AWS Solutions Architect Professional

Question 1

What are the 5 pillars of the well-architected framework?

Answer 1

1. Operational Excellence
2. Security
3. Reliability
4. Performance Effeciency
5. Cost Optimization
6. Sustainablility (not on current exam)

Question 2

What is a homogenous migration in DMS?

Answer 2

In homogeneous database migrations, the source and target database engines are the same or are compatible—like Oracle to Amazon RDS for Oracle, MySQL to Amazon Aurora, MySQL to Amazon RDS for MySQL, or Microsoft SQL Server to Amazon RDS for SQL Server. Since the schema structure, data types, and database code are compatible between the source and target databases, this kind of migration is a one-step process.

Question 3

What is a heterogenous migration in DMS?

Answer 3

In heterogeneous database migrations, the source and target databases engines are different—like in the case of Oracle to Amazon Aurora, Oracle to PostgreSQL, or Microsoft SQL Server to MySQL migrations. In this case, the schema structure, data types, and database code of source and target databases can be quite different, requiring a schema and code transformation before the data migration starts. That makes heterogeneous migrations a two-step process. First, use the AWS Schema Conversion Tool to convert the source schema and code to match that of the target database.

Question 4

What tool can be used to covert schema to a different db format?

Answer 4

AWS schema conversion tool

Question 5

What are the supported source db formats for DMS?

Answer 5

Oracle
Microsoft SQL Server
MySQL
MariaDB
PostgreSQL
MongoDB
SAP
IBM db2
Azure SQL
Google Cloud for MySQL
s3
documentDB
Aurora MySQL and PostgreSQL

Question 6

What are the supported target db formats for DMS?

Answer 6

Oracle
Microsoft SQL Server
MySQL
MariaDB
PostgreSQL
SAP
Redis v6
Redshift
s3
OpenSearch/Elasticsearch
Elasticache Redis
Kinesis Data Streams
DcoumentDB
Neptune
Kafka
Babelfish for PostgreSQL

Question 7

What is the limit of records per shard in kinesis?

Answer 7

1000 records per shard, or 1MB/s, or 1000 writes/s

Question 8

What are the components of a kinesis record?

Answer 8

partition key, sequence number, and data blob

Question 9

What is the size limit of kinesis data blob?

Answer 9

1MB

Question 10

What are the default and max retention times for kinesis stream?

Answer 10

default 24h

max 7 days

Question 11

How is Kinesis firehose different than data streams

Answer 11

firehose simply delivers data to a storage destination such as s3. It doesn’t allow processing on the stream.

Question 12

What is Kinesis Analytics?

Answer 12

lets you analyze and transform data in real time with Apache Flink. Works with both streams and firehose.

Question 13

What is the dynamo db max item size?

Answer 13

400kb

Question 14

What is a partition in dynamo db?

Answer 14

physical space where data is stored

Question 15

What is a partition key in dynamo db?

Answer 15

unique identifier for each key. Records can have the same partition key if the sort key is different.

Question 16

What is a sort key in dynamo db?

Answer 16

Combined with partition key to for defining storage order

Question 17

What chunk size are dynamo db partitions divided into?

Answer 17

10gb

Question 18

What is the formula for determining # of dynamo db partitions by capacity?

Answer 18

(total RCU/3000) + (total WCU/1000)

Question 19

What is the formula for determing # of dynamo db partisions by size?

Answer 19

total size / 10gb

Question 20

How to determine number of partitions in a dynamo db table?

Answer 20

round up MAX(by capacity, by size)

Question 21

What is a dynamo db secondary global index?

Answer 21

Think of it as a copy of the original table. Can have different partition and sort keys

Question 22

What autoscaling method does dynamo db use?

Answer 22

It uses target tracking for WCU and RCU utilization

Question 23

What are some limitations of dynamo db scale down?

Answer 23

It won’t scale down automatically if consumption drops completely to 0.

