CCP Revision Notes Flashcards
What acts as firewall rules around EC2 Instances?
Controlling Inbound and Outbound traffic?
Security Groups
How long can you reserve EC2 instances for?
1 & 3 years
What are EC2 spot-instances?
Allows the users to take advantage of unused EC2 instances at up to 90% discount rates.
Spot instances can be terminated if the on-demand price is higher than what the user has set as their max price that they are willing to pay for the instance.
If user is willing to pay $1/hr and the on-demand pricing is at $2 per hour, the customer paying $2/hr will get this instance.
What are EC2 on-demand?
Normal EC2 available for users to consume.
What is an EBS?
Elastic Block Store that attaches to EC2 while they run.
Similar to a USB stick
EBS are network attached storage and thus suffers latency.
Are EBS bound to availability zones?
Yes.
Replication to another AZ must be done through EBS snapshots.
What is AMI?
Amazon Machine Images are used when deploying EC2s.
What is Image Builder?
Image Builder automates the creation of base VM and container images.
Rather than spinning up and instance and installing software and tools and snapshotting that instance.
Image Builder allows users to define what software and packages needs to be included in the image and this will be a base image available for them.
What is EC2 Instance Store?
Instance Store is the physical storage drive attached to each EC2 instance.
Better performance than EBS - as EBS are network drives.
Instance Store data are lost when EC2s are terminated.
What is EFS?
Elastic File System is a shared network file system that can be used by multiple EC2 instances at a time.
Similar to a network file share.
How does EBS differ to EFS?
EBS is only attached and used by a single EC2 instance.
EFS can be used by multiple EC2 instances at a time.
What is AWS FSx
Offers 3rd party file share service in AWS to mimic the function of Elastic File Share (EFS)
Remember it as File Share xternal
What is Vertical Scaling?
The ability to scale the size of an instance.
From T2.Micro to T2.Large etc.
What is Horizontal Scaling?
The ability to increase the number of instances available for an application.
What is High Availability?
Highly available applications runs in multiple availability zones for fault tolerance and increase resilience.
What are ELBs?
Elastic load balancers are internet facing servers that forwards traffic downstream to EC2 instances.
Manages load of IFE applications.
EC2 instances are placed in “target groups” and ELB forwards traffic to the specified target groups.
If a target group has 4 instances, traffic is split 4-ways, unless stated otherwise
What are the 3 different types of ELBs?
Application LB - Layer 7
Network LB - Layer 4
Gateway LB - Layer 3
What is ASG?
Auto-Scaling Groups
What are the configuration requirements for ASGs?
Minimum Size
Desired Size
Max Size
What is Simple/Step Dynamic Scaling?
Addition or Removal of instances at set states.
If application CPU usage > 70% add 1 instance
If application CPU usage < 30% remove 1 instance
What is Target Dynamic Scaling?
Application scales to hit target CPU utilization.
If target is set at 50% CPU utilization, the application will scale or de-scale to try and hit this target.
What is Schedule Dynamic scaling?
Sets a schedule when the application will scale up and down.
Busy periods - Black Fridays, Pay Days etc.
Quiet Periods - Sundays, holidays etc.
What is Predictive Dynamic Scaling?
Scales based on ML findings and results.
Predictive = ML / AI
Does buckets have to have globally unique names regardless of regions and accounts?
Yes
Files in S3 buckets are stored as what?
Objects
What is the max size for a single object in S3?
5TB
Higher than this and the object must be stored as “multi-part”
The full object file path within an S3 bucket is referred to as what?
Object Key
What is the difference between an IAM role and IAM policy?
IAM Role defines who has access to a resource/account.
IAM Policy determines what they can do within that resource/account.
Example:
IAM Role: Incident Response Access
IAM Policy: Read Only, snapshot, stop instances
What is S3 Versioning?
Objects are saved in versions.
Each object upload is saved as a version of that object.
Filev1.txt
Filev2.txt
etc.
Why would you replicated S3 buckets in multiple regions?
Compliance
Increased performance for S3 access in multiple regions.
Why would you replicate S3 buckets in the same region?
Replication of Test and Prod data.
Review the S3 Standard Classes
S3 Standard – General Purpose
- User for frequently access data.
- Low latency & high throughput
- Use Case: Typical standard use for websites and applications.
S3 Standard – Infrequent Access (IA)
- Less frequently access data compared to S3 general purpose.
- Lower cost than S3 standard.
- Cost associated per retrieval.
Use Case: Disaster Recovery and Backups
S3 Standard One Zone-Infrequent Access
- Similar to IA but only stored in a single Availability Zone
- User Case: Storing Secondary Data backups.
Review the S3 Glacier Classes
S3 Glacier – Instant Retrieval
- Low-cost storage meant for archiving and backup.
- Costs per object retrieval
- Minimum storage duration of 90 days.
- Use Case: Millisecond retrieval, good for backups.
S3 Glacier – Flexible Retrieval
- Tiered data retrieval speeds.
- Can be up to 12 hours for data retrieval.
S3 Glacier – Deep Archive
- Long term storage.
- Minimum storage of 180 days.
What is S3 intelligent tiering?
Objects are moved between tiers as defined by their last accessed dates to save storage costs.
Tiers:
- Frequent Access: Default Tier
- Infrequent Access: Objects not accessed for 30 days.
- Archive Instant Access: Objects not accessed for 90 days.
- Archive Access: Configurable between 90-700+ days
- Deep Archive Access: Configurable between 180-700+ days
How durable is AWS S3?
The expectation of high durability 99.9 11 9s
10m objects, 1 will be lost every 10,000 years.
What IAM Analyzer?
Surfaces resources and accounts in an organization shared with an external entity.
Improves journey towards least privilege.
What is the storage capacity of an AWS Snow Cone?
8TB
What is the storage capacity of an AWS Snowball?
80TB HDD
210TB SDD for storage optimized
What is the storage capacity of AWS SnowMobile?
100PB
What is AWS Snow Ops Hub?
Software to be installe in a physical machine that allows management of AWS Snow devices.
What is Storage Gateway used for?
Offers a hybrid solution to maintain on-prem and cloud storage solutions.
What are relational databases?
A relational database includes tables containing rows and columns
Can be queried using SQL
What are non-relational databases?
NoSQL databases where data can be stored in JSON.
Specific use cases where unstructured can be stored.
What is RDS?
