Cloud Practitioner Training Flashcards

Question 1

Q

IAM:

Users

Answer

A

mapped to a physical user, has a password for AWS Console

Question 2

Q

IAM:

Groups

Answer

A

contain users only

Question 3

Q

IAM:

Policies

Answer

A

JSON document that outlines permissions for users or groups

Question 4

Q

IAM:

Roles

Answer

A

for EC2 instances or AWS services

Question 5

Q

IAM:

Security

Answer

A

MFA + Password Policy

Question 6

Q

IAM:

AWS CLI

Answer

A

manage your AWS services using the command-line

Question 7

Q

IAM:

AWS SDK

Answer

A

manage your AWS services using a programming language

Question 8

Q

IAM:

Access Keys

Answer

A

access AWS using the CLI or SDK

Question 9

Q

IAM:

Audit

Answer

A

IAM Credential Reports & IAM Access Advisor

Question 10

Q

EC2:

EC2 Instance

Answer

A

AMI (OS) + instance size (CPU + RAM) + Storage + security groups + EC2 User Data

Question 11

Q

EC2:

Security Groups

Answer

A

Firewall attached to the EC2 instance

Question 12

Q

EC2:

EC2 User Data

Answer

A

Script launched at the first start of an instance

Question 13

Q

EC2:

SSH

Answer

A

start a terminal into our EC2 instances (port 22)

Question 14

Q

EC2:

EC2 Instance Role

Answer

A

link to IAM roles

Question 15

Q

EC2:

Purchasing Options

Answer

A

On-demand, Spot, Reserved (Standard + Convertible + Scheduled), dedicated host, Dedicated Instance

Question 16

Q

EBS

Answer

A

Elastic Block Store
Block storage designed to be connected to a single Ec2 instance that can scale to support petabytes of data and supporst multiple volume types based on need.
Persistent storage that exists separately from the host the virtual server is running on
network drives attached to one EC2 instance at a time
Mapped to an AZ
Can use EBS Snapshots for backups/transferring EBS volumes across AZ

Question 17

Q

AMI

Answer

A

Amazon Machine Image (AMI)
Template for an EC2 instance including configuration, operating system, and data
Can be shared across AWS accounts
provides the information required to launch an instance. You must specify an AMI when you launch an instance.
- create ready to use EC2 instances with our customizations

Question 18

Q

EC2 Instance Storage:

EC2 Image Builder

Answer

A

Automatically build, test, and distribute AMIs

Question 19

Q

EC2 Instance Store

Answer

A

High-Performance hardware disk attached to our EC2 instance
Lost if our instance is stopped/terminated
Ephemeral storage that is physically attached to the host the virtual server is running one

Question 20

Q

EC2 Instance Storage:

EFS

Answer

A

Elastic File System
network file system can be attached to 100s of instances in a region
can be attached to EC2
pay per use

Question 21

Q

EC2 Instance Storage:

EFS-IA

Answer

A

cost-optimized storage class for infrequently accessed files

Question 22

Q

EC2 Instance Storage:

FSx for Windows

Answer

A

Network File System for Windows servers

Question 23

Q

EC2 Instance Storage:

FSx for Lustre

Answer

A

High Performace Computing Linux File System

Question 24

Q

ELB & ASG:

High Availability

Answer

A

usually goes hand in hand with horizontal scaling
means running your application/system in at least 2 AZs
goal is to survive a data center loss (disaster)
- multi AZ auto scaling group
- multi AZ load balancer

Question 25

Q

ELB & ASG:

Scalability

Answer

A

means that an application/system can handle greater loads by adapting.
ability to accommodate a larger load by making the hardware stronger (scale up) or by adding nodes (scale out)

Question 26

Q

ELB & ASG:

Elasticity

Answer

A

once a system is scalable, elasticity means that there will be some “auto-scaling” so that the systems can scale based on the load

Question 27

Q

ELB & ASG:

Agility

Answer

A

NOT related to scalability

distractor
new IT resources are only a click away, which means that you reduce the time to make those resources available to your developers from weeks to just minutes

Question 28

Q

ELB & ASG:

Vertical Scalability

Answer

A

means increasing the size of the instance (scale up/down)
common for non-distributed systems such as a database
- usually a limit to how much you can vertically scale (hardware limit)

Question 29

Q

ELB & ASG:

Horizontal Scalability

Answer

A

means increasing the number of instances/systems for your application (scale out/in)
implies distributed systems
very common for web apps/modern apps
easy to horizontally scale thanks to cloud offerings like EC2
Auto Scaling Group
load balancer

Question 30

Q

ELB & ASG:

Elastic Load Balancers

Answer

A

ELB
Distrbute traffic across backend EC2 instances, can be multi AZ
- supports health checks

Question 31

Q

ELB & ASG:

3 types of Load Balancers

Answer

A

Application LB (HTTP/HTTPS - l7)
Network LB (TCP - Layer 4) - ultra-high performance 
Classic LB (old)

Question 32

Q

ELB & ASG:

Auto Scaling Groups

Answer

A

ASG
Implement elasticity for your application across multi AZ
scale EC2 instances based on the demand on your system, replace unhealthy
integrated with the ELB

