AWS Study Cards 2 Flashcards
How many availability zones are there in an AWS Region?
An AWS Region typically consists of 2 or more AZ (Availability Zones)
How many data centers are there in an AWS Availiability Zone?
An AWS AZ consists of 1 or more data centers
Data replication across Regions is controlled by the customer
Communication between Regions uses AWS backbone network infrastructure
Each Region provides full redundancy and connectivity to the network
What are the 4 factors that should be considered when selecting a Region for your servers, applications, and data?
- Data governance, legal requirements
- Proximity to customers (latency)
- Services available within a particular Region
- Costs (vary by Region)
What are the 7 Service Categories referenced for the AWS cert exam?
1) Cost Management
2) Networking and Content Delivery
3) Database
4) Management and Governance
5) Security, Identity and Compliance
6) Storage
7) Compute
What are the 4 AWS Storage services?
1) Amazon S3 (Simple storage service
2) Amazon EBS (Elastic Block Store)
3) Amazon Elastic File System
4) Amazon S3 Glacier
What are the 8 AWS Compute services?
1) Amazon EC2 (Elastic Compute Cloud)
2) Amazon EC2 Auto Scaling
3) Amazon ECS (Elastic Container Service
4) Amazon EC2 Container Registry
5) AWS Elastic Beanstalk
6) AWS Lambda
7) Amazon EKS (Elastic Kubernets Service)
8) AWS Fargate
What are the 4 Amazon Database services?
1) Amazon RDS (Relational Database Service)
2) Amazon Aurora
3) Amazon Redshift
4) Amazon Dynamo DB
What are the 7 Amazon Networking and Content Delivery services?
1) Amazon VPC (Virtual Private Cloud)
2) Elastic Load Balancing
3) Amazon CloudFront
4) AWS Transit Gateway
5) Amazon Route 53
6) AWS Direct Connect
7)
______ is a networking service provided by Amazon Web Services (AWS) that establishes a dedicated, private network connection between your on-premises network and AWS, bypassing the public internet.
This service allows data to be delivered through a private network connection, which can reduce costs, increase bandwidth, and provide a more consistent network experience compared to internet-based connections.
______ can be used with a variety of AWS services, including Amazon Elastic Compute Cloud (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), and Amazon DynamoDB.
It provides a private, high-bandwidth network connection between on-premises networks and an Amazon VPC, and if needed, can establish private connectivity with multiple VPCs to maintain network isolation.
The service utilizes a regular Ethernet fiber-optic cable to connect your internal network to an ______ site. This cable is attached to your router on one end and to an ______router on the other.
By bypassing internet service providers in your network path, you can construct virtual interfaces to public AWS services using this connection.
______ locations provide access to AWS in the region they are connected to, and a single connection in a public region or AWS GovCloud (US) can be used to access public AWS services in all other public regions.
AWS Direct Connect
What are the 6 Amazon Security, Identity, and Compliance Services?
1) AWS Identity and Access Management (IAM)
2) AWS Organizations
3) Amazon Cognito
4) AWS Artifact
5) AWS Key Management Service
6) AWS Shield
What are the 3 AWS Cost Management Services?
1) AWS Cost and Usage Report (CUR)
2) AWS Budgets
3) AWS Cost Explorer
What are the 8 AWS Management and Governance Services?
1) AWS Management Console
2) AWS Config
3) Amazon CloudWatch
4) AWS Auto Scaling
5) AWS Command Line Interface (CLI)
6) AWS Trusted Adviser
7) AWS Well-Architected Tool
8) AWS CloudTrail
How many bits are there in an IPv4 ip address?
32 bits
How many bits are there in an IPv6 address?
128 bits
A ______ is a service that allows resources in a private subnet to connect to services outside the network, such as the internet, while preventing external services from initiating connections with those resources. It translates private IP addresses to public IP addresses for outbound traffic and back for inbound responses, ensuring secure and efficient communication.
______ are managed services provided by cloud providers like AWS, Azure, and Oracle Cloud Infrastructure (OCI), offering high availability and automatic scaling to meet the needs of applications.