Fully managed SQL relational database service.
What is AWS Aurora?
Fully managed high performance SQL relational database service.
AWS-implementation of PostgreSQL and MySQL databases.
Cloud optimized so have significant improvements over simple RDS.
What is ElastiCache?
Cloud implementation of in-memory databases offering high-performance and low latency.
What is Dynamo-DB?
Fully managed and highly available non-relational NoSQL database
Replication across 3 AZ.
What version of Dynamo-DB will offer even better read performance?
DAX or Dynamo-DB Accelerator is in-memory cache for Dynamo DB
What is Redshift?
Relational databse used for OLAP - Online Analytical Processing.
It’s especially suited to processing analytical queries involving more complex calculations.
Redshift is sometimes referred to as a data warehouse.
What is EMR or Elastic Map Reduce?
Creation of Hadoop Cluster for big data analytics.
Automates the provisioning of instances and services.
What is Athena?
Serverless SQL-query service to query files within S3 buckets.
What do you use to create SQL queries to query files within an S3 bucket?
Athena
What do you use if you want to build a data warehouse for OLAP application?
AWS Redshift
What do you use if you want to improve Dynamo-DB performance?
Use DAX to cache the database in memory.
What do you use if you want to create dashboard in AWS?
AWS Quicksight
What is the AWS implementation of MongoDB?
Document DB
Another example of non-relational No SQL database
MongoDB and DocumentDB is used to store, query and index JSON data.
What do you use if you want to create a graph-style database?
AWS Neptune
A social network is an example of a Graph Database.
A social network is interconnected and creates a graph when plotted.
Wikipedia is an example of a graph database as each article is interconnected.
What do you use to create a iummutable ledger-style databse for financial transactions?
Quantum Ledger Database
Immutable system and each entry cannot be removed or modified – cryptographically verifiable using cryptographic hashes.
What do you use if you want an immutable account of changes made within an application over time?
Quantum Ledger Database
Immutable system and each entry cannot be removed or modified – cryptographically verifiable using cryptographic hashes.
What do you use if you want to create a blockchain system on AWS?
AWS managed block chain
What is AWS Glue?
Managed Extract, Transform and Load (ETL) service.
Useful to prepare and transform data for analytics, a service that standardizes data prior to analysis.
Takes multiple data sources with minimal standardization and outputs them into standardized, more complimentary data ready for analysis.
Glue = Data Standardization prior to analysis
What do you use when you want to standardise data prior to analysis?
AWS Glue
What do you use if you want to migrate a database?
Database Migration Service (DMS)
What do you use if you want to manage your containers in AWS?
ECS - Elastic Container Service
A fully managed container orchestration service that helps you easily deploy, manage, and scale containerized applications
Underlying infrastructure must be deployed and managed by the user
What do you use if you want to launch containers on AWS and not have to worry about the underlying infrastructure?
AWS Fargate
AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers.
What is Fargate?
Lazy ECS, no need to manage underlying infrastructure.
AWS Fargate is a technology that you can use with Amazon ECS to run containers without having to manage servers or clusters of Amazon EC2 instances. With Fargate, you no longer have to provision, configure, or scale clusters of virtual machines to run containers.
Where can you store container images on AWS?
Elastic Container Registry (ECR)
What is AWS Lambda?
AWS Lambda is a serverless compute service for running code without having to provision or manage servers.
You pay only for the compute time you consume.
How do you communicate to services in AWS that do not have native API functionality built into them?
AWS API gateway
What is AWS Batch?
AWS Batch allows users to efficiently process hundreds of thousands of batch and machine learning computing jobs on AWS.
A “batch” job is categorized as a job that has a defined “start” and “end” points.
AWS Batch will provision the required number of resources to complete the intended batch job.
Lambda vs Batch? Whats the difference?
AWS Lambda short-lived tasks or for event-driven computing use cases.
AWS Batch for long running or computation heavy tasks that is conducted regularly such as data analytics.
What is AWS Lightsail?
Alternative to provisioning individual AWS services and instances.
For users with minimal experience or knowledge of AWS.
What do you use to deploy infrastructure as code?
Cloud Formation
What do you use if you want to deploy infrastructure as code but you want to use a familiar development language like JS or Python?
Cloud Development Kit (CDK)
The code is compiled by CDK into a usable JSON/YAML Cloud Formation format.
Allows to deploy infrastructure and application runtime code together as they can share the same language.
What do you use if you want to be focused on application code only and leave the infrastructure and platform to AWS?
AWS Beanstalk
Beanstalk is a Platform as a Service offering (PaaS)
Beanstalk is free but payment for the underlying services used when deployed.
What do you use if you want to deploy applications stored in S3, Bitbuckets or Git Repos?
AWS Code Deploy
Enables applications to be upgraded automatically.
Instances must have Code Deploy agents installed to enable automatic and centralised upgrade mechanism.
What is an AWS code repository offering like GitHub?
AWS Code Commit
Code Commit is a code repository such as GitHub.
It is a git-based repository which allows versioning functionality.
Repo = Commit
What is used to compile code in AWS?
AWS Code Build
a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy
Build = Compile
What do you use to automate CI/CD in AWS?
Code Pipeline
Continuous delivery service you can use to model, visualize, and automate the steps required to release your software
What do you use if you want to manage sharing of software packages, files, libraries and other dependacies across your organization for software deployments?
AWS Code Artifact
You can use CodeArtifact with popular build tools and package managers such as the NuGet CLI, Maven, Gradle, npm, yarn, pip, and twine.
Librarie, Files and Dlls are all software development artifacts.
What do you use if you want to centrally manage your software development activites in one place?
AWS Code Star
What is an AWS web-based IDE offering?
AWS Cloud9
What do you use if you want to manage cloud and on-prem resources at scale?
AWS SSM or Systems Manager
Allows management:
Patching
Commands and configuration can be deployed across the entire fleet.
Store parameters and configuration with SSM parameter store.
What is SSM Session manager?
Allows the management of instances without needing to SSH into the instance.
Requires an SSM agent to be installed on the host.
What is SSM parameter store?
Allows the storage of secrets using SSM.
Configurable parameters can be stored here for deployment across the estate using SSM.
What do you use if you want to manage CHEF and Puppet on AWS?
AWS Ops Works
Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.
OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.
What is the managed DNS service on AWS?
