aws_cloud_prac_prep20201114 Flashcards
(125 cards)
1
Q
What is Macie?
A
A security service which uses Machine Learning and NLP to discover, classify, and protect sensitive data stored in S3.
- -uses AI to recognize if your S3 objects contain sensitive data such as PII
- -dashboard, reporting and alerts
- -works directly with data in S3
- -can also analyze CloudTrail logs for suspicious API activity
- -grate for PCI-DSS and preventing ID theft
2
Q
Name 3 ways to access AWS
A
- AWS Management Console- Command Line (CL)- Software Developer Kit (SDK)
3
Q
Name the 5 best practices of Trusted Advisor:
A
- cost Optimization
- Fault Tolerance
- performance
- service Limits
- security
4
Q
What is AWS artifact used for?
A
retrieving compliance reports
5
Q
Relational Database (Aurora, Redshift)
A
RDS = Relational Database Service
6
Q
Allows you to provide very granular access permissions to resources within the infrastructure.
A
Identity and Access Management
7
Q
Provides safe, secure, highly-scalable object based storage on the cloud
A
Amazon S3 - Simple Storage Solution
8
Q
What to consider when using the right AWS region?
A
- Data sovereignty Laws
- latency to end users
- AWS services
9
Q
Virtual server
A
EC2 - Elastic Cloud Computing
10
Q
Name the 5 pillars of a Well-Architected Framework
A
- Cost Optimization
- Reliability
- Operational Excellence
- Performance Efficiency
- Security
11
Q
What are the 2 types of Encryption?
A
Client Side Encryption
Server Side Encryption
- S3 Managed Keys
- Key Management System
- Customer Provided Key
12
Q
What is AWS inspector?
A
–it is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
–it automatically assesses applications for vulnerabilities or deviations from best practices.
–it produces a detailed list of security finding prioritized by level of severity
–findings can be review directly or as part of detailed assessment reports are available via the amazon Inspector console of API
13
Q
Block storage/ Virtual drive
A
Elastic Block Store
14
Q
Object storage
A
S3 - Simple Storage Solution
15
Q
6 key points about Cloudwatch
A
- -used for monitoring performance
- -can monitor most of AWS as well as your applications that run on AWS
- -CloudWatch with EC2 will monitor events every 5 min by default
- -can have 1 min intervals by turning on detailed monitoring (?but will cost extra?)
- -CloudWatch is all about performance
16
Q
An automated security assessment service to help improve security and compliance of apps deployed on the Cloud
A
Inspector
17
Q
Serverless code
A
Lambda
18
Q
which of the following support plans features access to AWS Support during business hours vie email?
Basic
Developer
Business
Enterprise
A
Developer
19
Q
Restricting Bucket Access
A
Bucket Policies–applies across the whole bucket
Object Policies–applies to individual files
IAM Policies to Users and Groups–applies to Users and Groups
20
Q
Protects your web app from common web exploits that could compromise security, availability and resource consumption of your AWS infrastructure
A
Web App Firewall(WAF)
21
Q
What can you do with Elastic Beanstalk
A
–quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications
simply upload application and Elastic Beanstock automatically handles the details of capacity and provisioning, load balancing, scaling, and application health monitoring
22
Q
Main points about Cloud train
A
- -per AWS account and is enabled per region
- -can consolidate logs using S3 buckets
- - turn on CloudTrail in paying account
- -create bucket policy that allows cross-account access
- -turn on CloudTrail in the other accounts and use the bucket in the paying account
23
Q
difference between a region, availability zone, and edge location
A
- region is a physical location in the world with 2 or more availability zones
- availability zone is one more data centers
- edge locations are endpoints for AWS which are used for caching content
24
Q
Define a Well-Architected Framework
A
This framework helps Cloud Architects build secure, fault-resilient, efficient, high-performing IT infrastructure
25
by default, what is the maximum number of linked accounts per paying account under consolidated billing
20
26
How do you set permissions to am IAM group?