In AWS, a ______ is used in a public subnet to enable outbound internet traffic from instances in a private subnet. It supports TCP, UDP, and ICMP traffic and can handle up to 20 Gbit/s of bandwidth.
A NAT Gateway (Network Address Translation)
______ is a method that allows two virtual private clouds (VPCs) to connect and communicate, enabling traffic routing between them using private IP addresses. This connection can occur within the same or different AWS accounts and can span VPCs located in the same or different regions. ______ enhances security by allowing resources in different VPCs to communicate over a private network, avoiding Internet exposure and protecting against common network attacks.
VPC peering
______ is a networking service provided by Amazon Web Services (AWS) that establishes a dedicated, private network connection between your on-premises network and AWS, bypassing the public internet.
This service can reduce costs, increase bandwidth, and provide a more consistent network experience compared to internet-based connections.
The connection is typically established using a regular Ethernet fiber-optic cable that connects your internal network to an AWS ______ site, where it is attached to an AWS ______ router.
AWS ______ can be used to connect to various AWS services, including Amazon Elastic Compute Cloud (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), and Amazon DynamoDB.
It also allows for private connectivity to multiple VPCs to maintain network isolation.
Since the network traffic stays on the AWS global network, it never enters the open internet, which lowers the likelihood of encountering bottlenecks or other issues.
AWS Direct Connect
An AWS ______ is a service offered by AWS VPC that lets customers privately connect to supported AWS services and ______ services powered by AWS PrivateLink, without requiring public IP addresses for Amazon VPC instances to communicate with the resources of the service.
This network traffic between an Amazon VPC and an AWS service does not leave the Amazon network, enhancing security and privacy.
______ are virtual devices that are horizontally scaled, redundant, and highly available Amazon VPC components that allow communication between instances in an Amazon VPC and services without imposing availability risks or bandwidth constraints on network traffic.
They provide a secure and private communication between the resources within the Amazon VPC and AWS Services without the need for internet access.
VPC endpoint
There are two main types of VPC endpoints:
______ Endpoint: Suitable for most AWS services and establishes a connection through an Elastic Network Interface with a private IP address from the VPC subnet range.
It charges $0.01 per VPC endpoint hours and data processing.
______ Endpoint: Supports only S3 and DynamoDB and creates a connection through a VPC endpoint gateway.
Its usage is free but it charges only for the data that is transferred out of Amazon S3.
VPC endpoints enable you to privately access services by using private IP addresses and do not require a public IP address, access over the Internet, NAT device, a VPN connection, or any other service.
Interface, Gateway
AWS ______ are virtual firewalls that control inbound and outbound traffic to AWS resources, such as EC2 instances, based on defined rules.
They act as the first layer of defense against malicious attackers by providing security at the port and protocol level.
______ are stateful, meaning that they track the state of network connections and automatically allow return traffic for established connections.
They operate at the instance level and only accept “Allow” rules, making them a primary defense mechanism for securing your AWS environment.
AWS ______ are crucial for maintaining a secure environment and are managed through the AWS Management Console or programmatically using tools like Terraform.
Security Groups
What are the 7 supported routing methods utilized by Amazon Route 53?
1) Simple Routing - used in single server environments
2) Weighted routing - assign weights to resource record sets to specify the frequency
3) Latency routing - help improve your global applications
4) Geolocation routing - Route traffic based on location of your users
5) Geoproximity routing - Rout traffic based on location of your resources
6) Failover routing - Fail over to a backup site if your primary becomes unreachable
7) Multivalue answer routing - Respond to dns queries with up to 8 healthy records selected at random
What are the 7 layers of the OSI model?
7) Application - means for an application to access a computer network (HTTP(s), FTP, DHCP, LDAP
6) Presentation - ensures that the application layer can read the data; encryption (ASCII, ICA)
5) Session - enables orderly exchange of data (NetBios, RPC)
4) Transport - Provides protocols to support host-to-host communication (TCP, UDP)
3) Network - Routing and packet forwarding (routers); (IP)
2) Data Link - Transfer data in the same lan network (bridges and switches); (MAC)
1) Physical - Transmission and reception of raw bit streams over a physical medium (hubs); (Signals; 1’s and 0’s)
For each CIDR block that you specify, Amazon will reserve 5 IP addresses. They are utilized for:
1) Network Address
2) VPC local router
3) DNS resolution
4) Future use
5) Network broadcast address
______ Instances are default Amazon EC2 instances that are instantly available for purchase without any long-term contract or upfront payment. You can modify them in real-time to meet workload changes, increasing or decreasing compute capacity as needed. They are ideal for short-term workloads, testing and development, and applications requiring uninterrupted compute power.