Route 53
What the content delivery network that improves delivery performance by caching regularly accessed files at edge locations?
AWS Cloud Front
Caching Files at Edge Locations = Cloud Front
What would you use if you want to improve the transfer speed of files into the S3?
AWS Transfer Accelerator
File is transferred onto an Edge Location closest to the user - after that, it is routed through the AWS internal network.
This does not have to go through the public internet which causes latency.
What is the AWS Global Accelerator?
Users connect to their closest Edge location.
Traffic then routes through the internal AWS network to improve connectivity speeds and reduce latency.
What is an AWS Outpost?
AWS Server Racks installed on-premise that allows organizations to offer a hybrid cloud model but still have control over the underlying infrastructure.
Outpost = Server Racks on prem
What would you use if you want to leverage the 4G/5G network for AWS use?
AWS Wavelength
What are AWS Local Zones?
Extensions of AWS regions in densely populated cities - Boston, Miami, Chicago etc.
What would you use if you want to connect IoT devices into AWS using the telecomms network such as:
Connected vehicles
Interactive Video/Gaming Streams
AWS Wavelength
What service would you use if you want to manage a queue service on AWS?
AWS SQS
Simple Queue Service
What would you use if you want to analyze big data streams at any scale?
AWS Kinesis
Big Data Stream on the fly = Kinesis
What would you use if you want to create a simple Sub/Pub service offering on AWS?
AWS SNS
Simple Notification Service
What would you use if you to use a 3rd party provider for SQS and SNS services on AWS?
Message Broker
Allows users to use non-cloud native SNS and SQS type service.
What service provides telemetry and metrics for every instance on AWS?
Cloud Watch logs
What would a user use if they want to an action to trigger on the back of an event?
An event could be a cloud watch metric related event, time based, day based etc.
AWS Event Bridge
Which service would a user use to refer to when they want to check changes made to an account or service?
Cloud Trail
What would a user use if they want to visually present application issues, performance issues, bottlenecks?
AWS X-Ray
AWS X-Ray is a service that collects data about requests that your application serves, and provides tools that you can use to view, filter, and gain insights into that data to identify issues and opportunities for optimization.
What is AWS Code Guru?
Code Guru uses ML for automated code review and application performance recommendations.
What is the difference between Code Guru Profiler and Reviewer?
Code Guru Reviewer is used for static code analysis
Code Guru Profiler is used for run time code analysis
What dashboard would a user refer to if they want to determine the health of regions, AZ, services across AWS?
AWS Health Dashboard
What would a user use if they want to manage multiple accounts at an organization level?
AWS Organizations
What tool can be utilized for restriction of account privileges at an Organization level?
AWS SCP
Service Control Policies
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.
SCPs offer central control over the maximum available permissions for all accounts in your organization.
SCPs help you to ensure your accounts stay within your organization’s access control guidelines.
What is the main benefit of using Consolidated Billing?
Allows for the combined billing of all resources used within an organization across all accounts.
This increases the amount of discount offered to the organization.
i.e. One bill for all EC2 utilization across an organization
How would an organization quickly deploy and provision new approved and standardized accounts that are in line with organizational compliance requirements?
AWS Control Tower
AWS Control Tower enables end users on your distributed teams to provision new AWS accounts quickly, by means of configurable account templates in Account Factory.
What service would alert the organization on accounts that have drifted away from approved templates and best-practices?
AWS Control Tower
What service allows the sharing of used resources within the same organization, perhaps across multiple accounts?
For example two accounts using the same ELB?
AWS Resource Access Manager (RAM)
AWS Resource Access Manager (AWS RAM) helps you securely share your resources across AWS accounts, within your organization or organizational units (OUs) in AWS Organizations, and with IAM roles and IAM users for supported resource types.
You can use AWS RAM to share resources with other AWS accounts.
What service would an organization refer to if they want to enable/disable the use of specific services across accounts or create a template of approved services for use?
i.e. Enable/Disable the use of Kinesis, Athena, Ground Control
AWS Service Catalogue
What would you use if you want to estimate the cost for a solution/architecture on AWS?
Pricing Calculator
What would you use if you want to see the accrued costs of an account over a time period?
Billing Dashboard
What would you use if you want to forecasts your future costs based on historic use of cloud services?
Cost Explorer
What would a user use if they want to be alerted if costs are expected to exceed targets and forecasts?
AWS Budgets
What would you use if you want to limit a use of a specific service on AWS?
For example, limit an account to 100 lambda jobs per day?
AWS Service Quotas
What would a user refer to if they want an high-level overview of their account in regards to reducing costs, improving performance and general optimization of their AWS environment?
AWS Trusted Advisor
What are the 6 pillars of Trusted Advisor checks?
Cost Optimization
Performance
Security
Fault Tolerance
Service Limits
Operational Excellence
What are the 7 core Trusted Advisor Checks?
S3 Bucket Permissions
Security Groups - Specific Ports unrestricted
IAM use - at least one IAM role
MFA on root account
EBS Public snapshots
RDS Public snapshots
Service Limits
What are the different tiers of AWS support plans?
- Developer
- Business
- Enterprise - on ramp
- Enterprise
What is AWS STS and what is it used for?
AWS security token service provides temporary and limited-privilege access to an AWS account or service.
Similar to how break-glass access is provisioned, probably uses STS.
What would you use if you have an IFE application, and you want to enable users to register, authenticate and use your application without having to grant them IAM roles?
AWS Cognito
With Amazon Cognito, you can add user sign-up and sign-in features and control access to your web and mobile applications.
What is AWS managed AD?
AWS Managed AD runs MS AD on AWS
What would a user use if they want to route AWS originated request to on-prem AD?
AWS AD Connector
What would you use if you want to implement SSO across every account within an AWS organization?
AWS IAM Identity Centre
AWS IAM Identity Center helps you securely create or connect your workforce identities and manage their access centrally across AWS accounts and applications.
What enables a VPC to connect to the outside internet?
Internet Gateway
What is the difference between a NAT gateway and Internet Gateway?
Internet Gateway allows both inbound and outbound access to the internet whereas the NAT Gateway only allows outbound access.
What level does security groups operate in?
EC2 level
What would you use if you want to capture all IP network traffic going through all network interfaces within your AWS environment?
VPC Flow logs
What can you use to connect two VPCs together within AWS?
VPC Peering
What would you use if you are a vendor on AWS and you want to expose your service/application to multiple VPCs within the cloud?
