Certified Cloud Practitioner Flashcards
1
Q
S3 access logs
A
see all requests made to bucket
2
Q
Two types of S3 object replications
A
Cross-region and Same-region
3
Q
S3 - Cross-region replication use case (3)
A
compliance, lower latency access, replication across accounts
4
Q
S3 - Same-region replication use case (2)
A
log aggregation, live replication between production and test accounts
5
Q
S3 - Name 6 storage classes
A
- Standard General Purpose
- Standard Infrequent Access (IA)
- One Zone Infrequent Access
- Intelligent Tiering
- Glacier
- Glacier Deep Archive
6
Q
S3 - Standard General Purpose class (availability, use case, failures)
A
99.99% availability
Frequently accessed data
Sustain 2 concurrent facility failures
7
Q
S3 - Standard Infrequent Access class (availability, use case, fees)
A
99.9% availability
Less frequently accessed, but rapid when needed
Cheaper at rest, but retrieval fee
8
Q
S3 - One Zone Infrequent Access class (availability, replication, cost, use case)
A
99.5% availability
Not replicated across AZ
Lower cost than IA
Storing backups or easily recreated data
9
Q
S3 - Intelligent Tiering class (availability, latency, what does it do)
A
99.9% availability
Same low latency as standard access
Auto moves objects between frequent/infrequent access
10
Q
S3 - Glacier class (cost, retrieval times and fees)
A
Low cost
Different retrieval times and fees
11
Q
S3 - Glacier Deep Archive class (retrieval for one file, retrieval for bulk files, relative cost)
A
12 hours retrieval for one file
48 hours for bulk files
Cheapest option
12
Q
S3 - Durability and Availability
A
Durability = 99.999999999% (11 9's) Availability = 99.99% for standard
13
Q
S3 - Object Lock & Vault Lock (what it does, use case)
A
File written once and never deleted
Useful for compliance and data retention
14
Q
What is Snow used for? (2)
A
Data migration and Edge computing
15
Q
Snow - Which services are for Data Migration? (3)
A
Snowcone
Snowball Edge
SnowMobile
16
Q
Snow - Which services are for Edge Computing? (2)
A
Snowcone
Snowball Edge
17
Q
Snow - Snowball Edge (use case, two classes w/ capacity)
A
Physical transport of data, large data cloud migration
Storage Optimized: 80TB
Compute Optimized: 42TB
18
Q
Snow - Snowcone (capacity, size, what service to send data to AWS?)
A
8TB
Rugged, small
AWS DataSync
19
Q
Snow - SnowMobile (capacity for one, capacity for multiple, best for this capacity and more)
A
100PB of data per
Exabytes of data for multiple
Better for more than 10PB
20
Q
Snow - Edge Computing use cases (2)
A
Limited/no internet or computing power
Useful to preprocess data, machine learning, transcoding media streams
21
Q
Snow - Edge Computing can run which two services?
A
EC2 instances
Lambda functions
22
Q
Snow - Software used to connect to Snow devices
A
OpsHub
23
Q
Storage Gateway - use case, services (3)
A
Hybrid cloud
Bridge on-prem with cloud, EBS, S3, Glacier
24
Q
RDS - capabilities (3)
A
Automatic provisioning and OS patching
Backups and restore
Monitoring
25
RDS - additional features (3)
Read replicas
Multi AZ - failover
Multi region - for read replicas
26
RDS - read replicas - what it is, how many can you have, how data moves
Copy of RDS
Up to 5
Data only written to one, copied to replicas
27
RDS - one drawback
No SSH access
28
Aurora - two DB types
PostreSQL
| MySQL
29
Aurora - two advantages over RDS
Cloud optimized - faster
| Storage automatically grows up to 64TB in 10TB increments
30
Aurora - two disadvantages over RDS
Costs more
| Not in free tier
31
Elasticache - what is it, two techs, why
In memory database
Managed Redis or Memcached
Help reduce load of databases for READ intensive workloads
32
DynamoDB - what is it
NoSQL database, key/value
33
DynamoDB - three advantages
Replication across 3 AZ
Low latency
Serverless
34
DynamoDB - what can be enabled for performance improvement, how does it work?
