Cram Deck Flashcards

Question

AWS Fargate

Answer 1

serverless compute engine for containers. It works with both Amazon ECS and Amazon EKS. do not need to provision or manage servers. AWS Fargate manages your server infrastructure for you.

Answer 2

consists of multiple, isolated, and physically separate AZ's within a geographic area. 24 regions today. Select based on compliance, proximity, available services, pricing.

Answer 3

Availability Zones. 77 globally. is a single data center or a group of data centers within a Region. located tens of miles apart from each other, close for low latency between AZs, but distant enough to reduce the chance disaster affects multiple AZs.

Answer 4

a site that Amazon CloudFront uses to store cached copies of your content

Answer 5

a web based interface for accessing and managing AWS services. can also use the AWS Console mobile application. Multiple identities can stay logged into the AWS Console mobile app at the same time.

Answer 6

enables you to control multiple AWS services directly from the command line within one tool. AWS CLI is available for users on Windows, macOS, and Linux. Can automate the actions that your services and applications perform through scripts.

Answer 7

Software Development Kits. use AWS services through an API designed for your programming language or platform. Supported programming languages include C++, Java, .NET, and more.

Answer 8

you provide code and configuration settings for web apps, and Elastic Beanstalk deploys the resources necessary to perform the following tasks: Adjust capacity, load balancing, automatic scaling, application health monitoring.

Answer 9

treat your infrastructure as code. you can build an environment by writing lines of code instead of using the AWS Management Console to individually provision resources..

Answer 10

Virtual Private Cloud. A networking service. enables you to provision an isolated section of the AWS Cloud. VPCs connected via IG, VPG, AWS DC. Resources in VPC organized into subnets.

Answer 11

Internet Gateway. A connection between a VPC and the internet.

Answer 12

Virtual Private Gateway. allows protected internet traffic from approved networks into VPC. enables virtual private network (VPN) connection.

Answer 13

Direct Connect. establish a dedicated private connection between your data center and a VPC.

Answer 14

Public and Private subnets. Networking organization within VPC.

Answer 15

Access Control List. Virtual firewall in VPC. checks packet permissions for subnets. Default allows all in/out traffic. Custom network ACLs in/out denied until rules added. All ACLs Explicit Deny… if no matching rule, is denied.

Answer 16

Network ACLs perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound.

Answer 17

a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance. By default, a security group denies all inbound traffic and allows all outbound traffic. Multiple Amazon EC2 instances within a subnet can be same SG or different SGs.

Answer 18

Security groups perform stateful packet filtering. They remember previous decisions made for incoming packets.

Answer 19

Domain Name System. Phone book for the internt. Matches domain names with IP addresses.

Answer 20

Is a DNS web service. Connects user requests to infrastructure running in AWS. Can register domain names with R53 and transfer DNS records for existing domain names managed by other domain registrars.

Answer 21

Elastic block store. block level storage for EC2. if EC2 instance terminated, data on EBS volume remains available. incremental backups of EBS volumes via creating Amazon EBS snapshots. Single AZ.

Answer 22

temporary block storage for EC2 instance. physically attached to EC2 host same lifespan as EC2 instance. data in instance store lost at EC2 termination.

Answer 23

Elastic Block Store incremental backup.

Answer 24

Simple Storage Service Object level storage in buckets. Any file type. Max file size = 5TB.

Answer 25

Standard, Standard Infrequent Access (S IA), One Zone Infrequent Access (1Z IA), Intelligent Tiering, Glacier, Glacier Deep Archive).

Answer 26

Designed for frequently accessed data, min 3x AZ. websites, content distribution, and data analytics. S3 Standard has a higher cost

Answer 27

Ideal for infrequently accessed data, Similar to S3 Standard but has a lower storage price and higher retrieval price. Infrequently accessed, but needs high availability. Min 3x AZs. Lower storage price, higher retrieval price.

Answer 28

Stores data in a single Availability Zone, Has a lower storage price than S3 Standard IA.

Answer 29

Ideal for data with unknown or changing access patterns, Requires a small monthly monitoring and automation fee per object. @ 30 days > IA tier, @ 90 days > archive tier, @180 days, > deep archive tier. If access in IA tier, moves back to Standard.

Answer 30

Durable (11 Nines of durability) Lower cost than other s3 products ``` retrieval: Expedited: 1 5 min Standard: 3 5 hours Bulk: 5 12 hours AES 256 encryption multiple copies on multiple devices, multiple AZs Write once/read many capable ```

Answer 31

Durable (11 Nines of durability) Lowest cost object storage class retrieval: Standard: 12 hours Bulk: 48 hours moves copy of data into temporary S3 1Z

Answer 32

multiple clients (such as users, applications, servers, and so on) can access data that is stored in shared file folders. In this approach, a storage server uses block storage with a local file system to organize files. Clients access data through file paths. ideal for use cases in which a large number of services and resources need to access the same data at the same time.

