CCP Flashcards
What is Cloud Computing
Cloud Computing is the practice of using a network of remote servers hosted on the Internet to store, manage, and process data, rather than on a local server or personal computer.
What type of hosting has multiple physical machines that act as one system and is flexible, scalable, secure, cost-effective, and has high configuration?
Cloud Hosting
What is a Cloud Service Provider?
Cloud Service Provider is a company that provides multiple Cloud Services, and those Cloud Services can be chained together to create cloud architectures.
What is a series of market research reports published by IT consulting firm Garter that rely on proprietary qualitative data analysis methods to demonstrate market trends, such as direction, and maturity, and participants?
Magic Quadrant
What cloud service is a virtual database for storing and reporting data or a database for general-purpose web applications?
Databases
What is the software layer that lets you run the VMs?
Hypervisor
Which type of cloud computing is a product that is run and managed by the service provider?
Software as a Service (SaaS)
Which type of cloud computing is the basic building block for cloud IT. Provides access to networking features, computers, and data storage space?
IaaS (Infrastructure as a Service)
Which type of cloud computing is allows you to focus on the deployment and management of your apps without worry of provisioning, configuring, or understanding the hardware or OS?
Platform as a Service (PaaS)
What cloud computing deployment model uses both on-Premise and a Cloud Service Provider?
Hybrid
Which cloud computing deployment model would be ideal for public sectors, hospitals, and insurance companies?
Private Cloud
What cloud computing deployment model is where everything is built on the Cloud Provider?
Public Cloud
Which of the following are examples of a Hybrid Cloud computing deployment model? (Select 2)
Deloitte and CIBC
Benefits of Cloud Computing
Cost-effective
You pay for what you consume, with no up-front cost. On-demand pricing or Pay-as-you-go (PAYG) with thousands of customers sharing the cost of the resources
Global
Launch workloads anywhere in the world, Just choose a region
Secure
Cloud provider takes care of physical security. Cloud services can be secure by default or you have the ability to configure access down to a granular level.
Reliable
Data backup, disaster recovery, data replication, and fault tolerance
Scalable
Increase or decrease resources and services based on demand
Elastic
Automate scaling during spikes and drop in demand
Current
The underlying hardware and managed software are patched, upgraded, and replaced by the cloud provider without interruption to you.
What has globally distributed hardware and data centers that are physically networked together to act as one large resource for the end customer?
AWS Global Infrastructure
Amazon S3, Cloud Front, Route53, IAM are examples of what type of service?
Global Services
What is a physical location made up of one or more data centers?
Availability Zones
What is a fault domain?
A fault domain is a section of a network that is vulnerable to damage if a critical device or system fails.
What can act as on and off-ramps to the AWS Global Network?
Edge Locations
What ensures your resources stay within the AWS Network and do not traverse over the public Internet?
VPC Endpoints
What are data centers that hold cached (copy) on the most popular files (eg. web pages, images, and videos) so that the delivery of distance to the end-users is reduced?
Edge locations
What are intermediate locations between an AWS Region and the end-user, and this location could be a data center or a collection of hardware?
Points of Presence (PoP)
Tier 1 network
a network that can reach every other network on the Internet without purchasing IP transit or paying for peering.
What allows you to generate a special URL that can be used by end users to upload files to a nearby Edge Location. Once a file is uploaded to an Edge Location, it can move much faster within the AWS Network to reach S3?
Amazon S3 Transfer Acceleration
What can find the optimal path from the end-user to your web servers?
AWS Global Accelerator
What are the two very-fast network connection options that Direct Connect have? (Select 2)
Higher Bandwidth 1GBps or 10GBps
Lower Bandwidth 50MBps-500MBps
What is a private/dedicated connection between your datacenter, office, co-location, and AWS?
AWS Direct Connect
What are trusted third-party data centers that you can establish a dedicated high-speed, low-latency connection from your on-premise to the AWS network.?
Direct Connect Locations
What are data centers located very close to a densely populated area to provide single-digit millisecond low latency performance (eg. 7ms) for that area?
Local Zones
What is the purpose of Local Zone?
The purpose of Local Zone is to support highly-demanding applications sensitive to latency:
Media & Entertainment
Electronic Design Automation
Ad-Tech
Machine Learning
What allows for edge-computing on 5G Networks?
