is the best way to deliver content from an S3 bucket that only allows users to view content for a set period of time?
Create a presigned URL using S3
144
What is the easiest way to log API calls in AWS?
Enable CloudTrail and pick an S3 bucket to store the logs in.
145
What is NOT a data source for GuardDuty?
RDS Event History
146
True or False? Amazon Inspector requires an agent for host assessment rules packages.
True The agent is required for host assessment rules packages
147
What kind of findings can AWS Inspector discover?
Insufficient patching of applications on an EC2 instance
148
What service does Macie monitor once you've enabled it?
S3 Macie Inspects S3 buckets for PII with machine learning
149
What is the easiest way to ensure your CloudTrail logs haven't been tampered with?
Enable log file validation in your trail.
150
What three components are required in all IAM policy documents?
Effect, Action, Resource
151
Which Layers does Shield provide protection on?
Layers 3 and 4
152
What is the minimum length of time before you can schedule a KMS key to be deleted?
7 Days
153
Where is the most cost effective place to store your database passwords in a secure manner?
Parameter Store
154
Which AWS service supports automatic rotation of RDS security credentials?
Secrets Manager
155
In general, what does a DDoS attack entail?
A large number of connections overwhelms your architecture. Your application is unable to answer the legitimate requests that are sent to it.
156
Which Layers does WAF provide protection on?
Layer 7
157
True or False? You must explicitly deny all API calls that a user shouldn't be able to make.
False All API calls are set to Deny, you must explicitly enable
158
What part of a CloudFormation template allows you to pass values into the template?
Parameters
159
Your brand new CloudFormation stack just encountered an error. What happens to the resources that it had created?
They are terminated
160
What does it mean to have "immutable pattern"?
It can be destroyed and rebuilt with relative ease using automated processes.
161
What is a common use case for the AWS Systems Manager Parameter Store "SecureString" parameter?
For storing values that need to be encrypted and referenced in a secure manner.
162
Whenever possible, we should focus on __ processes over doing things ____.
automating manually
163
ElasticBeanstalk is an example of ___.
Platform as a Service (PaaS)
164
What is NOT a benefit of using ElasticBeanstalk to deploy your application?
It will not rewrite your applications from any language into python. It can: Deploy and update your application for you Maintain full control over all your architecture Automatically replace instances that fail
165
Systems Manager can be used to patch and update _ and __.
EC2 instances, on-premise instances
166
How do caches help improve performance?
They reduce the amount of trips that are required to the source of the data.
167
CloudFront is commonly used to front ____.
S3 Buckets
168
DAX is designed to sit in front of what AWS data service?
DynamoDB
169
What 2 types of caches are supported by ElastiCache?
Redis and Memcached
170
What AWS service allows you to easily deal with public IP caching issues?
Global Accelerator
171
What's the place where caches can be best used?
Anywhere possible!
172
True or False? Global Accelerator is the only AWS service that allows you to create weights for your application endpoints.
False Route 53 can do this as well.
173
What type of physical AWS architecture does CloudFront use to improve performance?
Edge Locations
174
Where should AWS SSO NOT be used?
For external users authenticating to a mobile application
175
Where is the account ID placed when setting up cross-account role access?
In the role trust policy.
176
True or False? Config offers real-time evaluation of rule violations.
False Config doesn't evaluate in real time
177
How can you stop a root user from terminating EC2 instancesHow can you stop a root user from terminating EC2 instances?
Apply a service control policy (SCP) to the account to deny this action
178
True or False? Other accounts can automatically assume your roles.
False Roles access needs to be given out. Not there by default.
179
True or False? An Allow permission in a IAM Policy Document will override a Deny in a service control policy (SCP).
False
180
What are the versions of Directory Service?
AD Connector Managed Microsoft AD Simple AD
181
What AWS service should be used to assist with managing Active Directory?
Directory Service
182
Cognito is designed to be used with ____.
Mobile applications
183
True or False? By default, Trusted Advisor will send you alerts when it finds an issue.
False This doesn't happen by default. You would have to set up the alerts.