You need to apply a policy to that group. Policies consist of json. These are referred to as key value pairs. You have your key, such as name and then the value eg: {"name" : "AWSomeChicks"}
27
```
Which of the flowing are valid EC2 pricing options?
Stop
Enterprise
On-Demand
Reserve
```
On-Demand and Reserve
28
Speedy websites - uses Edge Locations
CloudFront
29
What is Capex vs Opex
Capital Expenditure which is what you pay upfront and is a fixed sunk cost
Operational Expenditure
30
4 keys things about Athena
- -an interactive query service
- -allows you to query Data in S3 using standard SQL
- -serverless
- -commonly used to analyze log Data stored in S3
31
Watch/Monitor AWS
CloudWatch
32
Why use Redshift
for Business intelligence or data warehousing
33
What are the 6 major advantages of cloud computing?
1. Trade capital expense for variable expense
2. Benefit from massive economics of scale
3. Stop guessing about capacity
4. Increase speed and agility
5. Stop spending money running and maintaining data centers
6. Go global in minutes
34
Which AWS Services can be used on premise
```
Snowball
Snowball Edge
Storage Gateway
CodeDeploy
Opsworks
IoT Greengrass
```
35
What is the availability and durability of S3?
Availability is 99.99%
| Durability is 99,.999999999 (eleven 9s)
36
AWS Storage Gateway is a hybrid cloud storage service that gives you on-prem access to virtually unlimited cloud storage.
Name the 3 types of gateways
Tape Gateway - Backup and restore (virtual tape)
File Gateway - For hybrid cloud workloads
Volume Gateway - Disaster Recovery on AWS
37
What is the default access control on S3?
All buckets and objects are set to be private
38
which of the following support plans features <4 hr. response time in the event of an impaired production system?
Basic
Developer
Business
Enterprise
Business
39
Track trails of action/audit logs
CloudTrail
40
Can Wordpress be hosted on S3
No.
You can use S3 to host STATIC websites (such as .html). Websites that require database connections such as Wordpress etc. cannot be hosted on S3
41
Templates to form cloud services
CloudFormation
42
What is AWS Quick Start
It is a way of deploying environments quickly, using CloudFormation templates built by AWS Solution Architects who are experts in that particular technology
43
Relational Database - SQL
RDS - Aurora Redshift (data warehouse, business intelligence)
44
The basics of S3
- -S3 is object-based--i.e. allows you to upload files.
- -Files can be from 0 Bytes to 5 TB
- -Unlimited storage
- -Files are stored in Buckets
- -Universal namespace (can't have repeat bucket names)
45
What are the 4 tiers to AWS Support Plans and monthly pricing?
- Basic (Free)
- Developer ($29 per month)
- Business ($200 per month)
- Enterprise ($15 000 per month and TAM)
46
A cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS.
AWS Direct Connect
47
What is cloud computing?
Cloud Computing is the on-demand delivery of compute, database, storage, application, and other IT resources.
48
Web App Firewall
WAF
49
What is fully controlled by AWS?
| What is fully controlled by Customer?
AWS - Physical and Environmental Controls
| Customer - Service and Comms Protection/Zone Security
50
True or False:
| With consolidated billing, the paying account can make changes to any of the resources owned by a linked account.
FALSE
51
Roles vs access keys
Roles are more secure than using access key id's and secret access keys and are easier to manage.
52
Why have a consolidated billing account
- -allows you to get volume discounts
- -unused reserved instances of Savings Plans for EC2 are applied across the group
- -CloudTrail is on a per account and per region basis, but can be aggregated into a single bucket belonging to the paying account
53
Transfer huge amounts of data to AWS
Snowball
54
Helps you optimize your environment by reducing cost, increasing performance and improving security
Trusted Advisor
55
Route domains to services/IPs
Route 53
56
How to make entire S3 bucket public
using bucket policies
57
Dynamically monitors and can react to changes / triggers
CloudWatch
58
Business Intelligence (RDS)
Redshift
59
What is AWS Cloud formation
a service that helps you model and set up your AWS resources so that you can spend less time managing those resources.
