Concepts

Question 1

What are the 5 things Trusted Advisors look at when analyzing a network

Answer 1

Cost optimization
Performance
Security
Fault Tolerance
Service Limits

Question 2

What are the 5 pillars of a well-architected framework

Answer 2

Operational Excellence
Security
Reliability
Performance Efficiency
Cost Optimization

Question 3

What are the design principles of the operational excellence pillar for a well-architected framework

Answer 3

Perform operations as code
Annotate operations
Make frequent, small, reversible changes
Refine operations procedures frequently
Anticipate failure
Learn from all operational failures

Question 4

AWS provides a ________ pricing model

Answer 4

pay as you go

Question 5

Benefits of cloud computing

Answer 5

Replace capital expenditures with low variable costs

Question 6

The Network Access Control List provides access to ______

Answer 6

A Subnet of a VPC

Question 7

The Security Group provides access to ________

Answer 7

An EC2 Instance

Question 8

The NACL is or is not required for a VPC

Answer 8

Is NOT

Question 9

A Security Group is or is not required for each EC2

Answer 9

IS

Question 10

How does a VPC and subnet in a VPC connect to the internet

Answer 10

Through an Internet Gateway (to the internet)

Question 11

By default, all subnets within a VPC can or cannot communicate with one another

Answer 11

CAN

Question 12

What are the three types of ELB’s

Answer 12

Network, Classic, Application

Question 13

______ ELB has a listener to route application traffic

Answer 13

Application LB

Question 14

______ ELB is ideal for applications that require extreme performance and has a single IP address per AZ

Answer 14

Network

Question 15

EC2 is a managed or unmanaged service

Answer 15

Unmanaged

Question 16

What is the cost of a VPC

Answer 16

It’s free

Question 17

A VPC is needed to access ____ in AWS

Answer 17

EC2

Question 18

Which ELB operates at layer 7 (OSI Model)

Answer 18

Application

Question 19

Which ELB operates at layer 4 (OSI Model)

Answer 19

Network

Question 20

What allows the Application ELB to route traffic

Answer 20

Listeners and targets

Question 21

What is the limit of EC2 instances per account per region

Answer 21

20

Question 22

What is the soft limit of VPCs per account per region

Answer 22

5

Question 23

What service provides information to AutoScaling to increase or decrease instances

Answer 23

CloudWatch

Question 24

What service adds or deletes instances to enabled flexibility

Answer 24

AutoScaler

Question 25

What are two things with EC2 that influences price

Answer 25

Instances and AMI

Question 26

EBS volumes are or are not automatically encrypted

Answer 26

are NOT

Question 27

What is the maximum number of objects a customer can put in their S3 bucket?

Answer 27

it’s virtually unlimited; but there is a limit to the size of each of the objects

Question 28

EBS cannot exist without …

Answer 28

EC2

Question 29

EBS is replicated within ___; S3 is replicated within ____

Answer 29

An AZ; a region

Question 30

4 ways to engage/interact with AWS

Answer 30

management console, CLI tools, SDK, directly with AWS API

Question 31

Common use cases for S3

Answer 31

storing applications, static webhosting, back up and disaster recovery, staging area for big data

Question 32

Is data on S3 publicly information by default

Answer 32

No

Question 33

If you back up your EBS with a Snapshot, what other service does it use to store that Snapshot?

Answer 33

S3

Question 34

Is RDS a managed or unmanaged services?

Answer 34

Managed

Question 35

With RDS, if you use a multi-AZ instance is the data transfer synchronous?

Answer 35

YES

Question 36

With RDS, if you use read replicas is the data transfer synchronous?

Answer 36

NO

Question 37

Which engines to not support RDS read replica?

Answer 37

Microsoft SQLServer, Oracle

Question 38

Which service has virtually unlimited storage, no SQL database tables, low latency queries, and scalable read/write throughput

Answer 38

DynomoDB

Question 39

DynomoDB can have what types of keys?

Answer 39

Single and compound keys

Question 40

If you need to conduct analysis in DynomoDB without using the partition or compound key, what do you use?

