Basic Terms Flashcards
Cloud Computing
On-Demand delivery of IT resources with pay-as-you-go pricing.
On-Demand Delivery
AWS has the resources you need when you need them.
Private-Cloud Deployment
On-Premises Deployment
Hybrid Deployment
Cloud-based resources are connected to on-premises infrastructure.
Mulitenancy
Sharing underlying hardware between virtual machines
CaaS (Compute as a Service)
Consumption-based (pay-per-use) infrastructure model that provides on-demand processing resources for general & specific workloads.
What is Dynamic Scaling?
Scales based upon demand.
What is Predictive Scaling?
Automatically schedules right number of EC2 instances based upon predicted demand.
What type of application has resources and services tightly coupled where if one service fails they all fail?
Monolithic Application
What type of application has loosely coupled services and if single component fails, other components continue to work because they are communicating with each other.
Microservice
What are Containers?
Image files that contain everything needed to run
software, processes, & workflows.
What is an Origin
Server from which CloudFront gets your files.
What is a Subnet?
Section of VPC where you group resources based on security or operational needs.
Can be public or private.
What is an Internet Gateway?
Connection between VPC & Internet.
What is Virtual Private Gateway?
Enables you to establish VPC connection b/w you & private network (ex: on-premises data-center or internet corporate network).
Allows for traffic into VPC if coming form approved network.
What is difference between public & private subnets?
Public Subnets have resources that need to be accessible by public.
Private Subnets have resources that can only be accessible through your private network.
Can a private and a public subnet communicate with eachother?
Yes.
What is a Packet?
Data unit sent over internet or network.
What is a Network ACL?
Virtual firewall that controls that controls inbound & outbound traffic at subnet level using stateless packet filtering.
What is Stateless?
Network ACL remembers nothing and checks packets to and from subnet.
What is a Security Group?
Virtual firewall that controls inbound & outbound traffic for Amazon EC2 instance using stateful packet filtering.
They are stateful & deny inbound traffic but allow outbound traffic by default.
What is Stateful?
Security Group checks packet first time but will not check second time because it will remember it.
What is a DNS (Domain Name System)?
Turns domain names into IP Address so you can access websites.
What is DNS Resolution?
Translating a domain name to an IP Address.
What is a CDN?
Content Delivery Network:
Network that delivers edge content to users based on their geographic location.
What is an Instance Store?
Disk storage physically attached to host computer for EC2 instance.
If instance is terminated/instance store loses data
What is Object Storage?
Each object consists of data, metadata, & key.
What is Metadata?
Contains information about what data is, how it is used, object size, etc . . .
What is a Relational Database?
Data stored in way that relates it to other pieces of data.
What is Encryption at Rest?
Protecting data while it’s stored.
What is Encryption in Transit?
Protecting data while it is being sent & received.
What is the Root User?
User that was used to create AWS account & has complete access to all AWS services & resources in account.
What are Service Control Policies (SCPs)?
Allow you to place restrictions on AWS services, resources, & individual API actions that users & roles in each account can access.
What is a Denial-of-Service Attack (DoS)?
Deliberate attempt from an attack from a single source to make website or application unavailable to users.
What is a Distributed Denial-of-Service Attack (DDoS)?
Deliberate attempt from an attack from multiple sources to make a website or application unavailable to users.
What is an Internet Gateway?
Connection b/w VPC & Internet by allowing public traffic from internet to access VPC.
What is Elastic Load Balancing?
Distributes incoming traffic across multiple targets, s/a EC2 Instances.
What are Global Tables?
Replicate data automatically across AWS Regions to automatically scale capacity.
Can block storage be accessed simultaneously?
No
Can object storage provide appending files?
No
Which AWS services have data encryption automatically enabled?
- Amazon S3
- Amazon Storage Gateway
- Amazon RDS
- Amazon Aurora
- AWS Lambda
- Amazon DynamoDB
- Amazon SQS (Simple Queue Service)
- Amazon SNS (Simple Notification Service)
What is Penetration Testing?
Simulating of Cyber-Attacks which doesn’t need AWS Approval.
What is Network Stress Testing?
Sending lots of test traffic to specific target application which needs AWS Approval.
What is VPC Peering Connection?
Networking connection b/w 2 VPC’s that enables you to route traffic b/w them privately.