______ Instances offer a pay-as-you-go model with a fixed hourly rate that changes based on factors such as AWS Region, instance type, and more. Billing is per second or hour, with a minimum usage requirement of 60 seconds.
These instances provide full control over the lifecycle, allowing you to decide when to launch, stop, hibernate, start, reboot, or terminate them.
______ Instances are suitable for unpredictable workloads, short-term tasks, and applications that cannot tolerate interruptions. They are also beneficial for organizations that prefer flexible access to compute resources without any upfront payment or long-term commitment.
However, ______ Instances are generally more expensive compared to Reserved and Spot Instances due to their guaranteed availability and predictability.
In summary, ______ Instances offer flexibility, scalability, and guaranteed performance, making them a reliable choice for various applications.
On-Demand
AWS ______ are physical servers that are dedicated for your use, allowing you to run your Amazon EC2 instances on hardware that is isolated from other AWS customers.
These hosts provide visibility and control over how instances are placed on specific, physical servers, enabling you to deploy instances using configurations that help address corporate compliance and regulatory requirements.
______ also support running instances with per-socket, per-core, or per-VM software licenses, such as Windows Server, SQL Server, SUSE Linux Enterprise Server, Red Hat Enterprise Linux, or other compatible software licenses.
Billing for ______ is based on the physical server capacity, rather than individual instances.
Dedicated Hosts
AWS ______ are Amazon EC2 instances that run on hardware dedicated to a single AWS account, ensuring physical isolation from instances belonging to other accounts, though they may share hardware with other non-______ from the same account.
This means that ______ provide no visibility or control over instance placement and do not support host affinity.
If you stop and start a ______, it might not run on the same host, and you cannot target a specific host on which to launch or run an instance.
______ are billed on a per-instance basis.
Dedicated Instances
AWS ______ are a cost-saving option for businesses that have steady and predictable workloads. They allow you to reserve EC2 instance capacity for one or three years in advance, providing a discounted hourly rate compared to on-demand instance pricing.
______s are not actual instances but rather a billing discount applied to the usage of On-Demand instances when you commit to using a specific instance type for a fixed period.
This commitment can help you save significantly, up to 72% off, on your Amazon EC2 usage costs compared to On-Demand instance pricing.
There are different types of AWS ______, including Standard and Convertible ______s. Standard ______s offer a fixed discount and do not allow changes to instance size, operating system, or tenancy after purchase.
Convertible ______s, on the other hand, provide more flexibility, allowing you to change the instance family, operating system, tenancy, and payment option, as well as benefit from price reductions.
For the best results with AWS ______, you need a strong understanding of your cloud infrastructure and usage patterns.
This can help you identify the right type of ______ for your organization and manage them effectively to ensure utilization and avoid waste.
Reserved Instances (RIs)
AWS ______ are a type of Reserved Instance designed for workloads that recur on a predictable schedule. You can purchase these instances for daily, weekly, or monthly increments over a one-year term, with discounts of 5-10% depending on the total scheduled duration within the term.
They are ideal for jobs like batch processing, ETL, and financial reporting that only need to run during specific time windows.
For example, if you have a financial analytics job that runs for 4 hours every weeknight, you could purchase a ______ for those blocks of time
Scheduled Reserved Instances
AWS are unused EC2 capacity in AWS, available for up to 90% less than On-Demand pricing, making them a cost-effective option for running applications.
These instances can be interrupted by AWS EC2 when the spot price exceeds your maximum bid, or when the demand for ______ increases.
They are ideal for stateless, error-tolerant, or flexible applications such as data analysis, batch jobs, background processing, and optional tasks.