You create a template that describes all the AWS resources that you want and AWS CloudFormation takes care of provisioning and configuring those resources.
60
Name the 3 Networking and Content Delivery available on AWS
CloudFront
Route 53
Virtual Private Cloud (VPC)
61
Cost Calculators
1. Calculates the cost of your entire AWS infrastructure to get a monthly bill?
2. Analyze costs and usage data to identify trends, cost drivers and detect anomalies?
3. Compare total cost of running your infrastructure on-prem vs on AWS?
1. AWS Simple Monthly Calculator
2. AWS Cost Explorer
3. Total Cost of Ownership Calculator (TCO)
62
What are the pricing levels of CloudFormations
it is free but the resources if provisions is not
63
3 best practices with AWS organizations
- -always enable multifactor authentication on root account
- -always use a strong and complex password on root account
- -paying account should be used for billing purposes only. Do not deploy resource into the paying account
64
2 key features of RDS
Multi-AZ for disaster recovery
Read Replicas for performance
65
AWS Inspector vs AWS Trusted Advisor
AWS Inspector is used for inspecting EC2 instances for vulnerabilities
AWS Trusted Advisor inspects your AWS accounts as a whole, not just EC2. It does more that just security inspections; e.g. cost optimization, performance, and fault tolerance
66
Automated security assessment for EC2
Inspector
67
Name 3 types of Cloud Computing;"___ as a Service"
1. Software as a service (SaaS) - Completed product ran and managed by a service provider (Gmail)
2. Infrastructure as a Service (IaaS) - Building blocks for cloud IT (Physical server)
3. Platform as a Service (PaaS) - Deploy and manage apps without worrying about hardware infrastructure (Godaddy, Shopify)
68
Name 4 common use cases for Amazon Snowball
- Cloud Migration- Disaster Recover- Data Centre Decom- Content Distribution
69
3 different flavors of load balancers
Application Load Balancers --Layer7 (make Intelligence Decisions)
Network Load Balancers --Extreme Performance/Static IP addresses
Classics Load Balancers --Test and Dev, Keep Cost Low
70
6 advantages of Cloud
- -Trade capital expense for variable expense
- -benefit from massive economies of scale
- -stop guessing about capacity
- -increase speed and agility
- -stop spending money running and maintaining Data centers
- -go global in minutes
71
Billing BDBE - TAM
- Basic (Free)
- Developer ($29 per month)
- Business ($100 per month)
- Enterprise ($15 000 per month and TAM)
72
3 ways to access the AWS platform
- via the Console
- programmatically using the Command Line
- using the Software Developers Kit (SDK)
73
What re the 5 security pillars of AWS Well-Architected Framework?
- Detective Controls
- Identity and Access Management
- Infrastructure Protection
- Data Protection
- Incident Response
74
Which AWS services are Global
```
IAM
Route53
CloudFront
SNS
SES (simple Email Service)
```
75
What does AWS Config do?
Monitor configuration of you AWS resources
It provides a detailed view of the configuration of AWS resources in your AWS account
Including how the resources are related to each other and how they were configured in the past.
You can see how configurations and relationships change over time
76
What is AWS WAF
a web application designed to stop hackers
it is a web application firewall that helps protect your web applications from common web exploits that you affect application availability, compromise security, or consume excessive resources
77
What is Athena
Interactive query service for data in S#
- -uses standard SQL
- -serverless, nothing to provision, pay per quest/per TB scanned
- -no need to set up complex ETL processes
- -works directly with data stored in S3
78
name 7 free AWS services
```
Amazon VPC
Elastic Beanstalk
CloudFormation
Identity Access Management (IAM)
Auto Scaling
Opsworks
Consolidated Billing
```
79
What is AWS shield
A web application firewire designed to DDoS
It is a managed Distributed Denial of Service DDoS protection service for web Applications
It provide always-on detection and automatic inline mitigations and minimize application downtime and latency--there is not need to engage AWS support to benefit from DDoS protection.
