Concepts Flashcards
1
Q
What are the 5 things Trusted Advisors look at when analyzing a network
A
Cost optimization Performance Security Fault Tolerance Service Limits
2
Q
What are the 5 pillars of a well-architected framework
A
Operational Excellence Security Reliability Performance Efficiency Cost Optimization
3
Q
What are the design principles of the operational excellence pillar for a well-architected framework
A
Perform operations as code Annotate operations Make frequent, small, reversible changes Refine operations procedures frequently Anticipate failure Learn from all operational failures
4
Q
AWS provides a ________ pricing model
A
pay as you go
5
Q
Benefits of cloud computing
A
Replace capital expenditures with low variable costs
6
Q
The Network Access Control List provides access to ______
A
A Subnet of a VPC
7
Q
The Security Group provides access to ________
A
An EC2 Instance
8
Q
The NACL is or is not required for a VPC
A
Is NOT
9
Q
A Security Group is or is not required for each EC2
A
IS
10
Q
How does a VPC and subnet in a VPC connect to the internet
A
Through an Internet Gateway (to the internet)
11
Q
By default, all subnets within a VPC can or cannot communicate with one another
A
CAN
12
Q
What are the three types of ELB’s
A
Network, Classic, Application
13
Q
______ ELB has a listener to route application traffic
A
Application LB
14
Q
______ ELB is ideal for applications that require extreme performance and has a single IP address per AZ
A
Network
15
Q
EC2 is a managed or unmanaged service
A
Unmanaged
16
Q
What is the cost of a VPC
A
It’s free
17
Q
A VPC is needed to access ____ in AWS
A
EC2
18
Q
Which ELB operates at layer 7 (OSI Model)
A
Application
19
Q
Which ELB operates at layer 4 (OSI Model)
A
Network
20
Q
What allows the Application ELB to route traffic
A
Listeners and targets
21
Q
What is the limit of EC2 instances per account per region
A
20
22
Q
What is the soft limit of VPCs per account per region
A
5
23
Q
What service provides information to AutoScaling to increase or decrease instances
A
CloudWatch
24
Q
What service adds or deletes instances to enabled flexibility
A
AutoScaler
25
What are two things with EC2 that influences price
Instances and AMI
26
EBS volumes are or are not automatically encrypted
are NOT
27
What is the maximum number of objects a customer can put in their S3 bucket?
it's virtually unlimited; but there is a limit to the size of each of the objects
28
EBS cannot exist without ...
EC2
29
EBS is replicated within ___; S3 is replicated within ____
An AZ; a region
30
4 ways to engage/interact with AWS
management console, CLI tools, SDK, directly with AWS API
31
Common use cases for S3
storing applications, static webhosting, back up and disaster recovery, staging area for big data
32
Is data on S3 publicly information by default
No
33
If you back up your EBS with a Snapshot, what other service does it use to store that Snapshot?
S3
34
Is RDS a managed or unmanaged services?
Managed
35
With RDS, if you use a multi-AZ instance is the data transfer synchronous?
YES
36
With RDS, if you use read replicas is the data transfer synchronous?
NO
37
Which engines to not support RDS read replica?
Microsoft SQLServer, Oracle
38
Which service has virtually unlimited storage, no SQL database tables, low latency queries, and scalable read/write throughput
DynomoDB
39
DynomoDB can have what types of keys?
Single and compound keys
40
If you need to conduct analysis in DynomoDB without using the partition or compound key, what do you use?
a SCAN
41
Is DynomoDB a managed or unmanaged service?
