Cloud Practioner Fundamentals

Question 1

Golden Image

Answer 1

Certain AWS resource types like Amazon EC2instances, Amazon RDS DB instances, Amazon Elastic Block Store (Amazon EBS) volumes, etc., can be launched from a golden image: a snapshot of a particular state of that resource.

When compared to the bootstrapping approach, a golden image results in faster start times and removes dependencies to configuration services or third-party repositories. This is important in auto-scaled environments where you want to be able to quickly and reliably launch additional resources as a response to demand changes.

Question 2

Bootstrapping

Answer 2

When you launch an AWS resource like an Amazon EC2 instance or Amazon Relational Database (Amazon RDS)DB instance, you start with a default configuration.

You can then execute automated bootstrapping actions. That is, scripts that install software or copy data to bring that resource to a particular state. You can parameterize configuration details that vary between different environments (e.g.,production, test, etc.) so that the same scripts can be reused without modifications.

Question 3

Shuffle Sharding

Answer 3

fault-isolation technique

Question 4

non-explicit deny

Answer 4

When a new IAM user is created, that user has NO access to any AWS service. or that user, access must be explicitly allowed via IAM permissions.

Question 5

AWS Certificate Manager (AWS ACM)

Answer 5

easily provision, manage, and deploy public and private Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for use with AWS services and your internal connected resources.

SSL/TLS certificates are used to secure network communications and establish the identity of websites over the Internet as well as resources on private networks.

Question 6

Amazon Cloud Directory

Answer 6

used to build cloud-native directories for organizing hierarchies of data along multiple dimensions

traditional directory solutions, such as Active Directory Lightweight Directory Services (AD LDS) and other LDAP-based directories, limit you to a single hierarchy

Cloud Directory offers you the flexibility to create directories with hierarchies that span multiple dimensions

Question 7

CloudFront

Answer 7

used to distribute content to global users with low latency

Question 8

CloudTrail

Answer 8

an auditing service that track and record user activity and API usage.

provides visibility into user activity by recording actions taken on your account.

CloudTrail records important information about each action, including who made the request, the services used, the actions performed, parameters for the actions, and the response elements returned by the AWS service. This information helps you to enable governance, compliance, operational auditing, and risk auditing of your AWS account.

CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

Question 9

Amazon CloudWatch

Answer 9

used to monitor the utilization of the AWS cloud resources (such as Amazon EC2 instances, Amazon DynamoDB tables, and Amazon RDS DB instances) , as well as custom metrics generated by your applications and services.

Question 10

AWS CloudFormation

Answer 10

allows you to model your entire infrastructure with either a text file or programming languages.

allows you to provision your resources using code

Question 11

Account Compromised

Answer 11

1- Change your AWS root account password and the passwords of any IAM users.

2- Delete or rotate all root and AWS Identity and Access Management (IAM) access keys.

3- Delete any potentially compromised IAM users.

4- Delete any resources on your account you didn’t create, such as EC2 instances and AMIs, EBS volumes and snapshots, and IAM users.

5- Respond to any notifications you received from AWS Support through the AWS Support Center

Question 12

AWS Concierge

Answer 12

AWS billing and account experts that work with you to implement billing and account best practices.

Question 13

AWS Trusted Advisor

Answer 13

is not a team, it is an online tool that offers a rich set of best practice checks and recommendations across five categories: cost optimization, security, fault tolerance, performance, and service limits.

Question 14

AWS Elastic Beanstalk

Answer 14

easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS.

Question 15

Amazon SNS

Answer 15

is a messaging service

Question 16

AWS Systems Manager

Answer 16

allows you to centralize operational data from multiple AWS services and automate tasks across your AWS resources.

Question 17

AWS OpsWorks

Answer 17

configuration management service that provides managed instances of Chef and Puppet. Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers. OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments.

Question 18

AutoScaling

Answer 18

used to adjust capacity (up or down) automatically to optimize performance and costs.

used to increase or decrease capacity based on demand.

Question 19

AWS Config

Answer 19

is a service that enables you to monitor, assess, and audit all changes made to your AWS resources.

used to Record and evaluate configurations of your AWS resources.

Question 20

AWS Macie

Answer 20

protect your sensitive data in AWS. Amazon

uses machine learning to automatically discover, classify, and protect sensitive data in AWS.

recognizes sensitive data such as personally identifiable information (PII) or intellectual property, and provides you with dashboards and alerts that give visibility into how this data is being accessed or moved.

The fully managed service continuously monitors data access activity for anomalies, and generates detailed alerts when it detects risk of unauthorized access or inadvertent data leaks.

Today, Amazon Macie is available to protect data stored in Amazon S3, with support for additional AWS data stores coming later this year.

Question 21

data protection services & features

Answer 21

You can protect your data by encrypting it in transit and at rest.

You can use Cloudtrail to audit and get deep visibility into all API calls, including who, what, and from where calls were made.