two levels --standard and advanced
80
5 key points about Systems Manager
- -can be used to manage fleets of EC2 instances and VM
- -a piece of Software is installed on each VM
- -can be both inside AWS and on premise
- -run Command is used to install, patch, uninstall Software
- -integrates with CloudWatch to give you a dashboard of all you estate
81
Name 5 types of storage offered in AWS
```
EBS - Elastic Block Storage
Elastic File System
S3 - Simple Storage Solution
Snowball (Data migration)
Storage Gateway (Connects on-prem to cloud)
```
82
Balance incoming traffic loads
Elastic Load Balance (ELB)
83
What are differences between Elastic Beanstalk and CloudFormation
Elastic Beanstalk is limited in what it can provision and is not programable
CloudFormation can provision almost any AWS service and is completely programable
Both are free but the resources they provision are not
84
What is the Shared Responsibility Model
AWS manages security of the cloud, security in the cloud is the responsivity of the customer. Customers retain control of the security they choose to implement to protect their own content, platform, applications, systems and networks, no differently that they would in an on-site datacenter
85
What is EBS?
Amazon EBS allows you to create storage volumes and attach them to Amazon EC2 instances. Once attached, you can create a file system on top of these volumes, run a database, or use them in any other way you would use a block device. Amazon EBS volumes are place in a specific availability zone, where they are automatically replicated to protect you from the failure of a single component.
86
Rules of thumb for when you are responsible for security
you are likely responsible
- -if you can do the action yourself in AWS console or in EC2. examples are
- -Security groups
- -Patching EC2 operating systems
- -patching datasets running on the EC2
--encryption is a shared responsibility
- -AWS is likely responsible for
- -management of data center, security camera, cabling
- -patching RDS operation systems
87
Protects your wen apps from DDoS attacks with an always-on detection and auto handling of any potential DDoS attacks
AWS Shield
88
Shared Responsibility Model AWS:
AWS is responsible for security OF the cloud
Software- Compute, Storage, Database, NetworkingHardware and Global Infrastructure- Regions, Availability Zones, Edge Locations
89
Non-relational DB (No SQL)
DynamoDB
90
billing alert
monitory cost of account
- -when monitory is enabled on the paying account, the billing data for linked accounts is included
- -you can still create billing alerts per individual account
91
Which of the flowing are criteria affecting your billing for RDS?
```
Additional storage
Clock hours of server time
standby time
number of requests
data transfer in
```
Correct:
Additional Storage
Clock hours of server time
number of requests
Incorrect:
data transfer in
standby time
92
What is AWS Trusted Advisor
--an online resource to help you reduce cost, increase performance, and improve security by optimizing you AWS environment
--it is real-time guidance to help you provision resources following AWS best practices.
--it will advise you on cost Optimization, performance, security, Fault Tolerance
93
What does AWS CloudTrail do?
It increases visibility into your user and resource activity by recording AWS Management Console actions and API calls.
It allows you to identify which users and accounts called AWS, the source IP from which the calls were made, and when the calls happened
94
What is Content Delivery Network (CDN)
CDN is a system of distributed servers that deliver webpages and other web content to a user based on the geographic locations of the user, the origin of the webpage, and a content delivery server.
95
What is a PETABYTE-scale data migration solution to transport A LOT of data from your on-prem environment into the AWS cloud?
Amazon Snowball
A physical device is mailed to you, once you've transferred the data you ship it back and the data will be transferred into S3
96
5 Key CDN terms
Edge location--This is the location where content will be cached.
Origin--This is the origin of all the files that the CDN will distribute. This can be an S3 bucket, and EC2 instance, an Elastic Load Balancer, or Route53
Distribution--This is the name given the CDN which consists of a collection of Edge Locations
Web Distribution --Typically used for websites
RTMP-Used for media streaming
97
For IAM what is a group?
a group is a place to store you users. Your users will inherit all permissions that the group has. Examples of groups might be developers, system admin, human resources, finance, etc.