184
Config can be used to _ and __.
Config can be used to track AWS resources and enforce best practices.
185
How can you consolidate the AWS bill for your organization?
Enable Consolidated Billing
186
True or False: DataSync is an agentless data migration solution.
False. DataSync requires an agent
187
Which tool would you use for a one-time migration of data into AWS if cost is a factor?
AWS DataSync
188
Which tool would you use to organize and track your cloud migration?
Migration Hub
189
What would be the best way to migrate 80TB of data into S3 if you have limited bandwidth at your datacenter?
Snowball
190
What tool would you use to migrate from an Oracle database to Aurora?
Schema Conversion Tool
191
What is the easiest way to start sending your tape backups into AWS rather than keeping them on prem?
Tape Gateway
192
Which tool would you use to migrate a database from on-premises to RDS?
Database Migration Service
193
What is the easiest way to keep a copy of your data cached locally as well as backed up in S3, where you can store and retrieve objects using industry-standard file protocols such as Network File System (NFS) and Server Message Block (SMB)?
File Gateway
194
Which AWS tool would you use to integrate S3 and an application that only supports FTPS transfers?
Transfer Family
195
What can an EBS volume do when snapshotting the volume is in progress?
The volume can be used normally while the snapshot is in progress. Read and write is possible while snapshotting is occurring.
196
You have many Auto Scaling Groups that utilize launch configurations. Many of these launch configurations are similar yet have subtle differences. You’d like to use multiple versions of these launch configurations. An ideal approach would be to have a default launch configuration and then have additional versions that add additional features. Which option best meets these requirements?
Use Launch Templates Instead Contain AMI, Instance type, key pair, sec group, and other parameters. Automatically supports versioning.
197
You have many Auto Scaling Groups that you need to create. One requirement is that you need to reuse some software licenses and therefore need to use dedicated hosts on EC2 instances in your Auto Scaling Groups. What step must you take to meet this requirement?
Use Launch Templates to use more advanced AWS EC2 configurations. This allows you to specify Dedicated Hosts
198
You have configured an Auto Scaling Group of EC2 instances fronted by an Application Load Balancer and backed by an RDS database. You want to begin monitoring the EC2 instances using CloudWatch metrics. Which metric is not readily available out of the box?
Memory utilization Memory utilization is not available as an out of the box metric in CloudWatch. You can, however, collect memory metrics when you configure a custom metric for CloudWatch.
199
What are Custom Metrics that you can set up for CloudWatch?
Memory utilization Disk swap utilization Disk space utilization Page file utilization Log collection
200
What is DynamoDB?
DynamoDB is a NoSQL database that supports key-value and document data structures. Good for Web Session Data Good For storing Metadata for S3 Objects
201
A key component in the Disaster Recovery plan will be the database instances and their data. An aggressive Recovery Time Objective (RTO) dictates that the database needs to be synchronously replicated. Which configuration can meet this requirement?
RDS Multi AZ Provide enhanced availability and durability for RDS DB.
202
The company wants to establish Recovery Time and Recovery Point Objectives. The RTO and RPO can be pretty relaxed. The main point is to have a plan in place, with as much cost savings as possible. Which AWS disaster recovery pattern will best meet these requirements?
Backup and Restore. Least expensive option available to have back up and recovery options with loose RTO and RPO.
203
Which Type of Load Balancer can support Path based and Host based Routing?
Application Load Balancer (ALB)
204
What Amazon Database option can support 24,000 read units per second and 3,300 write units per second, and scale for spikes and off-peak?
DynamoDB
205
An Application Load Balancer is fronting an Auto Scaling Group of EC2 instances, and the instances are backed by an RDS database. The Auto Scaling Group has been configured to use the Default Termination Policy. You are testing the Auto Scaling Group and have triggered a scale-in. Which instance will be terminated first?
The instance launched from the oldest launch configuration.
206
In Auto Scaling Groups, what is the difference between a Launch Configuration and a Launch Template?
