Cloud Concepts Flashcards
A company is looking for a guided path to help deploy, configure, and secure its new workloads while ensuring that it is ready for on-going operations in the cloud. Which of the following AWS services/tools can be leveraged for this use case?
A. Cloud Foundations
B. AWS Trusted Advisor
C. AWS Shared Responsibility Model
D. AWS Config
A. Cloud Foundations
Explanation
Correct option:
Cloud Foundations
Cloud Foundations provides a guided path to help customers deploy, configure, and secure their new workloads while ensuring they are ready for on-going operations in the cloud. Cloud Foundations helps customers navigate through the decisions they need to make through curated AWS Services, AWS Solutions, Partner Solutions, and Guidance.
Cloud Foundations: via - https://aws.amazon.com/architecture/cloud-foundations/
Incorrect options:
AWS Trusted Advisor - AWS Trusted Advisor is an online tool that provides real-time guidance to help provision your resources following AWS best practices. Whether establishing new workflows, developing applications, or as part of ongoing improvement, recommendations provided by Trusted Advisor regularly help keep your solutions provisioned optimally. AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: Cost Optimization, Performance, Security, Fault Tolerance, Service Limits.
AWS Config - AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
AWS Shared Responsibility Model - Under the AWS Shared Responsibility Model, AWS is responsible for protecting the infrastructure that runs all of the services offered in the AWS Cloud. This infrastructure is composed of the hardware, software, networking, and facilities that run AWS Cloud services. Customer’s responsibility is determined by the AWS Cloud services that a customer selects.
Reference:
https://aws.amazon.com/architecture/cloud-foundations/
Which of the following is a perspective of the AWS Cloud Adoption Framework (AWS CAF)?
A. Product
B. Business
C. Architecture
D. Process
B. Business
Correct option:
Business
The AWS Cloud Adoption Framework (AWS CAF) leverages AWS experience and best practices to help you digitally transform and accelerate your business outcomes through innovative use of AWS. AWS CAF identifies specific organizational capabilities that underpin successful cloud transformations.
AWS CAF groups its capabilities in six perspectives: Business, People, Governance, Platform, Security, and Operations.
Incorrect options:
Process
Product
Architecture
These three options contradict the explanation provided above, so these options are incorrect.
Reference:
https://aws.amazon.com/premiumsupport/plans/enterprise/
An IT company is on a cost-optimization spree and wants to identify all Amazon Elastic Compute Cloud (Amazon EC2) instances that are under-utilized. Which AWS services can be used off-the-shelf to address this use-case without needing any manual configurations? (Select two)
A. Amazon CloudWatch
B. AWS Cost Explorer
C. AWS Trusted Advisor
D. AWS Cost & Usage Report (AWS CUR)
E. AWS Budgets
B. AWS Cost Explorer
C. AWS Trusted Advisor
Explanation
Correct option:
AWS Trusted Advisor
AWS Trusted Advisor is an online tool that provides real-time guidance to help provision your resources following AWS best practices. Whether establishing new workflows, developing applications, or as part of ongoing improvement, recommendations provided by Trusted Advisor regularly help keep your solutions provisioned optimally. AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: Cost Optimization, Performance, Security, Fault Tolerance, Service Limits.
AWS Trusted Advisor checks the Amazon Elastic Compute Cloud (Amazon EC2) instances that were running at any time during the last 14 days and alerts you if the daily CPU utilization was 10% or less and network I/O was 5 MB or less on 4 or more days.
How AWS Trusted Advisor Works: via - https://aws.amazon.com/premiumsupport/technology/trusted-advisor/
How AWS Trusted Advisor identifies low utilization Amazon EC2 instances: via - https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/#Cost_Optimization
AWS Cost Explorer
AWS Cost Explorer has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. AWS Cost Explorer includes a default report that helps you visualize the costs and usage associated with your top five cost-accruing AWS services, and gives you a detailed breakdown of all services in the table view. The reports let you adjust the time range to view historical data going back up to twelve months to gain an understanding of your cost trends.
The rightsizing recommendations feature in AWS Cost Explorer helps you identify cost-saving opportunities by downsizing or terminating Amazon EC2 instances. You can see all of your underutilized Amazon EC2 instances across member accounts in a single view to immediately identify how much you can save.
