CG - Practice Test 2 Flashcards
S3 encryption if you want to maintain full end to end control of the encryption/decryption of objects and assure that only encrypted objects are transimitted over the internet to Amazon S3
Client Side encryption - provide a client side master key to the Amazon S3 Encryption Client
One way to offload your Ec2 instances
installing SSL certificates on your ELBs
iptables
OS level logging tool that can log events to Cloud watch or S3 - is a command-line firewall utility that uses policy chains to allow or block traffic
Cluster Placement groups can span VPCs but not Azs- true or false
true
inter region vpc peering
creating a vpc connection between vps in different regions
You cannot have more thane one vpc peering connection between the same VPCs at the same time - t or f
true
Transfers between S3 buckets or from Amazon S3 to EC2 within the same AWS Region are free. T or F
true
All S3 costs are based on the volume of data regardless of how it is handled. - T or F
False
Data transfer into S3 from the Internet doesn’t incur any costs - T or F
true
The total costs for data transfer out from S3 to CloudFront depend on the monthly volume of data, i.e a tiered pricing applies: The more data goes out, the more you save. T or F
false
Transferring up to one GB of data per month out of S3 to end customers over the public internet is free. T or F
true
If your application requires more compute resources than the largest DB instance class or more storage than the maximum allocation, you can:
implement partitioning thereby spreading your data across multiple DB instances
Multi-AZ will help with performance - T or F
false, it will only help resiliency
RDS autoscaling is only available with which DB
Aurora
Z2 is a valid instance type - T or F
false
AWS services that can help moving to stateless (all system and application state is stored and managed outside of the instances themselves)
DynamoDB, elasticache, RDS, S3
VM Import/Export
enables you to import virtual machine (VM) images from your existing virtualization environment to Amazon EC2, and then export them back.
If you deploy and ELB classic as part of your VPC web app, which are true:
- The outward facing interface supports IPv4 addressing.
- The inward facing interface supports IPv4 addressing
- The Listener can be setup to distribute ‘Apache Derby Network Server’ (1527) connections
Cloud9
requires addtl steps to achieve multi-AZ
Which services don’t require addtl steps for it to be multi-AZ:
- Neptune
- S3
- DynamoDB
Bucket name rules
> Bucket names must be unique across all existing bucket names in Amazon S3.
Bucket names must comply with DNS naming conventions.
Bucket names must be at least 3 and no more than 63 characters long.
Bucket names must not contain uppercase characters or underscores.
Bucket names must start with a lowercase letter or number.
Bucket names must be a series of one or more labels. Adjacent labels are separated by a single period (.). Bucket names can contain lowercase letters, numbers, and hyphens. Each label must start and end with a lowercase letter or a number.
Bucket names must not be formatted as an IP address (for example, 192.168.5.4).
When you use virtual hosted–style buckets with Secure Sockets Layer (SSL), the SSL wildcard certificate only matches buckets that don’t contain periods. To work around this, use HTTP or write your own certificate verification logic. We recommend that you do not use periods (“.”) in bucket names when using virtual hosted–style buckets.
