Confusing Items Flashcards
Which performs synchronous data replication in RDS?
Multi-AZ deployment
Asynchronous replication - high scalable feature of RDS
RDS Read Replica
Cloudtrail parameter to capture changes made to AWS resources in all regions and which will also include activity from global services such as IAM, Route 53, AWS WAF, and CloudFront
- -is-multi-region-trail
- -include-global-service-events
two types of events that can be logged in CloudTrail:
- management events (default)
2. data events
As a best practice, create a trail that applies to all regions in the AWS partition in which you are working. (default) - true or false
true
CloudWatch custom metrics:
- Memory utilization
- disk swap utilization
- disk space utilization
- page file utilization
- log collection
Enhanced Monitoring is a feature of RDS and not of CloudWatch - true or false
true
Cloudwatch agent
It can be installed to all of your EC2 instances which gathers the memory and disk utilization data
SSM Agent runs using ? permissions
SSM agent runs on EC2 using root permissions (Linux) or System permissions (Windows)
You can directly assign an EIPto an Auto Scaling group. - true or false
false; you still cannot directly assign an EIPto an Auto Scaling group.
ASG is highly dependent on the ELB - true or false
true
SSD are best for workloads with
small, random IO Operations
HDD are best for
large, sequential IO operations
gp2
volume size
max iops
general purpose SSD
1GiB-16TiB
16,000 IOPS
io1
volume size
max iops
Provisioned IOPS SSD
4GiB-16TiB
64,000 IOPS
st1
volume size
max iops
Throughput Optimized HDD
500GiB-16TiB
500 IOPS
sc1
volume size
max iops
Cold HDD
500GiB-16TiB
250 IOPS
Aurora primary instance handles all?
DDL and DML statements
The Aurora custom endpoint
provides load-balanced database connections based on criteria other than the read-only or read-write capability of the DB instances
reader endpoint enables your Aurora database to automatically perform load-balancing among all the Aurora Replicas - true or false
true
cluster/writer endpoint has the functionality to automatically perform load-balancing among all the Aurora Replicas of your cluster - true or false
false - cluster/writer endpoint DOES NOT HAVE the functionality to automatically perform load-balancing among all the Aurora Replicas of your cluster
Cloudfront Origin group can be any combination of the following:
AWS origins, like Amazon S3 buckets or Amazon EC2 instances, or custom origins, like your own HTTP web server
Field Level Encryption
cloudfront feature that allows you to specify upload user submitted data such as credit card numbers to your origin servers
the application could use EBS encryption to encrypt or decrypt each individual data that it writes on the disk. - T or F
false; the application could not use EBS Encryption to encrypt or decrypt each individual data that it writes on the disk.
most cost-effective storage type for the EC2 instance which is used for infrequently accessed data
Cold HDD
An EBS volume is off-instance storage that can persist independently from the life of an instance - T or F
true
When you create an EBS volume in an Availability Zone, it is automatically replicated on a separate AWS region to prevent data loss due to a failure of any single hardware component.- T or F
false; When you create an EBS volume in an Availability Zone, it is automatically replicated within that zone to prevent data loss due to a failure of any single hardware component.
Classic Load Balancer supportServer Name Indication (SNI) - t or f
false; Classic Load Balancer does not supportServer Name Indication (SNI)
Amazon CloudFront Adds SNI Custom SSL and HTTP to HTTPS Redirect Features - t or F
true
prerequisites when routing traffic using Amazon Route 53 to a website that is hosted in an Amazon S3 Bucket
- The S3 bucket name must be the same as the domain name
2. A registered domain name
Geolocation routing lets you
choose the resources that serve your traffic based on the geographic location of your users, meaning the location that DNS queries originate from
Elastic Load Balancers distribute traffic among EC2 instances across multiple AvailabilityZones but not across AWS regions - true or false
true
CloudFront geo-restriction feature is primarily used to
prevent users in specific geographic locations from accessing content that you’re distributing through a CloudFront web distribution
S3 Server Side Encryption:
- Amazon S3-Managed Keys (SSE-S3)
- AWS KMS-Managed Keys (SSE-KMS)
- Customer Provided Keys (SSE-3)
S3 Client Side Encryption:
- AWS KMS-managed Customer Master Key
2. Client-side master Key
EBS Encryption uses:
AWS KMS
Elastic Load Balancing provides access logs that contains:
- time the request was received
- client’s IP address,
- latencies,
- request paths, and
- server responses.