Incorrect options:
AWS Cost & Usage Report (AWS CUR) - The AWS Cost & Usage Report (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use AWS Cost & Usage Report (AWS CUR) to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that break down your costs by the hour or month, by product or product resource, or by tags that you define yourself. AWS Cost & Usage Report (AWS CUR) cannot be used to identify under-utilized Amazon EC2 instances.
Amazon CloudWatch - Amazon CloudWatch can be used to create alarm to monitor your estimated charges. When you enable the monitoring of estimated charges for your AWS account, the estimated charges are calculated and sent several times daily to CloudWatch as metric data. You can choose to receive alerts by email when charges have exceeded a certain threshold. Think resource performance monitoring, events, and alerts; think CloudWatch. Amazon CloudWatch cannot be used to identify under-utilized Amazon EC2 instances without manually configuring an alarm with the appropriate threshold to track the Amazon EC2 utilization, so this option is incorrect.
AWS Budgets - AWS Budgets gives the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount. You can also use AWS Budgets to set reservation utilization or coverage targets and receive alerts when your utilization drops below the threshold you define. AWS Budgets can be created at the monthly, quarterly, or yearly level, and you can customize the start and end dates. You can further refine your budget to track costs associated with multiple dimensions, such as AWS service, linked account, tag, and others. AWS Budgets cannot be used to identify under-utilized EC2 instances without manually configuring coverage targets, so this option is incorrect.
References:
https://aws.amazon.com/premiumsupport/technology/trusted-advisor/best-practice-checklist/#Cost_Optimization
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/ce-rightsizing.html
An organization maintains separate Amazon Virtual Private Clouds (Amazon VPC) for each of its departments. With expanding business, the organization now wants to connect all Amazon Virtual Private Clouds (Amazon VPC) for better departmental collaboration. Which AWS service will help the organization tackle the issue effectively?
A. AWS Site-to-Site VPN
B. VPC peering connection
C. AWS Direct Connect
D. AWS Transit Gateway
D. AWS Transit Gateway
Explanation
Correct option:
AWS Transit Gateway
AWS Transit Gateway connects Amazon Virtual Private Clouds (Amazon VPC) and on-premises networks through a central hub. This simplifies your network and puts an end to complex peering relationships. It acts as a cloud router – each new connection is only made once. As you expand globally, inter-Region peering connects AWS Transit Gateways using the AWS global network. Your data is automatically encrypted and never travels over the public internet.
How AWS Transit Gateway can simplify your network: via - https://aws.amazon.com/transit-gateway/
Incorrect options:
VPC peering connection - A VPC peering connection is a networking connection between two Amazon Virtual Private Clouds (Amazon VPC) that enables you to route traffic between them privately. VPC peering connection is not transitive, a separate VPC peering connection has to be made between two VPCs that need to talk to each other. With growing VPCs, this gets difficult to manage.
Transitive VPC peering connection is not allowed: via - https://docs.aws.amazon.com/vpc/latest/peering/invalid-peering-configurations.html
AWS Direct Connect - AWS Direct Connect creates a dedicated private connection from a remote network to your VPC. This is a private connection and does not use the public internet. Takes at least a month to establish this connection. AWS Direct Connect cannot be used to interconnect VPCs.
AWS Site-to-Site VPN - AWS Site-to-Site VPN creates a secure connection between your data center or branch office and your AWS cloud resources. This connection goes over the public internet. AWS Site-to-Site VPN cannot be used to interconnect VPCs.
Reference:
https://aws.amazon.com/transit-gateway/
Which of the following is a part of the AWS Global Infrastructure?
A. Subnet
B. AWS Region
C. Virtual Private Vetwork (VPN)
D. Virtual Private Cloud
B. AWS Region
Explanation
Correct option:
AWS Region
AWS Region is a physical location around the world where AWS builds its data centers. Each group of logical data centers is called an Availability Zone (AZ). Each AWS Region consists of multiple, isolated, and physically separate AZ’s within a geographic area.
Please see this illustration for AWS regions in the US: via - https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
Incorrect options:
Virtual Private Cloud (VPC) - Amazon Virtual Private Cloud (Amazon VPC) is a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your IP address range, creation of subnets, and configuration of route tables and network gateways. A VPC spans all of the Availability Zones in the Region.
Virtual Private Network (VPN) - AWS Virtual Private Network (AWS VPN) lets you establish a secure and private encrypted tunnel from your on-premises network to the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN.
