CCP Flashcards

Question

EC2 Instance Types

Answer 1

- General Purpose - Compute Optimized - Memory Optimized - Accelerated Computing - Storage Optimized

Answer 2

General purpose instances provide a balance of compute, memory and networking resources, and can be used for a variety of diverse workloads. These instances are ideal for applications that use these resources in equal proportions such as web servers and code repositories.

Answer 3

Compute Optimized instances are ideal for compute bound applications that benefit from high performance processors. Instances belonging to this family are well suited for batch processing workloads, media transcoding, high performance web servers, high performance computing (HPC), scientific modeling, dedicated gaming servers and ad server engines, machine learning inference and other compute intensive applications.

Answer 4

Memory optimized instances are designed to deliver fast performance for workloads that process large data sets in memory.

Answer 5

Accelerated computing instances use hardware accelerators, or co-processors, to perform functions, such as floating point number calculations, graphics processing, or data pattern matching, more efficiently than is possible in software running on CPUs.

Answer 6

Storage optimized instances are designed for workloads that require high, sequential read and write access to very large data sets on local storage. They are optimized to deliver tens of thousands of low-latency, random I/O operations per second (IOPS) to applications.

Answer 7

- Security groups act as a 'firewall' on EC2 instance - The control access ports, authorized IP ranges, and control inbound and outbound networks - Only contain allow rules

Answer 8

Substitute for logging into your instance though a terminal. Launches a web-based SSH connection.

Answer 9

- On-Demand Instance : short workload, predictable pricing - Reserved : (min 1 year) long workloads - Convertible Reserved Instance : Long and flexible workload - Spot Instance : short workload, cheap, can lost instance - Dedicated Hosts : book entire physical server - Dedicated Instance : has hardware dedicated to that instance

Answer 10

A Role applied to an instance that links to an IAM role allowing the EC2 instance to connect to IAM

Answer 11

Elastic Block Store Volume

Answer 12

- Network drive you can attach to your instance while they run - Can only be mounted to one instance - Locked to AZ

Answer 13

Backup of an EBS volume at a point in time. Can be copied across AZ or Region

Answer 14

A tool used to create custom AMIs for use in your AWS environments.

Answer 15

EC2 Instance Store is a physical hard drive attached to your EC2 instance for increased performance over an EBS volume. EC2 Instance Store lose their storage if they're stopped

Answer 16

Elastic File System

Answer 17

A managed network file system that can be mounted on 100s of EC2s. EFS works with Linux instances in multi-AZ only.

Answer 18

EFS Infrequent Access is used to save on files that are not often accessed. EFS can move files automatically based off a Lifecycle Policy into EFS-IA. Transparent to the applications accessing EFS

Answer 19

A fully managed, highly reliable, and scalable native shared file system for Windows File Server, Lustre, and NetApp. Can be integrated into you on-premises.

Answer 20

Once a system is scalable, elasticity means that there will be some 'auto-scaling' so that the system can scale based on the load. This is 'cloud-friendly' : pay-per-use, match demand, optimize costs

Answer 21

Ability to accommodate a larger load by making the hardware stronger (scale up), or by adding nodes (scale out)

Answer 22

Run instances for the same application across multi AZ for redundancy

Answer 23

Elastic Load Balancer

Answer 24

A managed load balancer that forward internet traffic to multiple servers downstream.

Answer 25

- Application Load Balancer (HTTP/HTTPS only) - Network Load Balancer (TCP) - Classic Load Balancer (slowly retiring)

Answer 26

Auto Scaling Group

Answer 27

An ASG allows us to spin up or down instances to meet demand based on pre-defined thresholds. Also provides health checks on instances and replaces bad instances.

Answer 28

Simple Storage Service

Answer 29

S3 allows people to store objects (files) in buckets (directories).

Answer 30

- IAM policy to restrict what type of access an IAM user has - Encryption of the S3 bucket - Resource based policies

Answer 31

S3 can host static websites and have them accessible on the www

Answer 32

It will allow you to create versions for your files in the S3 bucket. Allowing you to roll back to previous versions and even deletion. This is not a retroactive setting.