Wavelength Zones
What is the jurisdictional control or legal authority that can be asserted over data because its physical location is within jurisdictional boundaries?
Data Sovereignty
What is a physical rack of servers that you can put in your data center?
AWS Outposts
What is Data Residency?
The physical or geographic location of where an organization or cloud resources reside.
What is a Policy as Code service on AWS?
AWS Config
AWS has special regions for US regulation called? What are regions allow customers to host sensitive Controlled Unclassified Information and other types of regulated workloads?
GovCloud
What is a fully managed service that lets you control satellite communications, process data, and scale your operations without having to worry about building or managing your own ground station infrastructure?
AWS Ground Station
Use cases for Ground Station:
Use cases for Ground Station:
weather forecasting
surface imaging
communications
video broadcasts
To use Ground Station:
You schedule a Contact (select satellite, start and end time, and the ground location
use the AWS Ground Station EC2 AMI to launch EC2 instances that will uplink and downlink data during the contact or receive downlinked data in an Amazon S3 bucket.
What is a frame design to hold and organize IT equipment?
Server Rack
What is a fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any data center, co-location space, or on-premises facility for a truly consistent hybrid experience?
AWS Outposts
For Cloud Architecture Terminologies, what is your ability to grow rapidly or unimpeded?
Scalability
What are the business factors that a Solutions Architect always needs to consider? (Choose 2)
(Security) How secure is this solution?
(Cost) How much is this going to cost?
What is a load balancer that allows you to evenly distribute traffic to multiple servers in one or more data centers?
Elastic Load Balancer
What is High Availability (HA)?
Your ability for your service to remain available by ensuring there is no single point of failure and/or ensure a certain level of performance
What is your ability to increase your capacity based on the increasing demand for traffic, memory, and computing power?
High Scalability
What is an AWS feature that will automatically add or remove servers based on scaling rules you define?
Auto Scaling Groups (ASG)
What is when you run a duplicate standby database in another Availability Zone in case your primary database fails?
RDS Multi-AZ
What continuously replicates your machines into a low-cost staging area in your target AWS account and preferred Region enabling fast and reliable recovery in case of IT data center failures?
CloudEndure Disaster Recovery
What is the maximum acceptable amount of data loss after an unplanned data-loss incident, expressed as an amount of time?
Recovery Point Objective (RPO)
What type of Disaster Recovery Option is a Scaled-down copy of your infrastructure running ready to scale up?
Warm Standby
What type of Disaster Recovery Option is where data is replicated to another region with minimal services running?
Pilot Light
Each AWS Service has its own ___________ which you send requests.
Service Endpoint
What is software that allows two applications/services to talk to each other?
An Application Programming Interface (API)
What is an AWS Account ID used for?
when logging in with a non-root user account
Cross-account roles
Support cases
What is a task automation and configuration management framework?
PowerShell
AWS Toolkit is an open-source plugin for VSCode to create, debug, deploy AWS resources
- AWS Explorer
Explore a wide range of AWS resources to your linked AWS Account
- AWS CDK Explorer
Allows you to explore your stacks defined by CDK.
- Amazon Elastic Container Service
Provides IntelliSense for ECS task-definitions files
- Serverless Applications
Create, debug and deploy serverless applications via SAM and CFN
What is the Shared Responsibility Model?
The Shared Responsibility Model is a cloud security framework that defines the security obligations of the customer versa for the Cloud Service Provider (CSP) e.g. AWS.