Question 24

What is dynamo db accelerator (DAX)

Answer 24

an in memory cache in front of dynamo db for speeding up latency

Question 25

What does ACID stand for

Answer 25

Atomic
Consistent
Isolated
Durable

Question 26

What does BASE mean?

Answer 26

basically available
soft state
eventually consistent

Question 27

What is the s3 max object size?

Answer 27

5TB

Question 28

Above what size object should you use multi part uploads with s3?

Answer 28

100mb

Question 29

What is s3 transfer acceleration?

Answer 29

uses cloudfront to speed up uploads

Question 30

What is Glacier Vault Lock?

Answer 30

Lets you specify compliance rules on glacier. Prevents future changes to data

Question 31

What is the Amazon Data Lifecycle Manager?

Answer 31

automate the creation, retention, and deletion of EBS snapshots and EBS-backed AMIs

Question 32

What is AWS Data Sync used for ?

Answer 32

Online transfer of data between storage services. Both AWS and on prem.

Question 33

How much more expensive is EFS than ebs and s3?

Answer 33

3x more than EBS

20x more than s3

Question 34

How does File Gateway expose storage?

Answer 34

exposes NFS and Samba

Question 35

How does Volume Gateway expose storage?

Answer 35

iSCSI

Question 36

What is the difference between Volume Gateway cached and stored mode?

Answer 36

Stored mode keeps a copy of all data locally, asyncronously copies to s3.

Cached mode caches frequently access files locally with all data in s3.

Question 37

Can dynamo db be ACID compliant?

Answer 37

Yes, using dynamo db transactions.

Question 38

What is a dynamo db local secondary index?

Answer 38

Allows for different sort keys with the same partition key on the table.

Question 39

What is AWS Redshift?

Answer 39

PostgreSQL compatible data warehouse.

Question 40

What is AWS Neptune?

Answer 40

A managed graph database

Question 41

When would you use Redshift over Athena?

Answer 41

When joins or unions are required on the data

Question 42

What storage format provides the best performance with Athena?

Answer 42

Apache parquet

Question 43

What is amazon QLDB

Answer 43

Quantum Ledger Database (QLDB) is a fully managed ledger database that provides a transparent, immutable, and cryptographically verifiable transaction log.

Question 44

What is Amazon Managed Blockchain?

Answer 44

Managed blockchain service built on top of QLDB

Question 45

What are the reserved VPC addresses of a VPC with cidr 172.16.32.0?

Answer 45

172. 16.32.0 - VPC network address
173. 16.32.1 - VPC router
174. 16.32.2 - VPC DNS resolver
175. 16.32.3 - AWS Future Use
176. 16.32.255 - Unusable Broadcast Address

Question 46

Does AWS VPC support broadcast layer 2 traffic?

Answer 46

no

Question 47

What protocol does AWS Managed VPN use?

Answer 47

ipsec

Question 48

What is the max speed of a Direct Connect link?

Answer 48

10GB/s

Question 49

What is Direct Connect plus VPN?

Answer 49

Uses ipsec to secure direct connect link.

Question 50

What is AWS VPN Cloud Hub

Answer 50

Allows connecting multiple locations in hub and spoke manner with AWS. AWS is the hub and all traffic goes through it to spokes.

Question 51

What is a transit VPC?

Answer 51

A common VPC uses to connect multiple locations and VPCs

Question 52

How is private link different than direct connect?

Answer 52

Private link adds VPC endpoint to connect to services over AWS private network. Only VPC interface endpoints, not a full network connection like direct link. Can be used for 3rd parties to provide access as well.

Question 53

What services do VPC Gatway Endpoints support?

Answer 53

s3 and dynamodb

Question 54

What is are the types of ec2 placement groups?

Answer 54

spread: spreads small groups of instances across logical partitions that do not share hardware
partition: spreads groups of instances in partitions that are spread across underlying hardware. For large distributed workloads like Hadoop and Cassandra
clustered: pack instances closely together in an AZ, same hardware, to get the lowest latency possible

Question 55

What are the route53 routing policies?