Answer 33

A log that tracks all access to an S3 bucket.

Answer 34

Cross Region Replication

Answer 35

Same Region Replication

Answer 36

A replication of object in an S3 bucket to another bucket, asynchronous. Can be used to replicate information across accounts with the proper permissions. Not retroactive.

Answer 37

- Standard - Standard IA - One Zone-IA - Intelligent Tiering - Glacier - Glacier Deep Archive

Answer 38

It blocks an object version deletion for a specified amount of time.

Answer 39

A policy that is locked from editing for data compliance and retention.

Answer 40

Offline devices to perform data migrations. If it takes more than a week to transfer over the network, use Snowball devices. Highly-secure, portable devices to collect and process data at the edge, and migrate data into and out of AWS

Answer 41

Snowcone Snowball Edge Snowmobile

Answer 42

Snowcone | SnowMobile

Answer 43

Physical data transport solution, moves TBs or PVs of data in or out of AWS. Comes in Storage and Compute optimized versions.

Answer 44

Small, portable computing device, very durable. 8TB of storage. Used for edge computing.

Answer 45

A truck used to move EBs and PBs of information to and from AWS.

Answer 46

OpsHub is an agent that help you manage your Snow Family devices.

Answer 47

A bridge between on-premise data and cloud data in S3 and EBS

Answer 48

Relational Database Service

Answer 49

- Relational Database / OLTP | - Managed DB service for DBs that use SQL language

Answer 50

- Relational Database - Cloud optimized - PostgreSQL and MySQL both supported - Proprietary tech

Answer 51

- In-Memory database - Helps reduce load off databases for read intensive workloads - Managed service

Answer 52

-Key/Value Database -Low latency -NoSQL/not a relational database Serverless

Answer 53

-Similar to ElastiCache, but specific to DynamoDB

Answer 54

- Warehouse OLAP (online analytical processing (analytics and date warehousing) - Data stored in Columns

Answer 55

Elastic MayReduce

Answer 56

EMR helps creating Hadoop clusters (Big Data) to analyze and process vast amounts of data

Answer 57

Serverless query service to perform analytics against S3 objects.

Answer 58

Serverless machine learning-powered business intelligence service to create interactive dashboards

Answer 59

'Aurora for MondoDB' (JSON - NoSQL database)

Answer 60

Fully managed graph database

Answer 61

Quantum Ledger Database

Answer 62

Financial Transaction Ledger (immutable journal, cryptographically verifiable)

Answer 63

Managed Hyperledger Fabric & Ethereum blockchains

Answer 64

Database Migration Service

Answer 65

Quickly and securely migrate databases to AWS, resilient, self-healing

Answer 66

Managed ETL (Extract Transform Load) and Stat Catalog service used to prepare and load data for analytics

Answer 67

Elastic Container Service

Answer 68

Runs Docker containers of EC2 instances

Answer 69

Run Docker containers without provisioning the infrastructure. Serverless offering (no EC2 instance)

Answer 70

Elastic Container Registry

Answer 71

This is where you store your personalized Docker images so they can be run by ECS or Fargate

Answer 72

An on-demand Virtual Function service. Run tasks like creating and moving thumbnails from images uploaded into an S3 bucket. Goes across whole AWS suite

Answer 73

Fully managed service for developers to easily create, publish, maintain, monitor, and secure APIs in the cloud. Serverless.

Answer 74

Runs batch jobs on AWS across managed EC2 instances. Defined as Docker images

Answer 75

Service providing VMs, storage, DBs, and networking. Similar to EC2, ELB, Route 53, etc.. Meant for people with little cloud experience. Usually distractor on test.

Answer 76

store code in private git repository (version controlled)

Answer 77

Build & test code in AWS

Answer 78

Deploy code onto servers | Update any application onto servers

Answer 79

Orchestration of pipeline (from code to build to deploy)

Answer 80

Store software packages / dependencies on AWS

Answer 81

Unified view for allowing developers to do CICD and code

Answer 82

Cloud IDE with collab

Answer 83

Define your cloud infrastructure using a programming language

Answer 84

Cloud Development Kit

Answer 85

Create Infrastructure as Code, works with almost all of AWS resources.