```
DynamoDB Accelerator (DAX)
Fully managed in-memory cache for performance improvement
```
35
Redshift - use cases (3)
OLAP (online analytical processing)
Analytics
Data warehousing
36
Redshift - difference between other databases
Load data once every hour instead of every second or on demand
37
Redshift - cost model
Pay as you go based on instances provisioned
38
Redshift - how to query data
SQL
39
Redshift - what does it integrate with? (2)
BI tools like AWS Quicksight or Tableau
40
Elastic MapReduce (EMR) - what is it used for?
Hadoop clusters (big data)
41
Elastic MapReduce (EMR) - how can it be provisioned? (2)
Auto-scaling and spot instances
42
Athena - what is it
Full serverless database with SQL capabilities to query data in S3
43
Athena - cost model
Pay per query
44
Athena - where do query results go?
Back to S3
45
Quicksight - what is it
Serverless machine learning-powerd BI tool to create interactive dashboards
46
Quicksight - cost model
Per session pricing
47
Quicksight - integrations (5)
```
RDS
Aurora
Athena
Redshift
S3
```
48
DocumentDB - what is it
NoSQL database
| Aurora version of MongoDB
49
Neptune - what is it
Graph database
50
Neptune - replication (2)
Across 3 AZ and 15 read replicas
51
Neptune - use cases (3)
Fraud detection
Recommendation engines
Social networking
52
Quantum Ledger Database (QLDB) - what is it (2)
Ledger of recorded changes to data
| Review history of all changes made to application data
53
Quantum Ledger Database (QLDB) - advantages (2)
Immutable system, cryptographic hash
| More performant than common ledger blockchains
54
Quantum Ledger Database (QLDB) - how is data queried?
SQL
55
Quantum Ledger Database (QLDB) - is it decentralized?
No, there is no decentralization
56
Managed Blockchain - what is it used for
Join public blockchain network or create your own private network
57
Managed Blockchain - compatible with which two blockchains?
Hyperledger
| Ethereum
58
Managed Blockchain - is it decentralized?
Yes
59
Database Migration Service (DMS) - what is it
Quickly and securly migrate database to AWS
60
Database Migration Service (DMS) - two types of migrations
Homogenous (postgres --> postgres)
| Heterogenous (mysql --> postgres)
61
Glue - what is it for (2)
Managed ETL
| To prepare and transform data for analytics, possibly from multiple sources
62
Glue - how is it provisioned?
Serverless
63
Glue - example usage (extract, transform, load)
Extract data from S3 and RDS, transform, load into Redshift
64
EBS - definition
Network drive attached to EC2 instance
65
EBS - two constraints
Only attached to one instance at a time
| Bound to a specific AZ
66
EBS - three features
Can be detached/attached quickly
Can increase capacity over time
Can attach multiple to one instance
67
EBS - delete on termination is on by default when? (2)
By default for root volume
| Off for non-root volumes
68
EBS snapshots - can copy where (2)
Across AZ or Region
69
AMI - is specific to what?
A region
70
AMI - three types
Public AMI from AWS
Your own
AWS Marketplace AMI
71
AMI - creating one also does what?
