Concepts Flashcards
What are the 5 things Trusted Advisors look at when analyzing a network
Cost optimization Performance Security Fault Tolerance Service Limits
What are the 5 pillars of a well-architected framework
Operational Excellence Security Reliability Performance Efficiency Cost Optimization
What are the design principles of the operational excellence pillar for a well-architected framework
Perform operations as code Annotate operations Make frequent, small, reversible changes Refine operations procedures frequently Anticipate failure Learn from all operational failures
AWS provides a ________ pricing model
pay as you go
Benefits of cloud computing
Replace capital expenditures with low variable costs
The Network Access Control List provides access to ______
A Subnet of a VPC
The Security Group provides access to ________
An EC2 Instance
The NACL is or is not required for a VPC
Is NOT
A Security Group is or is not required for each EC2
IS
How does a VPC and subnet in a VPC connect to the internet
Through an Internet Gateway (to the internet)
By default, all subnets within a VPC can or cannot communicate with one another
CAN
What are the three types of ELB’s
Network, Classic, Application
______ ELB has a listener to route application traffic
Application LB
______ ELB is ideal for applications that require extreme performance and has a single IP address per AZ
Network
EC2 is a managed or unmanaged service
Unmanaged
What is the cost of a VPC
It’s free
A VPC is needed to access ____ in AWS
EC2
Which ELB operates at layer 7 (OSI Model)
Application
Which ELB operates at layer 4 (OSI Model)
Network
What allows the Application ELB to route traffic
Listeners and targets
What is the limit of EC2 instances per account per region
20
What is the soft limit of VPCs per account per region
5
What service provides information to AutoScaling to increase or decrease instances
CloudWatch
What service adds or deletes instances to enabled flexibility
AutoScaler
What are two things with EC2 that influences price
Instances and AMI
EBS volumes are or are not automatically encrypted
are NOT
What is the maximum number of objects a customer can put in their S3 bucket?
it’s virtually unlimited; but there is a limit to the size of each of the objects
EBS cannot exist without …
EC2
EBS is replicated within ___; S3 is replicated within ____
An AZ; a region
4 ways to engage/interact with AWS
management console, CLI tools, SDK, directly with AWS API
Common use cases for S3
storing applications, static webhosting, back up and disaster recovery, staging area for big data
Is data on S3 publicly information by default
No
If you back up your EBS with a Snapshot, what other service does it use to store that Snapshot?
S3
Is RDS a managed or unmanaged services?
Managed
With RDS, if you use a multi-AZ instance is the data transfer synchronous?
YES
With RDS, if you use read replicas is the data transfer synchronous?
NO
Which engines to not support RDS read replica?
Microsoft SQLServer, Oracle
Which service has virtually unlimited storage, no SQL database tables, low latency queries, and scalable read/write throughput
DynomoDB
DynomoDB can have what types of keys?
Single and compound keys
If you need to conduct analysis in DynomoDB without using the partition or compound key, what do you use?
a SCAN
Is DynomoDB a managed or unmanaged service?
Managed
What is cloud computing
on-demand delivery of compute power, database storage, applications, and other IT resources through a cloud services platform via the Internet
What are the 6 advantages of cloud computing
Trade capital expense for variable expense
Benefit from massive economies of scale
Stop guessing about capacity
Increase speed and agility
Stop spending money running and maintaining data centers
Go global in minutes
What are the 3 cloud computing models
Infrastructure as a Service
Platform as a Service
Software as a Service
This type of cloud computing model typically provides
customers access to networking features, computers (virtual or on dedicated hardware), and data storage space
IaaS
This type of cloud computing model provides customers with the highest level of flexibility and management control over their IT resources
IaaS
This type of cloud computing model removes the need for customers to manage the underlying infrastructure (usually hardware and operating systems) and allows them to focus on the deployment
and management of their applications
PaaS
This type of cloud computing model provides customers with a completed product that is run and managed by the service provider; it is also known as ‘end user applications’
SaaS
What are the 3 types of cloud deployment models
Cloud, On-Premises, Hybrid
This type of cloud deployment model is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud
Hybrid
_____ is is a physical location or geographic region in the world where we have two or more Availability Zones
Region
What are the three factors of Agility
Speed, Experimentation, Culture of Innovation
AWS’s Agility provides the customer the ability to increase experimentation. AWS enables this through ___________, safe experimentation, and __________
Operations as code, comparative testing
The AWS infrastructure consists of _____, _____ and _____
Regions, Availability Zones, and Edge Locations
Name the services that are located at the Edge Locations
Route 53 CloudFront AWS Shield Standard and Advanced Web Application Firewall (WAF) Lambda at the Edge
______ consist of one or more discrete data centers in the same location, each with redundant power, networking, and connectivity, housed in separate facilities
Availability Zones
Regions are designed to be _________ from one another to enable _______ and _______
Isolated; Fault Tolerant and Stability
______ have discrete uninterruptable power supply (UPS) and onsite backup generation facilities; they
are each fed via different grids from independent utilities to further reduce single points of failure.