Answer 40

a SCAN

Question 41

Is DynomoDB a managed or unmanaged service?

Answer 41

Managed

Question 42

What is cloud computing

Answer 42

on-demand delivery of compute power, database storage, applications, and other IT resources through a cloud services platform via the Internet

Question 43

What are the 6 advantages of cloud computing

Answer 43

Trade capital expense for variable expense
Benefit from massive economies of scale
Stop guessing about capacity
Increase speed and agility
Stop spending money running and maintaining data centers
Go global in minutes

Question 44

What are the 3 cloud computing models

Answer 44

Infrastructure as a Service
Platform as a Service
Software as a Service

Question 45

This type of cloud computing model typically provides

customers access to networking features, computers (virtual or on dedicated hardware), and data storage space

Answer 45

IaaS

Question 46

This type of cloud computing model provides customers with the highest level of flexibility and management control over their IT resources

Answer 46

IaaS

Question 47

This type of cloud computing model removes the need for customers to manage the underlying infrastructure (usually hardware and operating systems) and allows them to focus on the deployment
and management of their applications

Answer 47

PaaS

Question 48

This type of cloud computing model provides customers with a completed product that is run and managed by the service provider; it is also known as ‘end user applications’

Answer 48

SaaS

Question 49

What are the 3 types of cloud deployment models

Answer 49

Cloud, On-Premises, Hybrid

Question 50

This type of cloud deployment model is a way to connect infrastructure and applications between cloud-based resources and existing resources that are not located in the cloud

Answer 50

Hybrid

Question 51

_____ is is a physical location or geographic region in the world where we have two or more Availability Zones

Answer 51

Region

Question 52

What are the three factors of Agility

Answer 52

Speed, Experimentation, Culture of Innovation

Question 53

AWS’s Agility provides the customer the ability to increase experimentation. AWS enables this through ___________, safe experimentation, and __________

Answer 53

Operations as code, comparative testing

Question 54

The AWS infrastructure consists of _____, _____ and _____

Answer 54

Regions, Availability Zones, and Edge Locations

Question 55

Name the services that are located at the Edge Locations

Answer 55

Route 53
CloudFront
AWS Shield Standard and Advanced
Web Application Firewall (WAF)
Lambda at the Edge

Question 56

______ consist of one or more discrete data centers in the same location, each with redundant power, networking, and connectivity, housed in separate facilities

Answer 56

Availability Zones

Question 57

Regions are designed to be _________ from one another to enable _______ and _______

Answer 57

Isolated; Fault Tolerant and Stability

Question 58

______ have discrete uninterruptable power supply (UPS) and onsite backup generation facilities; they
are each fed via different grids from independent utilities to further reduce single points of failure.

Answer 58

Availability Zones

Question 59

VPCs can not cross Regions or Availability Zones

Answer 59

Regions; they can cross AZs

Question 60

This AWS services allows you to create templates to will allow customers to deploy copies of AWS services across Regions or within AZs

Answer 60

CloudFormation

Question 61

What is another name for a VPC

Answer 61

Network

Question 62

To meet the requirement of High Availability, customers should develop their VPC with at least ___ AZs.

Answer 62

2

Question 63

What type of load balancer would a customer use if they wanted to equally route traffic between two subnets

Answer 63

Classic ELB

Question 64

What type of load balancer would a customer use if they wanted to route traffic between subnets based on layer 7 or a URL

Answer 64

Application ELB

Question 65

What type of load balancer would a customer use if they wanted to route traffic between subnets based on a static IP

Answer 65

Network ELB

Question 66

The Network Address Translation (NAT) Gateways are attached to a ________ subnet and are associated/routed with ________ subnets.

Answer 66

public; private

Question 67

How do you provide internet access to private networks without making it public?

Answer 67

Associate/route it to a Network Address Translation (NAT) Gateway

Question 68

What is the difference between a public and private subnet?

Answer 68

The public subnet has access to the internet via an Internet Gateway

Question 69

AZs offer customers the ability to operate services which are more ________, _________, and ______ than would be possible with just one data center.