Question 33

Q

S3:

S3

Answer

A

infinitely scaling storage
backup & storage
disaster recovery
archive
hyprid cloud storage
app hosting
media hosting
software delivery
static website

Question 34

Q

S3:

Buckets

Answer

A

S3 allows people to store objects (files) in buckets (directories)
buckets must have globally unique name across all regions
Defined/tied to a region

Question 35

Q

S3:

Bucket naming convention

Answer

A

no uppercase
no underscore
3-63 characters long
not an IP
must start with a lowercase letter or a number

Question 36

Q

S3:

objects

Answer

A

files in buckets
objects have a key
key is the FULL path (prefix + obj name)

Question 37

Q

S3:

S3 Security

Answer

A

User-based: IAM policies
Resource-based: bucket policies, Object Access Control List, Bucket Access Control List
Encryption: encrypt using encryption keys

Question 38

Q

S3:

S3 Websites

Answer

A

host a static website on s3

Question 39

Q

S3:

S3 Versioning

Answer

A

multiple versions for files, prevent accidental deletes

Question 40

Q

S3:

S3 Access Logs

Answer

A

log requests made within your S3 bucket

Question 41

Q

S3:

3 Replication

Answer

A

same-region or cross-region, must enable versioning

Question 42

Q

S3:

S3 storage classes

Answer

A

Standard, IA, IZ-IA, Intelligent, Glacier, Glacier Deep Archive

Question 43

Q

Amazon S3 Standard

Answer

A

99% availability
- used for frequently accessed data
- low latency and high throughput
- sustain 2 concurrent facility failures

Question 44

Q

Amazon S3 Standard Use Cases

Answer

A

big data analytics, mobile & gaming applications, content distribution

Question 45

Q

Amazon S3 Standard-infrequent Access (IA)

Answer

A

9% availability
- suitable for data that is less frequently accessed but requires rapid access when needed
- lower cost compared to S3 standard but retrieval fee
- can sustain 2 concurrent facility failures

Question 46

Q

Amazon S3 Standard-infrequent Access (IA) Use Cases

Answer

A

data store for disaster recovery, backups

Question 47

Q

Amazon S3 One Zone-Infrequent Access (IZ-IA)

Answer

A

same as IA but data is stored in single AZ
99.5% availability
- low latency and high throughput performance
lower cost compared to S3-IA (20%)

Question 48

Q

Amazon S3 One Zone-Infrequent Access (IZ-IA) Use Cases

Answer

A

storing secondary backup copies of on-premise data, or storing data you can recreate

Question 49

Q

Amazon S3 Intelligent Tiering

Answer

A

99.9% availability
same low latency and high throughput performance of S3 standard
-cost-optimized by automatically moving objects between two access tiers based on changing access pattern: frequent/infrequent

Question 50

Q

Amazon S3 Intelligent Tiering Use Cases

Answer

A

resilient against events that impact an entire availability zone

Question 51

Q

Amazon Glacier

Answer

A

low cost storage meant for archiving/backup
data is retained for the longer term (years)
various retrieval options of time with fees for retrieval

Question 52

Q

Amazon Glacier retrieval times

Answer

A

expedited (1-5 minutes)
standard (3-5 hours)
bulk (5 to 12 hours)

Question 53

Q

Amazon Glacier Deep Archive retrieval times

Answer

A

cheapest
standard (12 hours)
bulk (48 hours)

Question 54

Q

S3:

S3 Lifecycle RUles

Answer

A

transition objects between classes - for infrequently accessed objects move them to standard IA
for archive objects you don’t need in real time use Glacier or Glacier Deep Archive

Question 55

Q

S3:

S3 Glacier Vault Lock

Answer

A

Adopt a WORM (write once read many) model
Lock the policy for future edits (can no longer be changed)
helpful for compliance and data retention

Question 56

Q

S3:

S3 Object Lock

Answer

A

adopt WORM (write once read many) model
block an object version deletion for a specified amount of time

Question 57

Q

Snowcone

Answer

A

small portable computing, anywhere, rugged & secure, withstands harsh environments
8 TBS of usable storage 
must provide own battery/cables
2 CPUS 
4GB of memory
USB C

Question 58

Q

Snowball edge

Answer

A

for data transfers
up to 15 nodes
can run EC2 instances & AWS Lambda Functions
long term deployment options

Question 59

Q

Snowball edge Storage Optimized

Answer

A

80TB of HDD capacity

up to 40 vCPUS, 80 GB RAM

Question 60

Q

Snowball Edge Compute Optimized

Answer

A

42TB of HDD capacity

52 vCPUS 208 GB RAM

Question 61

Q

snowmobile

Answer

A

actual truck
transfer exabytes of data (a million TBs)
high security, temp controlled, GPS, 24/7 video surveillance

Question 62

Q

Edge Computing

Answer

A

when you process data while its being created on an edge location (Ship on the sea, mining station, truck on the road)