You can use these access logs to analyze traffic patterns and troubleshoot issues
Access logging is enabled by default for Elastic Load Balancing - true or false
false; Access logging is an optional feature of Elastic Load Balancing that is disabled by default
You can only change the storage class of your objects from S3 Standard storage class to STANDARD_IA or ONEZONE_IA storage after 30 days - T or F
true
Does INTELLIGENT_TIERING, GLACIER, and DEEP_ARCHIVE storage class have a time constraint for transitioning S3 objects?
No, It doesn’t apply to INTELLIGENT_TIERING, GLACIER, and DEEP_ARCHIVE storage class
AVault Lock policyis a
a vault access policy that you can attach to S3 Glacier value with one resource based vault access - can help to enforce regulatory and compliance requirements
Redshift Cross-Region Snapshots Copy
When cross-region copy is enabled for a cluster, all new manual and automatic snapshots are copied to the specified region.
Redshift only supprts multi-AZ deployments - T or F
false; Redshift only supports Single AZ
AWS X-Ray
trace and analyze user requests as they travel through your Amazon API Gateway APIs to the underlying services
CloudTrail is primarily used for
API logging of all of your AWS resources
What can you add to cognito if there’s a requirement to add a second authentication method that doesn’t solely rely on username and password
Add multi-factor authentication (MFA) to a user pool in Cognito to protect the identity of your users.
FTP server protocol for security group
TCP, Port range: 20-21
DynamoDB Auto Scaling uses ? for scaling
the AWS Application Auto Scaling service to dynamically adjust provisioned throughput capacity on your behalf.
Can ASG be used to scale DynamoDB?
No, you can only put Ec2 instances for ASG
unified CloudWatch agent
Used to collect logs from your Amazon EC2 instances and on-premises servers into CloudWatch Logs
CloudWatch Logs Insights enables you to
interactively search and analyze your log data in Amazon CloudWatch Log
Which methods ensure that all of the objects uploaded to the S3 bucket can be read publicly all over the Internet?
- In S3, set the permissions of the object to public read during upload.
- Configure the S3 bucket policy to set all objects to public read.
Detailed Monitoring is used by
Cloudwatch for Ec2 (Data is available in 1-minute periods for an additional cost)
EnhancedMonitoring is used for
RDS Cloudwatch (except for db.m1.small)
Amazon Cloudwatch Logs vs CloudWatch Logs Agent vs Cloudwatch Agent
Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route53, and other sources
CloudWatch Logs agent provides an automated way to send log data to CloudWatch Logs from Amazon EC2 instances
CloudWatch agent - Collect logs from Amazon EC2 instances and on-premises servers, running either Linux or Windows Server
Amazon Kinesis Data Firehose is the
easiest way to load streaming data into data stores and analytics tools.
Amazon Kinesis is the streaming data platform of AWS and has four distinct services under it:
- Kinesis Data Firehose,
- Kinesis Data Streams,
- Kinesis Video Streams, and
- Amazon Kinesis Data Analytics
Active-Active Failover
when you want all of your resources to be available the majority of the time
Active-Passive Failover
when you want a primary resource or group of resources to be available the majority of the time and you want a secondary resource or group of resources to be on standby in case all the primary resources become unavailable
The following VPC peering connection configurations are not supported.
- Overlapping CIDR Blocks
- Transitive Peering
- Edge to Edge Routing Through a Gateway or Private Connection
Valid VPC Peering configurations:
- Two VPCs peered to a specific CIDR block in one VPC
- One to one relationship between two Virtual Private Cloud networks
- One VPC Peered with two VPCs using longest prefix match
You can use a combination of EC2 and SWF for the following scenarios:
- Managing a multi-step and multi-decision checkout process of an e-commerce mobile app.
- Orchestrating the execution of distributed business processes
Elasticache is the best option for
distributed session management.
