Cloud Practitioner Flashcards
Study guide to AWS Certification
1
Q
define what the AWS cloud is.
A
on demand delivery of IT resources and applications via the internet
2
Q
What are the benefits of Cloud services?
A
Reduce risk, scalablility, agile
3
Q
How does Cloud computing reduce risks?
A
Being Agile and being able to learn and adapt quickly to change
4
Q
How do you reduce your security risks?
A
Test often, patch quickly, and respond to incidences at lightning speeds.
5
Q
What does scalablity mean in AWS terms?
A
Resize your resources as necessary
6
Q
What does scalablity mean in AWS terms?
A
Resize your resources as necessary
7
Q
How does Cloud computing increase agility?
A
3 main factors in agility: increasing speed, ease of experimentation, cultivating culture of innovation
8
Q
Where are aws buildings
A
all over the world
9
Q
What does elasticity mean in AWS terms?
A
ability to scale up or down resources easily. Quickly deploy application or shut down.
10
Q
What does reliablity mean in AWS terms?
A
Ability to recover from infrastructure or service failures. Mitigate disrubtions
11
Q
How to make your resources maintain reliability?
A
Store your instances in multiple different aws availability zones instead of only one zone where if disaster occurred then all your resources are also down.
12
Q
What does fault tolerance mean?
A
means a system can remain functional even if some of its components fail. built in redundancy
13
Q
What is AWS data security
A
users have complete ownership of their own data.. and also how you handle encryption and who holds the encryption keys. and regional data compliance requirements
14
Q
Why is AWS security world class?
A
electronic surveillance,
multi-factor access controls, 24/7 security guards, access strictly regulated. minimize disruptions to systems, availability zones allow users to remain resilient.
15
Q
What cloud based products does AWS offer?
A
Compute, Storage, Databases, Analytics, Networking, Mobile, Developer tools, Management tools, IOT (internet of things), security, and enterprise applications
16
Q
How does the AWS products help users?
A
Mover faster, Lower IT costs, and scale
17
Q
list 6 aws core services
A
Amazon Elastic Cloud Compute (EC2), Amazon Elastic Block Store (EBS), Amazon Simple Storage Service (S3), AWS Global Infrastructure, Amazon Virtural Private Cloud (VPC), Security Groups.
18
Q
What is EC2?
A
Elastic Compute Cloud
19
Q
What does Compute refer to in EC2?
A
represents the servers, ie, application servers, Web servers, database servers, game servers, mail servers, media servers, catalog servers, file server, computing server, proxy server, ect.
20
Q
What does Cloud refer to in EC2?
A
the fact that these are cloud hosted services
21
Q
What does Elastic refer to in EC2?
A
the scalablity if properly configured, and it will do so automatically depending on the needs at the moment
22
Q
what are the “servers “ AWS provides reffered to as?
A
Amazon EC2 Instances
23
Q
What are instances?
A
They are pay as you go, have a broad selection of HW/SW, available global hosting
24
Q
What are the steps to build and configure and EC2 instance?
A
Login in to AWS, Console, Choose a region, Launch EC2 Wizard, Select AMI (SW), Select instance type, (HW) Configure network, Configure storage, Configure Key pairs, Then finally launch and connect to it.
25
What kinda choices do you have for AMIs?
Stands for Amazon Machine Image.
| Options are pre-made images (basics linux, windows, ect), OR third party images, OR install ur own images as SW
26
What is a DHCP address?
Dynamic Host Configuration Protocol (DHCP) is a network protocol that enables a server to automatically assign an IP address to a computer from a defined range of numbers (that is, a scope) configured for a given network
27
What does EBS stand for?
Elastic Block Storage
28
What can EBS be used for?
Storage for ur EC2 instances, usually used whenever your needing disk space for ur instances
29
Why is EBS more durable then typical HDD or SDD?
The block level replication. so you can use something basic for ur OS, but something faster like SDD for your seconday storage for Database so it may perform faster.
Lastly Snapshot feature allows you to save different versions of what you are running in different periods of time.
30
Can you encrypt your data that goes between your EC2 and EBS?
Yes using Encryption capabilities that amazon provides.
| Encryption occurs on the EC2 side.