AWS Private Link
Provides private connectivity between virtual private clouds (VPCs), supported AWS services, and your on-premises networks without exposing your traffic to the public internet.
What are the two ways you can connect your on-prem infrastructure to AWS?
Site to Site VPN
Direct Connect
What is infrastructure AWS Direct Connect?
Offers physical connection between AWS and on-prem infrastructure.
How can users connect their machines into an AWS VPC?
AWS Client VPN
AWS Client VPN enables you to securely connect users to AWS or on-premises networks.
What can you use if you want to connect numerous VPCs together where VPC Peering is scalable enough for the solution required?
AWS Transit Gateway
Allows transitive peering between thousands of VPCs and on-premise infrastructure in a hub-and-spoke connection.
What AWS service offers DDOS protection?
AWS Shield and AWS WAF
What service can be used on AWS that offers management of encryption keys?
AWS KMS
Key Management System
Managed service that makes it easy for you to create and control the cryptographic keys that are used to protect your data.
What hardware devices are used in conjunction with AWS KSM?
Cloud HSMs
hardware security module (HSM)
Review the different types of Customer Master Keys (CMKs) offered by AWS
Customer-Managed CMK:
- Created and managed by the customer.
AWS-Managed CMK:
- Created and managed by AWS.
AWS-Owned CMK:
- CMKs that an AWS service owns and managers.
- Customer is unable to see these keys.
Cloud HSM Keys:
- Keys generated from customer own Cloud HSM hardware device.
- Key generation occurs within the Cloud HSM cluster service.
What would you use if you want to easily manage and provision SSL and TLS certificates on AWS?
AWS ACM
Amazon Certificate Manager
What would you use if you want to manage secrets on AWS?
AWS secrets manager
Where would you go if you want to retrieve AWS compliance documents and support for internal audits and compliance?
AWS Artifact
What service offers active threat detection for anomalous and suspicious activity within your AWS accounts?
AWS Guard Duty
What would you use to provide automated security assessments on AWS services?
AWS Inspector
Amazon Inspector is an automated vulnerability management service that continually scans AWS workloads for software vulnerabilities and unintended network exposure.
The service is continuously scanning these running instances against the CVE database.
How does AWS config differ to AWS Cloud Trail?
Config reports on what has changed, whereas CloudTrail reports on who made the change, when, and from which location.
What would you use if you want to discover and protect sensitive PII data on AWS?
AWS Macie
Amazon Macie is a data security service that uses machine learning (ML) and pattern matching to discover and help protect your sensitive data.
What would you use to assess, audit, and evaluate the configurations and relationships of your resources.
AWS Config
Where would you go if you want to check security posture management (CSPM), best practice checks, aggregates alerts, and enables automated remediation.
AWS Security Hub
AWS Security Hub is a cloud security posture management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation.
Security Posture = AWS Security Hub
Once security issues and findings are surfaced, what would a user use to help them identify the root cause of the issue within AWS?
AWS Detective
Amazon Detective helps you analyze, investigate, and quickly identify the root cause of security findings or suspicious activities.
Log Sources:
Cloud Trail Logs
VPC Flow Logs
EKS Audit Logs
Guard Duty Findings
What would you use if you come across and AWS resource that is conducting illegal activities against the agreed Ts and Cs set out by AWS?
AWS Abuse Report
Review Root User account privileges
Root user activities such as:
o Change account settings
o Close Account
o Change & Cancel AWS support plan
What can you use to find out which of your AWS resources and services are being shared externally?
AWS IAM Access Analyzer
AWS Identity and Access Management Access Analyzer helps you to set, verify, and refine your IAM policies by providing a suite of capabilities. Its features include findings for external and unused access, basic and custom policy checks for validating policies, and policy generation to generate fine-grained policies.
What AWS service allows the recognition of people, texts and objects within images and videos?
AWS Rekognition
What would you use if you want to convert audio into text using AWS?
AWS Transcribe
Audio into text is transcribing
Audio = Text like court transcribers
What would you use if you want to convert text into speech using AWS?
AWS Polly
Parrot = Polly
What would you use if you want use language translation services on AWS?
AWS Translate
What would you use if you want to create a chatbot on AWS?
AWS Lex and AWS Connect
AWS Lex powers Alexa devices
AWS Connect commonly used for chatbots and virtual call centres
What would you use if you want to create a virtual call centre?
AWS Lex and AWS Connect
What would you use if you want to use a natural language processing service and find insights and relationships in text?
AWS Comprehend
Comprehend what the text is saying
What is a quick service on AWS that allows for the building of machine learning models without the need to provision your own infrastructure?
AWS Sage Maker
What would you use on AWS to create accurate forecasts using ML?
AWS Forecasts
What would you use if you want to extract answers from text data and documents within AWS?
AWS Kendra
Amazon Kendra is a highly accurate and easy-to-use enterprise search service that’s powered by machine learning (ML). It allows developers to add search capabilities to their applications so their end users can discover information stored within the vast amount of content spread across their company.
What would you use if you want to use ML to suggest personalized suggestions to your users and customers through AWS?
AWS Personalize
Amazon Personalize accelerates your digital transformation with ML, making it easier to integrate personalized recommendations into existing websites, applications, email marketing systems, and more.
What would you use to extract text from any scanned/hand written document?
AWS Textract
What service would you use if you want to deploy virtual desktops (VDIs) using AWS?
AWS WorkSpaces
WorkSpaces eliminates the need to procure and deploy hardware or install complex software. You can quickly add or remove users as your needs change. Users can access their virtual desktops from multiple devices or web browsers.
What service allows the streaming of applications through a web browser on AWS?
AWS AppStream
WorkSpaces is a full VDI while AppStream is app specific only.
What service allows the user to connect IoT devices to AWS?
AWS IoT core
What would you use if you want to convert media stored in S3 buckets to be compatible as required by the consumer?
i.e phone compatible, tablet, web compatible
AWS Elastic Transcoder
easy to use and a cost effective way for developers and businesses to convert (or “transcode”) media files from their source format into versions that will playback on devices like smartphones, tablets and PCs.
What would you use if you want to synchronize mobile and web application data in real time?
AWS App Sync
Uses Graph QL
What would a developer use if they have limited cloud experience and want a set of tools for quickly build full stack web and mobile apps?
