CCP

Question 1

IAM Users

Answer 1

mapped to a physical user, has a password for AWS Console

Question 2

IAM Groups

Answer 2

Containers users only

Question 3

IAM Policies

Answer 3

JSON document that outlines permissions for users or groups

Question 4

IAM Policies
Effect

Answer 4

Whether the statement allows or denies access (Allow, Deny)

Question 5

IAM Policies
Principal

Answer 5

account/user/role to which this policy applies to

Question 6

IAM Policies
Action

Answer 6

list of actions this policy allows or denies

Question 7

IAM Policies
Resource

Answer 7

List of resources to which the actions applied to

Question 8

IAM Security

Answer 8

MFA + Password Policy

Question 9

AWS CLI

Answer 9

manage your aws services using a programming language

Question 10

Access Keys

Answer 10

access AWS services using a programming language

Question 11

IAM Audit Tools

Answer 11

-IAM Credentials Report (account-level)
-IAM Access Advisor (user-level)

Question 12

Ports to know
SSH (Secure Shell) - log into Linux instance

Answer 12

Port 22

Question 13

Ports to know
FTP (File Transfer Protocol) - upload files into a file share

Answer 13

Port 21

Question 14

Ports to know
SFTP (Secure File Transfer Protocol) - uploading files using SSH

Answer 14

Port 22

Question 15

Ports to know
HTTP - access unsecured websites

Answer 15

Port 80

Question 16

Ports to know
HTTPS - access secured websites

Answer 16

Port 433

Question 17

Ports to know
RDP (Remote Desktop Protocol) - log into a windows instance

Answer 17

Port 3389

Question 18

What is a EC2 instance made of

Answer 18

AMI (OS) + Instance Size (CPU + RAM) + Storage + security groups + EC2 User Data

Question 19

What is a security Group

Answer 19

Firewall attached to the EC2 instance

Question 20

What is EC2 User Data

Answer 20

Script launched at the first start of an instance

Question 21

EBS Volume

Answer 21

(Elastic Block Storage Volume)
-Network drives attached to one EC2 instance at a time
-Mapped to Availability Zones
-Can use EBS Snapshots for backups / transferring EBS volumes across AZ

Question 22

AMI

Answer 22

(Amazon Machine Image)
Create Ready to use EC2 instances with our customizations

Question 23

EC2 Image Builder

Answer 23

Automatically build, test, and distribute AMI’s

Question 24

EC2 Instance Store

Answer 24

-High performance hardware disk attached to our EC2 instance
-Lost if our instance is stopped / terminated

Question 25

EFS

Answer 25

(Amazon Elastic File System)
Network file system, can be attached to 100s of instanced ina region

Question 26

EFS-IA

Answer 26

Cost optimized storage class for infrequent accessed files

Question 27

FSx for Windows

Answer 27

Network File system for windows servers

Question 28

FSx for Lustre

Answer 28

High performance computing linux file system

Question 29

High Availability

Answer 29

Run instances for same application cross multi AZ incase of failure

Question 30

Scalability

Answer 30

Ability to accommodate a larger load by making the hardware stronger (scale up), or by adding nodes (scale out)

Question 31

Elasticity

Answer 31

Once a system is scalable, elasticity means that there will be some “auto-scaling” so that the system can scale based on the load. This is “cloud-friendly”: pay per use, match demand, optimize costs

Question 32

Agility

Answer 32

(not related to scalability - distractor on exam) new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes.

Question 33

ELB

Answer 33

(Elastic Load Balancers)
-Distribute traffic across backend EC2 instances, can be Multi-AZ
-Supports health checkers
-3 types: Application LB (HTTP - L7), Network LB (TCP - L4), Classic LB (old)

Question 34

ASG

Answer 34

(Auto Scaling Groups)
-Implement Elasticity for your application, across multiple AZ
-Scale EC2 instances based on the demand on your system, replace unhealthy
-Integrated with the ELB

Question 35

S3 Buckets

Answer 35

-Globally unique name (across all regions all accounts)
-Created in a region

Question 36

S3 Objects

Answer 36

-Objects (files) have a key
-The key is the FULL url path
-The key is composed of a prefix + object name
-There’s no concept of directories within buckers although the UI will trick you to think otherwise.