Customer: Configuration of Managed Services or 3rd Party Software
Platforms, Applications, IAM
Customer: Configuration of Virtual Infrastructure and Systems
Operating System, Network, Firewall
Customer: Security Configuration of Data
Client-Side Data Encryption
Server-Side Encryption
Networking Traffic Protection
Customer Data
AWS: Software
Compute
Storage
Database
Networking
AWS: Hardware / Global Infrastructure
Regions
Availability Zones
Edge Locations
Physical Security
Infrastructure as a Service (IaaS)
Bare Metal
EC2 Bare Metal Instance
Customer:
The Host OS Configuration
Hypervisor
AWS:
Physical machine
Virtual Machine
Elastic Cloud Compute (EC2)
Customer:
The Guest OS Configuration
Container Runtime
AWS:
Hypervisor, Physical machine
Containers
AWS Elastic Container Service(ECS)
Customer:
Configuration of containers
Deployment of Containers
Storage of containers
AWS:
The OS, The Hypervisor, Container Runtime
Platform as a Service (PaaS)
Managed Platform
AWS Elastic Beanstalk
Customer:
Uploading your code
Some configuration of environment
Deployment strategies
Configuration of associated services
AWS:
Servers, OS, Networking, Storage, Security
Software as a Service (SaaS)
Content Collaboration
Amazon WorkDocs
Customer:
Contents of documents
Management of files
Configuration of sharing access controls
AWS:
Servers, OS, Networking, Storage, Security
Function as a Service (FaaS)
Functions
AWS Lambda
Customer:
Upload your code
AWS:
Deployment, Container Runtime, Networking, Storage, Security, Physical Machine, (basically everything)
What allows you to launch Virtual Machines (VM). When we launch a Virtual Machine we call it an ”instance”?
EC2 - Elastic Compute Cloud
What is a container orchestration service that supports Docker containers?
Elastic Container Service (ECS)
What is the managed virtual server service? (It is the “friendly” version of EC2 Virtual Machines)
Amazon Lightsail
What is a Bare Metal Instance?
You can launch EC2 instances that have no hypervisor so you can run workloads directly on the hardware for maximum performance and control. The M5 and R5 EC2 instances run are bare metal.
What is a combination of dedicated hardware and lightweight hypervisor enabling faster innovation and enhanced security?
The Nitro System
What allows you to build and launch your applications in a telecom data center?
AWS Wavelength
What is Edge Computing?
When you push your computing workloads outside of your networks to run close to the destination location.
What distributes traffic to multiple instances, can re-route traffic from unhealthy instances to healthy instances?
Elastic Load Balancer (ELB)
What suggests how to reduce costs and improve performance by using machine learning to analyze your previous usage history?
AWS Compute Optimizer
What type of Storage service is where data is split into evenly split blocks, directly accessed by the Operation System, and supports only a single write volume?
Elastic Block Store (EBS)
What type of Storage service is where object is stored with data, metadata, and Unique ID and scales with limited no file limit or storage limit?
Amazon Simple Storage Service (S3)
What caches your local drives to S3 so you have a continuous backup of local files in the cloud?
Volume Gateway
What is a logical partition of an IP network into multiple, smaller network segments?
Subnets
What is a logically isolated section of the AWS Cloud where you can launch AWS resources?
Virtual Private Cloud (VPC)
What are the two types of VPN?
Site-to-Site VPN - connecting your on-premise to your AWS network
Client VPN - connecting a Client (ie users laptop) to your AWS network
Security Groups vs NACLs
Network Access Control Lists (NACLs)
Acts as a virtual firewall at the subnet level
You create Allow and Deny rules.
eg. Block a specific IP address known for abuse
Security Groups
Acts as a virtual firewall at the instance level
Implicitly denies all traffic. You create only Allow rules.
eg. Allow EC2 instance access on port 22 for SSH
eg. You cannot block a single IP address.
What is aggregation?
grouping data
What is a data warehouse?
A relational data store designed for analytic workloads, which is generally column-oriented data-store
What features do key/value stores lack?
Relationships
Index
Aggregation
What is a fully managed database of either MySQL (5x faster) or PSQL (3x faster) database?
Aurora
What is Relational Database Service (RDS)?
Relational Database Service (RDS) is a relational database service that supports multiple SQL engines. Relational is synonymous with SQL and Online Transactional Processing (OLTP).
What type of Instance Families is a balance of compute, memory, and networking resources and has the use case for web servers and code repositories?
General Purpose
What are Instance Families?
Instance families are different combinations of CPU, Memory, Storage, and Networking capacity. Instance families allow you to choose the appropriate combination of capacity to meet your application’s unique requirements.
What type of EC2 has physical server isolation?
Dedicated Hosts
What are single-tenant EC2 instances designed to let you Bring-Your-Own-License (BYOL) based on machine characteristics?