AWS Amplify
What would developers use if they want to test their mobile applications against real desktops and mobile devices for compatibility?
Not virtual devices, real devices with different screen resolutions etc.
AWS Device Farm
Device Farm is an app testing service that you can use to test and interact with your Android, iOS, and web apps on real, physical phones and tablets that are hosted by Amazon Web Services (AWS).
What would you use if you want a fully managed and automated back up service across multiple AWS services?
AWS Backup
AWS Backup is a fully-managed service that makes it easy to centralize and automate data protection across AWS services, in the cloud, and on premises. Using this service, you can configure backup policies and monitor activity for your AWS resources in one place.
Review the disaster recovery strategies on AWS
Backup and Restore
o Data is backed up in the cloud and can be restored in case of a disaster.
Pilot Light
o Minimal critical functions of an app are up and running in the cloud – similar to a warm site.
Warm Standby
o Full version of the app running but at a minimum size a hot site but not a failover version.
Hot Site
o Failover app – full version of the app at full size ready for failover.
What would you use if you want to an automated/managed disaster recovery strategy service on AWS.
AWS Elastic Disaster Recovery
What would you use if you want to migrate large amounts of data from on-prem into the cloud?
AWS Data Sync
AWS DataSync is a secure, online service that automates and accelerates moving data between on premises and AWS Storage services.
What service is available to users that allows for the discovery of application network dependencies prior to migration?
AWS Application Discovery Service
AWS Application Discovery Service helps you plan migrations to the cloud by collecting usage and configuration data about your on-premises servers.
What service offers a simple lift and shift solution into cloud?
AWS Application Migration Service (MGN)
What service offers to build a data-driven case for migration into the cloud?
AWS Migration Evaluator
Where would you go if you want a centralized view of all migration activities?
AWS Migration Hub
What service is offered on cloud that offers chaos engineering for resiliency testing?
AWS Fault Injector Service
AWS Fault Injection Service is a fully managed service for running fault injection experiments on AWS that makes it easier to improve an application’s performance, observability, and resilience.
What service is available to users if they want to visualize lambda functions and build server-less workflows, presented in a visual manner?
AWS Step Functions
What service allows the control and management of satellites?
AWS Ground Control
What service on AWS allows for the management of two-way marketing straight from the cloud?
AWS PinPoint
Amazon Pinpoint is an AWS service that you can use to engage with your customers across multiple messaging channels. You can use Amazon Pinpoint to send push notifications, in-app notifications, emails, text messages, voice messages, and messages over custom channels.
What are the 6 pillars of the well-architected framework?
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
- Sustainability
What tool is available to review against the 6 WAF pillars?
AWS Well Architected Tool
What are the 6 Operational Capabilities within the Cloud Adoption Framework?
Business
People
Governance
Platform
Security
Operations
What are the 4 Use Case Domains within the Cloud Adoption Framework?
Technology
Process
Organization
Product
What are the 4 Transformation Phases within the Cloud Adoption Framework?
Envision
Align
Launch
Scale
Where would you find common AWS FAQs?
AWS Knowledge Centre
Where would you find professional AWS help quickly?
Offering contractors for project work?
AWS IQ
Where would you find an AWS crowd-source type forum where you can ask and answer technical AWS questions?
AWS re:Post
Forum, Crowd Sourcing = RePost
What service does AWS offer whereby users can seek AWS professionals to help manage their infrastructure and workload related to the cloud?
AWS Managed Services
What is an example of a hardware 2FA device that can be used within AWS?
U2F Security Key
An AWS user is trying to launch an EC2 instance in a given region. What is the region-specific constraint that the Amazon Machine Image (AMI) must meet so that it can be used for this EC2 instance?
You must use an AMI from the same region as that of the EC2 instance. The region of the AMI has no bearing on the performance of the EC2 instance
The AMI must be in the same region as that of the EC2 instance to be launched. If the AMI exists in a different region, you can copy that AMI to the region where you want to launch the EC2 instance. The region of AMI has no bearing on the performance of the EC2 instance.
Data encryption is automatically enabled for which of the following AWS services?
Amazon S3 Glacier - Amazon S3 Glacier (S3 Glacier), is a storage service optimized for infrequently used data, or “cold data. Data at rest stored in S3 Glacier is automatically server-side encrypted using 256-bit Advanced Encryption Standard (AES-256) with keys maintained by AWS.
AWS Storage Gateway - AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage. All data transferred between the gateway and AWS storage is encrypted using SSL (for all three types of gateways - File, Volume and Tape Gateways).
Which of these services provides the lowest latency for users?
Direct Connect?
Edge Locations?
Local Zones?
Wavelength?
Local Zones
Review abstracted services and their impact to the shared responsibility model.
“For abstracted services like Amazon S3, AWS operates the infrastructure layer, the operating system, and platforms” - For abstracted services, such as Amazon S3 and Amazon DynamoDB, AWS operates the infrastructure layer, the operating system, and platforms, and customers access the endpoints to store and retrieve data.
An IT company is on a cost-optimization spree and wants to identify all EC2 instances that are under-utilized. Which AWS services can be used off-the-shelf to address this use-case without needing any manual configurations?
AWS Trusted Advisor
AWS Trusted Advisor is an online tool that provides real-time guidance to help provision your resources following AWS best practices. Whether establishing new workflows, developing applications, or as part of ongoing improvement, recommendations provided by Trusted Advisor regularly help keep your solutions provisioned optimally. AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: Cost Optimization, Performance, Security, Fault Tolerance, Service Limits.
AWS Trusted Advisor checks the Amazon Elastic Compute Cloud (Amazon EC2) instances that were running at any time during the last 14 days and alerts you if the daily CPU utilization was 10% or less and network I/O was 5 MB or less on 4 or more days.
AWS Cost Explorer
AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. AWS Cost Explorer includes a default report that helps you visualize the costs and usage associated with your top five cost-accruing AWS services, and gives you a detailed breakdown of all services in the table view. The reports let you adjust the time range to view historical data going back up to twelve months to gain an understanding of your cost trends.
The rightsizing recommendations feature in Cost Explorer helps you identify cost-saving opportunities by downsizing or terminating EC2 instances. You can see all of your underutilized EC2 instances across member accounts in a single view to immediately identify how much you can save.
What are the differences between CloudTrail and Config?
You can use CloudTrail to log, monitor and retain account activity related to actions across your AWS infrastructure. CloudTrail provides an event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.