Question 63

Q

OpsHub

Answer

A

desktop application to manage Snow Family Devices

Question 64

Q

Storage Gateway

Answer

A

hybrid solution to extend on-premises storage to S3
bridge between on-premise data and cloud data in S3
allows on-premises to seamlessly use the AWS cloud

Answer 65

A

online transactional processing
links between tables
can use the SQL language to perform queries

Answer 66

A

RDS & Aurora in AWS

PostgreSQL, MySQL, Microsoft SQL, Oracle

Answer 67

A

Relational Database Service
managed DB service that uses SQL as a query language
- automated provisioning/OS patching
- continuous backups and restore to a specific timestamp
- monitoring dashboards
-read replicas for improved read performance
- no SSH

Answer 68

A

copy of the primary instance that reflects changes to the primary in almost real-time
can use to offload read requests or analytics traffic from the primary instance

Answer 69

A

a MySQL and PostgreSQL compatible relational database built for the cloud, that combines the performance and availability of traditional enterprise databases with the simplicity and cost-effectiveness of open source databases

Answer 70

A

scale the read workload of your DB
can create up to 5 read replicas
data is only written to the main DB

Answer 71

A

failover in case of AZ outage
high availability
data is only read/written to the main database

Answer 72

A

Fully managed in-memory data store (Database), compatible with Redis or Memcached. Power real-time applications with sub-ms latency
helps reduce load-off databases for read intensive workloads
caches are in-memory databases with high performance, low latency

Answer 73

A

Caching, Session Stores, Gaming, Geospatial Services, Real-Time analytics, and Queueing

Answer 74

A

Key/value Databse
Fully managed, highly available with replication across 3 AZ
NoSQL - not a relational database
scales to massive workloads, distributed serverless database
integrated with IAM
can handle more than 10 trillion requests per day and can support peaks of more than 20 million requests per second.

Answer 75

A

fully managed in-memory cache for DynamoDB

10x performance improvement

Answer 76

A

Cloud Data Warehouse
Cloud Database based on PostgreSQL but not used for OLTP
OLAP - online analytical processing
loads data once every hour, not every second
10x better performance than other data warehouses
column bases storage (not row based)
Pay as you go
integrates with AWS QuickSight or Tableau

Answer 77

A

Cloud big-data platofrm for processing vast amounts of data
Hadoop Clusters
clusters can be made of hundreds of EC2 instances
Also supports Apache Spark, Apache Hive, Apache HBase, Apache Flink, Apache Hudi, Presto
EMR takes care of all the provisioning and configuration
auto-scaling and integrated with spot instances

Answer 78

A

data processing
machine learning
web indexing
big data

Answer 79

A

Interactive, serverless query service that makes it easy to anazlye data in S3 using standard SQL.
pay per query
output results back to S3
secured through IAM
only S3

Answer 80

A

one time SQL queries, serverless queries on S3

Answer 81

A

interactive dashboards on your data.
scalable, serverless, embeddable, machine-learning powered Business intelligence (BI) built for the cloud

fast, automatically scalable, embeddable, per-session pricing
can be accessed from browsers or mobile devices

Answer 82

A

business analytics, building visualizations, ad-hoc analysis, integrated with RDS, Athena, etc

Answer 83

A

similar. to Aurora but for mongoDB instead of PostgreSQL/SQL
used to store query & index JSON data
fully managed, highly available with replication across 3 AZ
NoSQL

Answer 84

A

Quantum Ledger Database
Financial Transactions Ledger (immutable journal, cryptographically verifiable)
Fully managed, serverless, High Availability, Replication across 3 AZ
immutable system - no entry can be removed or modified
no decentralization component in accordance with financial regulation rules

Answer 85

A

fully managed service that makes it easy to join public networks or create and manage scalable private networks using the popular open-source frameworks Hyperledger Fabric and Ehereum

makes it possible to build applications where multiple parties can execute transactions without the need for a trusted, central authority
join public blockchain networks

Answer 86

A

fast, reliable, fully managed graph database service that makes it easy to build and run applications that work with highly connected datasets
(popular graph dataset = social network)
highly available with replications across multiple AZs
GRAPH DATABASES

Answer 87

A

Database Migration Service
Enables you to move data into AWS from existing Databases
supports one time and continual migration of data
quick & secure migration of databases to AWS
source Database remains available during the migration
supports homogenous migrations (oracle to oracle) or heterogeneous (Microsoft SQL to Aurora)
MIGRATION TO A DATABASE

Answer 88

A

serverless data integration service that makes it easy to discover, prepare and combine data for analytics, machine learning and application development
Managed Extract, Transform and Load Service (ETL)

Answer 89

A

Catalog of datasets
can be used by Athena, Redshift, EMR
index to the location, schema and runtime metrics of your data
use info in Data Catalog to create and monitor your ETL jobs

Answer 90

A

container technology to run applications
platform to deploy apps - apps are packaged in containers that can be run on any OS
apps run the same regardless of where they are run
docker images are stored in docker repositories

Answer 91

A

Elastic Container Service
launch docker containers on AWS
must provision & maintain the infrastructure (EC2 instances)
AWS takes care of starting/stopping containers
integrates with Application Load Balancer

