CP Basic Concepts Flashcards

Question 1

Q

Cloud Concepts:

What are some key financial benefits of migrating on-prem to AWS?

Answer

A

Replace upfront capital expenditures (capex) with low variable operational expenditures (opex)
Reduce the total cost of ownership

Question 2

Q

Cloud Concepts:

What are the 4 Cloud Architecture Design Principles

Answer

A

Implement Elasticity
Think Parallel
Decouple your components
Design for failure

Question 3

Q

Cloud Concepts:

How would you design mission-critical workloads in AWS that must be highly available

Answer

A

Use multiple Availability Zones

Question 4

Q

Cloud Concepts:

How can you ensure that a change or failure in one component will not cascade to other components?

Answer

A

Loose coupling

Question 5

Q

Cloud Concepts:

How would you enable your Amazon EC2 instances in the public subnet to connect to the public internet?

Answer

A

Use the Internet Gateway

Question 6

Q

Cloud Concepts:

How would you enable your EC2 instances in the private subnet to connect to the public internet?

Answer

A

NAT Gateway

Question 7

Q

Security:

What security management tool would you use to configure your AWS WAF rules across accounts?

Answer

A

AWS Firewall Manager

Question 8

Q

Security:
If a company needs to download compliance-related documents in AWS like the Service Organization Controls (SOC) reports, where would they go?

Answer

A

AWS Artifact

Question 9

Q

Security:

How would you improve the security of IAM users?

Answer

A

Enable multi factor authentication (MFA)

2. Configure a strong password policy

Question 10

Q

Security:

What is an IAM identity that uses access keys to manage cloud resources via the AWS CLI?

Question 11

Q

Security:

How would you grant temporary access to your AWS resources?

Question 12

Q

Security:

How would you apply and easily manage common access permissions to a large number of IAM users in AWS?

Answer

A

IAM Group

Question 13

Q

Security:

How would you grant the required permissions to access your S3 resources?

Answer

A

Bucket Policy and/or User Policy

Question 14

Q

Security:
If you need to provide temporary AWS credentials for users who have authenticated via their social media logins as well as for guest users who don’t need any authentication, what would you use?

Answer

A

Amazon Cognito Identity Pool

Question 15

Q

Security:

How would a startup evaluate the newly created IAM policies?

Answer

A

IAM Policy Simulator

Question 16

Q

Security:
What is a service that discovers, classifies, and protects sensitive data such as personally identifiable information (PII) or intellectual property?

Answer

A

Amazon Macie

Question 17

Q

Security:

What is a threat detection service that continually monitors for malicious activity to protect your AWS account?

Answer

A

Amazon GuardDuty

Question 18

Q

Security:

What prevents unauthorized deletion of Amazon S3 objects?

Answer

A

Enabling Multi-Factor Authentication (MFA)

Question 19

Q

Security:

How would a company control the traffic going in and out of their VPC subnets?

Answer

A

Network Access Control Lists (NACL)

Question 20

Q

Security:

What acts as a virtual firewall in AWS that controls traffic at the EC2 instance level?

Answer

A

Security Group

Question 21

Q

Security:
Where would you set up an automated security assessment service to improve the security and compliance of your applications?

Answer

A

Amazon Inspector

Question 22

Q

Technology:
What would the company use if they need to use the AWS global network to improve availability of deployed applications on AWS using an anycast static IP address?

Answer

A

AWS Global Accelerator

Question 23

Q

Technology:

If you need to securely transfer hundreds of petabytes of data in/out of AWS cloud, what would you use?

Answer

A

AWS Snowball Edge

Question 24

Q

Technology:

What is a type of EC2 instance that allows you to use your existing server-bound software licenses?

Answer

A

Dedicated Host

Question 25

Q

Technology:
What is a service that allows you to continuously monitor and log account activities such as the user actions made from the AWS Management Console and AWS SDKs?

Answer

A

AWS CloudTrail

Question 26

Q

Technology:

What is a highly available and scalable cloud DNS web service in AWS?

Answer

A

Amazon Route 53

Question 27

Q

Technology:

How would you store the results of I/O intensive SQL database queries to improve application performance?

Answer

A

Amazon ElastiCache

Question 28

Q

Technology:

What is a combination of AWS services that allow you to serve static files with lowest possible latency?

Answer

A

Amazon S3

Amazon CloudFront

Question 29

Q

Technology:
How would you automatically scale the capacity of an AWS cloud resource based on the incoming traffic to improve availability and reduce failures?

Answer

A

AWS Auto Scaling

Question 30

Q

Technology:

What would a company use to migrate an on-prem MySQL database to Amazon RDS?

