CPE

Question 1

Storage

How much data can be stored in Amazon S3?

Answer 1

Virtually Unlimited

Question 2

Databse Services

Benefits of deploying a relational database on Amazon RDS instead of Amazon EC2?

Answer 2

Automated backups
Software Patching

RDS is a managed service that makes it easy to set up, operate, and scale a relational database in the cloud.

Amazon Aurora is a RDS DB

The RDS service includes the following:
* Security and patching of the DB instances.
* Automated backup for the DB instances.
* Software updates for the DB engine.
* Easy scaling for storage and compute.
* Multi-AZ option with synchronous replication.
* Automatic failover for Multi-AZ option.
* Read replicas option for read heavy workloads.

RDS is a fully managed service and you do not have access to the underlying EC2 instance (no root access).

Relational databases are known as Structured Query Language (SQL) databases.
Non-relational databases are known as NoSQL databases.

RDS is an Online Transaction Processing (OLTP) type of database.

RDS features and benefits:
* SQL type of database.
* Can be used to perform complex queries and joins.
* Easy to setup, highly available, fault tolerant, and scalable.
* Used when data is clearly defined.
* Common use cases include online stores and banking systems.

Amazon RDS supports the following database engines:
* SQL Server.
* Oracle.
* MySQL Server.
* PostgreSQL.
* Aurora.
* MariaDB.

Question 3

Database Services

Postgress SQL DB running on an Amazon EC2 instance. How do you increase availability.

Answer 3

Migrate to Amazon RDS and enable the Multi-AZ feature

Amamzon RDS has a built in Multi-AZ feature

Question 4

Database Services

Deploying my SQL on AWS: Need to scale and auto backup. Which Amazon service to use

Answer 4

Amazon Aurora

Amazon Aurora is a relational database

Amazon RDS supports the following database engines:
* SQL Server.
* Oracle.
* MySQL Server.
* PostgreSQL.
* Aurora.
* MariaDB.

Question 5

Developer Tools

Which AWS service provide a managed software version control system?

Answer 5

AWS CodeCommitt

AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositories.

Question 6

Developer Tools

Which tool helps set up your entire continuous delivery toolchain in minutes, allowing you to start releasing code faster.

Answer 6

AWS CodeStar

AWS CodeStar enables you to quickly develop, build, and deploy applications on AWS.

AWS CodeStar provides a unified user interface, enabling you to easily manage your software development activities in one place.

AWS CodeStar makes it easy for your whole team to work together securely, allowing you to easily manage access and add owners, contributors, and viewers to your projects.

You can use a variety of project templates to start developing applications on Amazon EC2, AWS Lambda, and AWS Elastic Beanstalk.

AWS CodeStar projects support many popular programming languages including Java, JavaScript, PHP, Ruby, and Python.
https://aws.amazon.com/codestar/features/

Question 7

Developer Tools

What is AWS CodeCommit?

Answer 7

AWS CodeCommit is a fully managed source control service that hosts secure Git-based repositories.
It makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem.
CodeCommit eliminates the need to operate your own source control system or worry about scaling its infrastructure.
You can use CodeCommit to securely store anything from source code to binaries, and it works seamlessly with your existing Git tools.
https://aws.amazon.com/codecommit/features/

Question 8

What is AWS CodeBuild

Answer 8

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.

With CodeBuild, you don’t need to provision, manage, and scale your own build servers. CodeBuild scales continuously and processes multiple builds concurrently, so your builds are not left waiting in a queue.

You can get started quickly by using prepackaged build environments, or you can create custom build environments that use your own build tools.
With CodeBuild, you are charged by the minute for the compute resources you use.
https://aws.amazon.com/codebuild/features/

Question 9

A website has a global customer base and users have reported poor performance when connecting to the site.

Which AWS service will improve the customer experience by reducing latency?

Answer 9

AWS CloudFront

Amazon CloudFront is a content delivery network (CDN) that allows you to store (cache) your content at “edge locations” located around the world.

This allows customers to access content more quickly and provides security against DDoS attacks.