Answer 92

A

launch docker containers without provisioning the infrastructure
serverless offering (no EC2 instances)
AWS just runs the containers you need

Answer 93

A

Elastic Container Registry
Private docker repo/registry on AWS
where you store docker images so they can be run y ECS or Fargate

Answer 94

A

Fully managed batch processing at any scale
Efficiently run 100,000s of computing BATCH jobs on AWS
Batch jobs = start and an end (not continuous)
Will dynamically launch EC2 instances or Spot Instances
Batch jobs are defined as Docker Images and run on ECS

Answer 95

A

Virtual Servers, storage, databases and networking
Low & predictable pricing
Simpler alternative to EC2, RDS, ELB, EBS, Route 53, etc
Great for people with little cloud experience
High availability but no auto-scaling and limited AWS integrations

Answer 96

A

simple web applications
websites (WordPress)
dev/test environment

Answer 97

A

Serverless, function as a Service, seamless scaling, reactive
run on-demand
limited by time/short executions
Lets you run code without provisioning or managing servers. You pay only for the compute time you consume. You can run code for virtually any type of application or backend service - all with zero administration.

Answer 98

A

By the time run x by the RAM provisioned
By the number of invocations

Pay Per calls:
- first 1 million request free
$0.20 per million requests thereafter
Pay Per Duration (in incremenet of 1ms)
- 400,000 GB seconds of compute time per month is free
- $1 for 600,000 GB seconds after that

Answer 99

A

Node.js
Python
Java
C# (.NET core)
Golang
C# (powershell)
Ruby
Custom Runtime API
no Docker

Answer 100

A

Create thumbnails for images uploaded onto S3

Run a serverless Cron job

Answer 101

A

expose Lambda functions as HTTP API
Fully managed service for developers to easily create, publish, maintain. monitor and secure APIs
serverless and scalable
Supports RESTful APIs and WebSocket APIs`
Fully managed API management service that directly integrates with multiple AWS services

Answer 102

A

Infrastructure as Code
Works with almost all of AWS resources
a declarative way of outlining your AWS infrastrucutre for any AWS resource
creates everything for you, int he right order, with the exact configuration that you specify

Answer 103

A

PaaS
Automates the process of deploying and scaling workloads on EC2
easy-to-use service for deploying and scaling web applications and services developed with Java, >NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger and IIS

3 Tier Architecture
developer-centric view of deploying an application on AWS
still have full control over configuration
Platform as a Service (PaaS)
Free but you pay for underlying instances

Answer 104

A

Single Instance Deployment - good for dev
LB (load balancer) + ASG (auto scaling Group) - great for production or pre-production web apps
ASG Only - great for non-web apps in production

Answer 105

A

Hybrid
deploy and upgrade any application onto servers
deploys application automatically
works with EC2 instances
works with On-premise Servers

Answer 106

A

Hybrid
Chef & Puppet
managed Chef & Puppet in AWS
helps you perform server configuration automatically, or repetitive actions
works great with EC2 & on-premises

Answer 107

A

Store code in private git repository
VERSION CONTROLLED
similar to GitHub
fully managed, scalable, & highly available
private, secured, integrated with AWS

Answer 108

A

code building service in the cloud
compiles source code, run tests and produces packages that are ready to be deployed
pay as you go pricing
fully managed, serverless, continuously scalable and highly available

Answer 109

A

ORCHESTRATION of Pipeline
Basis for CICD (Continuous integration & continuous Delivery)
fully managed & compatible with AWS services

Answer 110

A

store software packages/dependencies on AWS
works with Maven, Gradle, npm, yarn, twine, pop, NuGet
developers and CodeBuild can then retrieve dependencies straight from CodeArtifact

Answer 111

A

Unified UI to easily manage software development activities in one place
quick way to setup and start CodeCommit, Pipeline, Build, Deploy, Beanstalk, EC2, etc

Answer 112

A

Cloud IDE (integrated Development Environment)
writing, running, and debugging code (VSCODE)
can be used in browser - no download or setup necessary
allows code collaboration in real time - pair programming

Answer 113

A

Cloud Development Kit
open source software development framework to define your cloud application resources using familiar programming languages: JS/TS, python, java, .NET
code is compiled into a CloudFormation template (JSON/YAML)

Answer 114

A

operations hub for AWS
helps manage your EC2 and on-premises systems at scale
Hybrid AWS service
installed by default on Amazon Linux AMI & some Ubuntu AMI
can automate operational task for EC2 instances or RDS
run commands across an entire fleet of servers
works for windows and linux OS

Answer 115

A

Managed DNS (Domain Name System)
great to route users to the closest deployment with least latency
great for disaster recovery strategies
collection of rules and records which helps clients understand how to reach a server through URLS

Answer 116

A

Simple Routing Policy - no health checks
Weighted Routing Policy - distribute traffic across Multiple EC2 instances
Latency Routing Policy - redirects users to the closest server to them and minimizes latency
Failover Routing Policy - disaster Recovery