Answer

A

AWS Database Migration Service (DMS)

Question 31

Q

Technology:
How would you automatically transfer your infrequently accessed data in your S3 bucket to a more cost-effective storage class?

Answer

A

S3 Lifecycle Policy

Question 32

Q

Technology:
What would you use to upload a single object as a set of parts to improve throughput and have a quicker recovery from any network issues?

Answer

A

The Multipart Upload API

Question 33

Q

Technology:

What would a company use to establish a dedicated connection between their on-premise network and AWS VPC?

Answer

A

AWS Direct Connect

Question 34

Q

Technology:

What is a Machine Learning service that allows you to add a visual analysis feature to your applications?

Answer

A

Amazon Rekognition

Question 35

Q

Technology:

What is a source control service that allows you to host Git-based repositories?

Answer

A

AWS CodeCommit

Question 36

Q

Technology:

What is a service that can trace user requests in your application?

Answer

A

AWS X-Ray

Question 37

Q

Technology:

What would a company use to retrieve the Instance ID, public keys, and public IP address of their EC2 instance?

Answer

A

Instance Metadata

Question 38

Q

Technology:

If you need to speed up the content delivery of static assets to your customers around the globe, what would you use?

Answer

A

Amazon CloudFront

Question 39

Q

Technology:

How would you create and deploy infrastructure-as-code templates?

Answer

A

AWS Cloud Formation

Question 40

Q

Technology:

What would you use to encrypt the log data stored and managed by AWS CloudTrail?

Answer

A

AWS Key Management Service (AWS KMS)

Question 41

Q

Technology:

What is a database service that can be used to store JSON documents?

Answer

A

Amazon DynamoDB

Question 42

Q

Billing:

Who is the designated technical point of contact that will maintain an operationally healthy AWS environment?

Answer

A

Technical Account Manager (TAM)

Question 43

Q

Billing:

What is a tool that inspects your AWS environment and makes recommendations that follow AWS best practices?

Answer

A

AWS Trusted Advisor

Question 44

Q

Billing:

What would a startup use to estimate their cost of moving their application to AWS?

Answer

A

AWS Pricing Calculator

Question 45

Q

Billing:

How would you set coverage targets and receive alerts when your utilization drops?

Answer

A

AWS Budgets

Question 46

Q

Billing:
What is a type of Reserved Instance that allows you to change its instance family, instance type, platform, scope, or tenancy?

Answer

A

Convertible Reserved Instance

Question 47

Q

Billing:

What lets you take advantage of unused EC2 capacity in the AWS cloud and provide up to a 90% discount?

Answer

A

Spot Instances

Question 48

Q

Billing:

Where would you go to centrally manage policies and consolidate billing across multiple AWS accounts?

Answer

A

AWS Organizations

Question 49

Q

Billing:
What is the most cost-efficient storage option for retaining database backups that allow occasional data retrieval in minutes?

Answer

A

Amazon Glacier

Question 50

Q

Billing:

Where would you forecast future costs and usage of your AWS resources based on your past consumption?

Answer

A

AWS Cost Explorer

Question 51

Q

Billing:

How would you categorize and track AWS costs on a detailed level?

Answer

A

Cost Allocation tags

Question 52

Q

Billing:

If a company launched a new VPC that was way beyond the default service limit, what would they do?

Answer

A

Request a service limit decrease in the AWS Support Center

Question 53

Q

Billing:

What is the most cost-effective option when you purchase a Reserved Instance for a 1-year term?

Answer

A

All Upfront

Question 54

Q

Billing:

What would you do to combine usage volume discounts of your multiple AWS accounts?

Answer

A

Consolidated Billing

Question 55

Q

Billing:

Where would you sell your catalog of custom Amazon Machine Images (AMIs) in AWS?

Answer

A

AWS Marketplace

Question 56

Q

What are valid security group rules?

Answer

A

Security groups accept IP address, address range, and security group ID as either source or destination

Example:
Inbound RDP rule with address range as source
Inbound HTTP rule with security group ID as source

Question 57

Q

What does Operational Excellence focus on?

Answer

A

Running and monitoring systems to deliver business value and continually improve processes and procedures

Question 58

Q

What does Performance efficiency focus on?

Answer

A

Ability to use computing resources efficiently to meet system requirements and maintain that as demand and tech evolves.

Question 59

Q

What is AWS SHield?

Answer

A

It’s a DDoS protection service with always on detection.

2 tiers: standard and advanced

Shield standard is available for all customers no charge

When used with CloudFront and Route 53, infrastructure attacks (level 3 and 4) are protected

Question 60

Q

What does a security group do?