Answer 86

Elastic Beanstalk is a developer centric view of deploying an application on AWS. All in one view and easy to make sense of.

Answer 87

Helps mange your EC2 and On-Premises systems at scale. Patching automation for enhanced compliance and runs commands across an entire fleet of servers.

Answer 88

Managed Chef and Puppet in AWS

Answer 89

Each AWS Region is designed to be isolated from the other AWS Regions. This design achieves the greatest possible fault tolerance and stability. When you view your resources, you see only the resources that are tied to the AWS Region that you specified. This is because AWS Regions are isolated from each other, and we don't automatically replicate resources across AWS Regions. Exp: us-west-1

Answer 90

Availability Zones are multiple, isolated locations within each Region. Exp: us-west-1a and us-west-1b

Answer 91

A Local Zone is an extension of an AWS Region that is geographically close to your users. You can extend any VPC from the parent AWS Region into Local Zones by creating a new subnet and assigning it to the AWS Local Zone Exp: us-west-2-lax-1a

Answer 92

Edge locations are AWS data centers designed to deliver services with the lowest latency possible. Amazon has dozens of these data centers spread across the world. They're closer to users than Regions or Availability Zones, often in major cities, so responses can be fast. Used for content delivery as close as possible to users

Answer 93

Global DNS service. Great to route users to the closest deployment with least latency. Great for disaster recovery strategies.

Answer 94

Content Delivery Network

Answer 95

Service that replicates part of your application to AWS Edge Locations - decrease latency. Caches common requests - Improves user experience and decrease latency

Answer 96

Accelerate global uploads & downloads into S3

Answer 97

Improves global application availability and performance using the AWS global network

Answer 98

Outposts are AWS server racks that are deployed into and on-premises network extending AWS services into your data center

Answer 99

This service bring AWS services to the edge of the 5G network. Used for ultra-low latency applications

Answer 100

Amazon Simple Queue Service is one of the oldest AWS offerings. Used to decouple applications by providing a queue where messages are kept up to 14 days. Multiple Consumers share the read and delete messages when done

Answer 101

Simple Queue Service

Answer 102

Simple Notification Service

Answer 103

Amazon Simple Queue Service is a notification service with no message retention.

Answer 104

A managed service to collect, process, and analyze real-time streaming data at any scale. For exam Kinesis = real-time big data streaming

Answer 105

When migrating to the cloud, instead of re-engineering an applications queue/notification service we can use Amazon MQ instead of SQS and SNS. Amazon MQ = managed Apache ActiveMQ

Answer 106

it is a reporting tool in AWS. - Metrics : monitor the performance of AWS services and billing metrics - Alarms : automate notification, perform EC2 action, notify to SNS based on metric - Logs : collect log files from EC2 instances, servers, Lambda functions… - Events (or EventBridge) : react to events in AWS, or trigger a rule on a schedule

Answer 107

EventBridge is the next evolution of CloudWatch Events. For exam its the same as CloudWatch Events

Answer 108

audit events / API calls made within your AWS account

Answer 109

Automated analysis of your Cloud Trail Events to detect unusual activity

Answer 110

AWS X-Ray helps developers analyze and debug production, distributed applications

Answer 111

It provides the status of all AWS services across all regions

Answer 112

It is a dashboard that provides status of AWS events that impact your infrastructure

Answer 113

Amazon CodeGuru is a developer tool that provides intelligent recommendations to improve code quality and identify an application’s most expensive lines of code.

Answer 114

Virtual Private Cloud

Answer 115

A VPC is a private network to deploy your AWS resources in. This is a regional resource

Answer 116

Subnets allow you to partition your network inside you VPC. Subnets are ties to an AZ.

Answer 117

The IGW helps our VPC instances connect with the internet.

Answer 118

NAT Gateways (AWS managed) & NAT Instances (self-managed) allow your instance in your Private Subnets to access the internet while remaining private

Answer 119

Stateless, subnet rules for inbound and outbound traffic. A firewall that can have allow and deny rules.