Answer 55

simple
failover
geolocation
geoproximity
latency
mulitple answer
weighted

Question 56

Does Application Load Balancer support Elastic IP?

Answer 56

No. Only when used with global accelerator.

Question 57

What are the AWS Cloud Directory services?

Answer 57

• Cognito
• Simple AD
• AD Connector
• Directory Service for Microsoft Active Directory

Question 58

What is a token vending machine?

Answer 58

A method for providing temp AWS credentials in mobile applications. It is recommended to use Cognito instead.

Question 59

What is cloud HSM?

Answer 59

• Dedicated, single-tenant hardware for encryption keys.
• must be in VPC
• used for TDE with Oracle DBs
• classic HSM has upgront cost

Question 60

What is the difference between IDS and IPS?

Answer 60

IDS (intrustion detection service) is a monitor. IPS (intrusion prevention system) is active.

Question 61

Does cloudtrail provide native alerting?

Answer 61

No, must use cloudwatch events.

Question 62

What is the value proposition of Service Catalog?

Answer 62

Uses adopted roles so users don’t need direct IAM permisson required to launch stack.

Question 63

How do you override settings from Global Service Catalog?

Answer 63

You have to create a matching local portfolio to override settings like the IAM role inherited from a service catalog in a shared account.

Question 64

Re-host

Answer 64

lift and shift. e.g. move VMs directly from on prem to ec2

Question 65

re-platform

Answer 65

lift and rshape

e.g. on prem mysql to rds

Question 66

re-purchase

Answer 66

drop and shop

abondon existing solution and use a new one

Question 67

re-architect

Answer 67

redesign in cloud native manner

Question 68

retire

Answer 68

get rid of applications

Question 69

retain

Answer 69

do nothing, keep as is

Question 70

rank re-host, re-platform, re-purchase, re-architect, retire, and retain by effort (time and cost) from lowest to highest

Answer 70

1. retire
2. retain
3. re-host
4. re-purchase
5. re-platform
6. re-architect

Question 71

What is the Cloud Adoption Framework?

Answer 71

an approach for designing, planning, and implementing IT architectures in the cloud. It is not a cookbook but rather a holistic approach that can be adopted.

Question 72

What is the AWS Server Migration Service?

Answer 72

• Migrates on prem vmware and microsoft hyper-v VMs to AWS
• syncs volumes and creates periodic AMIs
• downloaded as virtual appliance for vmware or hyper-v

Question 73

What is the Schema Conversion Tool

Answer 73

Used for hetergenous database migrations. Converts schema from source format to a separate target format.

Question 74

What is the Database Migration Service?

Answer 74

Used to migrate databases between different source and destination databases.

Question 75

What is the AWS Application Discovery Service?

Answer 75

Helps customers gather info about on premise data centers to help plan migrations. Uses Migration Hub in console.

Question 76

Does AWS Application Discovery Service require a software agent on every node?

Answer 76

No. Agentless mode is supported with vmware. Non vmware environments require the agent.

Question 77

What cidr masks do VPCs support?

Answer 77

/16 to /28

Question 78

What is the storage capacity of AWS Snowball?

Answer 78

80TB

Question 79

What is the difference between AWS Snowball and AWS Snowball Edge?

Answer 79

Snowball edge includes on board lambda and clustering that can used to process the data in transit.

Question 80

What is the storage capacity of AWS Snowmobile?

Answer 80

100PB

Question 81

What is the difference between AWS Snowmobile and AWS Snowmobile Edge?

Answer 81

Snowmobile edge includes onboard lambda and clustering for processing data

Question 82

What is AWS Auto Scaling?

Answer 82

An API to manage autoscaling for non ec2 services such as

• dynamo
• ecs
• emr
• spot fleet
• aurora
• sagemaker endpoints

Question 83

AWS Auto Scaling Service in Console

Answer 83

A higher level abstraction for managing autoscaling for an application both for ec2 and other services.