Launch Configurations are an older model used for Auto Scaling Groups. These do not support Versioning. Launch Templates are newer, and are able to work with more AWS resources and services and are recommended. Launch Templates support Versioning.
207
Your boss has tasked you with decoupling your existing web frontend from the backend. Both applications run on EC2 instances. After you investigate the existing architecture, you find that (on average) the backend resources are processing about 5,000 requests per second and will need something that supports their extreme level of message processing. It's also important that each request is processed only 1 time. What can you do to decouple these resources?
Use SQS Standard. Include a unique ordering ID in each message, and have the backend application use this to deduplicate messages.
208
What is the SQS FIFO (First in First Out) Messaging limit?
3000 messages per second
209
What are two key concepts regarding subnets?
Every subnet you create is associated with the main route table for the VPC. Each subnet maps to a single Availability Zone.
210
You have configured a VPC with both a public and a private subnet. You need to deploy a web server and a database. You want the web server to be accessed from the Internet by customers. Which is the proper configuration for this architecture?
Web server in public subnet. Database in private subnet.
211
An organization of about 100 employees has performed the initial setup of users in IAM. All users except administrators have the same basic privileges. But now it has been determined that 50 employees will have extra restrictions on EC2. They will be unable to launch new instances or alter the state of existing instances. What will be the quickest way to implement these restrictions?
Create the appropriate policy. Create a new group for the restricted users. Place the restricted users in the new group and attach the policy to the group.
212
You are managing S3 buckets in your organization. This management of S3 extends to Amazon Glacier. For auditing purposes you would like to be informed if an object is restored to S3 from Glacier. What is the most efficient way you can do this?
Configure S3 notifications for restore operations from Glacier.
213
A consultant is hired by a small company to configure an AWS environment. The consultant begins working with the VPC and launching EC2 instances within the VPC. The initial instances will be placed in a public subnet. The consultant begins to create security groups. How many security groups can be attached to an EC2 instance?
You can assign up to five security groups to the instance.
214
What is an AWS Security Group
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.
215
What is true of security group rules for allow and deny?
You can specify Allow rules but not Deny Rules
216
Describe AWS Direct Connect.
A private, dedicated network connection between your facilities and AWS
217
You have been put in charge of configuring a hybrid environment for the company’s compute resources. The main requirements to drive this selection are overall cost considerations and the ability to reuse existing internet connections. Which technology best meets these requirements?
AWS VPN Lets you reuse existing VPN equipment and processes, and reuse existing internet connections. It is an AWS-managed high availability VPN service. It supports static routes or dynamic Border Gateway Protocol (BGP) peering and routing policies.
218
You are working in a large healthcare facility which uses EBS volumes on most of the EC2 instances. The CFO has approached you about some cost savings and it has been decided that some of the EC2 instances and EBS volumes would be deleted. What step can be taken to preserve the data on the EBS volumes and keep the data available on short notice?
Take point-in-time snapshots of your Amazon EBS volumes. You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots.
219
What is an AWS Region?
A Region is a physical location in the world that consists of 2 or more Availability Zones.
220
What is an AWS Availability Zone?
1 or more discrete data centers, each with redundant power, networking, and connectivity, which is housed in separate facilities.
221
What is the minimum number of AZs in a Region?
2 Availability Zones in a Region.
222
In the Shared Responsibility model, is Encryption - AWS responsibility Client responsibility Shared Responsibility
Shared. AWS encrypts specific things, it's up to you to create settings that encrypt data that is uploaded and in transit depending on service.
223
What format are IAM Policy Documents in?
Java Script Object Notation JSON
224
is IAM Universal or Regional?
Universal
225
When you create a user, what permissions do they start with?
None. You must add them to a group where they will then inherit permissions from that group.
226
Can you apply an IAM Policy Document to a User?
Yes you can, but this is not best practice
227
What do users need for programmatic access to AWS resources?
You will need an Access Key and a Secret Access Key. These are not the same as Usernames and Passwords
228
How many times can you see your Secret Access Key and Access Key?
Only once. If you do not have these for some reason you'll need to recreate them, and this can only be viewed once as well.
