Cloud Practitioner Flashcards
(177 cards)
1
Q
What is the most used service?
A
EC2
2
Q
What does EC2 stand for?
A
Elastic Cloud Compute
3
Q
What is main advantage of Lambda?
A
You don’t have to worry about servers, just your code
4
Q
What does S3 stand for?
A
Simple Storage Service
5
Q
What does RDS stand for?
A
Relational Database Service
6
Q
What is AWS’s non-relational DB?
A
DynamoDB
7
Q
What is AWS’s DNS service called?
A
Route53
8
Q
What does SQS stand for?
A
Simple Queue Service
9
Q
What is AWS’s CDN called?
A
CloudFront
10
Q
Three main reasons to move to AWS?
A
pricing, scalability, location
11
Q
What does EBS stand for?
A
Elastic Block Store
12
Q
What is Elastic Beanstalk?
A
Platform As A Service (PAAS) - Similar to GoDaddy, where you upload website content but don’t worry about servers.
13
Q
What is an availability zone?
A
One or more physical data centers in a close location.
14
Q
What is a region?
A
A physical location which consists of one or more availability zones.
15
Q
What is an edge location?
A
AWS endpoints used for caching more frequently accessed content.
16
Q
Why would you choose a particular region?
A
Data sovereignty laws, latency to end users, services available in that particular region
17
Q
What are the five support plans?
A
Basic, Developer, Business, Support API, Enterprise
18
Q
What is Basic support?
A
Free but no tech support
19
Q
What is Developer support level?
A
For experimenting with AWS, $29/month but scales with usage, dedicated support contact.
20
Q
What is Business support level?
A
24 hour support w/1hr response time for urgent issues, Access to Trusted Advisor, Access to Support API, $100/month but scales with usage.
21
Q
What is Enterprise support level?
A
$15k/month and scales with usage, for mission-critical apps, Includes TAM (Technical Account Manager) which acts as go-between, 15 min response time for critical issues.
22
Q
Are key pairs global?
A
No, they are unique to each region.
23
Q
How would you monitor for a cost threshold?
A
Using Cloudwatch, you would create a billing alarm.
24
Q
How do you grant access to various resources?
A
Using IAM
25
Is IAM region-specific?
No, it is global
26
What does IAM stand for?
Identity Access Management
27
What are the three ways of accessing AWS?
Programmatic, AWS Management Console, using the SDKs
28
What is the raw format of a policy?
JSON
29
What is the difference between object-based and block-based storage?
Object-based is for storing files, block-based is for OS, etc
30
What's the max size for S3?
5TB
31
What does S3 being a universal namespace mean?
Bucket names must be globally unique.
32
How do you verify S3 bucket upload was successful?
HTTP 200
33
What’s important to know when uploading a file to S3 and then attempting to read immediately?
If you upload a new file, you will be able to read it immediately knowing it will match what was just uploaded. If you upload an updated version of an EXISTING file or delete an EXISTING file, changes can take time to propagate and you might not be able to immediately be able to read the most up-to-date version of the file.
34
What is S3 availability?
built for 99.99%, guaranteed 99.9%
35
What is the guarantee for S3 file durability?
99.99999999999 (11 9s)
36
How do you control access for files in S3?
ACLs
37
How do you control access at the bucket level?
Bucket policies
38
What are the seven storage classes?
S3 Standard, S3 – IA, S3 One Zone – IA, S3 – Intelligent Tiering, S3 Glacier, S3 Glacier Deep Archive, S3 Outposts
39
What is S3 Standard?
primary high performance storage
40
What is S3 One Zone - IA?
Lower cost option for IA when you don’t need multiple availability zones.
41
What is S3 – Intelligent Tiering?
Uses machine learning to choose best suited access tier.
42
What is S3 Glacier?
Low cost for archiving with configurable retrieval times.
43
What is S3 Glacier Deep Archive?
Very low cost for when 12+ hour access time is acceptable.
44
What is S3 Outposts?
Object storage in on-prem AWS environments
45
How are you charged for S3?
Storage, Requests, Storage Management Pricing, Data Transfer Pricing, Transfer Acceleration, Cross Region Replication
46
What is S3 Transfer Acceleration?
Takes advantage of CloudFronts global edge locations for optimization.
47
What is the format of an S3 bucket URL?
S3, region name, .amazonaws.com/ bucketname.
48
What are the three main global services (not region-specific)?
S3, Route53, IAM
49
Where can an S3 bucket exist?
Must exist in one region only
50
How can you replicate content across more than one region?
By using Cross Region Replication
51
What are the three ways to control S3 bucket access?
Bucket Policies (applies to entire bucket), Object Policies (applies to each file), IAM Policies to control access for specific users and groups
52
What do you have to do in order to be able to make an entire S3 bucket public?