Answer

A

Acts as a virtual firewall to control inbound and outbound traffic.

They act at the instance level and can have up to 5 security groups assigned to one instance.

Can add rules to control inbound traffic and rules to control outbound traffic.

Question 61

Q

Describe SNS

Answer

A

Messaging service that can provide topics for high-throughput, push-based, many-to-many messaging.

Can even be used to fan out notifications for SMS and email.

Question 62

Q

Reserved instances can be bought for which services?

Answer

A

EC2
RDS
ElastiCache
Redshift
DynamoDB

Question 63

Q

What is an account alias?

Answer

A

Substitute for the account ID in the web address for your account.

Question 64

Q

What service to be used for static websites?

Answer

A

Amazon S3 lets you host a static website

Answer 63

A

Amazon S3 lets you host a static website

Answer 64

A

Own metadata in the form of tags applied to an instance

Answer 65

A

Think Parallel

Answer 66

A

Application Load balancer operates at the request level and can register lambda functions as targets with listener rules to forward requests.

Answer 67

A

Application load balancer periodically sends requests to test their status as a health check.

Requests are only routed to the healthy targets and must pass one health check to be considered healthy.

If unable to connect to EC2 behind an ELB, it’s because the load balancer has identified it as being unhealthy.

Answer 68

A

Easy to use service to deploy and scale web applications. Can upload code and beanstalk handles deployment.

Capacity provisioning, load balancing, auto-scaling and application health monitoring are covered.

Fastest way to deploy the application on AWS.

Answer 69

A

A VPN gateway in the VPC connected to the Customer Gateway in the on-premise network.

Customer gateway is the anchor on the client side while the virtual private gateway is the anchor on the AWS side.

Can enable access to remote network from VPC by:

Attach virtual private gateway to VPC
Create custom route table
Update security group rules
Create Site to Site VPN connection
Configure routing to pass traffic through

Key part is that the Site-to-site VPN supports Internet Protocol Security (IPsec) VPN connections.

Answer 70

A

No, it must reside entirely within one AZ

Answer 71

A

Availability Zone

Answer 72

A

Small and random IO Operations
Best for transactional workloads
Best for critical business applications that require sustained IOPS performance
Cost is high
Dominant performance attribute is IOPS

Answer 73

A

Large sequential IO operations
Best for large streaming workloads requiring consistent fast throughput
Big data, data warehouses, log processing are good usecases
Best for throughput-oriented storage with volumes of data that are infrequently accessed
Low cost
Dominant attribute is throughput

Answer 74

A

AWS OpsWorks

Answer 75

A

Go for reserved instances

Answer 76

A

Can log monitor, and keep activity of actions in AWS.

Can automatically record and store data.

Trail applies to all regions in AWS by default but can be specified for a region.

Answer 77

A

Backups are stored in S3
Can create EBS Snapshots that are incremental (only latest changes are backed up)
Can backup while EC2 instance is running

Answer 78

A

EBS volume can only be attached to instances in the same AZ.

Answer 79

A

Ec2 instance

EBS Volumes tied to AZs they were launched

Answer 80

A

Collects log data from AWS and uses ML and graph theory to build linked set of data to conduct faster and more efficient security investigations

Answer 81

A

AWS’s digital user engagement service to measure across channels like email, text, mobile push

Can segment audiences, manage campaigns, scheduling, template management, AB testing, analytics.

Answer 82

A

They provide serverless orchestration by breaking it into multiple steps with flow and tracking input/outputs.

It maintains application state and stores log of data passed.

Can update workflow independently from business logic

Answer 83

A

To have a durable storage for application events and messages and to decouple parts of system for better fault tolerance

Answer 84

A

Both enable the use of dedicated physical servers
Both have automatic instance placement

Host only has:
Per host billing
Visibility of sockets, cores, host ID
Affinity between a host and instance
Targeted Instance placement
Adding capacity using an allocation request

Answer 85

A

ModifyReservedInstances API

Answer 86

A

ExchangeReservedInstancesAPI

Answer 87

A

Change instance families, operating system, tenancy, and payment option.

Benefit from price reductions

Answer 88

A

Amazon Elastic File Storage since S3 uses a flat name space

Answer 89

A

DynamoDB, RDS, or CloudSearch can be paired with S3 to index and query metadata

Answer 90

A

Key thing to note is that the solution must take read and write latencies into account.

EBS, RDS, DynamoDB, EFS are all good options

Also, any kind of relational database up and running on EC2 will work for this.

Answer 91

A

Most dynamic websites need some level of database interaction or server-side scripting. Keeping that in mind, using EC2 or EFS will serve this purpose.