229
What is IAM Federation?
The ability to combine your existing user accounts with AWS. Using something like MS Active Directory. This allows your users to have the same credentials across both enviros
230
What protocol does IAM Federation use for Authentication?
SAML Security Authentication Markup Language
231
What Kind of Storage is S3?
Object Based Storage It's not suitable for operating systems or database storage
232
What is the Max Individual File size for S3?
5TB Overall storage is unlimited
233
When you upload files to S3, what code do you receive?
HTTP 200 status code
234
What is the Key for the objects in S3?
The Key is the file name The Value is the data itself
235
When you create an S3 bucket, is it private or public by default?
Private by default. You must enable public access
236
What is something you can use with your S3 buckets and objects in them to restrict access?
Access Control List (ACL) This is a way of giving permissions or preventing deletion of the ojbect
237
What are S3 Bucket Policies?
You can use bucket policy to enforce entire bucket wide rules like anti deletion, or to make the bucket public.
238
In S3, can you turn versioning off?
No. You can suspend versioning, but you cannot turn it off once enabled.
239
What is S3 Standard Storage good for?
Most workloads-- websites content distribution mobile and gaming applications.
240
What is S3 Standard-Infrequent Access good for?
Long-term, infrequently accessed but critical data. Backups, your data store for your disaster recovery, etc.
241
What is S3 One Zone-Infrequent Access is great for?
long-term, infrequently accessed but non-critical data because it is only going to be in 1 Availability Zone
242
What is the retrieval time for S3 Glacier?
Under 12 hours
243
What is the retrieval time for S3 Glacier Deep Archive?
12 Hours or more
244
What is S3 Intelligent-Tiering?
Uses machine learning to move your objects between the different tiers to save you the most amount of money.
245
What is S3 Object Lock?
Uses the WORM Model (Write Once Read Many) Can be used on objects or as a bucket policy.
246
How many modes does S3 Object Lock have, and what are they?
2 modes: Compliance Mode - Bans all users from being able to access or to be able to write and delete those object including the root account. Governance Mode - users can't overwrite or delete an object version after its lock settings unless they have special permission
247
What is S3 Glacier Vault Lock?
Similar to S3 Object lock. Easily deploy and enforce compliance controls for individual S3 Glacier vaults with a vault lock policy. After specifying a control, such as a WORM model, in a vault lock policy, you cannot edit after locking the policy
248
What are the two methods for Encryption with S3?
Encryption in Transit - Sending data to S3 Encryption at Rest - Server Side Encryption (SSE)
249
How many types of Server Side Encryption for S3 are there?
3 types - AES 256 handled by AWS KMS - Key Management Service (AWS External Service Service) Client side encryption - SSE-C - Encrypt the files yourself before uploading.
250
What are S3 Prefixes?
Prefix is simply the folder and then subfolder within a S3 bucket. 3,500 put, copy, post, deletes and then 5,500 get and head requests per second, per prefix.
251
In S3 using SSE (server-side encryption) KMS to encrypt your objects in S3, what are the request limits generally?
The built-in limits are region specific, but it's either going to be 5,500, 10,000, or 30,000 requests per second. Upload or download.
252
How can you increase S3 Upload Performance?
Use Multi Part upload. Required for files over 5 GB
253
How can you increase S3 Download Performance?
Use S3 byte-range fetches to increase performance to download our files from S3.
254
S3 replication can be where?
Cross Region or in the Same Region
255
EC2, what is On-Demand Pricing?
Pay by the second or the hour depending on the type of instance that you run. And it's great for flexibility. No long-term contracts
256
EC2, what are Spot Instances?
Purchase unused capacity at a discount of up to 90%. And the prices fluctuate with supply and demand. And it's great for applications with flexible start and end times.
257
EC2, what are Reserved instances?
Reserve your capacity for 1 to 3 years. The more you pay up front the greater savings that you have. You can save up to 72% discount on the hourly charge. Great if you've got known or fixed requirements.
258
EC2, What are Dedicated Instances?