Subnet - A subnet is a range of IP addresses within your VPC. A subnet spans only one Availability Zone in the Region.
These three options are not a part of the AWS Global Infrastructure.
Reference:
https://aws.amazon.com/about-aws/global-infrastructure/regions_az/
Which pillar of the AWS Well-Architected Framework recommends maintaining infrastructure as code (IaC)?
A. Security
B. Cost Optimization
C.Performance Efficiency
D. Operation Excellence
D. Operational Excellence
Explanation
Correct option:
Operational Excellence
The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while building systems on AWS. By using the Framework you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. It provides a way for you to consistently measure your architectures against best practices and identify areas for improvement.
The AWS Well-Architected Framework is based on six pillars — Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization and Sustainability.
The Operational Excellence pillar includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures. In the cloud, you can apply the same engineering discipline that you use for application code to your entire environment. You can define your entire workload (applications, infrastructure) as code and update it with code. You can implement your operations procedures as code and automate their execution by triggering them in response to events.
Incorrect options:
Cost Optimization - Cost Optimization focuses on avoiding un-needed costs. Key topics include understanding and controlling where the money is being spent, selecting the most appropriate and right number of resource types, analyzing spend over time, and scaling to meet business needs without overspending.
Performance Efficiency - The performance efficiency pillar focuses on using IT and computing resources efficiently. Key topics include selecting the right resource types and sizes based on workload requirements, monitoring performance, and making informed decisions to maintain efficiency as business needs evolve.
Security - The security pillar focuses on protecting information & systems. Key topics include confidentiality and integrity of data, identifying and managing who can do what with privilege management, protecting systems, and establishing controls to detect security events.
Reference:
https://wa.aws.amazon.com/wat.pillar.operationalExcellence.en.html
Which type of cloud computing does Amazon Elastic Compute Cloud (EC2) represent?
A. Platform as a Service (PaaS)
B. Infrastructure as a Service (IaaS)
C, Software as a Service (SaaS)
D. Network as a Service (NaaS)
B. Infrastrucure as a Service (IaaS)
Explanation
Correct option:
Infrastructure as a Service (IaaS)
Cloud Computing can be broadly divided into three types - Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS).
IaaS contains the basic building blocks for cloud IT. It typically provides access to networking features, computers (virtual or on dedicated hardware), and data storage space. IaaS gives the highest level of flexibility and management control over IT resources.
EC2 gives you full control over managing the underlying OS, virtual network configurations, storage, data and applications. So EC2 is an example of an IaaS service.
Please review this overview of the types of Cloud Computing: via - https://aws.amazon.com/types-of-cloud-computing/
Incorrect options:
Platform as a Service (PaaS) - PaaS removes the need to manage underlying infrastructure (usually hardware and operating systems), and allows you to focus on the deployment and management of your applications. You don’t need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application.
Elastic Beanstalk is an example of a PaaS service. You can simply upload your code and Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring.
Software as a Service (SaaS) - SaaS provides you with a complete product that is run and managed by the service provider. With a SaaS offering, you don’t have to think about how the service is maintained or how the underlying infrastructure is managed. You only need to think about how you will use that particular software. AWS Rekognition is an example of a SaaS service.
Network as a Service (NaaS) - This is a made-up option and has been added as a distractor.
Reference:
https://aws.amazon.com/types-of-cloud-computing/
Which of the following is CORRECT regarding removing an AWS account from AWS Organizations?
A. Raise a support ticket with AWS Suport to remove the a count
B. The AWS account must be able to operate as a standalone account. Only then can it be removed from AWS Organizations
C. The AWS account can be removed from AWS Systems Manager
D. The AWS account must not have any Service Control Policies (SCPs) attached to it. Only then it can be removed from AWS Organizations
B. The AWS account must be able to operate as a standalone account. Only then can it be removed from AWS
Explanation
Correct option:
The AWS account must be able to operate as a standalone account. Only then it can be removed from AWS organizations
You can remove an account from your organization only if the account has the information that is required for it to operate as a standalone account. For each account that you want to make standalone, you must accept the AWS Customer Agreement, choose a support plan, provide and verify the required contact information, and provide a current payment method. AWS uses the payment method to charge for any billable (not AWS Free Tier) AWS activity that occurs while the account isn’t attached to an organization.
