Cloud Concepts Flashcards
What are key characteristics of AWS Security Groups and NACLs?
Security Groups:
- Virtual firewall for instances
- Control inbound and outbound traffic
- Can only have allow rules (not deny rules)
Network Access Control Lists (NACLs):
- Operate at the subnet level
- Can allow or deny traffic
- Provides an additional layer of security
What must be true before removing an AWS account from AWS Organizations?
Account must operate as a standalone account.
To remove from AWS Organizations, the account must:
- Accept AWS Customer Agreement
- Choose a support plan
- Provide contact info & valid payment method.
Which type of cloud computing does Amazon Elastic Compute Cloud (EC2) represent?
Infrastructure as a Service (IaaS)
- Provides fundamental IT resources: networking, computing, data storage
- Full control over OS, networking, storage, applications
- Highest level of flexibility and management
Who are common stakeholders in the AWS Cloud Adoption Framework (AWS CAF) platform perspective?
Chief Technology Officer (CTO)
Engineers, architects, and technology leaders
- Focus on scalable, hybrid cloud environments
- Accelerates delivery of cloud workloads
What two actions should a company take when planning a cloud migration to become more responsive to customer feedback, as per the AWS Cloud Adoption Framework (AWS CAF)?
- Organize teams around products and value streams
- Leverage agile methods to iterate and evolve rapidly
AWS CAF helps businesses become more responsive by aligning teams and adopting agile methods for quick adaptation to customer needs.
Which AWS service enables a private connection between an on-premises environment and an AWS VPC, bypassing the public internet?
AWS Direct Connect
- Establishes a private, high-bandwidth connection between an on-premises network and a VPC.
- Provides a secure, private connection with no use of the public internet.
- The physical connection typically takes at least a month to establish.
In the shared responsibility model, what does AWS manage when you migrate your infrastructure to the AWS Cloud?
Physical and Environmental controls
- AWS is responsible for securing the physical infrastructure, including data centers and hardware.
- Part of the inherited controls in the shared responsibility model.
What is a benefit of using AWS managed services, like Amazon RDS?
Better performance than customer-managed databases
- AWS managed RDS instances are optimized for different use cases, providing better performance for database operations.
- Amazon RDS handles time-consuming tasks like hardware provisioning, patching, backups, and scaling, allowing customers to focus on applications rather than management.
Which AWS service should a financial services company use for governance, compliance, and auditing?
AWS CloudTrail
- Logs and monitors account activity across AWS infrastructure.
- Provides an event history of activity via AWS Management Console, CLI, SDKs, and other services.
- Helps ensure compliance and auditing by tracking all changes and actions within the AWS environment.
Which of the following are pillars of the AWS Well-Architected Framework? (two)
Reliability: Focuses on ensuring systems can recover from failures and meet business continuity requirements.
Cost Optimization: Ensures systems are cost-efficient and resources are utilized optimally.
The AWS Well-Architected Framework has six pillars: operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability.
Which phase of the AWS Cloud Adoption Framework focuses on demonstrating how the cloud accelerates business outcomes?
Envision
- Focuses on business outcomes
- Initial phase in cloud adoption, highlights benefits
What are the phases in the AWS Cloud Adoption Framework (AWS CAF)?
Envision: Focuses on business outcomes and benefits
Project: Design and launch initial cloud projects
Migration: Migrate workloads to the cloud
Reinforcement: Optimize, scale, and ensure ongoing success
What AWS service helps organizations connect multiple Amazon VPCs and on-premises networks through a central hub?
AWS Transit Gateway
- Acts as a cloud router, simplifying network management
- Eliminates complex VPC peering relationships
- Supports inter-Region peering over AWS’s global network
- Data is automatically encrypted and never travels over the public internet
How can a company identify underutilized Amazon EC2 instances without manual configurations?
AWS Trusted Advisor provides automated insights into resource utilization.
- Flags EC2 instances with low CPU usage (≤10%) and low network I/O (≤5MB) over 4+ days.
- Helps optimize costs by identifying opportunities to downsize or terminate instances.
Which AWS Cloud Adoption Framework (CAF) perspective aligns IT investments with business objectives?
Business Perspective
- Ensures cloud adoption aligns with strategic planning, value realization, and business success.
- Focuses on measuring the benefits of cloud adoption.
Which AWS services provide serverless computing?
AWS Lambda – Runs code without provisioning or managing servers; you pay only for compute time used.
AWS Fargate – A serverless compute engine for containers that works with ECS and EKS, eliminating the need to manage servers.
Which AWS storage service can be directly used with on-premises systems?
Amazon Elastic File System (Amazon EFS)
- Provides scalable, fully managed NFS storage.
- Can be accessed from on-premises using AWS Direct Connect or AWS VPN.
- Mounted on Linux servers using standard mount commands.
Which AWS service ensures that your EC2 application has the right amount of capacity to handle current traffic demand?
Amazon EC2 Auto Scaling
- Adjusts EC2 instance capacity automatically.
- Uses Auto Scaling groups to maintain the correct number of instances.
- Helps ensure availability and cost efficiency by scaling up/down as needed.
What are key recommendations in the Operational Excellence pillar of the AWS Well-Architected Framework?
- Anticipate failure by performing “pre-mortem” exercises and testing failure scenarios.
- Make frequent, small, reversible changes to improve agility and reduce risk.
- Design workloads for regular updates and automated operations to enhance reliability and efficiency.
Which AWS Well-Architected Framework pillar focuses on efficient resource use and selecting the right resource types based on workload needs?
Performance Efficiency Pillar
- Focuses on selecting the right resource types and sizes for optimal performance.
- Encourages serverless architectures, global deployment, and experimentation.
- Helps businesses scale efficiently as needs evolve.
What is the AWS Well-Architected Tool and how does it help?
Based on the AWS Well-Architected Framework with five key pillars:
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
- Available in the AWS Management Console as a free tool.
- Provides step-by-step recommendations to improve workload design.
- Helps architects build secure, high-performing, resilient, and efficient applications in the cloud.
What are AWS global services, and which AWS services are delivered globally?
Some AWS services operate globally rather than being limited to a specific AWS Region.
- Amazon Route 53 (DNS & traffic management)
- Amazon Chime (online meetings & video conferencing)
- Amazon WorkDocs (document collaboration)
- Amazon WorkMail (managed email service)
- Amazon WorkSpaces (virtual desktops, DaaS)
- Amazon WorkLink (secure mobile access to corporate resources)
Amazon WorkSpaces is a fully managed Desktop-as-a-Service (DaaS) that lets users provision Windows or Linux desktops globally.
What is Amazon API Gateway?
Amazon API Gateway is a fully managed service for creating, publishing, and securing APIs.
- Supports REST, HTTP, and WebSocket APIs.
- Acts as a “front door” for applications, integrating with services like AWS Lambda, Kinesis, Step Functions, EC2, and Elastic Beanstalk.
- Provides throttling, authentication, caching, and monitoring.
- Allows mocking APIs before backend services are built.
Which AWS service allows desktop applications to be accessed from a browser without managing infrastructure?
Amazon AppStream 2.0
- Streams desktop applications to any device, eliminating the need for on-premises servers.
- Fully managed, secure, and scalable.
- Works with Active Directory, cloud storage, and file shares.
- Automatically adjusts to network conditions for a smooth experience.