31
to connect an EC2 instance to an EBS what must one make sure of ?
that the instance and the block are in the same Availability Zone
32
what is the command to tell what EBS blocks that are attached to your instance?
lsblk will show the disks
33
how do you create a file system on the newly attached EBS?
sudo mke2fs /location/storagename
34
how do you mount the new created folder into the machine?
sudo mount /loc/mountpoint /folder.
35
what are the steps to attach and EBS to an EC2 instance?
Create, Attach, Format
36
How do your remove an EBS from an EC2 instance?
give the command unmount /folder.
Then go back to AWS console, click on EC2 dashboard, click volumes, select the volume and detach the volume from the instance
37
Why are tags important?
they help identify where your usage and costs are coming from when analyzing your ASW bill
38
What are the benefits of using EC2 instances compared to physical servers
Pay as you go,
| Ability to have different storage requirements
39
What does Amazon S3 stand for?
Simple storage service
40
Describe amazon S3
its a already managed cloud storage service, that doesn't require you to add infrastructure.
Unlimited # of objects able to be stored.
Any objects types allowed.
Any time access.
Security controls.
41
For putting objects in storage in S3, what is a common practice to write the keys?
with a name that resembles a file path
42
which amazon service automatically backs up your data in storage faculties in the same region?
Amazon S3
43
how would you create a url to access data from anywhere using S3?
https://bucket_name/S3_region-specific_endpoint/object_key
44
what are two requirements for bucket names in S3?
Globally unique,
| and DNS compliant
45
what are some usecases for S3?
Storing Application Assets,
Static Web Hosting,
Backup & Disaster Recovery,
Staging area for Big Data
46
how would you copy data over to your S3 in the AWS CLI?
aws s3 cp thingcopied.txt s3://bucket_name/object_name
47
how would you copy data over to your S3 in the AWS CLI?
aws s3 cp thingcopied.txt s3://bucket_name/key_name
48
how would you sync data over to your S3 in the AWS CLI?
aws s3 sync somefolder s3://bucket_name/key_name
49
What are the 3 topics The AWS global infustructure can be broken down into?
AWS regions,
Availability Zones,
Edge Locations
50
What are AWS regions?
they are geographic areas that store 2 or more Availability zones
51
When choosing a region what should you consider?
which regions help optimize latency while minimizing costs, and adhering to regulatory requirements (GDPR, HIPAA, PCI DSS)
52
What are Availability zones?
they are a collection of data centers in a specific region . Each centers are completely separate from each other but connected by a low latency network
53
What are AWS edge locations?
they host a content delivery network (cdn) called "Amazon Cloud Front".
It is used to deliver content to ur customers.
54
Describe Amazon VPC
virtual private cloud is designed to meet ur networking requirements. same concepts as an on premise network. complete control of configuration. control over traffic
55
which services does VPC integrate well with?
EC2, Relational database service, ect
56
what are some features of VPC?
```
Bulits upon high availablity of AWS regions and Availability zones,
Subnets,
Route Tables,
Internet Gateway (IGW),
NAT Gateway,
Network Access Control Lists (NACL)
```
57
What are security groups?
they act like a built in firewall , control accessibility to instances
58
what port is http?
port 80
59
what is port https?
port 443
60
what source would you use to accept traffic from anywhere on the internet?
0.0.0.0/0
61
what ways can you edit your security group rules?
by traffic type, protocols, port ranges, and source
62
what is best practice for traffic rules?
to know what traffic is needed to access data and to limit traffic to only those channels
63
What is the application load balancer?
the second type of load balancer, introduced as part of the Elastic load balancing service. Enhanced Features include: supported protocols, Cloudwatch metrics, access logs, health checks
64
why use the application load balancer?
1) use a container to host ur microservices and route to those applications from a single load balancer.
app load balancer allows you to route different requests to the same instances But differ the path based on the port
65
With application load balancers what are Listeners?
is a process that checks for connection requests using the protocal and port that you configure. the rules that you define for a listener determine how the load balancer routes requests to the targets in one or more target groups.
66
With application load balancers what are Targets?
is a destination for traffic based on the established listener rules.
67
With application load balancers what are target groups?
Each target group routes requests to one or more registered targets using the protocol and port # specified. A target can be registered with multiple target groups. health checks can be configured on a per target group basis.
68
what steps are needed to use an application load balancer?
Launching the application load balancer.
Configuring routing.
Registering targets.
Verifying operation of the Application Load balancer.
69
what are the challenges of a stand alone relational database?
```
Server maintenance and energy footprint.