Config - AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
Config configurations and desired states are defined by the user - not by AWS.
What is the difference between Config and Control Tower?
Control tower implements PREVENTATIVE Guard Rails thought SCP
Config provides DETECTIVE Guard Rails against approved organization defined use cases for AWS.
A start-up would like to quickly deploy a popular technology on AWS. As a Cloud Practitioner, which AWS tool would you use for this task?
AWS Quick Starts references
Quick Starts are built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately.
Each Quick Start includes AWS CloudFormation templates that automate the deployment and a guide that discusses the architecture and provides step-by-step deployment instructions.
An IT company wants to run a log backup process every Monday at 2 AM. The usual runtime of the process is 5 minutes. As a Cloud Practitioner, which AWS services would you recommend to build a serverless solution for this use-case?
Lambda and CloudWatch
CloudWatch - Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides data and actionable insights to monitor applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health.
Lambda - AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume. The lambda has a maximum execution time of 15 minutes, so it can be used to run this log backup process.
To build the solution for the given use-case, you can create a CloudWatch Events rule that triggers on a schedule via a cron expression. You can then set the Lambda as the target for this rule.
What is the primary benefit of deploying an RDS database in a Read Replica configuration?
Read Replica improves database scalability
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. Read Replicas allow you to create read-only copies that are synchronized with your master database. Read Replicas are used for improved read performance. You can also place your read replica in a different AWS Region closer to your users for better performance. Read Replicas are an example of horizontal scaling of resources.
A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task?
AWS Systems Manager
AWS Systems Manager allows you to centralize operational data from multiple AWS services and automate tasks across your AWS resources. You can create logical groups of resources such as applications, different layers of an application stack, or production versus development environments.
With Systems Manager, you can select a resource group and view its recent API activity, resource configuration changes, related notifications, operational alerts, software inventory, and patch compliance status. You can also take action on each resource group depending on your operational needs. Systems Manager provides a central place to view and manage your AWS resources, so you can have complete visibility and control over your operations.
An IT company has a hybrid cloud architecture and it wants to centralize the server logs for its EC2 instances and on-premises servers. Which of the following is the MOST effective for this use-case?
Use CloudWatch Logs for both the EC2 instance and the on-premises servers
You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources such as on-premises servers.
CloudWatch Logs enables you to centralize the logs from all of your systems, applications, and AWS services that you use, in a single, highly scalable service. You can then easily view them, search them for specific error codes or patterns, filter them based on specific fields, or archive them securely for future analysis.
Which of the following AWS services offer block-level storage? (Select two)
EBS and Instance Store
Both are the same thing, one is network attached the other is physically attached.
What constitutes an AWS Region?
An AWS regions contains a minimum of 3 Availability Zones
What constitutes an AWS Availability Zone?
Each AZ contains at least one discrete data centre.
Which services can be used to decouple components of a microservice based application on AWS?
SQS and SNS
Decouple microservices = SQS and SNS
What is the DynamoDB global table service?
Amazon DynamoDB global tables is a fully managed, serverless, multi-Region, and multi-active database. Global tables provide you 99.999% availability, increased application resiliency, and improved business continuity.
What services are available for reservations in AWS for optimized costs?
EC2
DynamoDB
ElastiCache
RDS
Redshift
What additional services are protected by Shield Advanced?
Global Accelerator
Route 53
ELB
Cloud Front
What is the approved method for accessing AWS resources programatically?
Access Key ID and Secret Access Key
What is AWS compute Optimizer?
AWS Compute Optimizer recommends more efficient AWS compute resources for your workloads to reduce costs and improve performance.
What services can utilize VPC Endpoint Gateway?
Dynamo DB and S3
Which AWS service have encryption enabled by default?
AWS S3 services
Any services that utilizes S3 as the storage backend will have encryption at default.
SSE-S3 (Server Side Encryption S3)
What rules can be set with Security Groups?
Allow rules only!
What is AWS MQ
Also referred to as Message Broker
Access Key ID and Secret Access Key are tied to which AWS IAM Identity?
IAM User
What type of storage is S3?
Object Based
What type of storage is EBS?
Block Based
What type of storage is EFS?
File Based
Does a VPC span a single AZ within a region or all AZ within the region?
All AZs within the region it has been deployed.
How many AZ’s does a subnet span?
Single - just the AZ it was deployed/created in.
What are examples of global AWS Services? (4)
Cloud Front
IAM
Route 53
WAF
What services can be used to protect services against DDos attacks? (3)
Shield
WAF
CloudFront with Route 53
Name 3 methods that allows access to all AWS services?
Management Console
CLI
SDK
What type of data transfer is charged on AWS?
Outbound data transfer
What services are in scope for AWS Compute Optimizer? (4)
EC2 Instances
EBS Volumes
ECS including Fargate
Lambda
What are the different gateways supported by Storage Gateway? (3)
Tape, File and Volume gateways
Which service allows secure shell access to EC2 instances without the need of opening new ports?
AWS SSM
Which Budget Types can be created within AWS Budgets? (4)
Usage Budgets
Cost Budgets
Reservation Budgets
Savings Plans Budget
AWS Budgets enable you to plan your service usage, service costs, and instance reservations. AWS Budgets information is updated up to three times a day. Updates typically occur between 8 to 12 hours after the previous update. Budgets track your unblended costs, subscriptions, refunds, and RIs. There are four different budget types you can create under AWS Budgets - Cost budget, Usage budget, Reservation budget and Savings Plans budget.
Cost budget - Helps you plan how much you want to spend on a service.
Usage budget - Helps you plan how much you want to use one or more services.
Reservation budget - This helps you track the usage of your Reserved Instances (RI). Two ways of doing it - Reserved Instance (RI) utilization budgets (This lets you see if your Reserved Instances (RI) are unused or under-utilized), Reserved Instance (RI) coverage budgets (This lets you see how much of your instance usage is covered by a reservation).
What components are required for an AWS Site-to-Site VPN?
Virtual Private Gateway
Customer Gateway
A startup wants to set up its IT infrastructure on AWS Cloud. The CTO would like to receive detailed reports that break down the startup’s AWS costs by the hour in an Amazon Simple Storage Service (Amazon S3) bucket. As a Cloud Practitioner, which AWS service would you recommend for this use-case?