Uncheck “block all public access” in the bucket permissions and then add a bucket policy that grants public access to the entire bucket.
53
Why do many companies put static websites on S3?
Because it scales automatically and can handle a large amount of requests.
54
What is S3 Versioning?
Stores all versions of an object, cannot be undone (only suspended), great for backup, integrates with lifecycle routines (automatically archiving to Glacier for example), can require MFA for extra layer of file deletion protection
55
What is Distribution?
Name given to a CDN which consists of a series of Edge Locations
56
What are the two types of CloudFront distributions?
Web Distribution and RTMP which is used for flash media streaming
57
Are edge locations read-only?
No, read and write
58
How long is a file cached at an edge location?
For the length of the TTL
59
What is the main downside of clearing cached files from edge locations?
You will be charged.
60
What are the four types of EC2 pricing models?
On-demand, Reserved, Spot, Fixed
61
What is the On-demand EC2 pricing model?
You're charged by the second
62
What is the Reserved EC2 pricing model?
You commit to a 1 or 3 yr. term – he more you pay up front, the more discount you get. Cheaper than On-demand
63
What is the Spot EC2 pricing model?
You to place a bid for the price you’re willing to pay
64
What is the Fixed EC2 pricing model?
Allows you to have dedicated host within AWS to satisfy software licensing requirements etc
65
What are the three types of Reserved EC2 pricing?
Standard, Convertible, Scheduled Reserve Instances
66
What is the Standard Reserved EC2 pricing type?
Gives you up to 75% discount from on-demand but you’re locked into a specific instance type
67
What is the Convertible Reserved EC2 pricing type?
Only a 54% discount but you get ability to change instance type
68
What is the Scheduled Reserve Instances EC2 pricing type?
Allows you to reserve time windows
69
What is the Scheduled Reserve Instances EC2 pricing type?
Allows you to reserve time windows
70
What is the mnemonic for remembering EC2 instance types?
FIGHT DR MCPXZ AU
71
What is Elastic Bean Stalk?
Allows you to create storage volumes and attach them to EC2 instances. You can create file systems or databases on them.
72
What are the four EBS types?
General Purpose SSD (gp2, gp3), Provisioned IOPS SSD (io1, io2, io2 Block Express), Throughput Optimized HDD (st1), Cold HDD (sc1)
73
What is EBS Throughput Optimized HDD?
A low-cost HDD designed for frequently accessed, throughput-intensive workloads.
74
What is EBS Cold HDD?
The lowest-cost HDD design for less frequently accessed workloads. Good for file servers.
75
What is EBS General Purpose SSD?
Provides a balance of price and performance. Recommended for most workloads.
76
What is EBS Provisioned IOPS SSD?
High performance for mission-critical, low-latency, or high-throughput workloads.
77
How are you charged for the termination of a spot EC2 instance?
If Amazon terminates a Spot EC2 instance, you will not be charged for the full hour but if you terminate it yourself, you will be.
78
What's a VPC?
A "virtual data center" in the cloud
79
How does an EC2 instance normally exist inside of a VPC?
Within a subnet which has been created inside the VPC
80
What is the scope of a subnet within AWS?
It exists entirely in one availability zone, cannot span zones.
81
Where does a route table typically exist?
One per VPC
82
What are the two main reasons to use roles?
Much more secure, easier to manage than using access key IDs/secret access keys
83
What is the scope of roles?
They are global and span across all regions
84
What are the three types of load balancers?
Application Load Balancer, Network Load Balancer, Classic Load Balancers, Gateway Load Balancers
85
What is an Application Load Balancer for?
Makes intelligent decisions by operating at layer 7 (optimizes for protocols etc)
86
What is a Network Load Balancer for?
Extreme performance but requires static IPs
87
What are Classic Load Balancers for?
Keeping costs low
88
What are Gateway Load Balancers for?
Allow you to deploy, scale, and manage virtual appliances, such as firewalls, intrusion detection and prevention systems, and deep packet inspection systems.
89
What are 2 key features of RDS?
Multiple Availability Zones (for disaster recovery), Read Replicas (for performance)
90
What are the relational databases available in RDS?
SQL Server, MySqL, PostgresSQL, Oracle, Aurora, MariaDB
91
What are key features of non-relational DBs?
Columns in the table can vary by row without affecting the other rows
92
What is the best choice for non-relational DB on AWS?
DynamoDB
93
What is Amazon’s Data Warehousing database?
Redshift
94
What is Amazon ElastiCache?
A web service that makes it easy to deploy, operate and scale in-memory cache
95
What are the two ElastiCache caching engines?
Memcached, Redis
96
Which Route53 policy routes traffic to resources with the best performance?
Latency-based routing
97
What is the preferred method of securing S3 bucket access?