Question 84

Target tracking scale policy

Answer 84

specify a target value for metric

Question 85

step and simple scale policies

Answer 85

choose scaling metrics and threshold values for the CloudWatch alarms that invoke the scaling process. You also define how your Auto Scaling group should be scaled when a threshold is in breach for a specified number of evaluation periods.

Question 86

What is the default ec2 autoscaling cooldown period?

Answer 86

300s

Question 87

Can cloudfront cache dynamic content?

Answer 87

Yes! dynamic content uses http cookies forwarded from the origin

Question 88

What are the supported origins for cloudfront?

Answer 88

s3, ec2, elb, or other web server

Question 89

How serve different content based on URL paths with cloudfront?

Answer 89

use cloudfront behaviors

Question 90

Does cloudfront support multiple origins?

Answer 90

Yes, using behaviors and http paths?

Question 91

How do you invalidate cloudfront cache?

Answer 91

• delete file from origin and wait for ttl
• use AWS console to specify an invalidation for a specific path such as /images/*
• cloudfront API
• third party tools have support

Question 92

What endpoint protocols does SNS support?

Answer 92

http(s), email, SQS, Amazon Device Messaging (push notifications), and lambda

Question 93

What is the storage lifetime of an SQS message?

Answer 93

default 4 days

max 14 days

Question 94

What is the max message size with SQS?

Answer 94

256KB

a special java sdk may be used to get messages up to 2GB however

Question 95

What is Amazon MQ?

Answer 95

Managed Apache Active MQ message broker

Question 96

What are dynamo db streams?

Answer 96

DynamoDB Streams captures a time-ordered sequence of item-level modifications in any DynamoDB table and stores this information in a log for up to 24 hours. Applications can access this log and view the data items as they appeared before and after they were modified, in near-real time.

Question 97

What is the Serverless Application Model?

Answer 97

A framework for building serverless apps on AWS. Includes a CLI to help with building and deploying.

Question 98

What are the transformation domains of the cloud adoption framework?

Answer 98

• technology
• process
• organization
• product

Question 99

What are the 6 perspectives of the cloud adoption framework?

Answer 99

• business
• people
• governance
• platform
• security
• operations

Question 100

What is sybase?

Answer 100

An SAP database supported by dms

Question 101

What is AWS simple workflow service?

Answer 101

a managed status tracking system, best suited for human enabled workflows like order fullfilment

recommended to use step functions instead for new projects

Question 102

What is a Simple Workflow Service activity worker?

Answer 102

a program that interacts with SWF to get tasks, process tasks, and return results

Question 103

What is a Simple Workflow Service decider?

Answer 103

a program that controllers coordination of tasks such as ordering, concurrency, and scheduling

Question 104

When to use step functions?

Answer 104

out of the box coordination between AWS services

example: order processing flow

Question 105

When to use simple workflow service?

Answer 105

need to support external services or specialized logic. usually use step functions instead

example: load application process with manual review steps.

Question 106

When to use SQS?

Answer 106

message queue for store and forward patterns

example: image resize process

Question 107

When to use AWS Batch?

Answer 107

scheduled or recurring tasks that do not require heavy logic

example: rotate logs daily on firewall appliance

Question 108

what is cloudfront zone apex support?

Answer 108

supports cdn for the root domain

both www.example.com and example.com can work without doing any redirect stuff

Question 109

What is the serverless application model?

Answer 109

Tool to help manage serverless applications.

• frontend to cloudformation
• cli
• local dev

Question 110

What is business continuity?

Answer 110

seeks to minimize business activity disruption when something unexpected occurs

Question 111

What is disaster recovery?

Answer 111

Act of responding to an event that threatens business continuity

Question 112

What is high availability?

Answer 112

designing in redundancies to reduce the chance of impacting service levels

Question 113

What is fault tolerance?

Answer 113

Designing in the ability to absorb problems without impacting service levels

Question 114

What is recovery time objective (RTO)?

Answer 114

Time that it takes after a disruption to restore business processes to their service levels

T is for time

Question 115

What is recovery point objective (RPO)?

