Cloud Practitioner

Question 1

What is the most used service?

Answer 1

EC2

Question 2

What does EC2 stand for?

Answer 2

Elastic Cloud Compute

Question 3

What is main advantage of Lambda?

Answer 3

You don’t have to worry about servers, just your code

Question 4

What does S3 stand for?

Answer 4

Simple Storage Service

Question 5

What does RDS stand for?

Answer 5

Relational Database Service

Question 6

What is AWS’s non-relational DB?

Answer 6

DynamoDB

Question 7

What is AWS’s DNS service called?

Answer 7

Route53

Question 8

What does SQS stand for?

Answer 8

Simple Queue Service

Question 9

What is AWS’s CDN called?

Answer 9

CloudFront

Question 10

Three main reasons to move to AWS?

Answer 10

pricing, scalability, location

Question 11

What does EBS stand for?

Answer 11

Elastic Block Store

Question 12

What is Elastic Beanstalk?

Answer 12

Platform As A Service (PAAS) - Similar to GoDaddy, where you upload website content but don’t worry about servers.

Question 13

What is an availability zone?

Answer 13

One or more physical data centers in a close location.

Question 14

What is a region?

Answer 14

A physical location which consists of one or more availability zones.

Question 15

What is an edge location?

Answer 15

AWS endpoints used for caching more frequently accessed content.

Question 16

Why would you choose a particular region?

Answer 16

Data sovereignty laws, latency to end users, services available in that particular region

Question 17

What are the five support plans?

Answer 17

Basic, Developer, Business, Support API, Enterprise

Question 18

What is Basic support?

Answer 18

Free but no tech support

Question 19

What is Developer support level?

Answer 19

For experimenting with AWS, $29/month but scales with usage, dedicated support contact.

Question 20

What is Business support level?

Answer 20

24 hour support w/1hr response time for urgent issues, Access to Trusted Advisor, Access to Support API, $100/month but scales with usage.

Question 21

What is Enterprise support level?

Answer 21

$15k/month and scales with usage, for mission-critical apps, Includes TAM (Technical Account Manager) which acts as go-between, 15 min response time for critical issues.

Question 22

Are key pairs global?

Answer 22

No, they are unique to each region.

Question 23

How would you monitor for a cost threshold?

Answer 23

Using Cloudwatch, you would create a billing alarm.

Question 24

How do you grant access to various resources?

Answer 24

Using IAM

Question 25

Is IAM region-specific?

Answer 25

No, it is global

Question 26

What does IAM stand for?

Answer 26

Identity Access Management

Question 27

What are the three ways of accessing AWS?

Answer 27

Programmatic, AWS Management Console, using the SDKs

Question 28

What is the raw format of a policy?

Answer 28

JSON

Question 29

What is the difference between object-based and block-based storage?

Answer 29

Object-based is for storing files, block-based is for OS, etc

Question 30

What’s the max size for S3?

Answer 30

5TB

Question 31

What does S3 being a universal namespace mean?

Answer 31

Bucket names must be globally unique.

Question 32

How do you verify S3 bucket upload was successful?

Answer 32

HTTP 200

Question 33

What’s important to know when uploading a file to S3 and then attempting to read immediately?

Answer 33

If you upload a new file, you will be able to read it immediately knowing it will match what was just uploaded. If you upload an updated version of an EXISTING file or delete an EXISTING file, changes can take time to propagate and you might not be able to immediately be able to read the most up-to-date version of the file.

Question 34

What is S3 availability?

Answer 34

built for 99.99%, guaranteed 99.9%

Question 35

What is the guarantee for S3 file durability?

Answer 35

99.99999999999 (11 9s)

Question 36

How do you control access for files in S3?

Answer 36

ACLs

Question 37

How do you control access at the bucket level?

Answer 37

Bucket policies

Question 38

What are the seven storage classes?

Answer 38

S3 Standard, S3 – IA, S3 One Zone – IA, S3 – Intelligent Tiering, S3 Glacier, S3 Glacier Deep Archive, S3 Outposts

Question 39

What is S3 Standard?

Answer 39

primary high performance storage

Question 40

What is S3 One Zone - IA?

Answer 40

Lower cost option for IA when you don’t need multiple availability zones.

Question 41

What is S3 – Intelligent Tiering?

Answer 41

Uses machine learning to choose best suited access tier.

Question 42

What is S3 Glacier?

Answer 42

Low cost for archiving with configurable retrieval times.

Question 43

What is S3 Glacier Deep Archive?

Answer 43

Very low cost for when 12+ hour access time is acceptable.

