Basic Terms

Question 1

Cloud Computing

Answer 1

On-Demand delivery of IT resources with pay-as-you-go pricing.

Question 2

On-Demand Delivery

Answer 2

AWS has the resources you need when you need them.

Question 3

Private-Cloud Deployment

Answer 3

On-Premises Deployment

Question 4

Hybrid Deployment

Answer 4

Cloud-based resources are connected to on-premises infrastructure.

Question 5

Mulitenancy

Answer 5

Sharing underlying hardware between virtual machines

Question 6

CaaS (Compute as a Service)

Answer 6

Consumption-based (pay-per-use) infrastructure model that provides on-demand processing resources for general & specific workloads.

Question 7

What is Dynamic Scaling?

Answer 7

Scales based upon demand.

Question 8

What is Predictive Scaling?

Answer 8

Automatically schedules right number of EC2 instances based upon predicted demand.

Question 9

What type of application has resources and services tightly coupled where if one service fails they all fail?

Answer 9

Monolithic Application

Question 10

What type of application has loosely coupled services and if single component fails, other components continue to work because they are communicating with each other.

Answer 10

Microservice

Question 11

What are Containers?

Answer 11

Image files that contain everything needed to run
software, processes, & workflows.

Question 12

What is an Origin

Answer 12

Server from which CloudFront gets your files.

Question 13

What is a Subnet?

Answer 13

Section of VPC where you group resources based on security or operational needs.
Can be public or private.

Question 14

What is an Internet Gateway?

Answer 14

Connection between VPC & Internet.

Question 15

What is Virtual Private Gateway?

Answer 15

Enables you to establish VPC connection b/w you & private network (ex: on-premises data-center or internet corporate network).
Allows for traffic into VPC if coming form approved network.

Question 16

What is difference between public & private subnets?

Answer 16

Public Subnets have resources that need to be accessible by public.

Private Subnets have resources that can only be accessible through your private network.

Question 17

Can a private and a public subnet communicate with eachother?

Answer 17

Yes.

Question 18

What is a Packet?

Answer 18

Data unit sent over internet or network.

Question 19

What is a Network ACL?

Answer 19

Virtual firewall that controls that controls inbound & outbound traffic at subnet level using stateless packet filtering.

Question 20

What is Stateless?

Answer 20

Network ACL remembers nothing and checks packets to and from subnet.

Question 21

What is a Security Group?

Answer 21

Virtual firewall that controls inbound & outbound traffic for Amazon EC2 instance using stateful packet filtering.
They are stateful & deny inbound traffic but allow outbound traffic by default.

Question 22

What is Stateful?

Answer 22

Security Group checks packet first time but will not check second time because it will remember it.

Question 23

What is a DNS (Domain Name System)?

Answer 23

Turns domain names into IP Address so you can access websites.

Question 24

What is DNS Resolution?

Answer 24

Translating a domain name to an IP Address.

Question 25

What is a CDN?

Answer 25

Content Delivery Network:
Network that delivers edge content to users based on their geographic location.

Question 26

What is an Instance Store?

Answer 26

Disk storage physically attached to host computer for EC2 instance.
If instance is terminated/instance store loses data

Question 27

What is Object Storage?

Answer 27

Each object consists of data, metadata, & key.

Question 28

What is Metadata?

Answer 28

Contains information about what data is, how it is used, object size, etc . . .

Question 29

What is a Relational Database?

Answer 29

Data stored in way that relates it to other pieces of data.

Question 30

What is Encryption at Rest?

Answer 30

Protecting data while it’s stored.

Question 31

What is Encryption in Transit?

Answer 31

Protecting data while it is being sent & received.

Question 32

What is the Root User?

Answer 32

User that was used to create AWS account & has complete access to all AWS services & resources in account.

Question 33

What are Service Control Policies (SCPs)?

Answer 33

Allow you to place restrictions on AWS services, resources, & individual API actions that users & roles in each account can access.

Question 34

What is a Denial-of-Service Attack (DoS)?

Answer 34

Deliberate attempt from an attack from a single source to make website or application unavailable to users.

Question 35

What is a Distributed Denial-of-Service Attack (DDoS)?

Answer 35

Deliberate attempt from an attack from multiple sources to make a website or application unavailable to users.

Question 36

What is an Internet Gateway?

Answer 36

Connection b/w VPC & Internet by allowing public traffic from internet to access VPC.

Question 37

What is Elastic Load Balancing?

Answer 37

Distributes incoming traffic across multiple targets, s/a EC2 Instances.

Question 38

What are Global Tables?

Answer 38

Replicate data automatically across AWS Regions to automatically scale capacity.

Question 39

Can block storage be accessed simultaneously?

Answer 39

No

Question 40

Can object storage provide appending files?

Answer 40

No

Question 41

Which AWS services have data encryption automatically enabled?

Answer 41

• Amazon S3
• Amazon Storage Gateway
• Amazon RDS
• Amazon Aurora
• AWS Lambda
• Amazon DynamoDB
• Amazon SQS (Simple Queue Service)
• Amazon SNS (Simple Notification Service)

Question 42

What is Penetration Testing?