Question 37

S3 security

Answer 37

IAM policy, S3 Bucket Policy (public access), S3 Encryption

Question 38

S3 Websites

Answer 38

Host a static website on Amazon S3

Question 39

S3 Versioning

Answer 39

multiple versions for files, prevent accidental delete

Question 40

S3 Replication

Answer 40

same-region or cross-region, must enable versioning

Question 41

S3 Storage classes

Answer 41

Standard, IA, IZ-IA, Intelligent, Glacier (Instant, Flexible, Deep)

Question 42

SnowFamily

Answer 42

import data onto S3 through a physical device, edge computing

Question 43

OpsHub

Answer 43

Desktop application to manage Snow Family Devices

Question 44

Storage Gateway

Answer 44

Hybrid solution to extend on-premises storage to S3

Question 45

Databases
Relational Databases OLTP SQL

Answer 45

(Online Transactional Processing)
RDS managed service for MySQL, MAriaDB, etc
Aurora (SQL) proprietary database optimized for cloud

Question 46

Databases
Read Replicas

Answer 46

Scale the read workload of your DB
Can create up to 5 read replicas
Data is only written to main DB

Question 47

Databases
Multi-AZ

Answer 47

Failover in case of AZ outage (High availability)
Data is only read/written to main database
Can only have 1 other AZ as failover

Question 48

Databases
Multi-Region

Answer 48

MultiRegion (Read Replicas)
Disaster Recovery in case of region issue
Local performance for global reads
Replication cost

Question 49

Databases
In-memory Database

Answer 49

ElastiCache

Question 50

Databases
Key/Value Database

Answer 50

DynamoDB (serverless) & DAX (Cache for DynamoDB)

Question 51

Databases
Warehouse OLAP

Answer 51

(Online Analytical Processing): Redshift SQL

Question 52

Databases
Hadoop Cluster

Answer 52

EMR (Elastic MapReduce)

Question 53

Databases
Athena

Answer 53

Query data on Amazon S3 (serverless & SQL)

Question 54

Databases
QuickSight

Answer 54

Dashboards on your data (Serverless)

Question 55

Databases
DocumentDB

Answer 55

“Aurora for MongoDB” (JSON - NoSQL database

Question 56

Databases
Amazon QLDB

Answer 56

(Quantum Ledger Database)
Financial Transactions Ledger, like centralized blockchain

Question 57

Databases
Amazon Managed Blockchain

Answer 57

Managed HyperLedger Fabric & Ethereum blockchains`

Question 58

Databases
Glue

Answer 58

Managed ETL (Extract Transform Load) and Data Catalog service

Question 59

Databases
DMS

Answer 59

Database Migration

Question 60

Databases
Neptune

Answer 60

Graph database used websites like wikipedia, facebook

Question 61

Docker

Answer 61

container technology to run applications

Question 62

ECS

Answer 62

(Elastic Container Service)
run Docker containers on EC2 instances you provision and maintain

Question 63

Fargate

Answer 63

-Run Docker containers without provisioning the infrastructure
-Serverless offering (no EC2 instances)

Question 64

ECR

Answer 64

(Elastic Container Registry)
Private Docker Images Repository

Question 65

Batch

Answer 65

run batch jobs on AWS across managed EC2 instances

Question 66

Lightsail

Answer 66

-predictable & low pricing for simple application & DB stacks
-AWS for dummies

Question 67

Lambda

Answer 67

Lambda is Serverless, Function as a Service, seamless scaling, reactive

Question 68

Lambda Billing

Answer 68

(pay per call or pay per duration)
By the time run multiplied by the RAM provisioned
By the number of invocations