Answer 120

Stateful, operate at the EC2 instance level or ENI. A firewall that controls traffic to and from. Only Allow rules

Answer 121

Connects two VPC with non-overlapping IP ranges, nontransitive

Answer 122

Endpoints allow you to connect to AWS Services using a private network instead of the public www network.

Answer 123

Network traffic logs

Answer 124

VPN over public internet between on-premises DC and AWS.

Answer 125

This is a direct private connection to AWS which take at least a month to establish to local data center.

Answer 126

Connects thousands of VPC and on-premises networks together.

Answer 127

Free Automatic DDoS protection / 24/7 support for advanced

Answer 128

Layer 7 (HTTP) firewall that protects your web applications from common web exploits. Filters incoming requests based on rules

Answer 129

Web Application Firewall

Answer 130

Key Management Service

Answer 131

An encryption key managed by AWS. If you see encryption on test is is most likely this.

Answer 132

AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud.

Answer 133

WS Certificate Manager is a service that lets you easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources

Answer 134

Portal that provides customers with on-demand access to AWS compliance documentation and AWS agreements

Answer 135

Find malicious behavior with VPC, DNS & CloudTrail Logs

Answer 136

For EC2 only, install agent and find vulnerabilities

Answer 137

Track config changes and compliance against rules

Answer 138

Amazon Macie is a fully managed data security and data privacy service that users machine learning and pattern matching to discover and protect your sensitive data in AWS

Answer 139

Central security tool to manage security across several AWS accounts and automate security checks

Answer 140

Used to find the root cause of security issues or suspicious activities

Answer 141

Report AWS resources used for abusive or illegal purposes

Answer 142

- Change account settings - Clouse your AWD account - Change or cancel your AWS support plan - Register as a seller in the Reserved Instance Marketplace

Answer 143

face detection, labeling, celebrity recognition

Answer 144

audio to text

Answer 145

text to audio

Answer 146

translations

Answer 147

build conversational bots - chatbots

Answer 148

cloud contact center

Answer 149

natural language processing

Answer 150

machine learning for every developer and data scientist

Answer 151

build highly accurate forecasts

Answer 152

ML-powered search engine

Answer 153

real-time personalized recommendations

Answer 154

This is a global service that allows you to manage multiple AWS accounts. This provides the benefit of consolidating billing across all accounts.

Answer 155

Service Control Policies

Answer 156

These policies are applied at the OU or Account level and do not apply to the Master account. These policies allow you to whitelist/blacklist IAM actions additional accounts/users have in the organization

Answer 157

This is a management dashboard that allows you to quickly and easily manage your organization

Answer 158

These will make management and billing easier

Answer 159

Setup MFA Provide users with least-privilege Create a password policy Rotate passwords

Answer 160

It is a service that provides a high level account assessment based on Cost Optimizations, Performance, Security, Fault tolerance, and Service Limits. Recommends a support plan.

Answer 161

Into an S3 bucket or CloudWatch Logs

Answer 162

Change the root password Delete and rotate all passwords/keys Contact AWS Support

Answer 163

1. AWS Basic Support Plan 2. AWS Developer Support Plan 3. AWS Business Support Plan 4. AWS Enterprise Support Plan

Answer 164

It recommends resources' configurations to reduce cost

Answer 165

Used to calculate your on-premises data center cost of ownership and what it would cost to host it in AWS.

Answer 166

To calculate the cost of services on AWS

Answer 167

It provides a high level overview of billing and the free-tier

Answer 168

They tag resources to create detailed reports

Answer 169

They are the most comprehensive billing dataset

Answer 170

View current usage (detailed) and forecast usage

Answer 171

They are alarms that notify you based on overall and per-service billing

Answer 172

More advanced track usage, costs, RI, and get alerts

Answer 173

This is an easy way to saved based on long-term usage of AWS

Answer 174

Security Token Service

Answer 175

The Security Token Service is used to provide temporary, limited-privilege credentials to access AWS resources

Answer 176

It creates a database of users to allow access control to your web and mobile apps quickly and easily. Used for potentially millions of users.

Answer 177

This is a integrated Microsoft AD in AWS that can establish trusts to local AD environments.