You can also use the AWS Identity and Access Management (IAM) to control who can access or edit your data.

Question 22

AWS Storage Gateway

Answer 22

hybrid storage service that enables your on-premises applications to seamlessly use AWS cloud storage.

You can use the service for backup and archiving, disaster recovery, cloud data processing, storage tiring, and migration.

The gateway connects to AWS storage services, such as Amazon S3, Amazon S3 Glacier, Amazon S3 Glacier Deep Archive, Amazon EBS, and AWS Backup, providing storage for files, volumes, snapshots, and virtual tapes in AWS.

Question 23

Amazon EFS

Answer 23

is a shared file system. It is not for storing objects.

storage capacity is elastic, growing and shrinking automatically as you add and remove files, so your applications have the storage they need, when they need it.

it may be used to backup databases when you need temporary protection during updates or for development and test. It is not a cost effective solution for long term archival storage.

it can provide massively parallel shared access to thousands of Amazon EC2 instances, enabling your applications to achieve high levels of aggregate throughput and IOPS with consistent low latencies.

Question 24

AWS Data Pipeline

Answer 24

a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources.

Question 25

a web service that helps you reliably process and move data between different AWS compute and storage services, as well as on-premises data sources.

Answer 25

Better fault tolerance.

Better availability

Better Cost Management

Question 26

Amazon Elastic Container Service (ECS)

Answer 26

a compute service that allows you to run containerized applications

Question 27

AWS Batch

Answer 27

is a compute service that allows you to run batch computing jobs on AWS.

Question 28

AWS Fargate

Answer 28

is a compute engine for Amazon ECS that allows you to run containers without having to manage servers or clusters.

Question 29

AWS Lambda

Answer 29

is a compute service that lets you run code without provisioning or managing servers (i.e. serverless).

Question 30

Amazon EBS

Answer 30

a block level storage. It is not for storing objects.

Question 31

AWS Instance Store

Answer 31

provides temporary block-level storage for your Amazon EC2 instances.

Question 32

Read replicas

Answer 32

You can reduce the load on your source DB Instance by routing read queries from your applications to one or more read replicas. Read replicas allow you to elastically scale out beyond the capacity constraints of a single DB instance for read-heavy database workloads.

Question 33

Automated backups

Answer 33

feature of Amazon RDS enables point-in-time recovery for your database instance. This allows you to restore your database instance to any second during the retention period.

Question 34

Database snapshots

Answer 34

are user-initiated backups of your RDS instance stored in Amazon S3 that are kept until you explicitly delete them.

Question 35

AWS Serverless Application Repository

Answer 35

is used to share solutions with developers or to help your customers quickly understand the value of products and services you sell and support.

Anyone with an AWS account can publish a serverless application or application component to the AWS Serverless Application Repository.

You can share your published applications within your team, across your organization, or with the community at large.

Publicly shared applications must include a link to the application’s source code so others can view what the application does and how it works.

Question 36

Amazon API Gateway

Answer 36

a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale.

Question 37

Amazon AppStream

Answer 37

to deliver desktop applications to any user whatever the OS they are using (Chromebooks, Macs, or PCs).

Question 38

Route 53

Answer 38

domain and DNS management service. You can use it to register new domain names, as well as manage your Domain Name System (DNS).

Question 39

Golden Environment

Answer 39

means you can create an AWS CloudFormation script that captures your security policy and reliably deploys it.

Security best practices can now be reused among multiple projects and become part of your continuous integration pipeline.

You can perform security testing as part of your release cycle, and automatically discover application gaps and drift from your security policy.

Additionally, for greater control and security, AWS CloudFormation templates can be imported as “products” into AWS Service Catalog. This enables centralized management of resources to support consistent governance, security, and compliance requirements, while enabling users to quickly deploy only the approved IT services they need.

Question 40

AWS Artifact

Answer 40

provides on-demand downloads of AWS security and compliance documents, such as AWS ISO certifications, Payment Card Industry (PCI), and Service Organization Control (SOC) reports.

Question 41

Amazon Polly

Answer 41

is a service that turns text into lifelike speech.

Question 42

Amazon Glue

Answer 42

is used to prepare and load your data for analytics.

Question 43

Loose Coupling

Answer 43

concept of decoupling an application refers to breaking the application into loosely coupled components that are performing independently, where a change or a failure in one component do not impact other components.

Question 44

Server Side Encryption

Answer 44

available for both EBS and S3

is about protecting data at rest.

Server-side encryption with Amazon S3-managed encryption keys (SSE-S3) employs strong multi-factor encryption.

Amazon S3 encrypts each object with a unique key. As an additional safeguard, it encrypts the key itself with a master key that it regularly rotates.

Amazon S3 server-side encryption uses one of the strongest block ciphers available, 256-bit Advanced Encryption Standard (AES-256), to encrypt your data.

Question 45

Client-Side Encryption

Answer 45

Uploading encrypted files to Amazon S3