Incorrect options:
Raise a support ticket with AWS Support to remove the account - AWS Support does not need to help you in removing an AWS account from AWS Organizations.
The AWS account can be removed from AWS Systems Manager - AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks such as running commands, managing patches, and configuring servers across AWS Cloud as well as on-premises infrastructure. Systems Manager cannot be used to remove an AWS account from AWS Organizations.
The AWS account must not have any Service Control Policies (SCPs) attached to it. Only then it can be removed from AWS organizations - This is not a pre-requisite to remove the AWS account. The principals in the AWS account are no longer affected by any service control policies (SCPs) that were defined in the organization. This means that restrictions imposed by those SCPs are gone, and the users and roles in the account might have more permissions than they had before.
Reference:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_remove.html
Which of the following statements are CORRECT regarding the AWS VPC service? (Select two)
A. A Security Group can have both allow and deny rules
B. A Network Address Translation gateway (NAT gateway) is managed by AWS
C. A Security Group can have allow rules only
D. A network access control list (network ACL) can have rules only
E. A Network Address Translation instance (NAT instance) is managed by AWS
B. A Network Address Translation gateway (NAT gateway) is managed by AWS
C. A Security Group can have allow rules only
Explanation
Correct options:
A Security Group can have allow rules only
A Network Address Translation gateway (NAT gateway) is managed by AWS
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. Security groups act at the instance level, not at the subnet level. You can specify allow rules, but not deny rules. You can specify separate rules for inbound and outbound traffic.
Security Group Overview: via - https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
A network access control list (network ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets (i.e. it works at subnet level). A network ACL has separate inbound and outbound rules, and each rule can either allow or deny traffic.
network access control list (network ACL) Overview: via - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
You can use a network address translation (NAT) gateway or a Network Address Translation instance (NAT instance) to enable instances in a private subnet to connect to the internet or other AWS services, but prevent the internet from initiating a connection with those instances. Network Address Translation gateway (NAT gateway) is managed by AWS but Network Address Translation instance (NAT instance) is managed by you.
Please see this comparison table for differences between Network Address Translation gateway (NAT gateway) and Network Address Translation instance (NAT instance): via - https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-comparison.html
Incorrect options:
A Security Group can have both allow and deny rules
A Network Address Translation instance (NAT instance) is managed by AWS
A network access control list (network ACL) can have allow rules only
These three options contradict the details provided earlier in the explanation, so these options are incorrect.
References:
https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html
https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html
Which of the following AWS Support plans provide access to only core checks from the AWS Trusted Advisor Best Practice Checks? (Select two)
A. AWS Enterprise Support
B. AWS Enterprise On-Ramp Support
C. AWS Developer Support
D. AWS Basic Support
E. AWS Business Support
C. AWS Developer Support
D. AWS Basic Support
Explanation
Correct option:
AWS Basic Support
The AWS Basic Support plan only provides access to the following:
Customer Service & Communities - 24x7 access to customer service, documentation, whitepapers, and support forums. AWS Trusted Advisor - Access to the core Trusted Advisor checks and guidance to provision your resources following best practices to increase performance and improve security. AWS Health - Your Account Health Dashboard : A personalized view of the health of your AWS services, and alerts when your resources are impacted.
AWS Developer Support - You should use the AWS Developer Support plan if you are testing or doing early development on AWS and want the ability to get email-based technical support during business hours as well as general architectural guidance as you build and test. This plan provides access to just the core Trusted Advisor checks from the Service Quota and basic Security checks.
Exam Alert:
Please review the differences between the AWS Developer Support, AWS Business Support, AWS Enterprise On-Ramp Support and AWS Enterprise Support plans as you can expect at least a couple of questions on the exam:
via - https://aws.amazon.com/premiumsupport/plans/
Incorrect options:
AWS Enterprise Support - AWS Enterprise Support plan provides customers with concierge-like service where the main focus is helping the customer achieve their outcomes and find success in the cloud. With AWS Enterprise Support, you get 24x7 technical support from high-quality engineers, tools and technology to automatically manage the health of your environment, consultative architectural guidance and a designated Technical Account Manager (TAM) to coordinate access to proactive/preventative programs and AWS subject matter experts. You also get full access to AWS Trusted Advisor Best Practice Checks.