Availability Zones
VPCs can not cross Regions or Availability Zones
Regions; they can cross AZs
This AWS services allows you to create templates to will allow customers to deploy copies of AWS services across Regions or within AZs
CloudFormation
What is another name for a VPC
Network
To meet the requirement of High Availability, customers should develop their VPC with at least ___ AZs.
2
What type of load balancer would a customer use if they wanted to equally route traffic between two subnets
Classic ELB
What type of load balancer would a customer use if they wanted to route traffic between subnets based on layer 7 or a URL
Application ELB
What type of load balancer would a customer use if they wanted to route traffic between subnets based on a static IP
Network ELB
The Network Address Translation (NAT) Gateways are attached to a ________ subnet and are associated/routed with ________ subnets.
public; private
How do you provide internet access to private networks without making it public?
Associate/route it to a Network Address Translation (NAT) Gateway
What is the difference between a public and private subnet?
The public subnet has access to the internet via an Internet Gateway
AZs offer customers the ability to operate services which are more ________, _________, and ______ than would be possible with just one data center.
Highly available; fault tolerant; scaleable
_____ is the power to scale up and down computing resources easily, while only paying for the actual resources used.
Elasticity
_____ is the ability to remain operational (i.e. no downtime) even if some of the components of that system fail
Fault Tolerant
_______ ensures that your systems are always functioning and accessible, and that downtime is minimized as much as possible WITHOUT the need of human intervention
High Availability
Does S3 live in the VPC?
No
Does EBS live in the VPC?
Yes - tied to EC2
Does DynamoDB live in the VPC?
No
Does Lambda live in the VPC?
No
Does DynamoDB live in the Region?
Yes
Does S3 live in the Region?
Yes
Does Lambda live in the Region?
Yes
Where are AMI’s stored?
In S3
______ is different from a SnapShot, but is an image of an EC2 instance.
Amazon Machine Image (AMI)
______ is the ability of a system to recover from infrastructure or service failures, and focuses on the ability to dynamically acquire computing resources to meet demand and mitigate disruptions.
Reliability
What type of services at Edge Locations provides you refunds for instances that were scaled up due to DDOS attacks?
You must have AWS Advanced Shield
What is the network security services at the subnet boundary?
NACL
______ is a connection via fiber from a customer site into an AWS region without the use of a VPN; used for critical workloads, high capacity and speed connection needs.
Direct Connection
______ are parts of the AWS infrastructure that are physically and logically distinct.
Availability Zones
______ is the only service in the edge location that has a 100% SLA
Route 53
_____ provides object storage vs. _____ which provides file storage.
S3; EBS
The Availability Agreement for S3 Standard is _______
99.99%
The Durability Agreement for S3 Standard is ________
99.999999999% (11x 9’s)
The Availability Agreement for S3 Infrequent Access is _______
99.9%
The Durability Agreement for S3 Infrequent Access is _______
99.999999999% (11x 9’s)
To move storage between storage classes you must set up ________.
a Life Cycle Policy
What is the cheapest storage class in S3
Infrequent Access, 1 Zone
Glacier houses archives in ________, and they must be created by the customer in ______ prior to archiving.
vaults; AWS Console, CLI or SDK
Data sent to Glacier is / is not encrypted by default
is
Data retrieval from Glacier takes at a minimum of ____ to begin downloading, unless you expedite it and it takes _______ to begin to download (extra cost)
3-5 hours; 3-4 min
How do you download from Glacier?