Answer 69

Highly available; fault tolerant; scaleable

Question 70

_____ is the power to scale up and down computing resources easily, while only paying for the actual resources used.

Answer 70

Elasticity

Question 71

_____ is the ability to remain operational (i.e. no downtime) even if some of the components of that system fail

Answer 71

Fault Tolerant

Question 72

_______ ensures that your systems are always functioning and accessible, and that downtime is minimized as much as possible WITHOUT the need of human intervention

Answer 72

High Availability

Question 73

Does S3 live in the VPC?

Answer 73

No

Question 74

Does EBS live in the VPC?

Answer 74

Yes - tied to EC2

Question 75

Does DynamoDB live in the VPC?

Answer 75

No

Question 76

Does Lambda live in the VPC?

Answer 76

No

Question 77

Does DynamoDB live in the Region?

Answer 77

Yes

Question 78

Does S3 live in the Region?

Answer 78

Yes

Question 79

Does Lambda live in the Region?

Answer 79

Yes

Question 80

Where are AMI’s stored?

Answer 80

In S3

Question 81

______ is different from a SnapShot, but is an image of an EC2 instance.

Answer 81

Amazon Machine Image (AMI)

Question 82

______ is the ability of a system to recover from infrastructure or service failures, and focuses on the ability to dynamically acquire computing resources to meet demand and mitigate disruptions.

Answer 82

Reliability

Question 83

What type of services at Edge Locations provides you refunds for instances that were scaled up due to DDOS attacks?

Answer 83

You must have AWS Advanced Shield

Question 84

What is the network security services at the subnet boundary?

Answer 84

NACL

Question 85

______ is a connection via fiber from a customer site into an AWS region without the use of a VPN; used for critical workloads, high capacity and speed connection needs.

Answer 85

Direct Connection

Question 86

______ are parts of the AWS infrastructure that are physically and logically distinct.

Answer 86

Availability Zones

Question 87

______ is the only service in the edge location that has a 100% SLA

Answer 87

Route 53

Question 88

_____ provides object storage vs. _____ which provides file storage.

Answer 88

S3; EBS

Question 89

The Availability Agreement for S3 Standard is _______

Answer 89

99.99%

Question 90

The Durability Agreement for S3 Standard is ________

Answer 90

99.999999999% (11x 9’s)

Question 91

The Availability Agreement for S3 Infrequent Access is _______

Answer 91

99.9%

Question 92

The Durability Agreement for S3 Infrequent Access is _______

Answer 92

99.999999999% (11x 9’s)

Question 93

To move storage between storage classes you must set up ________.

Answer 93

a Life Cycle Policy

Question 94

What is the cheapest storage class in S3

Answer 94

Infrequent Access, 1 Zone

Question 95

Glacier houses archives in ________, and they must be created by the customer in ______ prior to archiving.

Answer 95

vaults; AWS Console, CLI or SDK

Question 96

Data sent to Glacier is / is not encrypted by default

Answer 96

is

Question 97

Data retrieval from Glacier takes at a minimum of ____ to begin downloading, unless you expedite it and it takes _______ to begin to download (extra cost)

Answer 97

3-5 hours; 3-4 min

Question 98

How do you download from Glacier?

Answer 98

CLI and SDK

Question 99

Which two storage options allow you unlimited access to the data?

Answer 99

S3 Standard, Reduce Redundancy Storage

Question 100

Does S3 Standard or RRS have higher redundancy rates?

Answer 100

S3 Standard

Question 101

________ is a cloud delivery network that is hosted on Edge Locations and is used to deliver content to your customers faster.

Answer 101

Cloud Front

Question 102

What search engines support RDS Data Replication

Answer 102

MySQL, MariaDB, Oracle, Aurora, Microsoft SQL Server, PostgreSQL

Question 103

Does the customer have to do anything if the primary DB goes down with Data Replication in RDS

Answer 103

No - because this is a managed service and auto-failure takes over to make the secondary DB the primary DB

Question 104

What are the benefits of managed services

Answer 104

Inherited controls
Shared controls
Customer specific

Question 105

If you have heavy traffic on your DB within RDS, what type of set up can you use?