_____ are closely integrated with AWS services like Auto Scaling, EMR, ECS, CloudFormation, Data Pipeline, and AWS Batch.
Key Points
Cost: Up to 90% cheaper than On-Demand instances.
Flexibility: Suitable for workloads that can be interrupted and restarted without major disruption.
Interruption: Instances can be terminated with short notice, typically between 30 seconds and two minutes.
Applications: Ideal for batch processing jobs, data analysis, CI/CD workloads, web servers, and any other applications that can withstand occasional downtime.
Availability
______ are available for up to 90% off compared to On-Demand pricing, allowing you to significantly reduce the cost of running your applications, grow your application’s compute capacity and throughput for the same budget, and enable new types of cloud computing applications.
Usage
When requesting ______, you specify the maximum price you’re willing to pay per hour per instance. If your bid exceeds the current Spot price, your request is fulfilled, and your instances start running.
Integration
______ are closely integrated with AWS services like Auto Scaling, EMR, ECS, CloudFormation, Data Pipeline, and AWS Batch.
Spot Instances
Which EC2 pricing model has the benefit of low cost and flexibility?
On-Demand Instances (ideal for spiky workloads)
Which EC2 pricing model has the benefit of large scale, dynamic workload?
Spot Instances (ideal for time-insensitive workloads)
Which EC2 pricing model has the benefit of predictability ensuring compute capacity is available when needed
Reserved Instances (ideal for steady state workloads)
Which EC2 pricing model has the benefit of saving money on licensing costs, and helping meet compliance and regulatory requirements
Dedicated hosts (ideal for highly sensitive workloads)
What are the 4 pillars of cost optimization?
1) Right size
2) Increase elasticity
3) Optimal pricing model
4) Optimal storage choices
Lambda soft limits per Region: How many concurrent executions are possible in Lambda?
1,000
Lambda soft limits per Region: How many gb are available for function and layer storage?
75 gb
Lambda hard limits for individual functions: What is the maximum function memory allocation?
10,240 mb
Lambda hard limits for individual functions: What is the function timeout?
15 minutes
Lambda hard limits for individual functions: What is the max deployment package size ?
250 mb unzipped, including layers
Lambda hard limits for individual functions: What is the max container image code package size?
10 gb
Is Amazon ECS a PaaS, IaaS, container based, or serverless?
IaaS - Infrastructure as a service
Is AWS Lambda a PaaS, IaaS, container based, or serverless?
Serverless
Is Amazon ECS (Elastic Container Service) a PaaS, IaaS, container based, or serverless?
Container based
Is AWS Elastic Beanstalk a PaaS, IaaS, container based, or serverless?
PaaS - Platform as a service
Is AWS Fargate a PaaS, IaaS, container based, or serverless?
Container based
Is AWS EKS (Elastic Kubernetes Service) a PaaS, IaaS, container based, or serverless?
Container based
Is AWS ECR (Elastic Container Registry) a PaaS, IaaS, container based, or serverless?
Container based
Common uses for ______ instances include, but are not limited to:
*Application servers
*Web servers
*Database servers
*Game servers
*Mail servers
*Media servers
*Catalog servers
*File servers
*Computing servers
*Proxy servers
EC2 (Elastic Compute Cloud)
______ is a connection-oriented protocol that ensures reliable, ordered data transmission over a network by using techniques like a three-way handshake, error control, and flow control. It works in conjunction with the Internet Protocol (IP) for addressing and routing data packets, ensuring that each message reaches its target location intact.
Developed by Vint Cerf and Bob Kahn in the 1970s, ______ operates at the transport layer (Layer 4) in the OSI model, providing a reliable delivery service between applications and devices.
It establishes a reliable connection between sender and receiver using the three-way handshake (SYN, SYN-ACK, ACK) and closes connections properly using a four-step handshake (FIN, ACK, FIN, ACK).
TCP (Transmission Control Protocol)
______ is a communication protocol used for transmitting datagrams across an IP network without establishing a connection beforehand.
It is designed for speed and efficiency, making it ideal for real-time applications like video streaming, online gaming, and voice over internet protocol (VoIP), where occasional packet loss is acceptable.
