AWS Solutions Architect Professional Flashcards
1
Q
What are the 5 pillars of the well-architected framework?
A
- Operational Excellence
- Security
- Reliability
- Performance Effeciency
- Cost Optimization
- Sustainablility (not on current exam)
2
Q
What is a homogenous migration in DMS?
A
In homogeneous database migrations, the source and target database engines are the same or are compatible—like Oracle to Amazon RDS for Oracle, MySQL to Amazon Aurora, MySQL to Amazon RDS for MySQL, or Microsoft SQL Server to Amazon RDS for SQL Server. Since the schema structure, data types, and database code are compatible between the source and target databases, this kind of migration is a one-step process.
3
Q
What is a heterogenous migration in DMS?
A
In heterogeneous database migrations, the source and target databases engines are different—like in the case of Oracle to Amazon Aurora, Oracle to PostgreSQL, or Microsoft SQL Server to MySQL migrations. In this case, the schema structure, data types, and database code of source and target databases can be quite different, requiring a schema and code transformation before the data migration starts. That makes heterogeneous migrations a two-step process. First, use the AWS Schema Conversion Tool to convert the source schema and code to match that of the target database.
4
Q
What tool can be used to covert schema to a different db format?
A
AWS schema conversion tool
5
Q
What are the supported source db formats for DMS?
A
Oracle Microsoft SQL Server MySQL MariaDB PostgreSQL MongoDB SAP IBM db2 Azure SQL Google Cloud for MySQL s3 documentDB Aurora MySQL and PostgreSQL
6
Q
What are the supported target db formats for DMS?
A
Oracle Microsoft SQL Server MySQL MariaDB PostgreSQL SAP Redis v6 Redshift s3 OpenSearch/Elasticsearch Elasticache Redis Kinesis Data Streams DcoumentDB Neptune Kafka Babelfish for PostgreSQL
7
Q
What is the limit of records per shard in kinesis?
A
1000 records per shard, or 1MB/s, or 1000 writes/s
8
Q
What are the components of a kinesis record?
A
partition key, sequence number, and data blob
9
Q
What is the size limit of kinesis data blob?
A
1MB
10
Q
What are the default and max retention times for kinesis stream?
A
default 24h
max 7 days
11
Q
How is Kinesis firehose different than data streams
A
firehose simply delivers data to a storage destination such as s3. It doesn’t allow processing on the stream.
12
Q
What is Kinesis Analytics?
A
lets you analyze and transform data in real time with Apache Flink. Works with both streams and firehose.
13
Q
What is the dynamo db max item size?
A
400kb
14
Q
What is a partition in dynamo db?
A
physical space where data is stored
15
Q
What is a partition key in dynamo db?
A
unique identifier for each key. Records can have the same partition key if the sort key is different.
16
Q
What is a sort key in dynamo db?
A
Combined with partition key to for defining storage order
17
Q
What chunk size are dynamo db partitions divided into?
A
10gb
18
Q
What is the formula for determining # of dynamo db partitions by capacity?
A
(total RCU/3000) + (total WCU/1000)
19
Q
What is the formula for determing # of dynamo db partisions by size?
A
total size / 10gb
20
Q
How to determine number of partitions in a dynamo db table?
A
round up MAX(by capacity, by size)
21
Q
What is a dynamo db secondary global index?
A
Think of it as a copy of the original table. Can have different partition and sort keys
22
Q
What autoscaling method does dynamo db use?
A
It uses target tracking for WCU and RCU utilization
23
Q
What are some limitations of dynamo db scale down?
A
It won’t scale down automatically if consumption drops completely to 0.
24
Q
What is dynamo db accelerator (DAX)
A
an in memory cache in front of dynamo db for speeding up latency
25
What does ACID stand for
Atomic
Consistent
Isolated
Durable
26
What does BASE mean?
basically available
soft state
eventually consistent
27
What is the s3 max object size?
5TB
28
Above what size object should you use multi part uploads with s3?
100mb
29
What is s3 transfer acceleration?
uses cloudfront to speed up uploads
30
What is Glacier Vault Lock?