Question 44

What is S3 Outposts?

Answer 44

Object storage in on-prem AWS environments

Question 45

How are you charged for S3?

Answer 45

Storage, Requests, Storage Management Pricing, Data Transfer Pricing, Transfer Acceleration, Cross Region Replication

Question 46

What is S3 Transfer Acceleration?

Answer 46

Takes advantage of CloudFronts global edge locations for optimization.

Question 47

What is the format of an S3 bucket URL?

Answer 47

S3, region name, .amazonaws.com/ bucketname.

Question 48

What are the three main global services (not region-specific)?

Answer 48

S3, Route53, IAM

Question 49

Where can an S3 bucket exist?

Answer 49

Must exist in one region only

Question 50

How can you replicate content across more than one region?

Answer 50

By using Cross Region Replication

Question 51

What are the three ways to control S3 bucket access?

Answer 51

Bucket Policies (applies to entire bucket), Object Policies (applies to each file), IAM Policies to control access for specific users and groups

Question 52

What do you have to do in order to be able to make an entire S3 bucket public?

Answer 52

Uncheck “block all public access” in the bucket permissions and then add a bucket policy that grants public access to the entire bucket.

Question 53

Why do many companies put static websites on S3?

Answer 53

Because it scales automatically and can handle a large amount of requests.

Question 54

What is S3 Versioning?

Answer 54

Stores all versions of an object, cannot be undone (only suspended), great for backup, integrates with lifecycle routines (automatically archiving to Glacier for example), can require MFA for extra layer of file deletion protection

Question 55

What is Distribution?

Answer 55

Name given to a CDN which consists of a series of Edge Locations

Question 56

What are the two types of CloudFront distributions?

Answer 56

Web Distribution and RTMP which is used for flash media streaming

Question 57

Are edge locations read-only?

Answer 57

No, read and write

Question 58

How long is a file cached at an edge location?

Answer 58

For the length of the TTL

Question 59

What is the main downside of clearing cached files from edge locations?

Answer 59

You will be charged.

Question 60

What are the four types of EC2 pricing models?

Answer 60

On-demand, Reserved, Spot, Fixed

Question 61

What is the On-demand EC2 pricing model?

Answer 61

You’re charged by the second

Question 62

What is the Reserved EC2 pricing model?

Answer 62

You commit to a 1 or 3 yr. term – he more you pay up front, the more discount you get. Cheaper than On-demand

Question 63

What is the Spot EC2 pricing model?

Answer 63

You to place a bid for the price you’re willing to pay

Question 64

What is the Fixed EC2 pricing model?

Answer 64

Allows you to have dedicated host within AWS to satisfy software licensing requirements etc

Question 65

What are the three types of Reserved EC2 pricing?

Answer 65

Standard, Convertible, Scheduled Reserve Instances

Question 66

What is the Standard Reserved EC2 pricing type?

Answer 66

Gives you up to 75% discount from on-demand but you’re locked into a specific instance type

Question 67

What is the Convertible Reserved EC2 pricing type?

Answer 67

Only a 54% discount but you get ability to change instance type

Question 68

What is the Scheduled Reserve Instances EC2 pricing type?

Answer 68

Allows you to reserve time windows

Question 69

What is the Scheduled Reserve Instances EC2 pricing type?

Answer 69

Allows you to reserve time windows

Question 70

What is the mnemonic for remembering EC2 instance types?

Answer 70

FIGHT DR MCPXZ AU

Question 71

What is Elastic Bean Stalk?

Answer 71

Allows you to create storage volumes and attach them to EC2 instances. You can create file systems or databases on them.

Question 72

What are the four EBS types?

Answer 72

General Purpose SSD (gp2, gp3), Provisioned IOPS SSD (io1, io2, io2 Block Express), Throughput Optimized HDD (st1), Cold HDD (sc1)

Question 73

What is EBS Throughput Optimized HDD?

Answer 73

A low-cost HDD designed for frequently accessed, throughput-intensive workloads.

Question 74

What is EBS Cold HDD?

Answer 74

The lowest-cost HDD design for less frequently accessed workloads. Good for file servers.

Question 75

What is EBS General Purpose SSD?

Answer 75

Provides a balance of price and performance. Recommended for most workloads.

Question 76

What is EBS Provisioned IOPS SSD?

Answer 76

High performance for mission-critical, low-latency, or high-throughput workloads.

Question 77

How are you charged for the termination of a spot EC2 instance?

Answer 77

If Amazon terminates a Spot EC2 instance, you will not be charged for the full hour but if you terminate it yourself, you will be.