Software install and patches.
Database backups and high availability.
Limits on scalability.
Data security.
OS install and patches.
```
70
what does Amazon RDS manage? what do you manage?
```
you manage: application optimization.
AWS manages:
OS installation and patches.
Database software install and patches.
Database backups.
High availability.
Scaling.
Power and rack & stack.
Server maintenance.
```
71
In RDS what is a database instance?
an isolated database environment that can contain multiple user created Databases and can be access by the usual ways.
72
What is RDS best used for?
web/mobile apps: high throughput, massive storage scalability, and high availability.
E-commerce Application: Low-cost database, Data security, Fully managed solution.
Mobile/online games: rapid grow capacity, automatic scaling, database monitoring.
73
What is AWS lambda?
a compute service that lets you run code without per-visioning or managing service. Executed ur code only when needed and scales automatically to thousands of requests per sec.
74
what are the key benefits to AWS lambda?
No servers to manage. Only pay when needed. Continuous scaling. Subsecond Metering
75
What programming languages does AWS lambda support?
Nodejs
Javascript
C#
Python
76
How can we use AWS Lambda?
For event driven computing.
respond to http request using amazon gateway.
Envoke API calls using AWS SDKs
77
what are some use cases for AWS lambda?
```
automated backups.
processing objects uploaded to S3.
Event driven log analysis.
Event driven transformation.
IOT.
Operating serverless websites.
```
78
What is Elastic Beanstalk
It is a platform as a service.
Allow quick deployment of your applications.
Reduce management complexity.
keep control in ur hands (choose instance type, choose database, set and adjust auto scaling).
supports a large range of platforms (packer builder, containers, go, java, .net, node.js, php, python, ruby)
79
What is Cloudwatch?
monitors your AWS resources and the applications you run on AWS in real time
80
What are some Cloudwatch features?
Collect and track metrics.
Collect and monitor log files.
Set alarms.
Automatically react to changes.
81
What are use cases for Cloudwatch?
Respond to state changes in ur AWS resources.
Automatically invoke an AWS lambda function to update DNS entries when an event notifies that EC2 instance enters the Running state.
Direct specific API records from the cloudtrail to a kinesis stream for detailed analysis of potential security or availability risks.
Take a snapshot of an EBS volume on a schedule.
Log S3 Object Level Operations using Cloudwatch Events.
82
What are some components of Cloudwatch?
```
Metrics,
Alarms,
Events,
Logs,
Dashboards
```
83
What is Cloudfront?
Uses edge locations for content delivery. Can cache the content. CDN: contant delivery network
84
What are some use cases for cloudfront?
```
Static Asset Caching.
Live and On-Demand Video Streaming.
Security and DDoS protection.
Dynamic and Customized Content.
API Acceleration.
Software Distribution.
```
85
What is cloudformation?
simplifies the task of repeatedly and predictably creating groups of related resources that power your applications.
Fully-managed service.
Create, update, and delete resources in stacks
86
What are 3 ways of interacting with AWS services
call APIs such as:
AWS Management Console.
AWS CLI.
AWS SDK/API
87
What are Cloudformation Templates?
Resources to provision.
Text file.
JSON or YAML format.
Self-documenting environment
88
What are Cloudformation Stacks?
```
Resources generated.
Unit of deployment.
Create stack.
Update stack.
Delete stack.
```
89
What is the AWS well-architected framework there for?
Assess and improve architectures.
Understand how design decisions impact business.
Learn the five pillars and design principles.
90
what are the 5 pillars in well-architected framework?
```
Security.
Reliability.
Performance efficiency.
Cost optimization.
Operational excellence.
```
91
what are the design principles for Security?
```
Identity and access management (IAM).
Detective controls.
Infrastructure protection.
Data protection.
Incident response.
```
```
Implement security at all layers.
Enable tractability.
Apply principles of least privilege.
Focus on securing your system.
Automate.
```
92
What are the design principles for Reliability?
Recover from issues/failures.
Apply best practices in: foundations, change management, failure management.
Anticipate, respond, and prevent failures.
```
Test recovery procedures.
Automatically recover.
Scale horizontally.
Stop guessing capacity.
Manage change in automation.
```
93
What are the design principles for performance efficiency?
Select customizable solutions.
Review to continually innovate.
Monitor AWS services.
Consider the trade-offs.
```
Democratize advanced technologies.
Go global in minutes.