CloudFront can be used for data, videos, applications, and APIs.
CloudFront uses Edge Locations and Regional Edge Caches:

Question 10

An Amazon Virtual Private Cloud (VPC) can include multiple:

Answer 10

Availability zones

A virtual private cloud (VPC) is a virtual network dedicated to your AWS account. Analogous to having your own DC inside AWS.

It is logically isolated from other virtual networks in the AWS Cloud.

Provides complete control over the virtual networking environment including selection of IP ranges, creation of subnets, and configuration of route tables and gateways.

You can launch your AWS resources, such as Amazon EC2 instances, into your VPC.

When you create a VPC, you must specify a range of IPv4 addresses for the VPC in the form of a Classless Inter-Domain Routing (CIDR) block; for example, 10.0.0.0/16.This is the primary CIDR block for your VPC.

A VPC spans all the Availability Zones in the region.

You have full control over who has access to the AWS resources inside your VPC.

You can create your own IP address ranges, and create subnets, route tables and network gateways.

When you first create your AWS account a default VPC is created for you in each AWS region. A default VPC is created in each region with a subnet in each AZ.

By default you can create up to 5 VPCs per region.

Question 11

Using EC2 instances to run applications dedicated to different departments in a sigle VPC. How to break the cost and allocate to each department?

Answer 11

Create Tags by department and run a cost allocation report.

create cost allocation tags that specify the department and assign them to resources. These tags must be activated so they are visible in the cost allocation report. Once this is done and a monthly cost allocation report has been configured it will be easy to monitor the costs for each department.

Question 12

serverless workflow that coordinates multiple AWS services into a reliable application.
visual workflow that can track the status of each step in the application.

Answer 12

AWS Step Functions

allows developers to coordinate multiple AWS services into serverless workflows. It provides a visual console to visualize the steps in the workflow, helping to build and update applications quickly and monitor the status of each step in the process.

Question 13

AWS Data Exchange

Answer 13

allows customers to find, subscribe to, and use third-party data in the cloud. Companies can subscribe to a diverse selection of data products provided by various data providers.

Question 14

What can a Cloud Practitioner use to categorize and track AWS costs by project?

Answer 14

Cost allocation tags

Question 15

Amazon CloudFront

Answer 15

is a content delivery network (CDN) that caches content around the world for lower latency access.

AWS Global Accelerator enables access to your application by leveraging the same Edge Locations as CloudFront and routing connections across the AWS global network.

Question 16

AWS Outposts

Answer 16

With AWS Outposts you can extend your VPC into the on-premises data center

fully managed service that offers the same AWS infrastructure, AWS services, APIs, and tools to virtually any datacenter, co-location space, or on-premises facility for a truly consistent hybrid experience.

Question 17

What does AWS trusted Advisor do?

Answer 17

improve the performance of your service by checking your service limits, ensuring you take advantage of provisioned throughput, and monitoring for overutilized instances.
Trusted advisor provide recommendations

AWS Trusted Advisor offers a rich set of best practice checks and recommendations across five categories: cost optimization, security, fault tolerance, performance, and service limits.

CloudWatch monitor performance but does not provide recommendations

Question 18

What does Amazon Inspector do?

Answer 18

Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.

Amazon Inspector automatically discovers workloads, such as Amazon EC2 instances, containers, and Lambda functions, and scans them for software vulnerabilities and unintended network exposure.

Question 19

What does AWS Health Dashboard do?

Answer 19

The health dashboard shows issues or upcoming events that may impact your resources. It does not notify of service limit breaches.

Question 20

Elements in S3 bucket policy

Answer 20

Action: action
Resoruce: Hardware
Principal: User
Condition: condition

Question 21

Amazon CloudWatch

Answer 21

Amazon CloudWatch is a performance monitoring service. AWS services send metrics about their utilization to CloudWatch which collects the metrics. You can then view the results in CloudWatch and configure alarms.

CloudWatch monitor performance but does not provide recommendations

Question 22

AWS CloudFormation

Answer 22

provides a common language for you to describe and provision all the infrastructure resources in your cloud environment.

CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts.

This file serves as the single source of truth for your cloud environment.