Answer 117

A

Global CDN (Content Delivery Network)
a fast CDN service that securely delivers data, videos, applications and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment
216+ Points of Presence globally (Edge locations)
DDoS protection
integrates with Shield, and AWS WAF (Web application Firewall)
great for static content that must be available everywhere
replication across Edge locations and Cache common requests = decreased latency
utilizes AWS Edge Locations and supports both static and dynamic content

Answer 118

A

Feature that can be enabled per bucket that allows for optimized uploading of data using the AWS Edge Locations as a part of CloudFront
increase transfer speed by transferring file to an AWS edge location which will forward the data to the S3 bucket in the target region
accelerates global uploads & downloads into S3

Answer 119

A

Networking service that sends your users traffic through AWS global network infrastructure, improving your internet user performance by up to 60%

improve global applications availability and performance using the AWS global network
leverages the AWS internal network to optimize the route to your application (60% improvement)

Answer 120

A

Deploy Outpost Racks in your own Data Centers to extend AWS services
Hybrid
AWS will setup and manage Outpost Racks within your on premises infrastructure and you can start leveraging AWS services on premises
You are responsible for physical security

Answer 121

A

5G!
brings AWS services to the edge of 5G networks
ultra low latency through 5G
traffic doesn’t leave the communication service providers network (CSP)
high bandwidth and secure connection to the parent AWS region

Answer 122

A

Simple Queue Service
Oldest AWS offering
Fully managed service used to decouple applications
serverless
scales from 1 message per second to 10,000s per second
default retention is 4 days - 14 days max
no limit to how many messages can be in queue
low latency
scales horizontally

Answer 123

A

Simple Notification Service
“event publishers” send message to one SNS topic
as many subscribers as you want can listen to the SNS topic notifications
each subscriber will get all the messages
up to 10 million subscriptions per topic
100,000 topic limit
no message retention

Answer 124

A

real-time big data streaming, persistence and analysis
managed service to collect, process and analyze real-time streaming data at any scale
can ingest real-time data such as video, audio, application logs, website clickstreams, and IoT telemtry data for machine learning, analytics and other applications

Answer 125

A

low latency streaming to ingest data at scale from hundred of thousands of sources
can continuously capture GBs of data per second from hundreds of thousands of sources such as clickstreams, DB event streams, financial transactions, IT logs

Answer 126

A

load streams into S3, Redshift, ElasticSearch, Splunk
enables near real-time analytics with existing biz intelligence tools and dashboards
automatically scales to match throughput of your data and requires no ongoing administration
can also batch, compress, transform and encrypt data before loading it

Answer 127

A

perform real-time analytics on streams using SQL
respond to your business and customer needs in real time
can query streaming data with SQL

Answer 128

A

Monitor real-time video streams for analytics or ML
securely stream video from connected devices to AWS for analytics, ML, playback other processing
can access video through APIs

Answer 129

A

Managed Apache MQ in the cloud
does not scale as much as SQS/SNS
runs on dedicated machine (not serverless)
has queue and topic features 
MQTT, AMQP, protocols

Answer 130

A

provides metrics for every service in AWS
call monitor AWS services or billing metrics
important metrics: EC2 instances, EBS Volumes, S3 Buckets, Billing, Service Limits
Can create custom metrics

Answer 131

A

alarms are used to trigger notifications for any metric
alarm actions: Auto Scaling - increase or decrease Ec2 instances “desired” count
EC2 actions: stop terminate, reboot, or recover an EC2 instance
SNS Notifications: Send a notification into an SNS topic
can choose the period on which to evaluate an alarm

Answer 132

A

collect log files from EC2 instances, lambdas, servers, etc
enables real-time monitoring of logs
adjustable CloudWatch Logs retention

Answer 133

A

can schedule Scripts/Cron jobs (i.e. trigger lambda every hour)
trigger a rule on a schedule

Answer 134

A

Next evolution of CloudWatch Events

react to events in AWS or trigger a rule on schedule

Answer 135

A

audit API calls made within your AWS account
provides governance, compliance and audit for your AWS account
enables by Default

Answer 136

A

automate analysis of your CloudTrail events
can detect unusual activity in y our account
analyzes normal management events to create a baseline

Answer 137

A

Management Events:
- operations that are performed on resources in your AWS account
- configured by default
Data Events:
- not logged by default
- S3 object-level activity (GetObj, DeleteObj, PutObj)
- Lambda Function Execution Activity

Answer 138

A

trace requests made through your distributed applications

visual analysis of AWS applications

Answer 139

A

status of all AWS services across all regions

has an RSS feed you can read

Answer 140

A

AWS events that impact your infrastructure
provides alerts and remediation guidance when AWS is experiencing events that may impact you
gives you a personalized view into the performance availability of the AWS services underlying your AWS resources

Answer 141

A

automated code reviews and application performance recommendations
Machine-Learning powered service
CodeGuru Reviewer & CodeGuru Profiler

Answer 142

A

looks at your commits and sees which lines of code could be wrong
identify critical issues, vulnerabilities and hard to find bugs

Answer 143

A

Helps understand the runtime behavior of your application
identify and remove code inefficiencies
improve application performance

Answer 144

A

Virtual Private Cloud
Private network to deploy your resources
contains many subnets