Lets you specify compliance rules on glacier. Prevents future changes to data
31
What is the Amazon Data Lifecycle Manager?
automate the creation, retention, and deletion of EBS snapshots and EBS-backed AMIs
32
What is AWS Data Sync used for ?
Online transfer of data between storage services. Both AWS and on prem.
33
How much more expensive is EFS than ebs and s3?
3x more than EBS
| 20x more than s3
34
How does File Gateway expose storage?
exposes NFS and Samba
35
How does Volume Gateway expose storage?
iSCSI
36
What is the difference between Volume Gateway cached and stored mode?
Stored mode keeps a copy of all data locally, asyncronously copies to s3.
Cached mode caches frequently access files locally with all data in s3.
37
Can dynamo db be ACID compliant?
Yes, using dynamo db transactions.
38
What is a dynamo db local secondary index?
Allows for different sort keys with the same partition key on the table.
39
What is AWS Redshift?
PostgreSQL compatible data warehouse.
40
What is AWS Neptune?
A managed graph database
41
When would you use Redshift over Athena?
When joins or unions are required on the data
42
What storage format provides the best performance with Athena?
Apache parquet
43
What is amazon QLDB
Quantum Ledger Database (QLDB) is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log.
44
What is Amazon Managed Blockchain?
Managed blockchain service built on top of QLDB
45
What are the reserved VPC addresses of a VPC with cidr 172.16.32.0?
172. 16.32.0 - VPC network address
172. 16.32.1 - VPC router
172. 16.32.2 - VPC DNS resolver
172. 16.32.3 - AWS Future Use
172. 16.32.255 - Unusable Broadcast Address
46
Does AWS VPC support broadcast layer 2 traffic?
no
47
What protocol does AWS Managed VPN use?
ipsec
48
What is the max speed of a Direct Connect link?
10GB/s
49
What is Direct Connect plus VPN?
Uses ipsec to secure direct connect link.
50
What is AWS VPN Cloud Hub
Allows connecting multiple locations in hub and spoke manner with AWS. AWS is the hub and all traffic goes through it to spokes.
51
What is a transit VPC?
A common VPC uses to connect multiple locations and VPCs
52
How is private link different than direct connect?
Private link adds VPC endpoint to connect to services over AWS private network. Only VPC interface endpoints, not a full network connection like direct link. Can be used for 3rd parties to provide access as well.
53
What services do VPC Gatway Endpoints support?
s3 and dynamodb
54
What is are the types of ec2 placement groups?
spread: spreads small groups of instances across logical partitions that do not share hardware
partition: spreads groups of instances in partitions that are spread across underlying hardware. For large distributed workloads like Hadoop and Cassandra
clustered: pack instances closely together in an AZ, same hardware, to get the lowest latency possible
55
What are the route53 routing policies?
```
simple
failover
geolocation
geoproximity
latency
mulitple answer
weighted
```
56
Does Application Load Balancer support Elastic IP?
No. Only when used with global accelerator.
57
What are the AWS Cloud Directory services?
- Cognito
- Simple AD
- AD Connector
- Directory Service for Microsoft Active Directory
58
What is a token vending machine?
A method for providing temp AWS credentials in mobile applications. It is recommended to use Cognito instead.
59
What is cloud HSM?
- Dedicated, single-tenant hardware for encryption keys.
- must be in VPC
- used for TDE with Oracle DBs
- classic HSM has upgront cost
60
What is the difference between IDS and IPS?
IDS (intrustion detection service) is a monitor. IPS (intrusion prevention system) is active.
61
Does cloudtrail provide native alerting?
No, must use cloudwatch events.
62
What is the value proposition of Service Catalog?
Uses adopted roles so users don't need direct IAM permisson required to launch stack.
63
How do you override settings from Global Service Catalog?
You have to create a matching local portfolio to override settings like the IAM role inherited from a service catalog in a shared account.