Unlike TCP, ______ does not guarantee delivery, order, or error checking, which makes it a lightweight and faster option.
______ was developed by David P. Reed in 1980 and operates at the Transport Layer (OSI layer 4) of the network model.
UDP (User Datagram Protocol)
______, is a network layer protocol used by network devices to diagnose network communication issues and report errors in data transmission. It is primarily used to determine whether data is reaching its intended destination and to send error messages when network problems prevent the delivery of IP packets. ______ is crucial for error reporting and testing, but it can also be used in distributed denial-of-service (DDoS) attacks.
______ differs from transport protocols like TCP and UDP in its primary function and purpose. While TCP and UDP focus on data transmission between applications, ______is mainly used for managing and troubleshooting network infrastructure, handling tasks such as error reporting, network diagnostics, and feedback mechanisms.
______ is not typically used for regular data exchange between systems but is essential for network diagnostics and troubleshooting connectivity issues. Tools like ping and traceroute rely on ______messages to test reachability and map network paths.
ICMP (Internet Control Message Protocol)
An AWS key pair consists of:
A public key (AWS stores this) and a private key (file that you store)
True or False; Amazon EBS is a non-volatile storage, and each EBS volume is automatically replicated within it’s availability zone to protect you from component failure
True
______ storage is a type of cloud storage that divides data into fixed-sized ______s, each with its own unique identifier, allowing for quick and efficient access and retrieval.
This storage method is preferred for applications that require fast and reliable data access, such as databases and virtual machine file systems.
______ storage is known for its high performance and low latency, making it ideal for performance-critical applications.
It is widely used in cloud computing and enterprise IT environments, and can be accessed independently by virtual machines or containers in the cloud.
Block
______ storage is a data storage architecture that organizes information as individual units or “______s,” each containing the data itself, customizable metadata, and a unique identifier.
Unlike traditional file systems, ______ storage does not use a hierarchical structure with folders and directories; instead, it provides a flat data environment where each object is self-contained.
This approach allows for efficient scaling to petabytes and beyond, making it suitable for managing large volumes of unstructured data such as photos, videos, and sensor data.
Object
How are EBS Snapshots priced?
Added cost of EBS Snapshots to Amazon S3 is per gb - month of data stored
How does Amazon charge for EBS data transfers?
Inbound data transfer is free; outbound data transfer across Regions incurs charges
What does S3 save data into?
Buckets
What is the max size of a single object that can be saved to S3?
5 tb
Besides Amazon S3 One-Zone Infrequent Access (S3 One Zone-IA), how many availability zones do Amazon S3 storage classes are files duplicated to?
At least 3
What are you charged for in S3 buckets?
- Gb per month
*Outgoing data to outside regions - Put, copy, post, list, get requests
What features are free in S3 Standard buckets?
- Ingoing transfers
- Transfers OUT going to CloudFront or EC2 in the same region
In Amazon S3 Glacier, what are the basic units saved called?
Archives
In Amazon S3 Glacier, what is the container housing Archives called?
A vault
What are the 3 retrieval processes from Amazon S3 Glacier?
1) Standard (3-5 hours)
2) Bulk (5-12 hours) Least expensive
3) Expedited (1-5 minutes) Most expensive
Media asset archiving, Health Care Information Archiving, Regulatory and Compliance Archiving, Scientific Data Archiving, Digital Preservation, and Magnetic Tape Replacement are good candidates for which Amazon S3 class?
Amazon S3 Glacier
What is an Amazon S3 lifecycle policy?
Automating data to be transfer from S3 standard, to S3 Standard Infrequent Access (S3 Standard-IA), to S3 Glacier, as the data gets older and less important.
What is the max object size for Amazon S3 Glacier?
40 Tb
What do you call temporary storage that is added to your Amazon EC2 instance?
Instance store (ephemeral storage)
Can an EBS storage be mounted to multiple availability zones?
NO. Only one availability zone for one EBS storage
Which storage class allows you to mount to multiple EC2 instances?
EFS
Which storage class can be accessed from anywhere via a URL?
Amazon S3
What is the backup of an Amazon EBS volume called?
A snapshot