You can use JSON or YAML to describe what AWS resources you want to create and configure.

Question 23

Ways you can work with AWS Identity and Access Management (IAM)

Answer 23

1. AWS Management Console
2. AWS Command Line Tools
3. AWS SDKs
4. IAM HTTPS API

Question 24

IAM can be used to manage

Answer 24

Users.
Groups.
Access policies.
Roles.
User credentials.
User password policies.
Multi-factor authentication (MFA).
API keys for programmatic access (CLI)

Question 25

IAM Users

Answer 25

IAM users are individuals who have been granted access to an AWS account

Each IAM user has three main components:

A username.
A password.
Permissions to access various resources.

Question 26

What should the root account be used for

Answer 26

Billing only if possible

Question 27

IAM User

Answer 27

Person or a service

Question 28

Amazon Elastic Map Reduce (EMR)

Answer 28

Easily and cost-effectively process vast amounts of data.

EMR utilizes a hosted Hadoop framework running on Amazon EC2 and Amazon S3.

Question 29

Amazon Redshift

Answer 29

Fully managed
is a fast, simple, cost-effective data warehousing service.
use SQl and BI tools to anlayze data

When to use:
* Data warehouse for large volumes of aggregated data
* Primarily OLAP workloads

Question 30

When to use Amazon DynamoDB

Answer 30

Fully Managed service -No SQL non relational
* Name(key)/value pair data
* Unpredictable data structure
* In-memory performance with persistence
* High I/O needs
* Require dynamic scaling (can scale to massive workloads)

Single digit ms latency

Data is synchronously replicated across 3 facilities (AZs) in a region.
a multi-region, multi-master database.

Question 31

Amazon Neptune

Answer 31

Fully maaged Graph database (e.g. social network)
Relationships between objects are of high value

Highly avaialbe
ms latency - highly available in multiple AZs

Question 32

DynamoDB Acceleraotr - DAX

Answer 32

Fully managed in memory cache for DynamoDB

Question 33

AWS Glue

Answer 33

data integration service that makes it easy for analytics users to discover, prepare, move, and integrate data from multiple sources.

• Managed service
• Extract and Load service (ETL)
• Prepare and transform data for analytics

Discover and organize data
Transform, prepare, and clean data for analysis
Build and monitor data pipelines

Question 34

Amazon Athena

Answer 34

SQL on S3

Serverless query service
perform analytics against S3 objects
uses standard SQl
Supports CSV, JSON, ORC, AVRO and Parquest

Use cases:
Business Intelligence / Analytics / Reporting
Analyze & query VPS flow logs
ELB logs
CloudTrail trails

To anlayze data in S3 - use Athena

Question 35

Amazon QuickSight

Answer 35

Serverless ML powered BI service to create interactive dashboards

Question 36

Amazon ElastiCache

Answer 36

deploy and run Memcached or Redis protocol-compliant server nodes in the cloud

blazing fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications. Built on open-source Redis or Memcached, ElastiCache works seamlessly with Redis or Memcached without any code changes.

Question 37

Amazon GuardDuty

Answer 37

intelligent threat detection and continuous security monitoring for malicious or unauthorized behavior to help you protect your AWS accounts and workloads. uses ML.

Continuous monitoring for events across:
* AWS CloudTrail Management Events.
* AWS CloudTrail S3 Data Events.
* Amazon VPC Flow Logs.
* DNS Logs.

Question 38

VPN connection

Answer 38

Secure connection between on premise and VPC

Question 39

Transit gateway

Answer 39

Interconnect multiple VPCs and on-premises networks, and as a VPN endpoint for the Amazon side of the Site-to-Site VPN connection.

Question 40

AWS Shield

Answer 40

To help minimize the effect of DoS and DDoS attacks on your applications, you can use AWS Shield

Question 41

AWS Key Management Service (AWS KMS)

Answer 41

enables you to perform encryption operations through the use of cryptographic keys.

Question 42

AWS WAF
web application firewall

Answer 42

a web application firewall that lets you monitor network requests that come into your web applications.

AWS WAF works together with Amazon CloudFront and an Application Load Balancer.

