CloudFront & AWS Global Accelerator

Question 1

What is a CDN

Answer 1

Content Delivery Network

Question 2

• Improves read performance, content is cached at the edge
• 216 Point of Presence globally (edge locations)
• DDoS protection, integration with Shield, AWS Web Application Firewall

Answer 2

AWS CloudFront

Question 3

A (blank) attack takes place when a bad actor overwhelms a server with malicious internet traffic to prevent legitimate users from accessing
applications, services, and networks

Answer 3

DDoS (Distributed Denial of Service)

Question 4

What are the CloudFront origins?

Answer 4

S3 bucket & Custom Origin (HTTP)

Question 5

Allow users to access content from certain countries

Answer 5

Whitelist

Question 6

Prevent users from accessing content from certain countries

Answer 6

Blacklist

Question 7

Use case: Copyright Laws to control access to content

Answer 7

Geo Restriction

Question 8

• Global Edge network
• Files are cached for a TTL (maybe a day)
• Great for static content that must be available everywhere

Answer 8

CloudFront

Question 9

• Must be setup for each region you want replication to happen
• Files are updated in near real-time
• Read only
• Great for dynamic content that needs to be available at low-latency in few regions

Answer 9

S3 Cross Region Replication

Question 10

•Allow access to a path, no matter
the origin

• Account wide key-pair, only the root
can manage it

• Can filter by IP, path, date, expiration
• Can leverage caching features

Answer 10

CloudFront Signed URL

Question 11

• Issue a request as the person who (blank)
• Uses the IAM key of the signing IAM principal
• Limited lifetime

Answer 11

S3 Pre-Signed URL

Question 12

How can you reduce cost for CloudFront?

Answer 12

Reduce the # of edge locations

Question 13

How many price classes for CloudFront are there? What are they?

Answer 13

1. All
2. 200
3. 100

Question 14

All

What CloudFront price class is this?

Answer 14

All regions - best performance

Question 15

200

What CloudFront price class is this?

Answer 15

Most regions, but excludes most expensive regions

Question 16

100

What CloudFront price class is this?

Answer 16

Only the least expensive regions

Question 17

One server holds one IP

Answer 17

Unicast IP

Question 18

All servers hold the same IP address and the client is routed to the nearest one

Answer 18

Anycast IP

Question 19

The Anycast IP will send traffic directly where?

Answer 19

Edge Locations

Question 20

Leverage the AWS internal network to route to your application

Answer 20

AWS Global Accelerator

Question 21

• Improves performance for a wide range of applications over TCP or UDP
• Proxying packets at the edge to applications running in one or more AWS Regions.
• Good fit for non-HTTP use cases, such as gaming (UDP), loT (MQTT), or Voice over IP
• Good for HTTP use cases that require static IP addresses
• Good for HTTP use cases that required deterministic, fast regional failover

Answer 21

AWS Global Accelerator

Question 22

A communications standard that enables application programs and computing devices to exchange messages over a network.

It is designed to send packets across the internet and ensure the successful delivery of data and messages over networks.

Answer 22

TCP (Transmission Control Protocol)

Question 23

Used for communication throughout the internet. It is specifically chosen for time-sensitive applications like gaming, playing videos, or Domain Name System lookups

Results in speedier communication because it does not spend time forming a firm connection with the destination before transferring the data

Answer 23

UDP (User Datagram Protocol)

Question 24

• Improves performance for both cacheable content (such as images and videos)
• Dynamic content (such as API acceleration and dynamic site delivery)
• Content is served at the edge

Answer 24

CloudFront

Question 25

What feature allows you to securely distribute paid content?

Answer 25

CloudFront Signed URL

Question 26

A special CloudFront user that you can associate with Amazon S3 origins, so that you can secure all or just some of your S3 content

Answer 26

Origin Access Identity (OAI)

Question 27

What should you use when you want to access hundreds (multiple files) of private files served by your CloudFront distribution?

Answer 27

CloudFront Signed Cookies

Question 28

AWS Global Accelerator will provide us with what?

Answer 28

2 static IP addresses

Question 29

An ALB will provide us with what?

Answer 29

HTTP routing rules

Question 30

What CloudFront feature allows you to securely distribute paid content?

Answer 30

CloudFront Signed URL