Creates an EBS snapshot
72
EC2 Image Builder - does what
Automates the creation and testing of AMIs
73
EC2 Image Builder - two features
Can distribute resulting AMI across regions
| Can be run on a schedule
74
EC2 Image Builder - cost model
Free service, only pay for underlying resources
75
Instance Store - what is it
Storage physically connected to server
76
Instance Store - advantage
Better performance
77
Instance Store - disadvantage
Storage is ephemeral and is lost when instance is stopped
78
Instance Store - what is it good for
Buffer, cache, or temporary content
79
EFS - advantage
Can be mounted to 100s of EC2 instances
80
EFS - constraint
Only works with Linux EC2
81
EFS - availability
Multi-AZ
82
EFS - Infrequent Access - cost and what it does
Lower cost
| Move files to IA based on a lifecycle policy such as last time they were accessed
83
FSx - two types
Windows File Server
| Lustre
84
FSx - one advantage
Can be accessed from AWS or on-prem infrastructure
85
FSx - Windows can integrate with what
Microsoft AD
86
FSx - Lustre is good for what
High performance computing
87
ECS - what it does
Launch docker instances on EC2
88
ECS - advantages (3)
AWS takes care of starting and stopping containers
Have access to underlying containers
Can use an ALB
89
Fargate - what it does
Launch docker instances
90
Fargate - advantage
Serverless, do not need to provision EC2 instances
91
Fargate - disadvantage (difference with ECS)
No access to underlying containers
92
ECR - what is it and where to use it
A private docker registry
| Store docker images to run on ECS or Fargate
93
Lambda - what is it
Virtual functions that run on demand
94
Lambda - monitoring
Cloudwatch
95
Lambda - max execution time
Up to 15 minutes
96
API Gateway - what is it
Expose Lambda function to client as an API
97
API Gateway - two protocols
REST and Websocket
98
Batch - what can you do
Run 100ks batch jobs
99
Batch - how does it work (2)
Automatically provisions EC2 or Spot instances
| Defined as Docker images
100
Batch vs Lambda (4)
Batch: no time limit, any runtime, has instance store, relies on EC2
101
Lightsail - what is it (2)
Deploy a simple web application with templates
| For people with little cloud experience
102
Lightsail - limitations (2)
No autoscaling
| Limited AWS integrations
103
CloudFormation CDK - what is it
Define cloud infrastructure using a familiar programming language
104
Beanstalk - what is it (2)
Platform as as Service
| Developer centric view of deploying an application
105
Beanstalk - cost model
Free to use, but pay for underlying resources
106
Beanstalk - three architectures that can be used and why
Single instance: good for dev
ELB + ASG: production web apps
ASG only: non-web, workers
107
Beanstalk - health monitoring
Cloudwatch - fully managed
108
CodeDeploy - can deploy where (2)
EC2 or on-premise servers
109
CodeArtifact - what is it
Store and retrieve dependencies and packages
110
CodeStar - what is it
Unified view to manage software development
| CodeCommit, CodeBuild, CodePipeline, etc.
111
Cloud9 - what is it
Cloud IDE for running, writing, and debugging code
112
Cloud9 - two features (2)
Used within web browser
| Real-time code collaboration
113
Systems Manager (SSM) - what is it
Hybrid service to manage EC2 instances and on-prem systems at scale
114
Systems Manager (SSM) - three things you can do
Automatic patching
Run commands across entire fleet of servers
Store parameter configuration
115
OpsWorks - what is it
Managed Chef & Puppet instances
116
Why global infrastructure? (3)
Decreased latency
Disaster recovery if a region goes down
Attack protection - harder to attack distributed app
117
Route53 - routing policies and health check
Latency routing - no health check
| Failover routing - has health check
118
CloudFront - what is it and what is it good for
A global CDN with 216 edge locations
| Improves read performance
119
CloudFront - two origins (2)
```
S3
Any HTTP (EC2, ELB, etc.)