Answer 145

A

VPC:
tied to an AZ
allows you to partition your network inside your VPC

Answer 146

A

helps VPC instances connect with the internet

public subnets have a route to the internet gateway

Answer 147

A

give internet access to private subnets

allow your instances in your private subnets to access the internet while remaining private

Answer 148

A

Network ACL
Stateless
Subnet rules for inbound and outbound
Can have allow and deny rules
return traffic explicitly allowed by rules

Answer 149

A

Stateful
Firewall that controls traffic to and from an ENI or EC2 instance
can have only allow rules
return traffic automatically allowed, regardless of any rules

Answer 150

A

Connect two VPC privately with non-overlapping IP ranges, nontransitive (must be established for each VPC that need to communicate with one another)

Answer 151

A

Provide private access to AWS Services within VPC
allow you to connect to AWS services using a private network instead of public network (www)
VPC Endpoint Gateway can only be S3 & DynamoDB

Answer 152

A

Network traffic logs
capture info about IP traffic going into your interfaces
can go to S3/CloudWatch logs

Answer 153

A

VPN over public internet between on-premises DC and AWS

connection is automatically encrypted

Answer 154

A

Direct private connection to AWS

A cloud service solution that makes it easy to establish a dedicated network connection from your data center to AWS

Answer 155

A

Connect thousands of VPCS and on-premises networks together

Answer 156

A

AWS - security of the cloud
- protection of infrastructure
- managed services (S3, DynamoDB, RDS, etc)
Customer 
- management of guest OS, firewall, network configuration, IAM
- Encrypting application data
Shared Controls:
- Patch Management
- Configuration management
- awareness and training

Answer 157

A

Automatic DDoS protection
Shield Standard is free service activated for every AWS customer
- layer 3/layer 4 (TCP)
Shield Advanced is optional DDoS mitigation service with 24/7 access to AWS DDoS Response Team (DRP)

Answer 158

A

Web Application Firewall
firewall to filter incoming requests based on rules
used for Layer 7 (HTTP)
Deploy on Application Load Balancer (ALB), API Gateay CloudFront

Answer 159

A

AWS customers are welcome to carry out security assessments or penetration tests against their AWS infrastructure without prior approval for 8 services:
EC2 instances, NAT Gateways, ELB
RDS
CloudFront
Aurora
API Gateways
Lambda and Lambda Edge functions
Lightsail resources
Beanstalk environments

Answer 160

A

at rest: stored or archived on a device 
in transit (in motion): data being moved from one location to another - data transferred on the network

Answer 161

A

Key Management Service
encryption keys managed by AWS
automatically enables for CloudTrail Logs, S3 Glacier and Storage gateway but can be enabled for other services

Answer 162

A

Hardware encryption where AWS provisions encryption hardware

you manage your own encryption keys entirely

Answer 163

A

Lets you easily provision, manage and deploy SSL/TLS certificates
Used to provide in-flight encryption for websites (HTTPS)

Answer 164

A

(not really a service)

Portal that provides customers with on-demand access to AWS compliance documentation and AWS agreements

Answer 165

A

Find malicious behavior with VPC, DNS, & CloudTrail Logs
intelligent threat discovery to protect AWS account
Can setup CloudWatch event rules to be notified in case of findings

Answer 166

A

For EC2 instances only, install agent and find vulnerabilities
automated security Assessments

Answer 167

A

Track config changes and compliance against rules
helps with auditing and recording compliance of your AWS resources
can store config data into S3
per-region service but can be aggregated across regions and accounts

Answer 168

A

Fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS
Find sensitive data (Personally Identifiable Info - PII) in S3 buckets

Answer 169

A

Track API calls made by users within account

Answer 170

A

Gather security findings from multiple AWS accounts

Central security tool to manage security across several AWS accounts and automate security checks

Answer 171

A

find the root cause of security issues or suspicious activities
automatically collects and processes events from VPC Flow Logs, CloudTrail, GuardDuty and create a unified view

Answer 172

A

Report AWS resources for abusive or illegal purposes

Answer 173

A

Change Account Settings
Close your AWS account
Change or cancel your AWS Support Plan
Register as a seller in the Reserved Instance Marketplace

Answer 174

A

face detection, labeling, celebrity recognition

find objects, people, text, scenes in images and videos using ML

Answer 175

A

Automatically convert speech to text
audio to text (ex: subtitles)
uses Automatic Speech Recognition (ASR) to cover speech to text quickly and accurately

Answer 176

A

text to audio
turn text into lifelike speech using deep learning
allows you to create applications that talk

Answer 177

A

translations
natural and accurate language translation
allows you to localize content such as websites and apps for international users

Answer 178

A

Cloud Contact Center

Answer 179

A

Natural Language Processing (NLP)
Fully managed and serverless
Uses machine learning to find insights and relationships in text

Answer 180

A

fully managed Machine Learning service for developers /data scientists to build ML models
typically to do all the processes in one place + provision servers

Answer 181

A

build highly accurate forecasts

50% more accurate than looking at the data itself

Answer 182

A

Fully managed document search service powered by ML
Natural language search capabilities
Extract answers from within a document (text, pdf, HTMl, powerpoint, Word, FAQs, etc)