Physical EC2 server that's dedicated for your use. And it's great if you have server-bound licenses to reuse or compliance requirements
259
IAM Policies can control what permissions?
Roles Users Groups
260
When you update an IAM Policy, when does this take effect?
Immediately
261
When you change a Security Group, when do those changes take effect?
Immediately
262
How many EC2 Instances can you have in a security group?
Any Number of Instances
263
When you create a Security Group, what traffic is configured by default?
All Inbound traffic is blocked All Outbound traffic is allowed
264
With EC2 instances, what is metadata?
Metadata is data about your EC2 instances. This is IP Addresses and other useful information about your instance
265
What is ENI
Elastic Network Interface. This is for basic networking.
266
What is Enhanced Networking
When you need speeds between 10 gigabits per second and 100 gigabits per second. Reliable and high throughput
267
with Networking, What are EFAs?
Elastic Fabric Adapters Where you need to have high-performance computing and machine-learning applications bypass OS level to have more throughput and better performance
268
With EC2, what is a placement group?
logical grouping of EC2 instances.
269
With EC2, what is a spread placement group?
EC2 instances on separate hardware
270
With EC2, where would you want to use a Partition Placement Group?
Multiple EC2 instance with something like HDFS, HBase, and Cassandra
271
True or False: With EC2, Cluster Placement groups can span multiple AZs?
False
272
With EC2, can any type of instances be launched into placement groups?
No, only specific types of instances can be placed into Placement Groups: Compute Optimized GPU Optimized Memory Optimized Storage Optimized
273
True or False: With EC2 Placement groups, you cannot merge groups?
True
274
What is EC2 Spot Block?
This stops spot instances from being terminated at the specific threshold.
275
In EBS, what are GP2 and GP3 devices?
General purpose SSDs, GP3 is the improved next generation storage
276
In EBS, what is io1 and io2?
Provisioned IOPS SSD. More throughput and performance io2 is the new version of this drive
277
In EBS, what is sc1
Less frequently accessed drive ability. Cannot be a boot volume. One of the lowest costs.
278
Where do EBS snapshots live?
S3
279
True or False: You can share EBS snapshots between Accounts and Regions?
True. You need to be able to move those to the target region.
280
What else are Instance Store Volumes called?
Ephemeral Storage
281
What is an AMI?
An EC2 Blueprint containing information about architecture, OS, and other details to spin up exact EC2 instance configurations you need.
282
How do you encrypt a root volume that IS NOT already encrypted?
Create a snapshot of the unencrypted root device volume. Create a copy of that snapshot selecting the encrypt option. Create an AMI from the encrypted snapshot, Use that AMI to launch a new encrypted instance.
283
What does EC2 Hibernation mean?
Preserves the in-memory RAM on the EBS Disk Faster boot up with no need to reload the operating system.
284
What Class of EC2 instances support Hibernation?
C, M, and R class instances
285
What is EFS?
Elastic File Service. Auto adjust Network File System. Read after write consistency
286
What is AWS FSx ?
Centralized storage for windows based applications.
287
What is Amazon FSx for Lustre?
High capacity, high speed, distributed storage for high performance computing. Can store data directly on S3
288
What are the RDS Database flavors?
SQL Server Oracle MySQL PostgresSQL MariaDB Aurora
289
What is RDS primarily designed for?
online transaction processing workloads. So, this is where you are basically processing lots of small transactions like customer orders, banking transactions, payments, and booking systems.
290
What are Read Replicas?
Where you need to increase read performance from your DB solution. This is an exact copy of all your data, but specifically used as a read point.
291
How many Read Replicas can you have for your RDS?
5 Read Replicas are supported per DB
292
What is Multi AZ vs. Read Replica with RDS?
Read Replicas increase performance for read operations. Multi AZ is in place as a disaster recovery option and an exact copy. RDS will automatically fail over to the copy when needed
293
What is AWS Aurora?
Aurora is Amazon's proprietary database that's something that they have created themselves it's compatible with MySQL, as well as PostgreSQL.