Which AWS services/features support High Availability by default?
- Amazon EC2
- Amazon S3
- Amazon RDS
- Route 53
- Amazon CloudFront
- Amazon DynamoDB
- Amazon ElastiCache
- Amazon Lambda
- Amazon EFS
- Amazon SQS
- Amazon SNS
- Amazon ELB
- Amazon Kinesis
- AWS Global Accelerator
- Amazon Aurora
- Amazon Cloudwatch
- AWS Elastc Beanstalk
Which AWS Services are regional in scope?
- Amazon EC2
- Amazon RDS
- Amazon S3
- Amazon VPC
- Amazon Lambda
- Amazon DynamoDB
- Amazon CloudWatch
- Amazon SQS
- Amazon SNS (Simple Notification Service)
- Amazon Route 53 (DNS Service)
- AWS Elastic Beanstalk
- AWS Elastic Load Balancing (ELB)
- Amazon EBS (Elastic Block Store)
- AWS CloudFormation
- Amazon ElastiCache
- AWS CodeBuild, CodeDeploy, and CodePipeline
- Amazon CloudFront
- Amazon Aurora
- AWS WAF & Shield
- Amazon Redshift
- AWS Elastic File System (EFS)
- Amazon MQ
- Amazon Kinesis
- AWS Global Accelerator
Which AWS Services support VPC Gateway Endpoint?
- Amazon S3
- Amazon DynamoDB
Everything else uses VPC Interface endpoint
What categories does AWS Trusted Advisor recommend?
- Cost Optimization
- Performance
- Security
- Fault Tolerance
- Service Limits
What is an IAM Role?
IAM identity that you create in your account that has specific permissions.
Which entities are part of Amazon VPC in AWS Cloud?
- VPC
- Subnet
- Route Table
- Internet Gateway
- VPC endpoint
What are AWS Tags
Custom labels that you can attach to AWS resources to help
- identify, organize, & search for resources by categories.
- manage billing information
- control access
- associate resources w/ compliance types.
What is AWS Total Cost of Ownership (TCO) Estimate?
Calculation that helps organizations determine if moving to AWS is good idea.
Includes:
- Infrastructure: Compute, data transfer, and storage
- Cloud services: Security, management tools, and data analytics
- Manpower: Cloud engineers
- Hidden costs: Downtime, reduced productivity, and what-if scenarios
What is the AWS Identity and Access Management (IAM) access advisor?
Shows service permissions granted to user & when services were last accessed & identify unnecessary permissions.
What is IAM Credentials Report?
View status of all user credentials, including passwords, access keys, & multi-factor authentication (MFA) devices.
What is a Customer Gateway?
Physical device/software application on your side (premises) of Site-to-Site VPN connection.
Which AWS Services are delivered regionally?
- Amazon S3
- Amazon EFS
Which of the following statements are true about AWS Regions and Availability Zones (AZ)?
- Each AWS Region consists of multiple, isolated, & physically seperate Availability Zones (AZ) within a geographic area.
- All traffic b/w availability zones is encrypted.
Which of the following statements are true about AWS Regions and Availability Zones (AZ)?
- Each AWS Region consists of multiple, isolated, and physically separate Availability Zones (AZ) within a geographic area
- All traffic between Availability Zones (AZ) is encrypted
Which of the following is the least effort way to encrypt data for AWS services only in your AWS account using AWS Key Management Service (KMS)?
Use AWS managed master keys that are automatically created in your account for each service
Which of the following is the least effort way to encrypt data for AWS services only in your AWS account using AWS Key Management Service (KMS)?
Use AWS managed master keys that are automatically created in your account for each service
What AWS Resources are Global in Scope?
- Amazon CloudFront
- Amazon S3
- Amazon Virtual Private Cloud (Amazon VPC)
- Amazon Relational Database Service (RDS)
- Amazon Elastic Block Store (Amazon EBS)
- Amazon SageMaker
- Amazon Kinesis
- Amazon Simple Notification Service (Amazon SNS)
- AWS Elastic Beanstalk
What are the AWS disaster recovery scenarios?
- Backup and Restore — Data is backed up and restored
- Pilot Light — Only minimal critical functionalities
- Warm Standby — Fully functional scaled down version
- Multi Site (Active-Active) — Another fully functional site