Answer 42

Simulating of Cyber-Attacks which doesn’t need AWS Approval.

Question 43

What is Network Stress Testing?

Answer 43

Sending lots of test traffic to specific target application which needs AWS Approval.

Question 44

What is VPC Peering Connection?

Answer 44

Networking connection b/w 2 VPC’s that enables you to route traffic b/w them privately.

Question 45

Which AWS services/features support High Availability by default?

Answer 45

• Amazon EC2
• Amazon S3
• Amazon RDS
• Route 53
• Amazon CloudFront
• Amazon DynamoDB
• Amazon ElastiCache
• Amazon Lambda
• Amazon EFS
• Amazon SQS
• Amazon SNS
• Amazon ELB
• Amazon Kinesis
• AWS Global Accelerator
• Amazon Aurora
• Amazon Cloudwatch
• AWS Elastc Beanstalk

Question 46

Which AWS Services are regional in scope?

Answer 46

• Amazon EC2
• Amazon RDS
• Amazon S3
• Amazon VPC
• Amazon Lambda
• Amazon DynamoDB
• Amazon CloudWatch
• Amazon SQS
• Amazon SNS (Simple Notification Service)
• Amazon Route 53 (DNS Service)
• AWS Elastic Beanstalk
• AWS Elastic Load Balancing (ELB)
• Amazon EBS (Elastic Block Store)
• AWS CloudFormation
• Amazon ElastiCache
• AWS CodeBuild, CodeDeploy, and CodePipeline
• Amazon CloudFront
• Amazon Aurora
• AWS WAF & Shield
• Amazon Redshift
• AWS Elastic File System (EFS)
• Amazon MQ
• Amazon Kinesis
• AWS Global Accelerator

Question 47

Which AWS Services support VPC Gateway Endpoint?

Answer 47

• Amazon S3
• Amazon DynamoDB

Everything else uses VPC Interface endpoint

Question 48

What categories does AWS Trusted Advisor recommend?

Answer 48

• Cost Optimization
• Performance
• Security
• Fault Tolerance
• Service Limits

Question 49

What is an IAM Role?

Answer 49

IAM identity that you create in your account that has specific permissions.

Question 50

Which entities are part of Amazon VPC in AWS Cloud?

Answer 50

• VPC
• Subnet
• Route Table
• Internet Gateway
• VPC endpoint

Question 51

What are AWS Tags

Answer 51

Custom labels that you can attach to AWS resources to help
- identify, organize, & search for resources by categories.
- manage billing information
- control access
- associate resources w/ compliance types.

Question 52

What is AWS Total Cost of Ownership (TCO) Estimate?

Answer 52

Calculation that helps organizations determine if moving to AWS is good idea.
Includes:
- Infrastructure: Compute, data transfer, and storage
- Cloud services: Security, management tools, and data analytics
- Manpower: Cloud engineers
- Hidden costs: Downtime, reduced productivity, and what-if scenarios

Question 53

What is the AWS Identity and Access Management (IAM) access advisor?

Answer 53

Shows service permissions granted to user & when services were last accessed & identify unnecessary permissions.

Question 54

What is IAM Credentials Report?

Answer 54

View status of all user credentials, including passwords, access keys, & multi-factor authentication (MFA) devices.

Question 55

What is a Customer Gateway?

Answer 55

Physical device/software application on your side (premises) of Site-to-Site VPN connection.

Question 56

Which AWS Services are delivered regionally?

Answer 56

• Amazon S3
• Amazon EFS

Question 57

Which of the following statements are true about AWS Regions and Availability Zones (AZ)?

Answer 57

• Each AWS Region consists of multiple, isolated, & physically seperate Availability Zones (AZ) within a geographic area.
• All traffic b/w availability zones is encrypted.

Question 58

Which of the following statements are true about AWS Regions and Availability Zones (AZ)?

Answer 58

• Each AWS Region consists of multiple, isolated, and physically separate Availability Zones (AZ) within a geographic area
• All traffic between Availability Zones (AZ) is encrypted

Question 59

Which of the following is the least effort way to encrypt data for AWS services only in your AWS account using AWS Key Management Service (KMS)?

Answer 59

Use AWS managed master keys that are automatically created in your account for each service

Question 60

Which of the following is the least effort way to encrypt data for AWS services only in your AWS account using AWS Key Management Service (KMS)?

Answer 60

Use AWS managed master keys that are automatically created in your account for each service

Question 61

What AWS Resources are Global in Scope?

Answer 61

• Amazon CloudFront
• Amazon S3
• Amazon Virtual Private Cloud (Amazon VPC)
• Amazon Relational Database Service (RDS)
• Amazon Elastic Block Store (Amazon EBS)
• Amazon SageMaker
• Amazon Kinesis
• Amazon Simple Notification Service (Amazon SNS)
• AWS Elastic Beanstalk

Question 62

What are the AWS disaster recovery scenarios?

Answer 62

• Backup and Restore — Data is backed up and restored
• Pilot Light — Only minimal critical functionalities
• Warm Standby — Fully functional scaled down version
• Multi Site (Active-Active) — Another fully functional site