Managed
42
What is cloud computing
on-demand delivery of compute power, database storage, applications, and other IT resources through a cloud services platform via the Internet
43
What are the 6 advantages of cloud computing
Trade capital expense for variable expense
Benefit from massive economies of scale
Stop guessing about capacity
Increase speed and agility
Stop spending money running and maintaining data centers
Go global in minutes
44
What are the 3 cloud computing models
Infrastructure as a Service
Platform as a Service
Software as a Service
45
This type of cloud computing model typically provides
| customers access to networking features, computers (virtual or on dedicated hardware), and data storage space
IaaS
46
This type of cloud computing model provides customers with the highest level of flexibility and management control over their IT resources
IaaS
47
This type of cloud computing model removes the need for customers to manage the underlying infrastructure (usually hardware and operating systems) and allows them to focus on the deployment
and management of their applications
PaaS
48
This type of cloud computing model provides customers with a completed product that is run and managed by the service provider; it is also known as 'end user applications'
SaaS
49
What are the 3 types of cloud deployment models
Cloud, On-Premises, Hybrid
50
This type of cloud deployment model is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud
Hybrid
51
_____ is is a physical location or geographic region in the world where we have two or more Availability Zones
Region
52
What are the three factors of Agility
Speed, Experimentation, Culture of Innovation
53
AWS's Agility provides the customer the ability to increase experimentation. AWS enables this through ___________, safe experimentation, and __________
Operations as code, comparative testing
54
The AWS infrastructure consists of _____, _____ and _____
Regions, Availability Zones, and Edge Locations
55
Name the services that are located at the Edge Locations
```
Route 53
CloudFront
AWS Shield Standard and Advanced
Web Application Firewall (WAF)
Lambda at the Edge
```
56
______ consist of one or more discrete data centers in the same location, each with redundant power, networking, and connectivity, housed in separate facilities
Availability Zones
57
Regions are designed to be _________ from one another to enable _______ and _______
Isolated; Fault Tolerant and Stability
58
______ have discrete uninterruptable power supply (UPS) and onsite backup generation facilities; they
are each fed via different grids from independent utilities to further reduce single points of failure.
Availability Zones
59
VPCs can not cross Regions or Availability Zones
Regions; they can cross AZs
60
This AWS services allows you to create templates to will allow customers to deploy copies of AWS services across Regions or within AZs
CloudFormation
61
What is another name for a VPC
Network
62
To meet the requirement of High Availability, customers should develop their VPC with at least ___ AZs.
2
63
What type of load balancer would a customer use if they wanted to equally route traffic between two subnets
Classic ELB
64
What type of load balancer would a customer use if they wanted to route traffic between subnets based on layer 7 or a URL
Application ELB
65
What type of load balancer would a customer use if they wanted to route traffic between subnets based on a static IP
Network ELB
66
The Network Address Translation (NAT) Gateways are attached to a ________ subnet and are associated/routed with ________ subnets.
public; private
67
How do you provide internet access to private networks without making it public?
Associate/route it to a Network Address Translation (NAT) Gateway
68
What is the difference between a public and private subnet?
The public subnet has access to the internet via an Internet Gateway
69
AZs offer customers the ability to operate services which are more ________, _________, and ______ than would be possible with just one data center.
Highly available; fault tolerant; scaleable
70
_____ is the power to scale up and down computing resources easily, while only paying for the actual resources used.
Elasticity
71
_____ is the ability to remain operational (i.e. no downtime) even if some of the components of that system fail
Fault Tolerant
72
_______ ensures that your systems are always functioning and accessible, and that downtime is minimized as much as possible WITHOUT the need of human intervention
High Availability
73
Does S3 live in the VPC?
No
74
Does EBS live in the VPC?
Yes - tied to EC2
75
Does DynamoDB live in the VPC?
No
76
Does Lambda live in the VPC?
No
77
Does DynamoDB live in the Region?
Yes
78
Does S3 live in the Region?
Yes
79
Does Lambda live in the Region?
Yes
80
Where are AMI's stored?
In S3
81
______ is different from a SnapShot, but is an image of an EC2 instance.
Amazon Machine Image (AMI)
82
______ is the ability of a system to recover from infrastructure or service failures, and focuses on the ability to dynamically acquire computing resources to meet demand and mitigate disruptions.
Reliability
83
What type of services at Edge Locations provides you refunds for instances that were scaled up due to DDOS attacks?
You must have AWS Advanced Shield
84
What is the network security services at the subnet boundary?
NACL
85
______ is a connection via fiber from a customer site into an AWS region without the use of a VPN; used for critical workloads, high capacity and speed connection needs.
Direct Connection
86
______ are parts of the AWS infrastructure that are physically and logically distinct.
Availability Zones
87
______ is the only service in the edge location that has a 100% SLA
Route 53
88
_____ provides object storage vs. _____ which provides file storage.
S3; EBS
89
The Availability Agreement for S3 Standard is _______
99.99%
90
The Durability Agreement for S3 Standard is ________
99.999999999% (11x 9's)
91
The Availability Agreement for S3 Infrequent Access is _______
99.9%
92
The Durability Agreement for S3 Infrequent Access is _______
99.999999999% (11x 9's)
93
To move storage between storage classes you must set up ________.
a Life Cycle Policy
94
What is the cheapest storage class in S3
Infrequent Access, 1 Zone
95
Glacier houses archives in ________, and they must be created by the customer in ______ prior to archiving.
vaults; AWS Console, CLI or SDK
96
Data sent to Glacier is / is not encrypted by default
is
97
Data retrieval from Glacier takes at a minimum of ____ to begin downloading, unless you expedite it and it takes _______ to begin to download (extra cost)
3-5 hours; 3-4 min
98
How do you download from Glacier?