Question 69

CloudFormation

Answer 69

(AWS only)
-Infrastructure as Code, works with almost all of AWS resources
-Repeat across Regions & Accounts

Question 70

Beanstalk

Answer 70

(AWS only)
-Platform as a Service (PaaS), limited to certain programing languages or Docker
-Deploy code consistently with a known architecture

Question 71

CodeDeploy

Answer 71

(Hybrid)
Deploy & upgrade any app onto servers

Question 72

Systems Manager

Answer 72

(Hybrid)
patch, configure, and run commands at scale

Question 73

OpsWorks

Answer 73

(Hybrid)
managed Chef and Puppet in AWS

Question 74

CodeCommit

Answer 74

Store code in private git repository (version controlled)
GitHub for AWS

Question 75

CodeBuild

Answer 75

Build & test code in AWS

Question 76

CodeDeploy

Answer 76

Deploy code on to servers

Question 77

CodePipeline

Answer 77

Orchestration of pipeline (from code to build to deploy)

Question 78

CodeArtificat

Answer 78

Store software packaged / dependencies on AWS

Question 79

CodeStar

Answer 79

Unified view for allowing devs to do CI/CD and code
One stop shop for all Code… services

Question 80

Cloud9

Answer 80

Cloud IDE like visual code with collab

Question 81

AWS CDK

Answer 81

Define your cloud infrastructure using a programming language

Question 82

Route 53

Answer 82

Global DNS
Great to route users to the closet deployment with least latency
Great for disaster recovery strategies

Question 83

CloudFront

Answer 83

Global Content Delivery Network (CDN)
-Replicate part of our app to AWS Edge Locations decrease latency
-Cache common request improved user experience & decreased latency

Question 84

S3 Transfer Acceleration

Answer 84

Accelerate global uploads & downloads into Amazon S3

Question 85

AWS Global Accelerator

Answer 85

Improve global app availability and performance using the AWS global private network

Question 86

AWS Outposts

Answer 86

Deploy Outposts Racks in your own Data Centers to extend AWS services

Question 87

AWS WaveLength

Answer 87

Brings AWS services to the edge of the 5G networks
Ultra-low latency applications

Question 88

AWS Local Zones

Answer 88

Bring AWS resources closer to users in in large populations
Good for latency sensitive applications

Question 89

CloudWatch Metrics

Answer 89

Monitor the performance of AWS services and billing metrics

Question 90

CloudWatch Alarms

Answer 90

Automate notification, perform EC2 action, notify to SNS based on metric

Question 91

CloudWatch Logs

Answer 91

Collect log files from EC2 instances, servers, Lambda functions, etc

Question 92

CloudWatch Events (or EventBridge)

Answer 92

Collect log files from EC2 instances, servers, Lambda functions, etc

Question 93

CloudTrail

Answer 93

audit API calls made within your AWS account

Question 94

CloudTrail Insights

Answer 94

automated analysis of your CloudTrail Events

Question 95

X-Ray

Answer 95

trace requests made through your distributed applications

Question 96

Service Health Dashboard

Answer 96

Status of all AWS services across all regions

Question 97

Personal Health Dashboard

Answer 97

AWS events that impact your infrastructure

Question 98

Amazon CodeGuru

Answer 98

Automated code reviews and application performance recommendations

Question 99

VPC

Answer 99

(Virtual Private Cloud)
private regional network to deploy your resources

Question 100

Subnets

Answer 100

Tied to an AZ, network partition of the VPC

Question 101

Internet Gateway

Answer 101

at the VPC level, provide internet Access

Question 102

Nat Gateway (Managed) / Nat Instances (You manage)

Answer 102

give internet access to private subnets

Question 103

NACL

Answer 103

(Network Access Control List)
Stateless (Allow or Deny) firewall, subnet rules for inbound and outbound