64
Re-host
lift and shift. e.g. move VMs directly from on prem to ec2
65
re-platform
lift and rshape
e.g. on prem mysql to rds
66
re-purchase
drop and shop
abondon existing solution and use a new one
67
re-architect
redesign in cloud native manner
68
retire
get rid of applications
69
retain
do nothing, keep as is
70
rank re-host, re-platform, re-purchase, re-architect, retire, and retain by effort (time and cost) from lowest to highest
1. retire
2. retain
3. re-host
4. re-purchase
5. re-platform
6. re-architect
71
What is the Cloud Adoption Framework?
an approach for designing, planning, and implementing IT architectures in the cloud. It is not a cookbook but rather a holistic approach that can be adopted.
72
What is the AWS Server Migration Service?
- Migrates on prem vmware and microsoft hyper-v VMs to AWS
- syncs volumes and creates periodic AMIs
- downloaded as virtual appliance for vmware or hyper-v
73
What is the Schema Conversion Tool
Used for hetergenous database migrations. Converts schema from source format to a separate target format.
74
What is the Database Migration Service?
Used to migrate databases between different source and destination databases.
75
What is the AWS Application Discovery Service?
Helps customers gather info about on premise data centers to help plan migrations. Uses Migration Hub in console.
76
Does AWS Application Discovery Service require a software agent on every node?
No. Agentless mode is supported with vmware. Non vmware environments require the agent.
77
What cidr masks do VPCs support?
/16 to /28
78
What is the storage capacity of AWS Snowball?
80TB
79
What is the difference between AWS Snowball and AWS Snowball Edge?
Snowball edge includes on board lambda and clustering that can used to process the data in transit.
80
What is the storage capacity of AWS Snowmobile?
100PB
81
What is the difference between AWS Snowmobile and AWS Snowmobile Edge?
Snowmobile edge includes onboard lambda and clustering for processing data
82
What is AWS Auto Scaling?
An API to manage autoscaling for non ec2 services such as
- dynamo
- ecs
- emr
- spot fleet
- aurora
- sagemaker endpoints
83
AWS Auto Scaling Service in Console
A higher level abstraction for managing autoscaling for an application both for ec2 and other services.
84
Target tracking scale policy
specify a target value for metric
85
step and simple scale policies
choose scaling metrics and threshold values for the CloudWatch alarms that invoke the scaling process. You also define how your Auto Scaling group should be scaled when a threshold is in breach for a specified number of evaluation periods.
86
What is the default ec2 autoscaling cooldown period?
300s
87
Can cloudfront cache dynamic content?
Yes! dynamic content uses http cookies forwarded from the origin
88
What are the supported origins for cloudfront?
s3, ec2, elb, or other web server
89
How serve different content based on URL paths with cloudfront?
use cloudfront behaviors
90
Does cloudfront support multiple origins?
Yes, using behaviors and http paths?
91
How do you invalidate cloudfront cache?
- delete file from origin and wait for ttl
- use AWS console to specify an invalidation for a specific path such as /images/*
- cloudfront API
- third party tools have support
92
What endpoint protocols does SNS support?
http(s), email, SQS, Amazon Device Messaging (push notifications), and lambda
93
What is the storage lifetime of an SQS message?
default 4 days
max 14 days
94
What is the max message size with SQS?
256KB
a special java sdk may be used to get messages up to 2GB however
95
What is Amazon MQ?
Managed Apache Active MQ message broker
96
What are dynamo db streams?
DynamoDB Streams captures a time-ordered sequence of item-level modifications in any DynamoDB table and stores this information in a log for up to 24 hours. Applications can access this log and view the data items as they appeared before and after they were modified, in near-real time.
97
What is the Serverless Application Model?
A framework for building serverless apps on AWS. Includes a CLI to help with building and deploying.
98
What are the transformation domains of the cloud adoption framework?
- technology
- process
- organization
- product
99
What are the 6 perspectives of the cloud adoption framework?
- business
- people
- governance
- platform
- security
- operations
100
What is sybase?