98
What are security groups
they are virtual firewalls in the cloud. You need to open ports in order to use the. Popular ports are SSH(22), HTTP(80), HTTPS(443), RDP (3389)
99
Audit logs
CloudTrail
100
Name a service with global views but is regional
S3 - Simple Storage Solution
101
Which of the following is not a fundamental AWS charge
data-in
data-out
storgae
compute
data-in
102
What can AWS TCO (?total cost of ownership?) calculator do?
It can compare costs of running your infrastructure on premise vs in the AWS Cloud
It will generate reports that you can give to your C-level execs to make a business case to move to the cloud.
103
Optimize infrastructure (performance, cost optimization, fault tolerance)
Trusted Advisor
104
Non-relational Database - No SQL
Lots of data but no links between the data DynamoDB (No SQL)
105
explain PUTS and DELETES
- Read After Write Consistency for PUTS of new Objects
| - Eventual Consistency for overwrite PUTS and deletes (can take some time to propagate)
106
AWS is responsible for security __ the cloud. The customer is responsible for security __ the cloud.
AWS is responsible for security OF the cloud. The customer is responsible for security IN the cloud.
107
Design principles:
```
C - Cost Optimization
R - Reliability
O - Operational Excellence
P - Performance
S - Security
```
108
What is AWS landing Zone
It is a solution that helps customers more quickly set up secure, multi-account AWS environments based on AWS best practices
109
2 reasons to use Resource Groups
- -you can apply automation to resources tagged with specific tags
- -in combination with AWS systems manager, y you can control and execute automation against entire fleets of EC2 instances, all at the push of a button
110
A use of cross regional replications
you can replicate the contents of one bucket to another bucket automatically by using cross region replication
111
Name 3 Types of Cloud Computing Deployments
1. Cloud - Fully deployed on the Cloud
2. Hybrid - Mix of cloud and on-prem
3. On-Premises - Own data center
112
AWS Cloud Compliance?
- Certificates and Attestations
- Laws, Regulations, Privacy
- Alignments and Frameworks
113
Why use elasticache
to speed up performance of existing databases (frequent identical queries)
114
Wjat best describes a resource group
a collection of resources that share one or more tags (or portions of tags)
115
What does AWS Simple Monthly Calculator do?
It is used to calculated your running costs on AWS on a per month basis. It is not a comparison tool.
116
List the 3 types of Snowball and their sizes
- Snowball (50 TB / 80 TB)
- Snowball Edge (100 TB)
- Snowmobile (100 PB)
- truck
117
# Choose the feature of consolidated billing
Charging is based per VPC
A simple bill is issued containing the changes for all AWS accounts
Multiple stadalone accounts are combined and may reduce you overall bill
account charges can be tracked individually
Correct
A simple bill is issued containing the changes for all AWS accounts
Multiple standalone accounts are combined and may reduce you overall bill
account charges can be tracked individually
Incorrect
Charging is based per VPC
118
3 types of Cloud Computing Deployments
- -Infrastructure as a service: IAAS or IAAS
- -Platform as a service: PaaS of PaaS
- -Software as a service: SaaS or SaaS
119
With S3, what is CRR (Cross-Region Replication)
For redundancy, you can have contents replicated automatically
120
How much does Elastic Beanstalk cost
it is free but the resources if provisions is not
121
Provide access
IAM - Identity and Access Management
122
What is the difference between Budgets and Cost Explorer
- -budgets is used to budget or predict cost before that happen
- -cost explorer is used to explore of understand cost After they have happened
123
Route53
AWS DNS service
Global
You can use it to direct traffic, sell around the world, and to register domain names
124
Virtual Network
VPC
125
What is IoT GreenGrass
AWS IoT Greengrass is an Internet of Things (IoT) open source edge runtime and cloud service that helps you build, deploy, and manage device software. Customers use AWS IoT Greengrass for their IoT applications on millions of devices in homes, factories, vehicles, and businesses.