Question 104

Security Groups

Answer 104

Stateful (Allow), operate at the EC2 instance level or ENL

Question 105

VPC Peering

Answer 105

Connect two VPC with non overlapping IP ranges, nontransitive

Question 106

VPC Endpoints

Answer 106

Provide private access to AWS services within VPC

Question 107

PrivateLink

Answer 107

Privately connect to a service in a 3rd party VPC

Question 108

VPC Flow Logs

Answer 108

Network traffic logs

Question 109

Site to Site VPN

Answer 109

VPN over public internet between on-premises DC and AWS

Question 110

Client VPN

Answer 110

OpenVPN connection from your computer to your VPC

Question 111

Direct Connect

Answer 111

Direct private connection to AWS

Question 112

Transit Gateway

Answer 112

Connect thousands of VPC and on-premises networks together

Question 113

Shield

Answer 113

Automatic DDos Protection + 24/7 support for advanced

Question 114

WAF

Answer 114

Web Application Firewall to filter incoming requests based on rules

Question 115

KMS

Answer 115

(Key Management Service)
Encryption keys managed by AWS

Question 116

CloudHSM

Answer 116

Hardware encryption, customer manages encryption keys

Question 117

AWS Certificate Manager

Answer 117

provision, manage, and deploy SSL/TLS Certificates

Question 118

Artifact

Answer 118

Get access to compliance reports such as PCI, ISO, etc

Question 119

GuardDuty

Answer 119

Find malicious behavior with VPC, DNS, and CloudTrail Logs

Question 120

Inspector

Answer 120

For EC2 only, install agent and find vulnerabilities

Question 121

Config

Answer 121

Track config changes and compliance against rules

Question 122

Macie

Answer 122

Find sensitive data (ex:PII data) in Amazon S3 buckets

Question 123

CloudTrail

Answer 123

Track API calls made by users within account

Question 124

AWS Security Hub

Answer 124

Gather security findings from multiple AWS accounts

Question 125

Amazon Detective

Answer 125

Find the root cause of security issues or suspicious activities

Question 126

AWS Abuse

Answer 126

report AWS resources used for abusive or illegal purposes

Question 127

Root user privileges

Answer 127

Change account settings
Close your AWS account
Change or cancel your AWS Support plan
Register as a seller in a Reserved Instance Marketplace

Question 128

Rekognition

Answer 128

face detection, labeling, celebrity recognition

Question 129

Transcribe

Answer 129

audio to text (ex: subtitles)

Question 130

Polly

Answer 130

text to audio

Question 131

Translate

Answer 131

language translations

Question 132

Lex

Answer 132

build conversational bots - chatbots
Powers Alexa

Question 133

Connect

Answer 133

use with lex to create cloud contact center

Question 134

Comprehend

Answer 134

For Natural Language Processing - NLP

Question 135

SageMaker

Answer 135

Fully managed service for developers / data scientists to build ML models

Question 136

Forcast

Answer 136

Machine learning for highly accurate forecasts and predictions

Question 137

Kendra

Answer 137

Fully managed document search service powered by ML

Question 138

Personalize

Answer 138

Personalized recommendations, same tech used on amazon.com

Question 139

Textract

Answer 139

detect text and data in documents

Question 140

AWS 4 Pricing Models

Answer 140

-Pay as you go
-Save when you reserve
-Pay less by using more
-Pay less as AWS grows

Question 141

EC2 Pricing

Answer 141

-On-demand, pay as you go
-Reserved, up to 75% off, 1 or 3 years commitment, All upfront, partial upfront, or no upfront
-Spot Instances, Bid for unused capacity, can loose it
-Dedicated Host, on-demand, reservation for 1 or 3 years
-Savings plans save on sustained usage