An SAP database supported by dms
101
What is AWS simple workflow service?
a managed status tracking system, best suited for human enabled workflows like order fullfilment
recommended to use step functions instead for new projects
102
What is a Simple Workflow Service activity worker?
a program that interacts with SWF to get tasks, process tasks, and return results
103
What is a Simple Workflow Service decider?
a program that controllers coordination of tasks such as ordering, concurrency, and scheduling
104
When to use step functions?
out of the box coordination between AWS services
example: order processing flow
105
When to use simple workflow service?
need to support external services or specialized logic. usually use step functions instead
example: load application process with manual review steps.
106
When to use SQS?
message queue for store and forward patterns
example: image resize process
107
When to use AWS Batch?
scheduled or recurring tasks that do not require heavy logic
example: rotate logs daily on firewall appliance
108
what is cloudfront zone apex support?
supports cdn for the root domain
both www.example.com and example.com can work without doing any redirect stuff
109
What is the serverless application model?
Tool to help manage serverless applications.
- frontend to cloudformation
- cli
- local dev
110
What is business continuity?
seeks to minimize business activity disruption when something unexpected occurs
111
What is disaster recovery?
Act of responding to an event that threatens business continuity
112
What is high availability?
designing in redundancies to reduce the chance of impacting service levels
113
What is fault tolerance?
Designing in the ability to absorb problems without impacting service levels
114
What is recovery time objective (RTO)?
Time that it takes after a disruption to restore business processes to their service levels
T is for time
115
What is recovery point objective (RPO)?
Acceptable amount of data loss measured in time
P is for data goes "poof"
116
what is raid 0?
no redundancy, data striped across drives for extra performance
can be used to boost EBS iops and throughput
117
what is raid 1?
1 drive can fail
data is mirrored between 2 drives, less storage capacity
118
what is raid 5?
NOT recommended on AWS due to i/o requirements
1 drive can fail
minimum of 3 drives
2 drives store data, 3rd drive stores parit bit
119
what is raid 6?
NOT recommended on AWS due to i/o requirements
2 drives can fail
minimum of 4 drives
2 methods of parity
120
What raid levels does AWS recommend when working with EBS?
raid 0 and raid 1
121
What are the availability SLA of s3 storage classes?
standard = 99.99
standard infrequent access = 99.9
one zone infrequent access = 99.5
122
What is the s3 durability sla?
11 9s
99.999999999
123
Does Redshift support multi AZ deployments?
no
use multi node cluster
124
Can RDS failover to a read replica automatically?
no
125
what are some ways to accomplish blue green deployments on AWS?
update route53 to point to new elb or ec2 instance
swap out autoscaling groups
create a new launch config and assign to elb
elastic beanstalk
clone stack in opsworks and point dns to new stack
126
what is continuous integration?
merge code changes back to main branch as frequently as possible with automated testing along the way
127
what is continuous delivery?
automated release process you can manually trigger
128
what is continous deployment?
each code change that passes all stages of release process is released to production without human intervention
129
What is a cloudformation change set?
a summary of proposed changes to a stack that allows you to review changes before applying
130
What are cloudformation stack policies?
protect specific resources from being unintentionally deleted or updated. protect everything by default.
can't be removed once applied
After you set a stack policy, all of the resources in the stack are protected by default. To allow updates on specific resources, you specify an explicit Allow statement for those resources in your stack policy. You can define only one stack policy per stack, but, you can protect multiple resources within a single policy. A stack policy applies to all AWS CloudFormation users who attempt to update the stack. You can't associate different stack policies with different users
A stack policy applies only during stack updates. It doesn't provide access controls like an AWS Identity and Access Management (IAM) policy. Use a stack policy only as a fail-safe mechanism to prevent accidental updates to specific stack resources. To control access to AWS resources or actions, use IAM.
131
What is AWS config?
a service that allows you to access, audit, and evaluate configurations of all AWS resources
useful for config mgmt as part of an ITIL program
can track variations against baselines and issue alarms
example rules:
- is backup enabled on RDS?
- is cloudtrail enabled on the account?
- are ebs volumes encrypted?