294
With AWS Aurora, how many copies are kept of your database?
2 Copies in each availability zone with minimum of 3 zones. Essentially 6 copies of your data
295
When would you use Aurora Serverless DB?
Host effective option for infrequent intermittent or unpredictable workloads
296
What is the difference between eventually consistent and strongly consistent reads?
Eventually consistent means that consistency across all copies of data is usually reached within about a second and repeating a read after a short time should return the updated data. Strongly consistent reads return a result that reflects all rights that have received a successful response prior to the read.
297
What is DynamoDB "Transactions" ?
Multiple all-or-nothing operations. Good for things like financial transactions or fulfilling orders. This writes to all tables before any reads. If a write fails, it fails across all tables to keep the tables consistent.
298
What are ACID Requirements?
Requiring: Atomicity, Consistency, Isolation, Durability across one or more tables. Think DynamoDB Transactions.
299
What are DynamoDB On-Demand backups and restore?
Where you can backup your DynamoDB database with full backups at any time. It has zero impact on your table performance
300
What is DynamoDB Point-in-Time Recovery?
Protects against accidental writes or deletes Can restore your DynamoDB database to any point in the last 35 days. As recent as 5 minutes ago.
301
What is DynamoDB streams?
Where you can maintain First in First Out Records of your data.
302
What is DynamoDB Global Tables?
managed Multi-Master, Multi-Region Replication for globally distributed usage
303
True or False: A Subnet can span multiple AZs?
False
304
If you have resources in multiple AZs, tied to one NAT gateway, what happens if the AZ where the NAT gateway resides goes down?
All the resources tied to that gateway, even in other AZs that are not down, go out.
305
Are security groups stateful or stateless?
Stateful
306
What does it mean to be stateful?
If you send a request from your instance, the response traffic to that request is allowed to flow in regardless of the inbound security group rules. And responses to allowed inbound traffic are allowed to flow out regardless of the outbound rules.
307
True or False: Default Network ACLs allow all traffic in and out?
True
308
True or False: Custom Network ACLs allow all traffic in and out?
False
309
True or False: Each subnet in VPC must be associated with a network ACL.
True
310
In networking, if you need to block a hacker or malicious traffic, at what level do you do that?
Network ACL
311
A subnet can be associated with how many Network ACLs?
One at a time.
312
Network ACL's contain a numbered list of rules that are evaluated in what order?
Starting with Lowest Number first
313
Are Network ACLs stateful or stateless?
Stateless So responses to allowed inbound traffic subject to the rules for outbound traffic and vice versa.
314
What is AWS Direct Connect?
This is a way of directly connecting your data center to AWS. high-throughput workloads, lots of network traffic. For when you need a stable and reliable, secure connection.
315
What is a VPC Endpoint?
When you want to connect AWS services without leaving the Amazon's internal network.
316
What is VPC Peering?
this allows you to connect one VPC with another via a direct network route using private IP addresses, instances behave as if they were on the same private network, and you can peer VPCs with other AWS accounts as well as other VPCs in the same account.
317
What is AWS PrivateLink?
Peering VPCs to tens, hundreds, and thousands of customer VPCs, Requires Network Load Balancer on the service VPC and ENI on the customer VPC
318
What are AWS Transit Gateways?
Where you can connect all your VPCs without needing to peer them individually Works with Direct Connect and VPN connections. Supports IP multicast.
319
What is VPN Hub?
Simplifies VPN network topology connecting to AWS and using their service
320
What are the common DNS record types?
Start of Authority CNAME Name Server Record or NS Record A Records
321
What is a DNS A Record?
Essentially turns a web address into an IP address
322
What are the 6 routing policies?
simple routing weighted routing latency based routing, failover routing, geolocation routing, geoproximity routing.
323
What is Simple Routing Policy?
one record with multiple IP addresses. Route 53 will grab one of the addresses and return it at random witthis.
324
What is Weighted routing policy?
You can determine the percentage of traffic sent to different IP addresses.
325
What is latency based routing policy?
Route 53 selects the lowest latency response destination and sends the traffic there.