S3 Bucket Policies or IAM
98
What is a CloudFront distribution?
A link between an origin server and a domain name, which CloudFront uses to identify the object you have stored in your origin server
99
What are the five AWS support plans?
Basic, Developer, Business, Enterprise On-Ramp, Enterprise
100
How many availability zones per region?
Between 2 and 5
101
What are three valid access types for an IAM user?
Using AWS SDK, AWS Management Console access, Programmatic access via AWS CLI
102
What's the diff in CapEx and OpEx?
CapEx is a sunk, up-front cost whereas OpEx is operating expense where you pay as you go
103
What are the five basic pricing policies?
Pay as you go, pay less when you reserve, pay even less per unit by using more, pay even less as AWS grows, custom pricing
104
What are the three fundamental cost drivers?
Compute, Storage, Outbound Data
105
What are the services that are free in AWS?
VPC, Elastic Beanstalk (resources it provisions are not), CloudFormation (resources it provisions are not), IAM, Auto Scaling, Opsworks, Consolidated Billing
106
What determines the price for Lambda?
Request pricing (first 1 million requests are free), Duration pricing (400,000 GB-seconds free per month), Additional charges such as data written to/from S3
107
What determines price for EBS?
Volumes (per GB), Snapshots (per GB), Data Transfer
108
What determines price for S3?
storage class (standard, IA, 1AZ etc), storage (how much data stored), number of requests (get, put copy), data transfer
109
What determines price for Glacier?
storage, data retrieval times
110
What is Snowball?
A PB-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of AWS
111
What determines pricing for Snowball?
service fee per job ($200/50TB, $250/80TB), daily charge (first 10 days free), data transfer (inbound is free, outbound is not)
112
What determines pricing for RDS?
clock hours, DB characteristics, DB purchase type, number of DB instances, provisioned storage, additional storage, requests, deployment type, data transfer
113
What determines cost for DynamoDB?
provisioned throughput write, provisioned throughput read, indexed data storage
114
What determines pricing for CloudFront?
traffic distribution, requests, data transfer out
115
What's the difference between Budgets and Explorer?
Budgets are used before costs are incurred while Cost Explorer is used to analyze past costs
116
What level of support gets you access to a TAM (Technical Account Manager)?
Enterprise
117
What level of support do you need for Production system down response of less than 1 hour?
Business or Enterprise
118
What levels of support offer critical down response of less than 15 min?
Enterprise
119
What level of support provides Prod system down response of less than 4 hours?
Business and Enterprise
120
What level of support offers System Impaired response time of less than 12 hours?
Developer, Business and Enterprise
121
What support tier offers general guidance in 24 hours or less?
Developer, Business and Enterprise
122
What are Tags?
Key/Value pairs attached to AWS resources used for metadata, they can sometimes be inherited
123
How are Tags useful?
They allow you to group resources, you can apply automation to resource groups
124
What is Tag Editor?
A global service that allows resources to be discovered so that additional tags can be added. Newer regions might not be compatible with tag editor yet.
124
What is Tag Editor?
A global service that allows resources to be discovered so that additional tags can be added. Newer regions might not be compatible with tag editor yet.
125
Is Systems Manager regional or global?
Regional
126
Is Tag Editor regional or global?
Global
127
What is CloudTrail?
Auditing tool that monitors API calls in the AWS platform
128
How should you use CloudTrail in an organization?
Turn on CloudTrail in the paying account and create a cross-account S3 bucket, then in each account, turn on CloudTrail and log to the bucket in the paying account
129
What are the two types of AWS Organizations?
Full access where you have OUs with groups inside, or just organizations with consolidated billing only
130
What is the max number of linked accounts in ASW organizations?
20 it's a soft limit and you can ask them to increase it
131
How do billing alerts work for the paying account?
It receives billing data for all linked accounts but you can also still create billing alerts for each account
132
What is the scope of CloudTrail?
Per-account and enabled per region
133
What is QuickStart?
A way of deploying pre-architected environments quickly using CloudFormation templates built by experts
134
Are you charged for data transfer incurred replicating between primary and standby in RDS?
No
135
What is Amazon WAF?
Web Application Firewall - Stops things like XSS and SQL injection attacks
136
What is AWS Shield used for?
Guarding against DDOS attacks
137
What is Amazon Inspector?
Something you install on EC2 instances to look for vulnerabilities
137
What is Amazon Inspector?
Something you install on EC2 instances to look for vulnerabilities
138
What is AWS Trusted Advisor?
Inspects your AWS account as a whole. It does security checks, cost optimization, performance and fault tolerance checks.
139
What's the difference between CloudWatch and AWS Config?
CloudWatch is for monitoring performance. AWS Config is for monitoring configurations of AWS resources.
140
What are the five pillars Trusted Advisor measures?