Answer 105

Read Replicas

Question 106

What is service that is MySQL compatible service that is 5x faster than standard RDS.

Answer 106

Aurora

Question 107

True / False: A design principle for efficiency is to have mechanical empathy.

Answer 107

False - should be sympathy.

Question 108

_____ is a collection of resources that share one or more tags.

Answer 108

Resource Groups

Question 109

Are Resource Groups only for resources in the same region?

Answer 109

No

Question 110

Are Resource Groups only for resources of the same type?

Answer 110

No

Question 111

VPC’s use _____ to control traffic into and out of subnets

Answer 111

route tables

Question 112

_____ act as built-in firewalls and control access to instances

Answer 112

security groups

Question 113

Subnets created in VPC are automatically public or private

Answer 113

private

Question 114

What three things are needed for a subnet to be public.

Answer 114

Internet gateway
Routing table
Public IP Address

Question 115

What are the default settings of a security group

Answer 115

all inbound traffic is DENIED; all outbound traffic is ALLOWED

Question 116

What is configurable within a VPC

Answer 116

IP ranges
Routing
Network gateways
Security settings

Question 117

What are the services unique to each AZ to protects zones from failures

Answer 117

Physically distinct data centers
Data centers have their own uninterrupted power supply
Each data center has a backup generator
The data centers have network connectivity
The data centers have cooling equipment

Question 118

_____ allows for customers to increase and decrease the SAME capabilities and _____ allows for customers to grow or reduce DIFFERENT capabilities.

Answer 118

Flexibility; scalability

Question 119

AWS ______ capability allows customers to run code / their applications without provisioning or managing servers.

Answer 119

Lambda

Question 120

AWS ______ capability allows customers to run a simple website or e-commerce application through launching a virtual private server in minutes.

Answer 120

Lightsale (compute)

Question 121

AWS Lightsale includes the following to enable a website service.

Answer 121

Virtual private machine
SSD-based storage
Data transfer
DNS management
Static IP address

Question 122

What type of server would you recommend to a customer if they have a high IO workload for their databases?

Answer 122

Provisioned IOPS

Question 123

If you have a customer that has several common DB queries and wants to increase the performance of their applications, what service could they use?

Answer 123

ElastiCache

Question 124

What are the two options for CloudWatch monitoring?

Answer 124

Standard (5 min) and Detailed (1 min)

Question 125

What type of feature in RDS should you use if you have a DB that has a lot of traffic?

Answer 125

Read Replica

Question 126

What type of set up could our customer use in RDS to ensure they have fault tolerance?

Answer 126

Multiple AZ, as automatic fail over does not require customer action

Question 127

What type of service can a customer use to host a static website?

Answer 127

S3

Question 128

What are at least three services that have relatively unlimited storage?

Answer 128

S3, DynomoDB, SQS

Question 129

What service allows a customer to launch a container service without having to use EC2?

Answer 129

Fargate

Question 130

What are the four main entities within IAM

Answer 130

Users, Groups, Roles, Permissions

Question 131

True / false: a best practice is to grant permissions to applications via access keys vice roles.

Answer 131

False

Question 132

What are the components of risk management and compliance programs

Answer 132

Risk management
Control environment
Information security

Question 133

What factors influence pricing

Answer 133

AWS region
OS (AMI contains the OS)
Instance Type
Instance Size

Question 134

What services are free

Answer 134

Inbound traffic
VPC
Elastic Beanstalk
CloudFormation
IAM
AutoScaling
Elastic IP (as long as tied to an EC2 instance)

Question 135

3 ways to pay for EC2 instances

Answer 135

On Demand
Reserved Instances
Spot

Question 136

What is the limit of flexible IP addresses per account per region

Answer 136

5

Question 137

What are the RI payment options

Answer 137

All Upfront, Partial Upfront, No Upfront

Question 138

Which service has built-in DDOS protection

Answer 138

CloudFront

Question 139

What are the benefits of AWS Security

Answer 139

Keep your data safe
Meet compliance requirements
Save money
Scale quickly

Question 140

What are the three ways you can access AWS

Answer 140

Management Console
Command Line Interface
Software Development Kits