Note that S3 is good for static content websites.

Answer 92

A

Use CloudWatch alarms

Answer 93

A

Use OpsWorks and CodeDeploy

Answer 94

A

At the EC2 level

Answer 95

A

At the subnet level

Answer 96

A

At the EC2 instance level vs. subnet
Supports “Allow” rules only vs. supports “Allow” and “Deny” rules
Is Stateful (allows return traffic automatically) vs. is stateless (only rules can allow return traffic)
Up to 5 groups per instance, 1 NACL per subnet
Up to 50 rules per security group, 20 rules per NACL
Allows outbound traffic by default, denies outbound traffic by default
Associated with network interfaces, can associate 1 NACL with multiple subnets but only one subnet can only have 1 NACL.

Answer 97

A

Block, Amazon EBS

Answer 98

A

Document
Graph
key-value
In-memory
Search

Answer 99

A

Atomicity - transaction required to execute
Consistency - data must conform to the schema
Isolation - concurrent transactions are separate
Durability - Recover from failure to last known state

Answer 100

A

The disk subsystem along with optimization of queries, indexes, and table structure.

Answer 101

A

Hardware cluster size, network latency, calling application

Answer 102

A

Relational scale up by increasing compute of hardware and scale out by adding replicas

NoSQL are partitionable via key-value access patterns and scale out using distributed architecture

Answer 103

A

Object-based APIs to store and retrieve in-memory data structures using partition keys.

Answer 104

A

High throughput, low-latency use-cases that scale horizontally beyond a single instance.

Answer 105

A

Securing AWS data centers from environmental hazards
Introducing updates and patches to EC2 hypervisors

Note that web application firewall, guest operating system patching, or replicating data between AZs is not automatically handled.

Answer 106

A

Capital expense traded for variable expense

Answer 107

A

To keep them as far apart from each other in case of a disaster

Answer 108

A

Performance - helps improve speed and responsiveness of applications
Service Limits - shows when usage is more than 80% of the service limit. The number of instances may have hit a limit and therefore no more are being provisioned.

Note that Fault Tolerance highlights redundancy shortfalls, service limits, and over-utilized resources

Answer 109

A

Launch applications in 2 different regions to prevent downtime during regional outages

Answer 110

A

CodeStar. It even has integrated issue tracking by JIRA.

Code Pipeline helps automate release pipelines but doesn’t provide an entire dev and CD toolchain.

Answer 111

A

Store unstructured data
Scale size automatically so as to not worry about capacity

Note that AURORA is self healing, not dynamo DB.

Answer 112

A

Set of security standards for credit card information

Answer 113

A

Report on Controls at a Service Organization for control over financial reporting

Answer 114

A

Making sure systems are secure, available, processing integrity, confidential, and private.

Answer 115

A

Uploading objects into S3.

Note that moving objects from one bucket to another does incur costs.

Answer 116

A

Long-lived and infrequently accessed data. Note that IA stands for Infrequent Access.

Answer 117

A

Same as Standard-IA but for non-critical data since it’s only available in one AZ

Answer 118

A

Frequently accessed but non critical data

Answer 119

A

Long-lived data with changing or unknown access patterns

Answer 120

A

Long-term data with retrieval from minutes to hours

Answer 121

A

Long term data with retrieval in hours

Answer 122

A

SaaS: Vendor manages everything but the application.
PaaS: Customers manage data and runtime but everything else is managed by the vendor.
IaaS: Customers now take on Middleware and operating systems as well. However, virtualization, servers, storage, and networking are all managed by AWS.

Answer 123

A

Amazon Aurora

Answer 124

A

AWS WAF and Amazon GuardDuty

GuardDuty is a threat detection service that keeps monitoring for threats and analyzes events across CloudTrail, VPC Flow Logs, and DNS logs.

WAF is a web app firewall that protects web apps from threats. Can customize rules that block common attack patterns.

Note that Amazon KMS is just a repo for keys but doesn’t protect from threats.

Answer 125

A

AWS Config. It records the configurations and lets you automate evaluation of these configs against desired configs.

Answer 126

A

Generally, horizontal scaling would work but since this is a database, it will make sense to scale the instance vertically.

Note that scaling databases horizontally is difficult unless there is a proper orchestrator.

Answer 127

A

Instance Store. It is located on disks that are physically attached to the host computer.

Note that EBS and EFS are persistent storage, not temporary.

Answer 128

A

Best practices of AWS policies, architecture, and operational processes

Brainscape's Knowledge GenomeTM

CP Basic Concepts Flashcards

Brainscape's Knowledge Genome^TM