Answer 183

A

Fully managed ML service to build apps with real-time personalized recommendations
same tech used by amazon.com

Answer 184

A

Operate multiple accounts using Organizations

Allows you to maintain multiple AWS accounts

Answer 185

A

Consolidate billing across all accounts. - single payment method
Pricing benefits from aggregated usage (volume discount for EC2, S3…)
Pooling of reserved EC2 instances for optimal savings

Answer 186

A

Service Control Policies
use SCP to restrict account power
whitelist or blacklist IAM actions
applies at the OU or Account level
does not apply to master account
SCP must have explicit allow - does not allow anything by default

Answer 187

A

A service to create a multi-account environment on AWS that follows the recommended best practices in operational efficiency, security, and governance.
AWS ORGANIZATIONS
integrates guardrails for accounts
easy way to setup and govern a secure and compliant multi-account AWS environment based on best practices

Answer 188

A

automate the setup of your environment in a few clicks
automate ongoing policy management using guardrails
detect policy violations and remediate them
monitor compliance through an interactive dashboard

Answer 189

A

used for easy management and bliing

Answer 190

A

MFA
least-privilege
Password policy
password rotation

Answer 191

A

to record all resources configurations & compliance over time

Answer 192

A

deploy stacks across accounts and regions

Answer 193

A

Automated Tool to check your AWS usage against best practices
Different checks are provided based on the AWS Support plan tier
All AWS customers get access to 7 core checks
use to get insights, Support Plan adapted to your needs

Answer 194

A

send service logs and Access Logs

Answer 195

A

to record API calls made within your account

Answer 196

A

change the root password, delete and rotate all passwords/keys, contact the AWS support

Answer 197

A

recommends resources configurations to reduce cost
helps you choose optimal configurations and right-size your workloads
uses machine learning to analyze your resources configurations and their utilization CloudWatch metrics

Answer 198

A

Total Cost of Ownership
from on-premises to AWS
compare the cost of applications in on-premises or traditional hosting environment to AWS

Answer 199

A

Estimate the cost for you architecture solution in AWS

Answer 200

A

High level overvivew + free tier dashboard

Answer 201

A

most comprehensive set of AWS cost and usage data

includes metadata about AWS services, pricing and reseverations

Answer 202

A

view current usage and forecast usage over time
create custom reports
analyze data at a high level: total costs and usage across all accounts
forecast usage up to 12 months based on previous usage
can be accessed via API

Answer 203

A

in us-east-1/CloudWatch
track overall and per-service billing
actual cost, no projected cost

Answer 204

A

more advanced - track usage, costs, RI, and get alerts

3 types of budgets: costs, usage and reservation

Answer 205

A

easy way to save based on long-term usage of AWS

Answer 206

A

24x7 access to customer service, documentation, whitepapers, and support forums
AWS Trusted Advisor - access to the 7 core trusted advisor checks and guidance to provision your resources following best practices
AWS Personal Health Dashboard

Answer 207

A

Basic +
Business hours email access to Cloud Support Associates
unlimted cases/ 1 priarmy contact
case severity/response times:
general guidance - < 24 biz hours
system impaired: < 12 biz hours

Answer 208

A

24/7 access
Intended to be used if you have production workloads
Trusted Advisor - full set of checks + API Access
24x7 phone email and chat access to Cloud Support Engineers
unlimited cases/contacts
gen guidance: < 24 biz hours
system impaired: < 12 biz hours
prod system impaired < 4 hours
Prod system down < 1 hour

Answer 209

A

Intended to be used if you have mission-critical workloads
all of business support plan +
Access to a TAM
concierge support team (for billing and account best practices)
Infrastructure Event Management, Well-Architected & Operations Reviews
Prod system impaired < 4 hours
prod system down < 1 hour
Business-critical system down < 15 minutes

Answer 210

A

Identity and Access Management inside your AWS account

For users that you trust and belong to your company

Answer 211

A

Security Token Service
Enables you to create temporary, limited privileges credentials to access your AWS resources
Short term credentials - can configure expiration period

Answer 212

A

identity for web & mobile application users

create a database of users (rather than IAM users)

Answer 213

A

integrate Microsoft Active Directory in AWS

manage users locally, supports MFA

Answer 214

A

Single Sign-on
one login for multiple AWS accounts & applications
integrated with AWS Organizations
supports SAML 2.0 markup

Answer 215

A

Managed Desktop as a Service (DaaS) solution to easily provision Windows or Linux Desktops
Integrates with KMS

Answer 216

A

Desktop Application Streaming Service
Deliver to any computer without acquiring, provisioning infrastructure
Application is delivered from with a web browser

Answer 217

A

Create VR, AR and 3D Applications

Can be used to quickly create 3D models with animations

Answer 218

A

Internet of Things
network of internet connected devices that are able to collect and transfer data
allows you to easily connect IoT devices to the Cloud

Answer 219

A

converts media files stored in S3 into media files in the formats required by consumer playback devices

Answer 220

A

Fully managed service that tests your web and mobile apps against desktop browsers, real mobile devices and tablets
Run test concurrently on multiple devices

Answer 221

A

Fully managed service to centrally manage and automate backups across AWS services
ON-demand and scheduled backups
Supports PITR (Point in time Recovery)
Cross region backup
Cross account backup (using Org.)