```
120
CloudFront - integration w/ two services to protect against attacks (and what kind)
Shield
WAF
DDoS
121
S3 Transfer Acceleration - how it works
Increase speed by first transferring file to AWS edge location
122
S3 Transfer Acceleration - example of when to use
If global application needs to upload files to specific S3 bucket in a region
123
Global Accelerator - why, what is it and how it works (3)
Improve global application availability and performance
Leverage AWS internal network to route traffic to your application
Sent through edge location to specific region
124
Outposts - what is it for
For hybrid cloud
125
Outposts - what is it
Physical server racks that offer same AWS infrastructure as the cloud
126
Outposts - why use it
Easier to migrate from on-prem to the cloud
127
WaveLength - what is it (2)
Infrastructure deployments at the edge of 5G networks
| Low latency for 5g apps
128
CloudTrail - what is it used for (3)
Governance, compliance, and audit of AWS account
129
CloudTrail - how it works
Monitor and get history of events / API calls made within your AWS account
130
CloudTrail - data retention and how to increase, analyze
90 days by default
| Send to S3 and analyze with Athena
131
CloudTrail - Insights - what it is and how it works
Enable to detect unusual activity
| Creates baseline from normal activity and compares
132
X-Ray - what is it for (3)
Visual analysis of apps
Troubleshoot performance bottlenecks
Understand dependencies of microservices architecture
133
CodeGuru - what is it
ML-powered service for automated code review and app performance
134
NAT Gateway - what does it do
Allows private subnet access to internet
135
Internet Gateway - what does it do
Route for public subnet to the internet
136
Security Group vs Network ACL (2)
Security group: return traffic automatically allowed, allow rules only
Network ACL: must explicitly allow return traffic, allow and deny rules
137
VPC Flow Logs - what is it
Info about IP traffic going to all interfaces
138
VPC Peering
Connect two VPCs so they behave as one network
139
VPC Endpoints - what is it
Connect AWS services using private network instead of public
140
VPC Endpoints - two services you can connect to
S3
| DynamoDB
141
Transit Gateway - model and what it is
Hub and spoke connection to connect thousands of VPC and on-premise through one single gateway
142
Shield - what is it
Protects against DDoS attack
143
Shield - which services (3)
Route53, CloudFront, ELB
144
Shield vs Shield Advanced
Advanced: 24/7 premium DDoS protection and response team
145
WAF - what is it (2)
Filter specific requests based on rules
| Protects against web exploits (layer 3 and 4)
146
WAF - which services (4)
ALB
API Gateway
Cloudfront
AppSync
147
KMS - what is it
AWS manages encryption keys
148
CloudHSM - what is it
AWS provides encryption hardware and you manage your own keys
149
ACM - what is it
Certificate manager to deploy SSL/TLS certificates
150
Secrets Manager - what is it used for
Store secrets
151
Secrets Manager - secrets can be generated using what service
Lambda
152
Secrets Manager - can be integrated with what service
RDS
153
Artifact - what is it
Portal to provide customers with on-demand access to AWS compliance and agreement docs
154
GuardDuty - what is it, and it uses data from 3 places
ML algorithm to protect AWS account
| Uses data from CloudTrail logs, VPC flow logs, DNS logs
155
GuardDuty - what does it do as a result
Emits a Cloudwatch event
156
Inspector - what is it
Automated security assessment of EC2 instances
157
Config - what is it
Record configuration changes over time
158
Config - what is it good for
Auditing and recording compliance of AWS resources
159
Config vs CloudTrail
Config: see configuration changes over time
CloudTrail: see WHO made changes
160
Macie - what is it
Data security and privacy service to discover sensitive info (PII) in S3
161
Security Hub - what is it, what makes it unique to other security services
Central security tool across several AWS account
162
Security Hub - what service must be enabled
Config
163
Detective - what is it
ML for deeper analysis of security issues
164
5 root user privileges
```
Change account settings
View certain tax invoices
Close account
Change or cancel support plan
Register as a seller in Reserved Instance Marketplace
```
165
Comprehend - what is it
Natural language processing
166
SageMaker
Fully managed service to build ML models
167
Kendra
Document search service powered by ML
168
Personalize
Build apps with real-time personalized recommendations
169
Service Control Policies (SCP) - what is it
Whitelist or blacklist IAM actions at the Organization or Account level
170
Control Tower - what is it
Automate setup or Organizations and accounts in a multi-account environment
171
Trusted Advisor - does what and provides recommendation for 5 things
```
Analyze your account
Cost optimization
Performance
Security
Fault tolerance
Service limits
```
172
Trusted Advisor - full TA and API access for which support plans (2)
Business
| Enterprise
173
Budgets - what is it used for
Set custom budgets that alert you when estimated costs or forecasted usage exceed or will exceed your budgeted amount
174
Cost Explorer - what is it
Forecast usage up to 12 months based on previous usage
175
Security Token Service (STS) - what is it
Create temporary, limited credentials
176
Workspaces
Desktop as a service, windows and linux, access to AWS cloud
177
AppStream
Deliver an app to any computer through the web browser
178
Sumerian
Create and run VR, AR, 3D apps
179
Device Farm
Fully-managed service to test web and mobile applications against real devices
180
AWS Backup
Automate backups across AWS services
181
CloudEndure
Recover physical, virtual, and cloud-based servers into AWS
182
OpsHub - what is it
Software to connect to Snow devices
183
DataSync - what is it
To connect Snow Devices to AWS to send data
184
This service has encryption enabled by default
CloudTrail logs
185
Highest possible discount for spot instances?