AWS Business Support - You should use the AWS Business Support plan if you have production workloads on AWS and want 24x7 phone, email and chat access to technical support and architectural guidance in the context of your specific use-cases. You also get full access to AWS Trusted Advisor Best Practice Checks.
AWS Enterprise On-Ramp Support - You should use the AWS Enterprise On-Ramp Support plan if you have production/business critical workloads in AWS and want 24x7 access to technical support and need expert guidance to grow and optimize in the Cloud. You get full access to AWS Trusted Advisor Best Practice Checks.
Reference:
https://aws.amazon.com/premiumsupport/plans/
According to the AWS Cloud Adoption Framework (AWS CAF), what are two tasks that a company should perform when planning to migrate to the AWS Cloud and aiming to become more responsive to customer inquiries and feedback as part of their organizational transformation? (Select two)
A. Leverage legacy infrastructure for cost efficiencies
B. Create new analytical insights with existing products and services
C. Organize your teams around the products abd value streams
D. Leverage Agile methods to rapidly iterate and evolve
E. Oraganize your teams around bureaucratic design principles
C. Organize your teams around the products abd value streams
D. Leverage Agile methods to rapidly iterate and evolve
Explanation
Correct options:
The AWS Cloud Adoption Framework (AWS CAF) leverages AWS experience and best practices to help you digitally transform and accelerate your business outcomes through innovative use of AWS. AWS CAF identifies specific organizational capabilities that underpin successful cloud transformations. These capabilities provide best practice guidance that helps you improve your cloud readiness. AWS CAF groups its capabilities in six perspectives: Business, People, Governance, Platform, Security, and Operations.
Organize your teams around products and value streams
Leverage agile methods to rapidly iterate and evolve
Using the AWS Cloud Adoption Framework (AWS CAF), you can reimagine how your business and technology teams create customer value and meet your strategic intent. Organizing your teams around products and value streams while leveraging agile methods to rapidly iterate and evolve will help you become more responsive and customer centric.
Incorrect options:
Leverage legacy infrastructure for cost efficiencies
Create new analytical insights with existing products and services
Organize your teams around bureaucratic design principles
These three options are not in agreement with the tasks outlined by the AWS Cloud Adoption Framework (AWS CAF) to become more responsive to customer inquiries and feedback, hence these options are incorrect.
Reference:
https://aws.amazon.com/cloud-adoption-framework/
Which service gives a personalized view of the status of the AWS services that are part of your Cloud architecture so that you can quickly assess the impact on your business when AWS service(s) are experiencing issues?
A. Amazon Inspector
B. AWS Health - Service Health Dashboard
C. Amazon CloudWatch
D. AWS Health - Your Account Health Dashboard
D. AWS Health - Your Account Health Dashboard
Explanation
Correct option:
AWS Health - Your Account Health Dashboard
AWS Health - Your Account Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you.
With AWS Health - Your Account Health Dashboard, alerts are triggered by changes in the health of your AWS resources, giving you event visibility, and guidance to help quickly diagnose and resolve issues.
You can check on this page https://phd.aws.amazon.com/phd/home to get current status information.
Incorrect options:
Amazon Inspector - Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. Amazon Inspector cannot be used to prevent Distributed Denial-of-Service (DDoS) attack. It cannot provide the status of your AWS resources.
Amazon CloudWatch - Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides data and actionable insights to monitor applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. This is an excellent service for building Resilient systems. Think resource performance monitoring, events, and alerts; think CloudWatch. It cannot provide the status of your AWS resources.
AWS Health - Service Health Dashboard - The AWS Health - Service Health Dashboard is the single place to learn about the availability and operations of AWS services. You can view the overall status of AWS services, and you can sign in to view personalized communications about your particular AWS account or organization.
You can check on this page https://health.aws.amazon.com/health/status to get current status information.
Exam Alert:
While the AWS Health - Service Health Dashboard displays the general status of AWS services; the AWS Health - Your Account Health Dashboard gives you a personalized view of the performance and availability of the AWS services underlying your AWS resources.