Cost optimization, Performance, Security, Fault Tolerance, Service Limits
141
What AWS services can you run pen testing on?
EC2/NAT gateway/ELB, RDS, CloudFront, Aurora, API Gateway, Lambda, Lightsail, Elastic Beanstalk
141
What AWS services can you run pen testing on?
EC2/NAT gateway/ELB, RDS, CloudFront, Aurora, API Gateway, Lambda, Lightsail, Elastic Beanstalk
142
What is the scope of AWS KMS?
Regional
143
What is AWS KMS?
Key Management Service - Handles secure encryption and decryption
144
Which service does KMS pair well with for encrypting/decrypting data?
S3
145
Which service does KMS pair well with for encrypting/decrypting data?
S3
146
What is the key difference between KMS and CloudHSM?
KMS is on shared hardware, CloudHSM is dedicated.
147
What does HSM stand for?
Hardware Security Module
147
What does HSM stand for?
Hardware Security Module
148
What is Parameter Store?
A component of AWS Systems Manager (SSM) - Secure serverless storage for configuration and secretes
149
What is Secrets Manager?
Similar to Parameter Store, but paid service with additional features like automatically rotating secrets, generating random secrets
150
What is GaurdDuty?
Uses Machine Learning Algorithms for anomaly detection
151
What are some examples of input data for GaurdDuty?
CloudTrail event logs, VPC Flow Logs, DNS logs
152
What is Control Tower?
Used for setting up multiple AWS accounts in minutes, conforming to company policies
153
What 5 steps should you take in the case of compromised IAM credentials?
Determine access for those credentials, invalidate them, invalidate temporary credentials, restore appropriate access, review access to your account
154
What is the difference between Athena and Macie?
Athena allows you to query data using SQL that is stored in S3 as well as query cost and usage and click-stream data, Macie is a security service which uses machine learning and NLP to discover, classify and protect sensitive data stored in S3 and also CloudTrail logs
155
Which compliance certification attests to the security of AWS regarding credit card transactions?
PCI DSS Level 1
156
True or false: It's safer to use Access Keys than it is to use IAM roles
False
157
True or false: The standard version of AWS Shield offers automated application layer traffic monitoring
False
158
What is AWS's DDoS protection service?
AWS Shield
159
Which service is used to assess security and compliance of EC2 instances?
AWS Inspector
160
What should you think of if asked about special licensing requirements?
Dedicated hosts
161
Your company would like to begin using auto-scaling to add servers when CPU utilization reaches a certain threshold (say 70%). Which service can you use to trigger actions when CPU utilization crosses the threshold?
CloudWatch Alarms
162
You are working with IAM and need to attach policies to users, groups, and roles. Which will you be attaching these policies to?
Identities - objects that are used to identify and group.
163
After creating an EC2 instance to host an application, the traffic to the site far exceeds what was expected. You decide to move to a larger instance type. What AWS principle does this represent?
Vertical Scaling
164
A retail company has EC2 On-Demand instances running to serve customer transactions. There is a set pattern of traffic where demand is high at two points in the day, but the instances sit idle for much of the day. What is a good way to optimize these resources?
Use an Auto Scaling Group to scale out and in based on demand.
165
In Identity and Access Management, which term applies to a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS?
A Principal is a person or application that uses the AWS account root user, an IAM user, or an IAM role to sign in and make requests to AWS.
166
A gaming company is using the AWS Developer Tool Suite to develop, build, and deploy their applications. Which AWS service can be used to trace user requests from end-to-end through the application?
AWS X-Ray
167
You have decided to use the AWS Cost and Usage Report to track your EC2 Reserved Instance costs. Which AWS service can be used to store AWS Cost and Usage report files?
An S3 Bucket that you own.
168
When configuring an Application Load Balancer, what step will you take to ensure a highly available architecture?
Configure the Load Balancer to serve traffic to multiple Availability Zones.
169
You need to set up a virtual firewall for your EC2 instance. Which would you use?
A security group - acts as a virtual firewall for your instance to control inbound and outbound traffic.
170
Which term refers to the Identity and Access Management (IAM) resource objects that AWS uses for authentication?
IAM entities - the users (IAM users and federated users) and roles that are created and used for authentication.
171
A Healthcare agency needs to store certain patient information for up to 10 years. To save cost, they want to archive this data to cheaper storage. The data needs to be retrieved within 12 hours. Which is the cheapest option?
Glacier Deep Archive
172
A software development team has begun using the AWS Developer Tools Suite. Which service will enable creating, managing, and working with software development projects on AWS?
AWS CodeStar - a cloud-based service for creating, managing, and working with software development projects on AWS
173
You need to visualize, understand, identify trends for future charges, and manage your AWS costs and usage over time. Which AWS tool would you use?
AWS Cost Explorer