Answer 115

Acceptable amount of data loss measured in time

P is for data goes “poof”

Question 116

what is raid 0?

Answer 116

no redundancy, data striped across drives for extra performance

can be used to boost EBS iops and throughput

Question 117

what is raid 1?

Answer 117

1 drive can fail

data is mirrored between 2 drives, less storage capacity

Question 118

what is raid 5?

Answer 118

NOT recommended on AWS due to i/o requirements

1 drive can fail

minimum of 3 drives

2 drives store data, 3rd drive stores parit bit

Question 119

what is raid 6?

Answer 119

NOT recommended on AWS due to i/o requirements

2 drives can fail

minimum of 4 drives

2 methods of parity

Question 120

What raid levels does AWS recommend when working with EBS?

Answer 120

raid 0 and raid 1

Question 121

What are the availability SLA of s3 storage classes?

Answer 121

standard = 99.99
standard infrequent access = 99.9
one zone infrequent access = 99.5

Question 122

What is the s3 durability sla?

Answer 122

11 9s

99.999999999

Question 123

Does Redshift support multi AZ deployments?

Answer 123

no

use multi node cluster

Question 124

Can RDS failover to a read replica automatically?

Answer 124

no

Question 125

what are some ways to accomplish blue green deployments on AWS?

Answer 125

update route53 to point to new elb or ec2 instance

swap out autoscaling groups

create a new launch config and assign to elb

elastic beanstalk

clone stack in opsworks and point dns to new stack

Question 126

what is continuous integration?

Answer 126

merge code changes back to main branch as frequently as possible with automated testing along the way

Question 127

what is continuous delivery?

Answer 127

automated release process you can manually trigger

Question 128

what is continous deployment?

Answer 128

each code change that passes all stages of release process is released to production without human intervention

Question 129

What is a cloudformation change set?

Answer 129

a summary of proposed changes to a stack that allows you to review changes before applying

Question 130

What are cloudformation stack policies?

Answer 130

protect specific resources from being unintentionally deleted or updated. protect everything by default.

can’t be removed once applied

After you set a stack policy, all of the resources in the stack are protected by default. To allow updates on specific resources, you specify an explicit Allow statement for those resources in your stack policy. You can define only one stack policy per stack, but, you can protect multiple resources within a single policy. A stack policy applies to all AWS CloudFormation users who attempt to update the stack. You can’t associate different stack policies with different users

A stack policy applies only during stack updates. It doesn’t provide access controls like an AWS Identity and Access Management (IAM) policy. Use a stack policy only as a fail-safe mechanism to prevent accidental updates to specific stack resources. To control access to AWS resources or actions, use IAM.

Question 131

What is AWS config?

Answer 131

a service that allows you to access, audit, and evaluate configurations of all AWS resources

useful for config mgmt as part of an ITIL program

can track variations against baselines and issue alarms

example rules:

• is backup enabled on RDS?
• is cloudtrail enabled on the account?
• are ebs volumes encrypted?

Question 132

What is Amazon WorkLink?

Answer 132

provides secure access to internal web apps

Question 133

What is Amazon Comprehend?

Answer 133

natural language processing (NLP)

sentiment analysis

Question 134

What is Amazon Forecast?

Answer 134

analyzes time series data to delivery forecasts

Question 135

What is Amazon Lex?

Answer 135

understand intent and context of natural speach, useful for chatbots

Question 136

What is Amazon Personalize?

Answer 136

recommendation engine as a service based on demographic and behavioral data

Question 137

What is Amazon Polly?

Answer 137

text to speech service

Question 138

What is Amazon Rekognition?

Answer 138

image and video object recognition and face recognition

Question 139

What is Amazon Textract?

Answer 139

OCR, extract text

Question 140

What are the elasticbeanstalk supported platforms?

Answer 140

• docker
• go
• java
• tomcat
• .net
• node.js
• php
• ruby
• python

Question 141

What is a disposable upgrade?