Reference:
https://docs.aws.amazon.com/health/latest/ug/what-is-aws-health.html
Which of the following are examples of Horizontal Scalability (aka Elasticity)? (Select two)
A. Elastic Load Balancer (ELB)
B. Read Replicas in Amazon Relational Database Service (Amazon RDS)
C. Modify a Database instance to higher CPU and Ram
D. Modify an EC2 instance type from t2.nano to u-12tb1.metal
E. Add a bigger CPU to the computer
A. Elastic Load Balancer (ELB)
B. Read Replicas in Amazon Relational Database Service (Amazon RDS)
Explanation
Correct options:
A “horizontally scalable” system is one that can increase capacity by adding more computers to the system. This is in contrast to a “vertically scalable” system, which is constrained to running its processes on only one computer; in such systems, the only way to increase performance is to add more resources into one computer in the form of faster (or more) CPUs, memory or storage. Horizontally scalable systems are oftentimes able to outperform vertically scalable systems by enabling parallel execution of workloads and distributing those across many different computers.
Elastic Load Balancing (ELB)
Elastic Load Balancing (ELB) automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single Availability Zone (AZ) or across multiple Availability Zones (AZ). This falls under Horizontal Scaling.
Read Replicas in Amazon Relational Database Service (Amazon RDS)
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. Read replicas allow you to create read-only copies that are synchronized with your master database. You can also place your read replica in a different AWS Region closer to your users for better performance. Read replicas are an example of horizontal scaling of resources.
Incorrect options:
Add a bigger CPU to a computer - As explained above, this comes under vertical scaling since the bigger resource is being added to a single computer or node.
Modify an EC2 instance type from t2.nano to u-12tb1.metal - Enhancing the type of a single Amazon EC2 system is also an example of vertical scaling since the extra capacity is being added to a single instance.
Modify a Database instance to higher CPU and RAM - This is also an example of vertical scaling since the focus is on increasing the capacity of a single machine or instance.
Reference:
https://wa.aws.amazon.com/wat.concept.horizontal-scaling.en.html
Which of the following AWS services is essential for implementing security of resources in AWS Cloud?
A. Amazon CloudWatch
B. AWS Web Application Firewall (AWS WAF)
C. AWS Shield
D. AWS Identity and Access Management (IAM)
D. AWS Identity and Access Management (IAM)
Explanation
Correct option:
AWS Identity and Access Management (IAM)
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM enables security best practices by allowing you to grant unique security credentials to users and groups to specify which AWS service APIs and resources they can access. These features make IAM an important service for the overall security of AWS resources in your account. IAM is secure by default; users have no access to AWS resources until permissions are explicitly granted.
Incorrect options:
Amazon CloudWatch - Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides data and actionable insights to monitor applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. This is an excellent service for building Resilient systems. Think resource performance monitoring, events, and alerts; think CloudWatch.
AWS Shield - AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. AWS Shield cannot be used to handle resource-specific security on AWS.
AWS Web Application Firewall (AWS WAF) - By using AWS Web Application Firewall (AWS WAF), you can configure web access control lists (Web ACLs) on your CloudFront distributions or Application Load Balancers to filter and block requests based on request signatures. Besides, by using AWS WAF’s rate-based rules, you can automatically block the IP addresses of bad actors when requests matching a rule exceed a threshold that you define. AWS WAF cannot be used to handle resource-specific security on AWS.
Reference:
https://aws.amazon.com/iam/
Multi-AZ deployment is an example of which of the following?
A. High Availability
B. Scale out
C. Scale up
D. Performance Efficiency
A. High Availability
Explanation
Correct option:
High Availability
A system that is available is capable of delivering the designed functionality at a given point in time. Highly available systems are those that can withstand some measure of degradation while still remaining available. On AWS Cloud, you can run instances for an application in a multi-AZ deployment to achieve High Availability.
Incorrect options:
Scale out - The scale out (horizontal scaling) operation refers to an increase in capacity by adding more computers to the system. This is in contrast to a “scale up” operation, which is constrained to running its processes on only one computer; in such systems, the only way to increase performance is to add more resources into one computer in the form of faster (or more) CPUs, memory or storage. Horizontally scalable systems are oftentimes able to outperform vertically scalable systems by enabling parallel execution of workloads and distributing those across many different computers. Auto Scaling Group is an example of Horizontal Scaling on AWS.
Scale up - The scale up (vertical scaling) operation implies adding more resources (like CPU, RAM) to a single node or machine. Example- Resizing an instance of EC2.
Performance Efficiency - Performance Efficiency is the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.
References:
https://wa.aws.amazon.com/wat.concept.availability.en.html
https://wa.aws.amazon.com/wat.concept.horizontal-scaling.en.html