Question 142

Lambda and ECS Pricing

Answer 142

-Lambda
Pay per call
Pay per duration
-ECS
EC2 Launch Type Model: No additional fees, you pay for AWS resources stored and created in your application
-Fargate
Fargate Launch Type Model: Pay for vCPU and memory resources allocated to your applications in your containers

Question 143

Cost and Usage Reports

Answer 143

-Comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, reservations
-Lists AWS usage for each service category used by an account and its IAM users in hourly or daily line items, as well as any tags that you have activated for cost allocation purposes

Question 144

Cost Explorer

Answer 144

-Virtualize, understand, and manage your AWS costs and usage over time
-Choose an optimal Savings plan (to lower prices on your bill)
-Forecast usage up to 12 months based on previous usage

Question 145

AWS Budgets

Answer 145

Create budget and send alarms when costs exceeds the budget

Question 146

Trusted Advisor and categories

Answer 146

High level AWS account assessment tool

-Cost optimization
-Performance
-Security
-Fault tolerance
-Service limits

Question 147

Trusted Advisor 7 Core Checks

Answer 147

For Basic & Developer Support Plan

-S3 Bucket Permissions
-Security Groups - Specific Ports Unrestricted
-IAM use (one IAM user minimum)
-MFA on Root Account
-EBS Public Snapshots
-RDS Public Snapshots
-Service limits

Question 148

Trusted Advisor Full Checks

Answer 148

-Full checks available on 5 categories
-Ability to set CloudWatch alarms when reaching limits
-Programmatic Access using AWS Support API

Question 149

Compute Optimizer

Answer 149

Recommends resources’ configurations to reduce cost using machine learning

Question 150

Pricing Calculator

Answer 150

Cost of services on AWS

Question 151

Billing Dashboard

Answer 151

High level overview + free tier dashboard

Question 152

Cost Allocation Tags

Answer 152

Tag resources to create detailed reports

Question 153

Cost and Usage Reports

Answer 153

Most comprehensive billing dataset

Question 154

Cost Explorer

Answer 154

View current usage (detailed) and forecast usage

Question 155

Billing Alarms

Answer 155

In us-east-1 -track overall and per-service billing

Question 156

Budgets

Answer 156

more advanced - track usage, costs, RI, and get alerts

Question 157

Savings Plans

Answer 157

easy way to save based on long-term usage of AWS

Question 158

IAM

Answer 158

Identity and Access Management inside your AWS account
For users that you trust and belong to your company

Question 159

Organizations

Answer 159

Manage multiple AWS accounts

Question 160

STS

Answer 160

(Security Token Service)
Temporary, limited privileges credentials to access AWS resources

Question 161

Cognito

Answer 161

create a database of users for your mobile & web applications

Question 162

Directory Services

Answer 162

integrate Microsoft Active Directory in AWS

Question 163

IAM Identity Center

Answer 163

One login for multiple AWS accounts & applications

Question 164

Amazon WorkSpaces

Answer 164

-Managed Desktop as a Service (DaaS) solution to easily provision Windows or Linux desktops
-Great to eliminate management of on-premise VDI (Virtual Desktop Infrastructure)

Question 165

Amazon AppSteam 2.0

Answer 165

-Desktop Application Streaming Service
-The Application is delivered from within a web browser
-Example: Steam and use blender via the browser

Question 166

Amazon Sumerian

Answer 166

Create and run virtual realty (VR, augmented reality (AR), and 3D applications

Question 167

AWS IoT Core

Answer 167

Allows you to easily connect IoT devices to the AWS Cloud

Question 168

Amazon Elastic Transcoder

Answer 168

Used to convert media files stored in S3 into media files in the formats required by consumer playback devices (phones etc.)