Answer 178

This SSO provides one login for multiple AWS accounts & applications

Answer 179

- Managed Desktop as a Service (DaaS) solution to easily provision Windows or Linux desktops - Great to eliminate management of on-premise VDI (Virtual Desktop Infrastructure) - Fast and quickly scalable to thousands of users - Secure data : integrates with KMS - Pay-as-you-go service with monthly or hourly rates - To minimize latency deploy the WorkSpaces close to the users Region.

Answer 180

- Desktop Application Streaming Service - Deliver to any computer, without acquiring, provisioning infrastructure - The application is delivered from within a web browser

Answer 181

- Create and run virtual reality (VR), augmented reality (AR), and 3D applications - Can be used to quickly create 3D models with animations - Ready-to-use templates and assets : no programming or 3D expertise required - Accessible via a web-browser URLs or on popular hardware for AR/V

Answer 182

- IoT stands for 'Internet of Things' : the network of internet-connected devices that are able to collect and transfer data - AWS IoT Core allows you to easily connect IoT devices to the AWS Cloud - Serverless, secure & scalable to billions of devices and trillions of messages - Your applications can communicate with your devices even when they aren't connected - Integrates with a lot of AWS services (Lambda, S3, SageMaker, etc.)

Answer 183

Elastic Transcoder is used to convert media files stored in S3 into media files in the formats required by consumer playback devices (phones etc..)

Answer 184

- Fully-managed service that tests your web and mobile apps against desktop browsers, real mobile devices, and tablets - Run tests concurrently on multiple devices (speed up execution) - Ability to configure device settings (GPS, language, Wi-Fi, Bluetooth,…)

Answer 185

- Fully-managed service to centrally manage and automate backups across AWS services - On-demand and scheduled backups - Supports PITR (Point-in-time-Recovery) - Retention Periods, Lifecycle Management, Backup Policies,.. - Cross-Region Backup - Cross-Account Backup (Using AWS Organizations)

Answer 186

- Backup and Restore - Cheapest - Pilot Light - Warm Standby - Multi-Site / Hot-Site - Most Expensive

Answer 187

- Quickly and easily recover your physical, virtual, and cloud-based servers into AWS - Example : protect your most critical databases (including Oracle, MySQL, and SQL Server), enterprise apps (SAP), protect your data from ransomware attacks,… - Continuous block-level replication for your servers

Answer 188

- Move large amount of data from on-premises to AWS - Can synchronize to : Amazon S3 (any storage classes - including Glacier), Amazon EFS, Amazon FSx for Windows - Replication tasks can be scheduled hourly, daily, weekly - The replication tasks are incremental after the first full load

Answer 189

- A fully managed service for running fault injection experiments on AWS workloads - Based on Chaos Engineering : stressing an application by creating disruptive events (e.g., sudden increase in CPU or memory), observing how the system responds, and implementing improvements - Helps you uncover hidden bugs and performance bottlenecks - Supports the following AWS services : EC2, ECS, EKS, RDS… - Use pre-built templates that generate the desired disruptions

Answer 190

1) Operational Excellence 2) Security 3) Reliability 4) Performance Efficiency 5) Cost Optimizations They are not something to balance, or trade-offs, they're a synergy

Answer 191

- Implement a strong identity foundation - Enable traceability - Apply security at all layers - Automate security best practices - Protect data in transit and at rest - Keep people away from data - Prepare for security events

Answer 192

Free tool to review your architectures against the 5 pillars framework and adopt architectural best practices

Answer 193

It is a digital catalog with thousands of software listings from independent software vendors

Answer 194

- AWS Digital (online) and classroom training (in-person & digital) - AWS Private Training (for org) - Training and Cert for the US Gov - Training and Cert for Enterprise - AWS Academy : helps universities teach AWS - And your favorite online teacher teaching you all about AWS certs

Answer 195

AWS Partner Network

Answer 196

providing hardware, connectivity, and software

Answer 197

professional services firm to help build on AWS

Answer 198

find who can help you learn AWS

Answer 199

AWS Competencies are granted to APN Partners who have demonstrated technical proficiency and proved customer success in specialized solution areas

Answer 200

help partners become better partners