Answer 141

one were a new release is deployed on new instances while instances containing the old version are terminated.

Question 142

What are AWS Resource Groups?

Answer 142

groupings of AWS resources defined by tags

Question 143

what is the difference between standard and convertible reserved instances?

Answer 143

• both valid for 1 or 3 years
• standard has a bigger discount
• both change az, instance size,
• convertible lets you change instance family
• convertible benefits from ec2 cost reductions when they occur
• only standard can be sold on the marketplace

Question 144

What type of reserved instance gaurantees availability in a particular AZ?

Answer 144

zonal reserved instance

Question 145

What are dedicated instances?

Answer 145

hardware reserved just you, instances share hardware with other instances within your same account

2$ more per hour on instance costs

Question 146

What is dedicated host (ec2)?

Answer 146

physical servers dedicated just to your use

each dedicated host can only run 1 ec2 instance size and type

Question 147

What are AWS savings plans?

Answer 147

pricing model offering lower prices compared to On-Demand pricing, in exchange for a specific usage commitment (measured in $/hour) for a one or three-year period. AWS offers three types of Savings Plans – Compute Savings Plans, EC2 Instance Savings Plans, and Amazon SageMaker Savings Plans. Compute Savings Plans apply to usage across Amazon EC2, AWS Lambda, and AWS Fargate. The EC2 Instance Savings Plans apply to EC2 usage, and Amazon SageMaker Savings Plans apply to Amazon SageMaker usage.

Question 148

What is AWS Budgets?

Answer 148

allows to setup predefined limits and get notified if they are exceeded

can be based on cost, usage, or utilization of reserved instances

Question 149

Can you move reserved instances between regions?

Answer 149

no

Question 150

How do you provide temporary access to KMS keys?

Answer 150

using grants

Grants are commonly used by AWS services that integrate with AWS KMS to encrypt your data at rest. The service creates a grant on behalf of a user in the account, uses its permissions, and retires the grant as soon as its task is complete.

Question 151

What service do you use if you need to analyze IOT data in real time for analytics?

Answer 151

kinesis data analytics

Question 152

What is AWS Artifact?

Answer 152

provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports.

Question 153

What is Amazon Inspector?

Answer 153

Amazon Inspector is an automated vulnerability management service that continually scans Amazon Elastic Compute Cloud (EC2) and container workloads for software vulnerabilities and unintended network exposure.

Question 154

What is AWS Firewall Manager?

Answer 154

Central management of WAF, WAF Shield, security groups, network firewall, and route53 resolver DNS firewall

Firewall Manager is particularly useful when you want to protect your entire organization rather than a small number of specific accounts and resources, or if you frequently add new resources that you want to protect. Firewall Manager also provides centralized monitoring of DDoS attacks across your organization.

Question 155

What is Aurora backtracking?

Answer 155

With Amazon Aurora MySQL-Compatible Edition, you can backtrack a DB cluster to a specific time, without restoring data from a backup.

Question 156

Why might an EBS volume created from a snapshot be slow initially?

Answer 156

For volumes that were created from snapshots, the storage blocks must be pulled down from Amazon S3 and written to the volume before you can access them. This preliminary action takes time and can cause a significant increase in the latency of I/O operations the first time each block is accessed. Volume performance is achieved after all blocks have been downloaded and written to the volume.

Question 157

When should I use Amazon EC2 Auto Scaling vs. AWS Auto Scaling?

Answer 157

You should use AWS Auto Scaling to manage scaling for multiple resources across multiple services.

Question 158

Can service control policies have more than one statement element or json object?

Answer 158

no

Question 159

Can you use non RFC1918 addresses with VPC cidrs?

Answer 159

yes, but you will not be able to route traffic to the internet with them

Question 160

What are the 5 design principles of the operation excellence pillar of the well architected framework?

Answer 160

• perform operations as code
• make frequent, small, reversible changes
• refine operations procedures frequently
• Anticipate failure
• learn from all operational failures