CLI and SDK
99
Which two storage options allow you unlimited access to the data?
S3 Standard, Reduce Redundancy Storage
100
Does S3 Standard or RRS have higher redundancy rates?
S3 Standard
101
________ is a cloud delivery network that is hosted on Edge Locations and is used to deliver content to your customers faster.
Cloud Front
102
What search engines support RDS Data Replication
MySQL, MariaDB, Oracle, Aurora, Microsoft SQL Server, PostgreSQL
103
Does the customer have to do anything if the primary DB goes down with Data Replication in RDS
No - because this is a managed service and auto-failure takes over to make the secondary DB the primary DB
104
What are the benefits of managed services
Inherited controls
Shared controls
Customer specific
105
If you have heavy traffic on your DB within RDS, what type of set up can you use?
Read Replicas
106
What is service that is MySQL compatible service that is 5x faster than standard RDS.
Aurora
107
True / False: A design principle for efficiency is to have mechanical empathy.
False - should be sympathy.
108
_____ is a collection of resources that share one or more tags.
Resource Groups
109
Are Resource Groups only for resources in the same region?
No
110
Are Resource Groups only for resources of the same type?
No
111
VPC's use _____ to control traffic into and out of subnets
route tables
112
_____ act as built-in firewalls and control access to instances
security groups
113
Subnets created in VPC are automatically public or private
private
114
What three things are needed for a subnet to be public.
Internet gateway
Routing table
Public IP Address
115
What are the default settings of a security group
all inbound traffic is DENIED; all outbound traffic is ALLOWED
116
What is configurable within a VPC
IP ranges
Routing
Network gateways
Security settings
117
What are the services unique to each AZ to protects zones from failures
Physically distinct data centers
Data centers have their own uninterrupted power supply
Each data center has a backup generator
The data centers have network connectivity
The data centers have cooling equipment
118
_____ allows for customers to increase and decrease the SAME capabilities and _____ allows for customers to grow or reduce DIFFERENT capabilities.
Flexibility; scalability
119
AWS ______ capability allows customers to run code / their applications without provisioning or managing servers.
Lambda
120
AWS ______ capability allows customers to run a simple website or e-commerce application through launching a virtual private server in minutes.
Lightsale (compute)
121
AWS Lightsale includes the following to enable a website service.
```
Virtual private machine
SSD-based storage
Data transfer
DNS management
Static IP address
```
122
What type of server would you recommend to a customer if they have a high IO workload for their databases?
Provisioned IOPS
123
If you have a customer that has several common DB queries and wants to increase the performance of their applications, what service could they use?
ElastiCache
124
What are the two options for CloudWatch monitoring?
Standard (5 min) and Detailed (1 min)
125
What type of feature in RDS should you use if you have a DB that has a lot of traffic?
Read Replica
126
What type of set up could our customer use in RDS to ensure they have fault tolerance?
Multiple AZ, as automatic fail over does not require customer action
127
What type of service can a customer use to host a static website?
S3
128
What are at least three services that have relatively unlimited storage?
S3, DynomoDB, SQS
129
What service allows a customer to launch a container service without having to use EC2?
Fargate
130
What are the four main entities within IAM
Users, Groups, Roles, Permissions
131
True / false: a best practice is to grant permissions to applications via access keys vice roles.
False
132
What are the components of risk management and compliance programs
Risk management
Control environment
Information security
133
What factors influence pricing
AWS region
OS (AMI contains the OS)
Instance Type
Instance Size
134
What services are free
```
Inbound traffic
VPC
Elastic Beanstalk
CloudFormation
IAM
AutoScaling
Elastic IP (as long as tied to an EC2 instance)
```
135
3 ways to pay for EC2 instances
On Demand
Reserved Instances
Spot
136
What is the limit of flexible IP addresses per account per region
5
137
What are the RI payment options
All Upfront, Partial Upfront, No Upfront
138
Which service has built-in DDOS protection
CloudFront
139
What are the benefits of AWS Security
Keep your data safe
Meet compliance requirements
Save money
Scale quickly
140
What are the three ways you can access AWS
Management Console
Command Line Interface
Software Development Kits