Question 169

AWS AppSync

Answer 169

-Store and sync data across mobile and web apps in real-time
-Makes use of GraphQL (mobile technology from Facebook)

Question 170

AWS Amplify

Answer 170

A set of tools and services that helps you develop and deploy scalable full stack web and mobile applications

Question 171

AWS Device Farm

Answer 171

Fully-managed service that tests your web and mobile apps against desktop browsers, real mobile devices, and tablets

Question 172

AWS Backup

Answer 172

Fully-managed service to centrally manage and automate backups across AWS services

Question 173

Disaster Recovery Strategies

Answer 173

-Cheapest: Backup and restore
-average: Pilot Light
-Expensive: Warm StandBy
-Most expensive: Multi-site / Hot-site

Question 174

AWS Elastic Disaster Recovery (DRS)

Answer 174

Quickly and easily Recover your physical, virtual, and cloud-based servers into AWS

Question 175

AWS DataSync

Answer 175

Replication tasks are incremental after the first full load

Question 176

AWS Application Discovery Service

Answer 176

Plan migration projects by gathering information about on-premises data centers

Agentless Discovery (AWS Agentless Discovery Connector)

Agent-based Discovery (AWS Application Discovery Agent)

AWS Application Migration Service (MGN)
Lift and shift (rehost) solution which simplify migrating applications to AWS

Question 177

AWS Fault Injection Simulator (FIS)

Answer 177

Based on Chaos Engineering stressing an application by creating disruptive events (sudden increase of CPu or memory), observing how the system responds, and implementing improvements

Question 178

AWS Step Functions

Answer 178

-Build serverless visual workflow to orchestrate your Lambda functions
-Features: sequence, parallel, conditions, timeouts, error handling

Question 179

AWS Ground Station

Answer 179

Fully managed service that lets you control satellite communications, process data, and scale your satellite operations

Question 180

Amazon Pinpoint

Answer 180

-Scalable 2-way (outbound/inbound) marketing communications service
-Supports email, SMS, push, voice, and in-app messaging

Question 181

1st Pillar

Answer 181

Operation Excellence

Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures

-Perform operations as code
-Annotate documentation
-Make frequent, small, reversible changes
-Refine operations procedures frequently
-Anticipate failure
-Learn from all operational failures

Question 182

2nd Pillar

Answer 182

Security

Includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies

-implement a strong identity foundation
-Enable traceability
-Apply security at all layers
-Automate security best practices
-Protect data in transit and at rest
-Keep people away from data
-Prepare for security events

Question 183

3rd Pillar

Answer 183

Reliability

Ability of a system to recover from infrastructure or service disruptions dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues

-Test recovery procedures
-automatically recover from failure
-Scale horizontally to increase aggregate system availability
-Stop guessing capacity
-Manage change in automation

Question 184

4th Pillar

Answer 184

Performance Efficiency

Includes the ability to use computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve

-Democratize advances technologies
-Go global in minutes
-Use serverless architectures
-Experiment more often
-Mechanical sympathy

Question 185

5th Pillar

Answer 185

Cost Optimization

Includes the ability to run systems to deliver business value at the lowest price point

-Adopt a consumption mode
-Measure overall efficiency
-Stop spending money on data center operations
-Analyze and attribute expenditure
-Use managed and application level services to reduce cost of ownership

Question 186

6th Pillar

Answer 186

Sustainability

The sustainability pillar focuses on minimizing the environmental impacts of running cloud workloads.

-Understand your impact
-Establish sustainability goals
-Maximize utilization
-Anticipate and adopt new, more efficient hardware and software offerings
-Use managed services
-Reduce the downstream impacts of your cloud workloads

Question 187

AWS Professional Services & Partner Network

Answer 187

APN = AWS Partner Network
-APN Technology Partners: Providing hardware, connectivity, and software
-APN Consulting Partners: professional services firm to help build on AWS
-APN Training Partners: Find who can help you learn AWS
-AWS Competency Program: AWS Competencies are granted to APN partners who have demonstrated technical proficiency and proven customer success in specialized solution areas
-AWS Navigate program: help partners become better Partners

Question 188

AWS IQ

Answer 188

Quickly find a professional help for your AWS projects