132
What is Amazon WorkLink?
provides secure access to internal web apps
133
What is Amazon Comprehend?
natural language processing (NLP)
sentiment analysis
134
What is Amazon Forecast?
analyzes time series data to delivery forecasts
135
What is Amazon Lex?
understand intent and context of natural speach, useful for chatbots
136
What is Amazon Personalize?
recommendation engine as a service based on demographic and behavioral data
137
What is Amazon Polly?
text to speech service
138
What is Amazon Rekognition?
image and video object recognition and face recognition
139
What is Amazon Textract?
OCR, extract text
140
What are the elasticbeanstalk supported platforms?
- docker
- go
- java
- tomcat
- .net
- node.js
- php
- ruby
- python
141
What is a disposable upgrade?
one were a new release is deployed on new instances while instances containing the old version are terminated.
142
What are AWS Resource Groups?
groupings of AWS resources defined by tags
143
what is the difference between standard and convertible reserved instances?
- both valid for 1 or 3 years
- standard has a bigger discount
- both change az, instance size,
- convertible lets you change instance family
- convertible benefits from ec2 cost reductions when they occur
- only standard can be sold on the marketplace
144
What type of reserved instance gaurantees availability in a particular AZ?
zonal reserved instance
145
What are dedicated instances?
hardware reserved just you, instances share hardware with other instances within your same account
2$ more per hour on instance costs
146
What is dedicated host (ec2)?
physical servers dedicated just to your use
each dedicated host can only run 1 ec2 instance size and type
147
What are AWS savings plans?
pricing model offering lower prices compared to On-Demand pricing, in exchange for a specific usage commitment (measured in $/hour) for a one or three-year period. AWS offers three types of Savings Plans – Compute Savings Plans, EC2 Instance Savings Plans, and Amazon SageMaker Savings Plans. Compute Savings Plans apply to usage across Amazon EC2, AWS Lambda, and AWS Fargate. The EC2 Instance Savings Plans apply to EC2 usage, and Amazon SageMaker Savings Plans apply to Amazon SageMaker usage.
148
What is AWS Budgets?
allows to setup predefined limits and get notified if they are exceeded
can be based on cost, usage, or utilization of reserved instances
149
Can you move reserved instances between regions?
no
150
How do you provide temporary access to KMS keys?
using grants
Grants are commonly used by AWS services that integrate with AWS KMS to encrypt your data at rest. The service creates a grant on behalf of a user in the account, uses its permissions, and retires the grant as soon as its task is complete.
151
What service do you use if you need to analyze IOT data in real time for analytics?
kinesis data analytics
152
What is AWS Artifact?
provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports.
153
What is Amazon Inspector?
Amazon Inspector is an automated vulnerability management service that continually scans Amazon Elastic Compute Cloud (EC2) and container workloads for software vulnerabilities and unintended network exposure.
154
What is AWS Firewall Manager?
Central management of WAF, WAF Shield, security groups, network firewall, and route53 resolver DNS firewall
Firewall Manager is particularly useful when you want to protect your entire organization rather than a small number of specific accounts and resources, or if you frequently add new resources that you want to protect. Firewall Manager also provides centralized monitoring of DDoS attacks across your organization.
155
What is Aurora backtracking?
With Amazon Aurora MySQL-Compatible Edition, you can backtrack a DB cluster to a specific time, without restoring data from a backup.
156
Why might an EBS volume created from a snapshot be slow initially?
For volumes that were created from snapshots, the storage blocks must be pulled down from Amazon S3 and written to the volume before you can access them. This preliminary action takes time and can cause a significant increase in the latency of I/O operations the first time each block is accessed. Volume performance is achieved after all blocks have been downloaded and written to the volume.
157
When should I use Amazon EC2 Auto Scaling vs. AWS Auto Scaling?
You should use AWS Auto Scaling to manage scaling for multiple resources across multiple services.
158
Can service control policies have more than one statement element or json object?
no
159
Can you use non RFC1918 addresses with VPC cidrs?
yes, but you will not be able to route traffic to the internet with them
160
What are the 5 design principles of the operation excellence pillar of the well architected framework?
- perform operations as code
- make frequent, small, reversible changes
- refine operations procedures frequently
- Anticipate failure
- learn from all operational failures