Question 43

The maximum file size for an object in Amazon S3

Answer 43

5 TB

Question 44

AWS Data Exchange

Answer 44

is a service that makes it easy for customers to find, subscribe to, and use third-party data in the AWS Cloud.

Question 45

AWS Cost Explorer

Answer 45

Analyze your cost and usage data with visuals, filtering, and grouping. You can forecast your costs and create custom reports.

Question 46

AWS Step Functions

Answer 46

makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow.

Question 47

Amazon SQS

Answer 47

fully managed message queuing service that makes it easy to decouple and scale microservices, distributed systems, and serverless applications. Amazon SQS moves data between distributed application components and helps you decouple these components.

Question 48

Amazon Simple Email Service (Amazon SES)

Answer 48

is a reliable, scalable, and cost-effective email service. Digital marketers and application developers can use Amazon SES to send marketing, notification, and transactional emails.

Question 49

Amazon Memory DB

Answer 49

is only for Redis

Question 50

Snowball

Answer 50

Offline data or remote storage

Question 51

Snowcone

Answer 51

Deploy ultra-portable data transfer and edge computing devices anywhere

Question 52

Snowmobile

Answer 52

moves up to 100 petabytes (PB) of data in a 45-foot long ruggedized shipping container and is ideal for multi-PB or exabyte (EB)-scale digital media migrations and data center shutdowns.

Question 53

Service control policies (SCPs)

Answer 53

A type of organization policy that you can use to manage permissions in your organization.
SCPs offer central control over the maximum available permissions for the IAM users and IAM roles in your organization.
SCPs are available only in an organization that has all features enabled. SCPs aren’t available if your organization has enabled only the consolidated billing features.

SCPs do not grant permissions to the IAM users and IAM roles in your organization. No permissions are granted by an SCP.

Question 54

Amazon Macie

Answer 54

Is a fully managed data security and data privacy service.

Discovers sensitive data by using machine learning and pattern matching, provides visibility into data security risks, and enables automated protection against those risks.

Question 55

IAM Access Analyzer

Answer 55

IAM Access Analyzer external access analyzers help identify resources in your organization and accounts that are shared with an external entity.

IAM Access Analyzer unused access analyzers help identify unused access in your organization and accounts.

IAM Access Analyzer validates IAM policies against policy grammar and AWS best practices.

IAM Access Analyzer custom policy checks help validate IAM policies against your specified security standards.

IAM Access Analyzer generates IAM policies based on access activity in your AWS CloudTrail logs.

Question 56

Amazon Cognito

Answer 56

**handles user authentication and authorization for your web and mobile apps.

login to app via social media app etc

Question 57

AWS Lambda

Answer 57

Compute Service

With AWS Lambda, you can run code without provisioning or managing servers. You pay only for the compute time that you consume

Question 58

Amazon Simple Queue Service (Amazon SQS)

Answer 58

is a fully managed message queuing service that makes it easy to decouple and scale microservices, distributed systems, and serverless applications.

Amazon SQS moves data between distributed application components and helps you decouple these components.

Question 59

Amazon OpenSearch Service

Answer 59

a managed service that makes it easy to deploy, operate, and scale OpenSearch, a popular open-source search and analytics engine.

Question 60

AWS Data Pipeline

Answer 60

a web service that you can use to automate the movement and transformation of data.

Question 61

AWS Data Exchange

Answer 61

a service that makes it easy for customers to find, subscribe to, and use third-party data in the AWS Cloud.

Question 62

AWS Fargate

Answer 62

allows you to run containers without having to manage servers or clusters.

you no longer have to provision, configure, and scale clusters of VMs to run containers.

Fargate lets you focus on designing and building your applications instead of managing the infrastructure that runs them.

Question 63

AWS Elastic Beanstalk

Answer 63

is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and Internet Information Services (IIS).

Question 64

Amazon Lightsail

Answer 64

is designed to be the easiest way to launch and manage a virtual private server with AWS. Lightsail plans include everything you need to jumpstart your project – a VM, SSD-based storage, data transfer, DNS management, and a static IP address – for a low, predictable price.