Answer 222

A

Disaster Recovery
quickly and easily recover your physical, virtual and cloud based servers into AWS
continuous block-level replication for your servers

Answer 223

A

Operational Excellence
Security
Reliability
Performance Efficiency
Cost Optimization

Answer 224

A

Includes the ability to run and monitor systems to deliver business value and to continually improve supporting processes and procedures

Answer 225

A

Perform Operations as code - Infrastructure as code
Annotate Documentation - automate the creation of annotated documentation after every build
Make frequent, small-reversible changes - in case of any failure you can reverse
Refine Operations Procedures Frequently = ensure that team members are familiar with it
Anticipate Failure
Learn from all Operational Failures

Answer 226

A

Includes the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies

Answer 227

A

Implement a strong identity Foundation - principle of least privilege/IAM. centralize privilege management
Enable Traceability - integrate logs and metrics
Apply security at all layers - edge network, VPC, subnet, load balancer,
Automate Security Best Practices
Protect data in transit and at rest - encryption, tokens, access control
Keep people away from Data - reduce or eliminate the need for direct access to manual processing of data
Prepare for security events - run incident response simulations

Answer 228

A

Ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfiguration or transient network issues

Answer 229

A

Test Recovery Procedures
Automatically recover from failure
Scale horizontally to increase aggregate system availability
Stop Guessing capacity
Manage Change in automation

Answer 230

A

Includes the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve

Answer 231

A

Deomcratize Advanced Technologies
Go Global in minutes
User serverless architectures
Experiment More Often
Mechanical Sympathy

Answer 232

A

Ability to run systems to deliver business value at the lowest price point

Answer 233

A

Adopt a consumption mode
Measure overall efficiency
Stop spending money on data center operations
Analyze and attribute expenditure
Use managed and application level services to reduce cost ownership

Answer 234

A

Trade Capital Expense (CAPEX) for operational expense (OPEX)
Benefit from massive economies of scale
Stop Guessing capactiy
Increase speed and agility
Stop spending money running and maintaining data centers
Go global in minutes - leverage AWS Global Infrastructure

Answer 235

A

Infrastructure as a Service (LaaS)
- EC2
Platform as a Service (PaaS)
- Elastic Beanstalk
Software as a Service (SaaS)
- most AWS services

Answer 236

A

Infrastructure as a Service
contains the basic building blocks for cloud IT
provides access to networking features, computers (virtual or on dedicated hardware) and data storage space
provides highest level of flexibility and management over your IT resources

Answer 237

A

Platform as a Service
removes the need for your organization to manage the underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications
- don’t need to worry about resource procurement, capacity planning, software maintenance, patching, etc

Answer 238

A

Software as a Service
provides you with a completed product that is run and managed by the service provider.
mostly refers to end-user applications
don’t have to think about how the service is maintained or how the underlying infrastructure is managed
- web based email

Answer 239

A

a managed service in the cloud that makes it simple and cost-effective to set up, manage and scale a search solution for you website or application.

Answer 240

A

search, analyze and visualize data in real-time
use APIs and real-time analytics to power use-cases such as log analytics, full-text search, application monitoring and clickstream analytics

Answer 241

A

a data management and analytics service built for financial services industry (FSI)
collects data and catalogs it by relevant biz concepts such as asset class, risk classification or geographic region

Answer 242

A

Capitalized Expenditure
When an organization invests in upfront costs for the building, servers and supporting equipment of a data center the expense to attain a fixed asset is referred to as a Capitalized Expenditure

Answer 243

A

Operating Expenditure

the regular day to day expenses of a business.

Answer 244

A

Metadata assigned to a specific AWS resource
Includes a name and an optional value
Common use cases: include grouping by department, environment or project

Answer 245

A

Cost Optimization
Performance
Security
Fault Tolerance
Service Limits

Answer 246

A

Provides discounts over the the on-demand model when you can commit to a specific period of time. In addition, it provides a capacity reservation for the specific instance type that you specify

Answer 247

A

Enable you to leverage unused or excess EC2 capacity in a region for a large discount
90% discount over on-demand
Spot Price = Market Price
Bid on prices

Answer 248

A

Gives you a dedicated physical server.
Most expensive option
Often bc it may be required for server software licensing or due to a compliance requirement

Answer 249

A

Deploy an application with minimal knowledge of other services
- reduce the overall maintenance needed for the application
few customizations are required

Answer 250

A

Compliance requirement
Forensic analysis
Operational analysis
Troubleshooting

Answer 251

A

Service that manages secrets (such as passwords, keys, tokens, etc) used in your custom applications on AWS. Also supports auto-rotation of credentials on supported AWS services

Brainscape's Knowledge GenomeTM

Cloud Practitioner Training Flashcards

Brainscape's Knowledge Genome^TM