90%
186
In what scenario does data transfer not cost anything?
Within the same region
187
Each region consists of how many AZs
One or more
188
Five pillars of well-architected framework
```
Operational excellence
Security
Reliability
Performance efficiency
Cost optimization
```
189
Three gateway types of Storage Gateway
Tape
File
Volume
190
Services that are global in scope (4)
IAM
CloudFront
Route53
WAF
191
Highest possible discount for reserved instances?
72
192
Cost and Usage Report are used for what
Comprehensive breakdown of costs by hour
193
Two mandatory elements of an IAM policy
Effect
| Action
194
Shield Advanced is a paid service for which support plans?
All plans
195
Where is the Cloudwatch billing metric stored
Only us-east1
196
Three types of budgets for AWS Budgets
Usage
Cost
Reservation
197
Developer support plan - cases
Unlimited cases for 1 primary contact
198
Developer support plan - feature
Email support during business hours
199
Developer support plan - case severity / response time (2)
General guidance: <24 hours
| System impaired: <12 hours
200
Business support plan - use case
Production workloads
201
Business support plan - cases
Unlimited cases, unlimited contacts
202
Business support plan - access to support engineers
24/7 phone, email, and chat
203
Business support plan - case severity / response time (4)
General guidance: < 24 hours
System impaired: < 12 hours
Production system impaired: < 4 hours
Production system down: < 1 hour
204
Enterprise support plan - use case
Mission critical workloads
205
Enterprise support plan - 4 features only for this plan
Technical account manager
Self-guided labs and instruction
Concierge support team
Infrastructure, well-architected, and operations reviews
206
EC2 Reserved Instance types (3)
Standard: most discount - up to 72%
Convertible: can increase workload
Scheduled: launch on a predictable recurring schedule
207
Two services of Route53
Health checks
| Domain registration
208
Security tool that allows you to review permissions granted to a user
IAM access advisor
209
Customer data is the responsibility of AWS or customer?
Customer
210
Operational Excellence - 3 design principles
Perform operations as code
Make frequent, small, reversible changes
Anticipate failure
211
Security - 5 design principles
```
Strong identity foundation
Enable traceability
Automation of security practices
Protect data in transit and at rest
Keep people away from data
```
212
Reliability - 5 design principles
```
Test recovery procedures
Automatically recover from failure
Scale horizontally
Stop guessing capacity
Automation
```
213
Performance Efficiency - 5 design principles
```
Use advanced tech
Go global in minutes
Use serverless
Experiment
Mechanical sympathy
```
214
Cost Optimization - 4 design principles
Consumption mode - pay only for what you use
Measure efficiency
Analyze and attribute expenditure
Used managed services
215
What can you buy on AWS Marketplace? (4)
Custom AMI
CloudFormation templates
SaaS
Docker images
216
Three APN partner types and what they do
Technology partners: hardware, connectivity, software
Consulting partners: build on AWS
Training partners: find who can help you learn