Question 78

What’s a VPC?

Answer 78

A “virtual data center” in the cloud

Question 79

How does an EC2 instance normally exist inside of a VPC?

Answer 79

Within a subnet which has been created inside the VPC

Question 80

What is the scope of a subnet within AWS?

Answer 80

It exists entirely in one availability zone, cannot span zones.

Question 81

Where does a route table typically exist?

Answer 81

One per VPC

Question 82

What are the two main reasons to use roles?

Answer 82

Much more secure, easier to manage than using access key IDs/secret access keys

Question 83

What is the scope of roles?

Answer 83

They are global and span across all regions

Question 84

What are the three types of load balancers?

Answer 84

Application Load Balancer, Network Load Balancer, Classic Load Balancers, Gateway Load Balancers

Question 85

What is an Application Load Balancer for?

Answer 85

Makes intelligent decisions by operating at layer 7 (optimizes for protocols etc)

Question 86

What is a Network Load Balancer for?

Answer 86

Extreme performance but requires static IPs

Question 87

What are Classic Load Balancers for?

Answer 87

Keeping costs low

Question 88

What are Gateway Load Balancers for?

Answer 88

Allow you to deploy, scale, and manage virtual appliances, such as firewalls, intrusion detection and prevention systems, and deep packet inspection systems.

Question 89

What are 2 key features of RDS?

Answer 89

Multiple Availability Zones (for disaster recovery), Read Replicas (for performance)

Question 90

What are the relational databases available in RDS?

Answer 90

SQL Server, MySqL, PostgresSQL, Oracle, Aurora, MariaDB

Question 91

What are key features of non-relational DBs?

Answer 91

Columns in the table can vary by row without affecting the other rows

Question 92

What is the best choice for non-relational DB on AWS?

Answer 92

DynamoDB

Question 93

What is Amazon’s Data Warehousing database?

Answer 93

Redshift

Question 94

What is Amazon ElastiCache?

Answer 94

A web service that makes it easy to deploy, operate and scale in-memory cache

Question 95

What are the two ElastiCache caching engines?

Answer 95

Memcached, Redis

Question 96

Which Route53 policy routes traffic to resources with the best performance?

Answer 96

Latency-based routing

Question 97

What is the preferred method of securing S3 bucket access?

Answer 97

S3 Bucket Policies or IAM

Question 98

What is a CloudFront distribution?

Answer 98

A link between an origin server and a domain name, which CloudFront uses to identify the object you have stored in your origin server

Question 99

What are the five AWS support plans?

Answer 99

Basic, Developer, Business, Enterprise On-Ramp, Enterprise

Question 100

How many availability zones per region?

Answer 100

Between 2 and 5

Question 101

What are three valid access types for an IAM user?

Answer 101

Using AWS SDK, AWS Management Console access, Programmatic access via AWS CLI

Question 102

What’s the diff in CapEx and OpEx?

Answer 102

CapEx is a sunk, up-front cost whereas OpEx is operating expense where you pay as you go

Question 103

What are the five basic pricing policies?

Answer 103

Pay as you go, pay less when you reserve, pay even less per unit by using more, pay even less as AWS grows, custom pricing

Question 104

What are the three fundamental cost drivers?

Answer 104

Compute, Storage, Outbound Data

Question 105

What are the services that are free in AWS?

Answer 105

VPC, Elastic Beanstalk (resources it provisions are not), CloudFormation (resources it provisions are not), IAM, Auto Scaling, Opsworks, Consolidated Billing

Question 106

What determines the price for Lambda?

Answer 106

Request pricing (first 1 million requests are free), Duration pricing (400,000 GB-seconds free per month), Additional charges such as data written to/from S3

Question 107

What determines price for EBS?

Answer 107

Volumes (per GB), Snapshots (per GB), Data Transfer

Question 108

What determines price for S3?

Answer 108

storage class (standard, IA, 1AZ etc), storage (how much data stored), number of requests (get, put copy), data transfer

Question 109

What determines price for Glacier?

Answer 109

storage, data retrieval times

Question 110

What is Snowball?

Answer 110

A PB-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS

Question 111

What determines pricing for Snowball?

Answer 111

service fee per job ($200/50TB, $250/80TB), daily charge (first 10 days free), data transfer (inbound is free, outbound is not)

Question 112

What determines pricing for RDS?

Answer 112

clock hours, DB characteristics, DB purchase type, number of DB instances, provisioned storage, additional storage, requests, deployment type, data transfer

Question 113

What determines cost for DynamoDB?

