Base Concepts

Question 1

AWS Regions

Answer 1

Isolated between each other
ends with a number (e.g. eu-west-1)
Have at least 2 AZ

Question 2

Availability Zones

Answer 2

children of regions
include ONE or more data centers with redundant networking, power and connectivity
suffix with a b c (eu-west-1a)
connected with high bandwidth, ultra-low latency connections

Question 3

Edge Locations

Answer 3

the places where data are cached to reduce latency

used by CloudFront to cache copies

Question 4

Local Zones

Answer 4

An extension of AWS

Multi-tenants (used by multiple parties, not just one company like Outposts)

Question 5

Global Services

Answer 5

IAM
CloudFront
Route 53
S3

Question 6

AWS Outposts

Answer 6

Provide local access to AWS-managed infra
Build and run apps on-premises
Deploy on customer site
Managed by AWS

Question 7

Wavelength Zones

Answer 7

Let developers build apps with ultra-low latencies to 5G and users

Question 8

VPC

Answer 8

Virtual Private Cloud

Span across multiple availability zones but stay within on region

Question 9

Internet Gateway

Answer 9

Connect a public subnet to the internet

Question 10

Subnet

Answer 10

Public and private

Reside within an AZ

Question 11

NAT

Answer 11

NAT gateway is Managed by AWS
NAT instances are managed by the user
Both allow a private subnet to connect to the interne

Question 12

Security Group

Answer 12

Can only have ALLOW rule
Control access to EC2 or Elastic Network Interface (ENI)
A kind of firewall
Return traffic is automatically allowed, no matter the rules (Stateful)

Question 13

Network Access Control List (NACL)

Answer 13

Can contain rules for IP only
can have ALLOW/DENY rules
Filter traffic in and out Subnet
Return traffic must be explicitly allowed

Question 14

VPC Flow logs

Answer 14

Provides info about IP traffic in and out of interfaces
Can store in S3/CloudWatch logs
Must be enabled manually

Question 15

VPC Peering

Answer 15

Connect two VPC
CIDR must not overlap
Only work with two VPC
VPC can be in different Regions

Question 16

VPC Endpoints

Answer 16

Connect to AWS services using a private network

Question 17

VPN CloudHub

Answer 17

operates on a simple hub-and-spoke model that you can use with or without a VPC
Use this approach if you have multiple branch offices and existing Internet connections and would like to implement a convenient, potentially low-cost hub-and-spoke model for primary or backup connectivity between these remote offices

Question 18

Direct Connect

Answer 18

Physical connection from the on-premise server to AWS
Takes a long time to provision because AWS needs to build a physical line from on-premise to AWS cloud
Private & secure & Expensive

Question 19

Site-to-Site VPN

Answer 19

Connect user’s on-premise VPN to AWS
Using internet connection (not private)
The on-premise server must have a Customer Gateway
AWS must use Virtual Private Gateway

Question 20

Transit gateway

Answer 20

Transitive between many VPC

Connect, join all the above types of connect