AWS Cost & Usage Report (AWS CUR)
AWS Cost & Usage Report (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use AWS Cost & Usage Report (AWS CUR) to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that break down your costs by the hour or month, by product or product resource, or by tags that you define yourself. AWS updates the report in your bucket once a day in comma-separated value (CSV) format.
Which of the following is the best way to protect your data from accidental deletion on Amazon S3?
Amazon S3 Versioning
Versioning is a means of keeping multiple variants of an object in the same bucket. You can use versioning to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket. With versioning, you can easily recover from both unintended user actions and application failures.
Versioning-enabled buckets enable you to recover objects from accidental deletion or overwrite. For example: if you delete an object, instead of removing it permanently, Amazon S3 inserts a delete marker, which becomes the current object version.
An e-commerce company uses AWS Cloud and would like to receive separate invoices for development and production environments. As a Cloud Practioner, which of the following solutions would you recommend for this use-case?
Create separate accounts for Production and Development environments.
Requires 2 accounts for 2 invoices.
Tags cannot create two separate invoices of the same account.
What level of infrastructure can EFS span?
AZ
Regions or VPCs?
All of them
An AWS hardware failure has impacted one of your Amazon Elastic Block Store (Amazon EBS) volumes. Which AWS service will alert you of the affected resources and provide a remedial action?
AWS Your Account Health Dashboard
What is the primary benefit of deploying an Amazon Relational Database Service (Amazon RDS) database in a Read Replica configuration?
Read Replica improves database scalability
Read Replicas are an example of horizontal scaling of resources.
Read Replica cannot enhance database availability - because read replicas are created in the same Regions.
What are the 6 CAF groups?
Business, People, Governance, Platform, Security, and Operations.
An IT company would like to move its IT resources (including any data and applications) from an AWS Region in the US to another AWS Region in Europe. Which of the following represents the correct solution for this use-case?
The company should just start creating new resources in the destination AWS Region and then migrate the relevant data and applications into this new AWS Region - The company needs to create resources in the new AWS Region and then move the relevant data and applications into the new AWS Region. There is no off-the-shelf solution or service that the company can use to facilitate this transition.
AWS CloudFormation cannot help with moving data and applications into another Region.
Amazon CloudWatch billing metric data is stored in which AWS Region?
US East (N. Virginia) - us-east-1
You can monitor your estimated AWS charges by using Amazon CloudWatch. Billing metric data is stored in the US East (N. Virginia) Region and represents worldwide charges. This data includes the estimated charges for every service in AWS that you use, in addition to the estimated overall total of your AWS charges.
Which Cost Allocation tags requires activation before they can appear in Cost Explorer or on a cost allocation report?
AWS generated tags and user-defined tags
Which AWS services support High Availability by default?
Instance Store
EBS
EFS
RedShift
DynamoDB
DynamoDB and EFS
All of your data is stored on solid-state disks (SSDs) and is automatically replicated across multiple Availability Zones (AZ) in an AWS Region, providing built-in high availability and data durability.
Amazon EFS is a regional service storing data within and across multiple Availability Zones (AZ) for high availability and durability.
What are the five categories for Trusted Advisor’s core recommendations?
Cost Optimization
Performance
Security
Fault Tolerance
Service Limits
Are security groups stateful or stateless?
A security group is stateful, that is, it automatically allows the return traffic
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic.
Security groups act at the instance level, not at the subnet level.
Security groups are stateful — if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules.
A security group evaluates all rules before deciding whether to allow traffic.
Compared to the on-demand instance prices, what is the highest possible discount offered for reserved instances (RI)?
72% Savings
AWS Identity and Access Management (AWS IAM) policies are written as JSON documents. Which of the following are mandatory elements of an IAM policy?
Effect, Action
Statement – Use this main policy element as a container for the following elements. You can include more than one statement in a policy.
Sid (Optional) – Include an optional statement ID to differentiate between your statements.
Effect – Use Allow or Deny to indicate whether the policy allows or denies access.
Principal (Required in only some circumstances) – If you create a resource-based policy, you must indicate the account, user, role, or federated user to which you would like to allow or deny access. If you are creating an IAM permissions policy to attach to a user or role, you cannot include this element. The principal is implied as that user or role.
Action – Include a list of actions that the policy allows or denies.
Resource (Required in only some circumstances) – If you create an IAM permissions policy, you must specify a list of resources to which the actions apply. If you create a resource-based policy, this element is optional. If you do not include this element, then the resource to which the action applies is the resource to which the policy is attached.
Condition (Optional) – Specify the circumstances under which the policy grants permission.
Which of the following use cases is best suited for Amazon EFS Standard-Infrequent Access (EFS Standard-IA) storage class?
Storing files accessibly for audit requirements.
AWS recommends Amazon EFS Standard-Infrequent Access (EFS Standard-IA) storage class if you need your full dataset to be readily accessible and want to automatically save on storage costs for files that are less frequently accessed. Examples include keeping files accessible to satisfy audit requirements, performing historical analysis, or performing backup and recovery.
Which AWS entity enables you to privately connect your Amazon Virtual Private Cloud (Amazon VPC) to an Amazon Simple Queue Service (Amazon SQS) queue?
VPC Interface Endpoint
You may see a question around this concept in the exam. Just remember that only Amazon S3 and Amazon DynamoDB support VPC gateway endpoint. All other services that support VPC Endpoints use a VPC interface endpoint (note that Amazon S3 supports the VPC interface endpoint as well).
What interface does S3 and DynamoDB use to connect to a VPC?
VPC Gateway Endpoint
A Gateway Endpoint is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service. The following AWS services are supported: Amazon S3, DynamoDB.
Reserved instances are region specific or Availability Zone specific?
AZ specific
Which of the following AWS entities lists all users in your account and the status of their various account aspects such as passwords, access keys, and MFA devices?
Credentials Report
You can generate and download a credentials report that lists all users in your account and the status of their various credentials, including passwords, access keys, and MFA devices. You can use the credentials report to assist in your auditing and compliance efforts. You can use the report to audit the effects of credential lifecycle requirements, such as password and access key rotation. You can provide the report to an external auditor, or grant permissions to an auditor so that he or she can download the report directly.
Which AWS services can be used to forecast your AWS account usage and costs?
Cost Explorer
Which of the following AWS services can be used to forecast your AWS account usage and costs?