Answer 113

provisioned throughput write, provisioned throughput read, indexed data storage

Question 114

What determines pricing for CloudFront?

Answer 114

traffic distribution, requests, data transfer out

Question 115

What’s the difference between Budgets and Explorer?

Answer 115

Budgets are used before costs are incurred while Cost Explorer is used to analyze past costs

Question 116

What level of support gets you access to a TAM (Technical Account Manager)?

Answer 116

Enterprise

Question 117

What level of support do you need for Production system down response of less than 1 hour?

Answer 117

Business or Enterprise

Question 118

What levels of support offer critical down response of less than 15 min?

Answer 118

Enterprise

Question 119

What level of support provides Prod system down response of less than 4 hours?

Answer 119

Business and Enterprise

Question 120

What level of support offers System Impaired response time of less than 12 hours?

Answer 120

Developer, Business and Enterprise

Question 121

What support tier offers general guidance in 24 hours or less?

Answer 121

Developer, Business and Enterprise

Question 122

What are Tags?

Answer 122

Key/Value pairs attached to AWS resources used for metadata, they can sometimes be inherited

Question 123

How are Tags useful?

Answer 123

They allow you to group resources, you can apply automation to resource groups

Question 124

What is Tag Editor?

Answer 124

A global service that allows resources to be discovered so that additional tags can be added. Newer regions might not be compatible with tag editor yet.

Question 124

What is Tag Editor?

Answer 124

A global service that allows resources to be discovered so that additional tags can be added. Newer regions might not be compatible with tag editor yet.

Question 125

Is Systems Manager regional or global?

Answer 125

Regional

Question 126

Is Tag Editor regional or global?

Answer 126

Global

Question 127

What is CloudTrail?

Answer 127

Auditing tool that monitors API calls in the AWS platform

Question 128

How should you use CloudTrail in an organization?

Answer 128

Turn on CloudTrail in the paying account and create a cross-account S3 bucket, then in each account, turn on CloudTrail and log to the bucket in the paying account

Question 129

What are the two types of AWS Organizations?

Answer 129

Full access where you have OUs with groups inside, or just organizations with consolidated billing only

Question 130

What is the max number of linked accounts in ASW organizations?

Answer 130

20 it’s a soft limit and you can ask them to increase it

Question 131

How do billing alerts work for the paying account?

Answer 131

It receives billing data for all linked accounts but you can also still create billing alerts for each account

Question 132

What is the scope of CloudTrail?

Answer 132

Per-account and enabled per region

Question 133

What is QuickStart?

Answer 133

A way of deploying pre-architected environments quickly using CloudFormation templates built by experts

Question 134

Are you charged for data transfer incurred replicating between primary and standby in RDS?

Answer 134

No

Question 135

What is Amazon WAF?

Answer 135

Web Application Firewall - Stops things like XSS and SQL injection attacks

Question 136

What is AWS Shield used for?

Answer 136

Guarding against DDOS attacks

Question 137

What is Amazon Inspector?

Answer 137

Something you install on EC2 instances to look for vulnerabilities

Question 137

What is Amazon Inspector?

Answer 137

Something you install on EC2 instances to look for vulnerabilities

Question 138

What is AWS Trusted Advisor?

Answer 138

Inspects your AWS account as a whole. It does security checks, cost optimization, performance and fault tolerance checks.

Question 139

What’s the difference between CloudWatch and AWS Config?

Answer 139

CloudWatch is for monitoring performance. AWS Config is for monitoring configurations of AWS resources.

Question 140

What are the five pillars Trusted Advisor measures?

Answer 140

Cost optimization, Performance, Security, Fault Tolerance, Service Limits

Question 141

What AWS services can you run pen testing on?

Answer 141

EC2/NAT gateway/ELB, RDS, CloudFront, Aurora, API Gateway, Lambda, Lightsail, Elastic Beanstalk

Question 141

What AWS services can you run pen testing on?

Answer 141

EC2/NAT gateway/ELB, RDS, CloudFront, Aurora, API Gateway, Lambda, Lightsail, Elastic Beanstalk

Question 142

What is the scope of AWS KMS?

Answer 142

Regional

Question 143

What is AWS KMS?

Answer 143

Key Management Service - Handles secure encryption and decryption

Question 144

Which service does KMS pair well with for encrypting/decrypting data?

Answer 144

S3

Question 145

Which service does KMS pair well with for encrypting/decrypting data?

Answer 145

S3

Question 146

What is the key difference between KMS and CloudHSM?