Use a serverless architectures.
Experiment more often.
Have mechanical sympathy.
```
94
What are the design principles for cost optimization?
Use cost-effective resources.
Matching supply with demand.
Increase expenditure awareness.
Optimize over time.
```
Adopt a consumption model.
Measure overall efficiency.
Reduce spending on data center operations.
Analyze and attribute expenditure.
Use managed services.
```
95
What are the design principles for operational excellence?
manage and automate changes.
Respond to events.
Define the standards.
96
Define Fault Tolerance?
Ability of a system to remain operational.
| Built-in redundancy of an application's components.
97
Define High Availability?
Systems are generally functioning and accessible.
Downtime is minimized.
Minimal human intervention is required.
Minimal up-front financial investment.
98
List some high availability service tools.
```
Elastic load balancers.
Elastic IP addresses.
Amazon Route 53.
Auto Scaling.
Amazon CloudWatch
```
99
What are Elastic IP addresses?
Are static IP addresses.
Mask failures.
Continues to access applications if an instance fails.
100
What is Amazon Route 53?
Authoritative DNS service (translates domain names to IP addresses).
Supports (simple routing, latency-based routing, health checks, DNS failovers, Geo-location routing)
101
What is auto scaling?
Terminates and launches instances.
Assists with adjusting or modifying capacity.
Creates new resources on demand.
102
List some Fault Tolerant Service Tools.
Amazon Simple Queue Service.
Amazon Simple Storage Service (S3).
Amazon Relational Database Service (RDS).
103
list some core AWS security features.
Identity and access management.
Amazon inspector.
AWS Shield.
104
```
The aws stack is made up of
User data,
Application,
Guest OS,
Hypervisor,
Network,
Physical.
What does AWS take care of and what does the user?
```
AWS: physical, network, hypervisor,
If u are running EC2 then u take care of the rest, guest OS, Application, User Data.
105
What is a user in IAM pov.
| IAM: Identity and Access Management
A permanent named operator.
106
What is a Group in IAM pov.
A collection of users.
107
What is a Role in IAM pov.
an authentication method.
| a role is an operator (human or machine) the credentials are temporary.
108
What is a policy document in IAM pov.
a JSON document that attaches to the user or to the group, or can be attached directly to a role.
policy doc list an api, what restrictions do we want to implement for that specific role, user, or group.
109
what is Amazon Inspector?
Automated security assessment service that helps maintain the security and compliance of applications deployed on AWS.
110
how can you access the Amazon Inspector?
Amazon inspector Console,
AWS software development kits (SDKs),
Amazon Inspector HTTPS API,
AWS command line tools
111
What does Amazon Inspector enable you to do?
Quickly and easily access ur AWS resources,
Offload security assessments,
Gain deeper understanding of ur AWS resources.
112
What is AWS shield?
is a managed Distributed Denial of Service (DDoS)
| protection service that safegaurds applications running on AWS.
113
how do ppl defend against DDoS application layer attacks?
use web application firewalls (wafs)
| block attacks/requests before they reach the web server infrastructure.
114
What is AWS shield standard?
Automatic protections available for all AWS customers, at no extra cost
115
What is AWS Shield Advanced?
Paid service for higher levels of protection, features, and benefits.
116
What are the features of AWS Shield Standard?
Automatic protection.
Quick detection.
Inline attack mitigation.
Self services (AWS support does not need to step in)
117
What features does AWS Shield Advance have?
```
All the features of Shield Standard.
Specialized support.
Advanced attack mitigation.
Visibility and attack notification.
Always-on monitoring.
Enhanced detection.
DDoS cost protection.
```
118
list the 3 components AWS complicance looks at.
Risk management.
Control Environment.
Information Security.
119
What things does the customer (us) have to do for customer compliance?
Review trusted info and doc compliance req.
Design and implement control objectives that meet compliance req.
identify and document controls owned my outside parties.
Verify all control objectives are met and all key controls are designed and operating effectively
120
What are the 3 fundamental cost you pay for in aws?
Compute Capacity
Storage
Outbound data transfer
121
List the cost factors.
```
clock-hour billing: resources incur charges when running.
Database characteristics: Engine, size, memory class impacts cost.
DB purchase type.
Provisionded storage: no charge for backup storage of up to 100% of DB storage.
Additional storage: back up storage in addition to provisioned storage billed at GB/Month
```