CLI and SDK
Which two storage options allow you unlimited access to the data?
S3 Standard, Reduce Redundancy Storage
Does S3 Standard or RRS have higher redundancy rates?
S3 Standard
________ is a cloud delivery network that is hosted on Edge Locations and is used to deliver content to your customers faster.
Cloud Front
What search engines support RDS Data Replication
MySQL, MariaDB, Oracle, Aurora, Microsoft SQL Server, PostgreSQL
Does the customer have to do anything if the primary DB goes down with Data Replication in RDS
No - because this is a managed service and auto-failure takes over to make the secondary DB the primary DB
What are the benefits of managed services
Inherited controls
Shared controls
Customer specific
If you have heavy traffic on your DB within RDS, what type of set up can you use?
Read Replicas
What is service that is MySQL compatible service that is 5x faster than standard RDS.
Aurora
True / False: A design principle for efficiency is to have mechanical empathy.
False - should be sympathy.
_____ is a collection of resources that share one or more tags.
Resource Groups
Are Resource Groups only for resources in the same region?
No
Are Resource Groups only for resources of the same type?
No
VPC’s use _____ to control traffic into and out of subnets
route tables
_____ act as built-in firewalls and control access to instances
security groups
Subnets created in VPC are automatically public or private
private
What three things are needed for a subnet to be public.
Internet gateway
Routing table
Public IP Address
What are the default settings of a security group
all inbound traffic is DENIED; all outbound traffic is ALLOWED
What is configurable within a VPC
IP ranges
Routing
Network gateways
Security settings
What are the services unique to each AZ to protects zones from failures
Physically distinct data centers
Data centers have their own uninterrupted power supply
Each data center has a backup generator
The data centers have network connectivity
The data centers have cooling equipment
_____ allows for customers to increase and decrease the SAME capabilities and _____ allows for customers to grow or reduce DIFFERENT capabilities.
Flexibility; scalability
AWS ______ capability allows customers to run code / their applications without provisioning or managing servers.
Lambda
AWS ______ capability allows customers to run a simple website or e-commerce application through launching a virtual private server in minutes.
Lightsale (compute)
AWS Lightsale includes the following to enable a website service.
Virtual private machine SSD-based storage Data transfer DNS management Static IP address
What type of server would you recommend to a customer if they have a high IO workload for their databases?
Provisioned IOPS
If you have a customer that has several common DB queries and wants to increase the performance of their applications, what service could they use?
ElastiCache
What are the two options for CloudWatch monitoring?
Standard (5 min) and Detailed (1 min)
What type of feature in RDS should you use if you have a DB that has a lot of traffic?
Read Replica
What type of set up could our customer use in RDS to ensure they have fault tolerance?
Multiple AZ, as automatic fail over does not require customer action
What type of service can a customer use to host a static website?
S3
What are at least three services that have relatively unlimited storage?
S3, DynomoDB, SQS
What service allows a customer to launch a container service without having to use EC2?
Fargate
What are the four main entities within IAM
Users, Groups, Roles, Permissions
True / false: a best practice is to grant permissions to applications via access keys vice roles.
False
What are the components of risk management and compliance programs
Risk management
Control environment
Information security
What factors influence pricing
AWS region
OS (AMI contains the OS)
Instance Type
Instance Size
What services are free
Inbound traffic VPC Elastic Beanstalk CloudFormation IAM AutoScaling Elastic IP (as long as tied to an EC2 instance)
3 ways to pay for EC2 instances
On Demand
Reserved Instances
Spot
What is the limit of flexible IP addresses per account per region
5
What are the RI payment options
All Upfront, Partial Upfront, No Upfront
Which service has built-in DDOS protection
CloudFront
What are the benefits of AWS Security
Keep your data safe
Meet compliance requirements
Save money
Scale quickly
What are the three ways you can access AWS
Management Console
Command Line Interface
Software Development Kits