Answer 146

KMS is on shared hardware, CloudHSM is dedicated.

Question 147

What does HSM stand for?

Answer 147

Hardware Security Module

Question 147

What does HSM stand for?

Answer 147

Hardware Security Module

Question 148

What is Parameter Store?

Answer 148

A component of AWS Systems Manager (SSM) - Secure serverless storage for configuration and secretes

Question 149

What is Secrets Manager?

Answer 149

Similar to Parameter Store, but paid service with additional features like automatically rotating secrets, generating random secrets

Question 150

What is GaurdDuty?

Answer 150

Uses Machine Learning Algorithms for anomaly detection

Question 151

What are some examples of input data for GaurdDuty?

Answer 151

CloudTrail event logs, VPC Flow Logs, DNS logs

Question 152

What is Control Tower?

Answer 152

Used for setting up multiple AWS accounts in minutes, conforming to company policies

Question 153

What 5 steps should you take in the case of compromised IAM credentials?

Answer 153

Determine access for those credentials, invalidate them, invalidate temporary credentials, restore appropriate access, review access to your account

Question 154

What is the difference between Athena and Macie?

Answer 154

Athena allows you to query data using SQL that is stored in S3 as well as query cost and usage and click-stream data, Macie is a security service which uses machine learning and NLP to discover, classify and protect sensitive data stored in S3 and also CloudTrail logs

Question 155

Which compliance certification attests to the security of AWS regarding credit card transactions?

Answer 155

PCI DSS Level 1

Question 156

True or false: It’s safer to use Access Keys than it is to use IAM roles

Answer 156

False

Question 157

True or false: The standard version of AWS Shield offers automated application layer traffic monitoring

Answer 157

False

Question 158

What is AWS’s DDoS protection service?

Answer 158

AWS Shield

Question 159

Which service is used to assess security and compliance of EC2 instances?

Answer 159

AWS Inspector

Question 160

What should you think of if asked about special licensing requirements?

Answer 160

Dedicated hosts

Question 161

Your company would like to begin using auto-scaling to add servers when CPU utilization reaches a certain threshold (say 70%). Which service can you use to trigger actions when CPU utilization crosses the threshold?

Answer 161

CloudWatch Alarms

Question 162

You are working with IAM and need to attach policies to users, groups, and roles. Which will you be attaching these policies to?

Answer 162

Identities - objects that are used to identify and group.

Question 163

After creating an EC2 instance to host an application, the traffic to the site far exceeds what was expected. You decide to move to a larger instance type. What AWS principle does this represent?

Answer 163

Vertical Scaling

Question 164

A retail company has EC2 On-Demand instances running to serve customer transactions. There is a set pattern of traffic where demand is high at two points in the day, but the instances sit idle for much of the day. What is a good way to optimize these resources?

Answer 164

Use an Auto Scaling Group to scale out and in based on demand.

Question 165

In Identity and Access Management, which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS?

Answer 165

A Principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.

Question 166

A gaming company is using the AWS Developer Tool Suite to develop, build, and deploy their applications. Which AWS service can be used to trace user requests from end-to-end through the application?

Answer 166

AWS X-Ray

Question 167

You have decided to use the AWS Cost and Usage Report to track your EC2 Reserved Instance costs. Which AWS service can be used to store AWS Cost and Usage report files?

Answer 167

An S3 Bucket that you own.

Question 168

When configuring an Application Load Balancer, what step will you take to ensure a highly available architecture?

Answer 168

Configure the Load Balancer to serve traffic to multiple Availability Zones.

Question 169

You need to set up a virtual firewall for your EC2 instance. Which would you use?

Answer 169

A security group - acts as a virtual firewall for your instance to control inbound and outbound traffic.

Question 170

Which term refers to the Identity and Access Management (IAM) resource objects that AWS uses for authentication?

Answer 170

IAM entities - the users (IAM users and federated users) and roles that are created and used for authentication.

Question 171

A Healthcare agency needs to store certain patient information for up to 10 years. To save cost, they want to archive this data to cheaper storage. The data needs to be retrieved within 12 hours. Which is the cheapest option?

Answer 171

Glacier Deep Archive

Question 172

A software development team has begun using the AWS Developer Tools Suite. Which service will enable creating, managing, and working with software development projects on AWS?

Answer 172

AWS CodeStar - a cloud-based service for creating, managing, and working with software development projects on AWS

Question 173

You need to visualize, understand, identify trends for future charges, and manage your AWS costs and usage over time. Which AWS tool would you use?

Answer 173

AWS Cost Explorer