Dedicated Hosts
Which EC2 pricing model provides the biggest savings of up to 90%?
Spot
What EC2 pricing model is best suited for the long term with up to 75% off?
Reserved
What type of Class provides up to 75% reduced pricing compared to on-demand and you can modify RI Attributes?
Standard
What type of payment option is when a portion of the cost must be paid upfront and the remaining hours in the term are billed at a discounted hourly rate?
Partial Upfront
What are limited based on Class Offering and can affect the final price of an RI instance?
RI Attributes (aka Instance Attributes)
Per month you can purchase:
20 Regional Reserved Instances per Region
20 Zonal Reserved Instances per AZ
What is a service of EC2 that allows you to request a reserve of EC2 instance type for a specific Region and AZ?
Capacity Reservation
What allows you to sell your unused Standard RI to recoup your RI spend for RI you do not intend or cannot use?
EC2 Reserved Instance Marketplace
What is an easy and convenient way to use Spot Pricing?
AWS Batch
What provides a discount of 90% compared to On-Demand Pricing for the EC2 Pricing model?
Amazon EC2 Spot Instances
Which Savings Plan provides the lowest prices, offering savings up to 72% in exchange for commitment to usage of individual instance families in a region?
EC2 Instances
What defines the first line of defense and its security controls that protect a company’s cloud resources and assets?
Primary Security Perimeter
What can you use to configure the IAM Policies, Permission Boundaries, Service Control Policies (Organization-wide Policies), and IAM Policy Conditions, etc?
AWS Identity and Access Management (IAM)
What Tracks all API calls?
AWS CloudTrail
What detects suspicious or malicious activity based on CloudTrail and other logs?
Amazon GuardDuty
Which of the following are Third-Party Identity solutions?
Azure Active Directory
Google BeyondCorp
JumpCloud
What maps the names of network resources to their network addresses?
A directory service maps the names of network resources to their network addresses. A directory service is shared information infrastructure for locating, managing, administering, and organizing resources.
What identity provider uses authorization tokens to prove an identity between consumers and service providers?
OAuth2.0
What is an open standard for exchanging authentication and authorization between an identity provider and a service provider?
Security Assertion Markup Language (SAML)
What is an open standard and decentralized authentication protocol?
OpenID
What is an authentication scheme that allows a user to log in with a single ID and password to different systems and software?
Single-Sign On
What allows users to single ID and password, but they have to enter it every time they want to log in?
Same-sign on
What is an open, vendor-neutral, industry standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network?
Lightweight Directory Access Protocol (LDAP)
Policies are attached to ________
IAM Identities
What grants AWS resources permissions to specific AWS API actions Associate policies to a Role and then assign it to an AWS resource?
IAM Roles
What component of the Anatomy of an IAM Policy sets whether the policy will Allow or Denied?
Effect
What component of the Anatomy of an IAM Policy is for the policy element you are allowed to have multiples?
Statement container
What is permitting the smallest length of duration an identity can use permissions?
Just-In-Time (JIT)
What is the computer security concept of providing a user, role, or application the least amount of permissions to perform an operation or action?
Principle of Least Privilege (PoLP)
What AWS account is a user for common tasks that are assigned permissions?
AWS Account – User
What are the types of Identity sources you can choose? (Select 3)
Active Directory
SAML 2.0 IdP
AWS SSO
What is a messaging system that generally will delete messages once they are consumed?
a Queueing System
What is the AWS fully managed solution for collecting, processing, and analyzing streaming data in the cloud?
Amazon Kinesis
What is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications?
Simple Notification Service (SNS)
What is an abstract model which decides how one state moves to another based on a series of conditions?
a state machine
What component of Amazon Event Bridge are AWS Services that emit events?
Producers
What is a fully managed GraphQL service?
AppSync
What is the advantage that Kubernetes has over Docker?
Kubernetes has the ability to run containers distributed across multiple VMs
What is an open-source container orchestration system for automating deployment, scaling, and management of containers?
Kuberenetes
What is a configuration file on how to provision a container?
Dockerfile
What is a public online repository for containers published by the community for download?
Dockerhub
What Primary Container Service provides No Cold Starts and Self-Managed EC2?
Elastic Container Service (ECS)
What service is a platform as a Service specifically for containers?