Cost Explorer
What are the 4 cost componets for S3?
storage pricing
request and data retrieval pricing
data transfer and transfer acceleration pricing
data management features pricing
What are 3 examples of free data transfer out of S3?
Inbound transfer from the internet
Outbound to EC2 in the same region
Outbound to CloudFront
Which AWS service will help you deploy application code automatically to an Amazon Elastic Compute Cloud (Amazon EC2) instance?
Code Deploy
What can you use to run a bootstrap script while launching an Amazon Elastic Compute Cloud (Amazon EC2) instance?
Amazon EC2 instance user data
Amazon EC2 instance user data is the data that you specified in the form of a bootstrap script or configuration parameters while launching your instance.
Name two services in AWS that uses Edge Locations?
CloudFront
Global Accelerator
Any question that mentions USB, Hardware, Plug-In and MFA is what?
U2F Security Key
What AWS storage service can be directly used with on-premises systems?
EFS
To access EFS file systems from on-premises, you must have an AWS Direct Connect or AWS VPN connection between your on-premises datacenter and your Amazon VPC. You mount an EFS file system on your on-premises Linux server using the standard Linux mount command for mounting a file system
What is considered best practice in regards to accessing services on AWS?
IAM role or IAM Access Keys?
IAM Roles
Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). Access keys consist of two parts: an access key ID and a secret access key. As a user name and password, you must use both the access key ID and secret access key together to authenticate your requests. As a best practice, AWS suggests the use of temporary security credentials (IAM roles) instead of access keys.
Which AWS service can be used to set up billing alarms to monitor estimated charges on your AWS account?
Cloud Watch
Amazon CloudWatch can be used to create an alarm to monitor your estimated charges. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data. You can choose to receive alerts by email when charges have exceeded a certain threshold. These alerts are triggered by Amazon CloudWatch and messages are sent using Amazon Simple Notification Service (Amazon SNS). Billing metric data is stored in the US East (N. Virginia) Region and reflects worldwide charges.
The alarm triggers when your account billing exceeds the threshold you specify. It triggers only when actual billing exceeds the threshold. It doesn’t use projections based on your usage so far in the month.
What is the difference between AWS Cloud Watch Billing Alarms and AWS Budgets?
Amazon CloudWatch Billing Alarms: Sends an alarm when the actual cost exceeds a certain threshold which is defined by the user.
AWS Budgets: Sends an alarm when the actual cost exceeds the budgeted amount or even when the cost forecast exceeds the budgeted amount.
An e-commerce company wants to review the Payment Card Industry (PCI) reports on AWS Cloud. Which AWS resource can be used to address this use-case?
AWS Artifact
A corporation would like to simplify access management to multiple AWS accounts as well as facilitate AWS Single Sign-On (AWS SSO) access to its AWS accounts. As a Cloud Practitioner, which AWS service would you use for this task?
IAM Identity Centre
AWS IAM Identity Center is the successor to AWS Single Sign-On (AWS SSO). It is built on top of AWS Identity and Access Management (IAM) to simplify access management to multiple AWS accounts, AWS applications, and other SAML-enabled cloud applications.
Which AWS service can be used to view the most comprehensive billing details for the past month?
AWS Cost & Usage Report (AWS CUR)
The AWS Cost & Usage Report (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use Cost and Usage Reports to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own.
A Cloud Practitioner would like to get operational insights of its resources to quickly identify any issues that might impact applications using those resources. Which AWS service can help with this task?
AWS SSM
Operational Insights = SSM
A company based in Sydney hosts its application on an Amazon Elastic Compute Cloud (Amazon EC2) instance in ap-southeast-2. They would like to deploy the same Amazon EC2 instances in eu-south-1. Which of the following AWS entities can address this use case?
AWS AMI
An Amazon EBS snapshot is a point-in-time copy of your Amazon EBS volume. EBS snapshots are one of the components of an AMI, but EBS snapshots alone cannot be used to deploy the same EC2 instances across different Availability Zones (AZs).
Where are Amazon EBS snapshots stored in the AWS Cloud?
S3 buckets
A start-up would like to monitor its cost on the AWS Cloud and would like to choose an optimal Savings Plan. As a Cloud Practitioner, which AWS service would you use?
Cost Explorer
What is the minimum bill time interval for EC2 on demand?
EC2 usage is billed in one-second increments, with a minimum of 60 seconds. Similarly, provisioned storage for Amazon Elastic Block Store (Amazon EBS) volumes is billed per-second increments, with a 60-second minimum.
Which AWS serverless service allows you to prepare data for analytics?
AWS Glue
Which of the following services are provided by Amazon Route 53? (Select Two)
Domain Name Registration
Health checks and Monitoring
Which AWS Identity and Access Management (AWS IAM) Security Tools allows you to review permissions granted to an IAM user?
IAM Access Advisor
True or False - all traffic between AZ’s is encrypted?
True
What services does AWS WAF support? (4)
Amazon CloudFront,
Application Load Balancer (ALB)
Amazon API Gateway
AWS AppSync
Historically, IT departments had to over-provision for peak demand. IT professionals may bring this legacy mindset to the table when they build their cloud infrastructure leading to over-provisioned resources and unnecessary costs. Right-sizing of resources is necessary to reduce infrastructure costs while still using cloud functionality optimally.
Which feature of the AWS Cloud refers to right-sizing the resources?
Elasticity or Vertical Scaling
Key is “right-sizing” which refers to vertical scaling
What are the three types of Savings Plans?
Compute Savings Plans
EC2 Instance Savings Plans
Amazon SageMaker Savings Plans
Which Snow device is associated with IoT use cases?
Snowcone
ts small form factor makes it a perfect fit for tight spaces or where portability is a necessity and network connectivity is unreliable. You can use Snowcone in backpacks on first responders, or for IoT, vehicular, and drone use cases. You can execute compute applications on the edge, and you can ship the device with data to AWS for offline data transfer, or you can transfer data online with AWS DataSync from edge locations.
A company has defined a baseline that mentions the number of AWS resources to be used for different stages of application testing. However, the company realized that employees are not adhering to the guidelines and provisioning additional resources via API calls, resulting in higher testing costs.
Which AWS service will help the company raise alarms whenever the baseline resource numbers are crossed?
AWS CloudTrail Insights
AWS CloudTrail Insights helps AWS users identify and respond to unusual activity associated with write API calls by continuously analyzing CloudTrail management events.