326
What is Failover routing policy?
Health Checks on each end point and if you lose a region it will fail over to another region
327
What is Geolocation routing policy?
Where the location of the user determines where the traffic is sent.
328
What is an Application Load Balancer "Listener" ?
A listener checks for connection requests from clients using the protocol and the port that you configure. So, it's either going to be port 80 or port 443.
329
What are Load Balancer Rules?
These determine how the load balancer routes your request to its registered target. Consist of: Priority Action (one or more) Conditions (One or more)
330
With Load Balancers, what is a Target Group?
Target group routes requests to one or more registered targets, such as our EC2 instances, using the protocol and port numbers that you specify.
331
Application Load Balancers only support what type of requests?
HTTP and HTTPS Must deploy one SSL cert on your LB
332
What are Network Load Balancers?
You're going to use them when you need extreme performance. Other use cases are where you need protocols that are not supported by Application Load Balancers.
333
What does a 504 Error mean on Classic Load Balancers?
Gateway Time out.
334
If you need the IPv4 address of your end user, what will you need to look for?
You need the X-Forwarded-For header.
335
What are Sticky Sessions?
They enable your users to stick to the same EC2 instance.
336
What is deregistration delay or connection draining?
These keep existing connections open if the EC2 instance becomes unhealthy.
337
What can you use for monitoring in regards to AWS Standards and Best Practice adherence?
AWS Config
338
What is the CloudWatch default metric delivery interval?
5 minutes Additional Charge to reduce that to 1 minute
339
What do you use CloudWatch Logs Insights for?
SQL Logs
340
What service can be in an Auto Scaling Group?
EC2 Only
341
How can you improve your Auto Scaling Group provisioning time?
Bake in as much as possible into your AMI to reduce provisioning time.
342
In Auto Scaling Groups, what is a Steady State Group?
This is where you set the Minimum, Maximum, and Desired Capacity to 1. If this instances fails, the ASG will automatically recover that architecture. Usually Legacy Systems that cannot have more than one online.
343
How do you Horizontally Scale a relational DB?
Read Replicas
344
In DynamoDB, what are the 2 types of scaling?
Auto Scaling On Demand Scaling (for unpredictable workloads)
345
If SQS is seeing consistent message duplication, what is likely wrong?
Misconfigured visibility timing
346
True or False: SQS Queues are Bi Directional?
False.
347
What do you use for SQS if message order is important?
SQS FIFO First in First out
348
If SQS message order is important, and you can't use FIFO, what is an option?
You can tag numerical order with the message and have it read in the tagged order. This takes configuration.
349
What is the recommended push notification service?
SNS Simple Notification Service
350
What is AWS API Gateway?
It acts as a secure front door to handle that external communication coming into your environment.
351
True or False Redshift is a single availability zone service?
True. Can be duplicated elsewhere, but not an HA solution
352
What is AWS EMR
A managed cluster platform that simplifies running big data frameworks, such as Apache Hadoop and Apache Spark Made up of EC2 instances
353
What is Kinesis Data Firehose
Amazon Kinesis Data Firehose is a automatic scaling managed service for delivering real-time streaming data to destinations.
354
How can you create a schema for your data in S3 storage?
AWS Glue Creates the schema, and you can query with Athena
355
What does AWS Fargate need to work with containers?
It requires ECS and EKS.
356
True or False Elastic Container Service is cross platform (on prem and in cloud)?
False. ECS is AWS only
357
What is AWS Certificate Manager and what does it provide?
Creates SSL Certificates. Automatically renew your SSL certificates and rotate the old certificates with new certificates so long as it's with the supported AWS services ELB, CloudFront, and API Gateway
358
True or False: IAM Policy Documents only work when they're attached to groups.
True
359
What is AWS Secrets Manager?
Secrets Manager can be used to securely store and rotate your application secrets, your database credentials, your API keys, SSH keys, passwords, et cetera. Paid Service
360
What is AWS CloudHSM?
Cloud Hardware Security Module. This creates the core customer key as well as generates other secrets
361
What is AWS KMS?