App Runner
What Supporting Service for containers is a repository for your Docker Images?
Elastic Container Registry (ECR)
What gives central control over the allowed permissions for all accounts in your organization, helping to ensure your accounts stay within your organization’s guidelines?
Service Control Policies
What allows the creation of new AWS accounts. Centrally manage billing, control access, compliance, security, and share resources across your AWS accounts?
Organizations
What pre-packaged governance rules for security, operations, and compliance that customers can select and apply enterprise-wide or to specific groups of accounts?
Guardrails
What is a baseline environment following well-architected and best practices to start launching production ready workloads?
Landing Zone
What is when we utilize programming to automate the monitoring, enforcing, and remediating changes to stay compliant with compliance programs or expected configuration?
Compliance-as-code (CaC)
Resource Groups can display details about a group of resource based on ________
Metrics
Alarms
Config Settings
What is a Business Intelligence (BI) service that can connect multiple data sources and quickly visualize data in the form of graphs with little to no programming knowledge?
QuickSight
What is an AWS platform for online meetings, video conferencing, and business calls which elastically scales to meet your capacity needs?
Chime
What is Amazon Connect?
Amazon Connect is a call center as a self-service - cloud-based contact center service that makes it easy for any business to deliver better customer service at a lower cost.
What is a configuration management service that provides managed instances of Chef and Puppet?
OpWorks
What is a mobile and web application framework, that will provision multiple AWS services as your backend?
AWS Amplify
Elastic Beanstalk is powered by a _________
CloudFormation template
What is a serverless functions service where you can run code without provisioning or managing servers?
AWS Lambda
What is a serverless NoSQL key/value and document database?
DynamoDB
What is a fully managed scalable storage built for Windows?
Amazon FSx for Windows File Server
What does AWS License Manager work with? (Select 2)
EC2
RDS
What logs all API calls(SDK, CLI) between various AWS services?
CloudTrail
What is the Threshold Condition for the CloudWatch Alarms Anatomy?
Defines when a datapoint is breached
What Represents a single event in a log file and can be seen within a Log Stream?
Log Events
CloudWatch Insights has its own language called ______________
CloudWatch Logs Insights Query Syntax
CloudWatch comes with many ________ metrics that are generally namespaced by AWS Service.
predefined
What are machines that get better at a task without explicit programming?
Machine Learning (ML)
What is a fully managed service to build, train, and deploy machine learning models at scale?
Amazon SageMaker
What is a speech-to-text service?
Amazon Transcribe
What is a Natural Language Processor (NLP) service that can find relationships between text to produce insights available for Amazon?
Amazon Comprehend
What is a petabyte-size data-warehouse?
Redshift
What is a centralized, curated, and secured repository that stores all your data?
AWS Lake Formation
What is a fully managed full-text search service?
Amazon CloudSearch
What allows you to run queries against data that is flowing through your real-time stream so you can create reports and analysis on emerging data?
Amazon Kinesis Data Analytics
What detect anomalies, perform accurate forecasting, generate Natural Language Narratives?
Amazon QuickSight ML Insights
QuickSight uses ________ to achieve blazing fast performance at scale
SPICE
What is the Code, Configuration, and AWS Resource against a requirement?
Component
“Cloud computing you use as little or much-based on demand” is an example of which General Design Principle?
Stop guessing your capacity needs
Creating a TCO report is useful when your company is _________________
looking to migrate from on-premise to cloud.
What is the customer responsible for according to OPEX (Subscription Fees)? (Select 3)
Configuration
Training
Implementation
What is spending money upfront on physical infrastructure deducting that expense from your tax bill over time?
Capital Expenditure (CAPEX)
What are the costs associated with an on-premises data center that has shifted the cost to the service provider?
Operational Expenditure (OPEX)
Use the ________ to Import your Image It will generate an Amazon Machine Image (AMI)
AWS CLI
What is used in many cases to automatically convert a source database schema to a target database schema?
AWS Schema Conversion Tool
What is a metric/measurement that indicates what measure of performance a customer is receiving at a given time?
Service Level Indicator (SLI)
Which Layer of security in the Defense-In-Depth provides controlling access to infrastructure and change control?
Identity and access