Key Manager Service. Using shared Tenancy of a Hardware Security Module, you can automatically Rotation and Key Generation.
362
What are the 3 ways to control permissions within KMS?
Key Policy Controlling access. IAM Policy Grants with Key Policy.
363
What is AWS Inspector?
It's used to perform a vulnerability scans on both EC2 instances and your VPCs. Can be run once or weekly
364
What is AWS GuardDuty?
It uses AI to learn what normal behavior looks like in your account to alert you of any abnormal or malicious behavior.
365
What is AWS Shield?
Shield protects against Layer 3 and Layer 4 attacks only. Used to protect against DDoS attacks.
366
What is AWS Systems Manager?
They are automation documents can be used to configure the insides of EC2 instances, as well as parts of the AWS environment. Jack of all trades automation
367
What is the difference between Elastic Beanstalk and Cloudformation?
CloudFormation is for slightly more complex architecture. SQS queues, Lambda functions, LBs, Api Gateway, ETC Elastic BeanStalk is for quick set up of simple architecture. Web Servers with DBs and such.
368
What is AWS Parameter Store?
Universal Key Value storage. Referenceable by CloudFormation for key values and parameters needed instead of hard coding. Requires mapping the values for reference
369
True or False: Memcached and DAX support backups?
False
370
What are the two versions of Elasticache?
Memcached and Redis
371
What is the primary difference between Memcached and Redis?
Memcached is purely memory cache Redis has the ability to be a database and has more features. Supports backups
372
What are 2 in memory Databases?
Redis DynamoDB
373
What does AWS Global Accelerator fix?
Fixes IP caching for your clients by giving you 2 static IP addresses that the architecture behind can rotate without issues.
374
What is AWS Trusted Advisor?
Checks: Cost Optimization Performance Fault Tolerance Security Service Limits
375
How do you get additional checks in Trusted Advisor?
You have to upgrade to a paid support plan.
376
What is a limit of Trusted Advisor?
It only TELLS you something is wrong, you'll need to go actually fix it or automate a Lambda response to fix this.
377
In Automation, what would you use to notify users of thresholds?
SNS can notify users based on limitations and set thresholds.
378
with IAM, how do you give someone cross account access for something like an audit?
You use a cross role account. Always assign roles instead of duplicate log in.
379
What are the Active Directory Options?
AD Connector - On prem AD but used with AWS AWS Microsoft AD - Fully managed AWS MS AD
380
What Sign on service do you use for External Mobile users?
AWS Cognito
381
What AWS service helps you enforce standards in your AWS Account?
AWS Config. Can create a rule, and check if it's set up. And if the rule is broken, can enforce with Lambda
382
How can you centralize all your logging?
Using CloudTrail with AWS Organizations.
383
What are Service Control Policies?
This is the way to restrict the root account. The policies are the ultimate and final say, and override all other permission sets.
384
What is File Gateway?
Hybrid Storage Solution for files
385
What is one of the requirements for Storage Gateway when creating a hybrid environment?
You have to have a VM on prem that runs the software for the gateway transfers.
386
What is AWS DataSync?
Agent based, one time transfer of data to AWS. Primarily for File Shares. Can transfer to EFS and FSx
387
What is AWS Transfer Family?
FTPS and SFTP for legacy application transfer protocols
388
What is Migration Hub?
Organization tool where you can track the migration progress.
389
What is Database Migration Service?
Migrates your Database to AWS Has tools to convert Oracle or MySQL Servers to any database engine, primarily Aurora.
390
What is Server Migration Service?
Moving servers from VMware to AWS. Can create AMIs from the VMware information.
391
True or False: A User can belong to more than one group?
True
392
What defines AWS Direct Connect?
Private Dedicated network connection from your facilities to AWS
393
In Databases, promoting a Read Replica to Primary during failure is automatic or manual?
Manual process.
394
Which Item can an identity-based policy not be attached to? Roles Users Groups Resources
Resources. Only Resource based bolicies are attached to resources.