Answer 33

Elastic File System Linux file systems ``` in cloud and/or on prem servers (via direct connect or vpn) automatically scales with files stored 2 Performance Modes General Purpose, Max I/O 2 Storage Classes Standard, Infrequent Access (IA) ``` Across multiple AZs no min fees or setup costs

Answer 34

data is stored in a way that relates it to other pieces of data. use structured query language (SQL) to store and query data.

Answer 35

Relational Database Service. managed service that automates tasks such as hardware provisioning, database setup, patching, and backups. Can integrate with other AWS services (e.g. Lambda).

Answer 36

Amazon Aurora, PostgreSQL, MySQL, MariaDB, Oracle Database, Microsoft SQL Server

Answer 37

enterprise class relational database. It is compatible with MySQL and PostgreSQL. up to five times faster than standard MySQL databases and up to three times faster than standard PostgreSQL databases. replicates six copies of your data across three Availability Zones and continuously backs up your data to Amazon S3.

Answer 38

you create tables. A table is a place where you can store and query data. NoSQL. E.g. key value pairs.

Answer 39

a key value database service. It delivers single digit millisecond performance at any scale. Serverless. Automatic Scaling.

Answer 40

a data warehousing service that you can use for big data analytics. It offers the ability to collect data from many sources and helps you to understand relationships and trends across your data.

Answer 41

Database Migration Service. enables you to migrate relational databases, nonrelational databases, and other types of data stores. Move from source to target db. Can be same or different types. Source data operational during migration. Dev and testing, consolidation, replication.

Answer 42

a document database service that supports MongoDB workloads.

Answer 43

a graph database service. You can use Amazon Neptune to build and run applications that work with highly connected datasets, such as recommendation engines, fraud detection, and knowledge graphs.

Answer 44

Quantum Ledger Database is a ledger database service. You can use Amazon QLDB to review a complete history of all the changes that have been made to your application data.

Answer 45

a service that you can use to create and manage blockchain networks with open source frameworks. Blockchain is a distributed ledger system that lets multiple parties run transactions and share data without a central authority.

Answer 46

a service that adds caching layers on top of your databases to help improve the read times of common requests. It supports two types of data stores: Redis and Memcached.

Answer 47

DynamoDB Accelerator. an in memory cache for DynamoDB. It helps improve response times from single digit milliseconds to microseconds.

Answer 48

AWS is responsible for security OF the cloud. Customer responsible for security IN the cloud.

Answer 49

Identity and Access Management. manage access to AWS services and resources securely. IAM users, groups, and roles, IAM policies, Multi factor authentication.

Answer 50

email address and password that you used to create your AWS account. complete access to all the AWS services and resources in the account. Do not use the root user for everyday tasks.

Answer 51

an identity in AWS. person or application that interacts with AWS services and resources name and credentials for each person who needs to access AWS. new IAM user in AWS, it has no permissions associated.

Answer 52

a document that allows or denies permissions to AWS services and resources. customize users’ levels of access to resources. Follow the security principle of least privilege when granting permissions.

Answer 53

An IAM group is a collection of IAM users. Can assign IAM policies to groups.

Answer 54

An IAM role is an identity that you can assume to gain temporary access to permissions. IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily, instead of long term.

Answer 55

Multi Factor Authentication. Requires a second device (other than U/N and P/W) to authenticate.

Answer 56

multiple AWS accounts within a central location. root is parent container for accounts in organization. Can use Service Control Policies (SCP) to control permissions for AWS accounts in org. consolidated billing.

Answer 57

Organizational Units. group accounts into OUs easier to manage accounts with similar business or security requirements. policies applied to OU, are inherited by all accounts in the OU easily isolate workloads or applications that have specific security requirements.

Answer 58

on demand access to AWS security and compliance reports and select online agreements. Artifact Agreements and Artifact Reports.

Answer 59

Boilerplate agreements to address needs of customers who are subject to specific regulations, such as the Health Insurance Portability and Accountability Act (HIPAA).

Answer 60

compliance reports from third party auditors.

Answer 61

Customer compliance stories relate how companies in regulated industries have solved various compliance, governance, and audit challenges. compliance whitepapers includes an auditor learning path.

Answer 62

Denial of Service attack. deliberate attempt to make a website or application unavailable to users. Originates from a Single Source

Answer 63

Destributed Denial of Service Attack. | multiple sources are used to start an attack

Answer 64

a service that protects applications against DDoS attacks. | Two tiers: Standard and Advanced

Answer 65

Automatic, no cost protection from common, frequently occurring types of DDoS attacks. Uses variety of analysis techniques to detect maliciois traffic and mitigate

Answer 66

paid service detailed attack diagnostics detect and mitigate sophisticated DDoS attacks. Integrates with CloudFRONT, Route 53, ELB, etc. Can integrate Shield with AWS WAF by writing custom rules.

Answer 67

Key Management Service. encryption using cryptographic keys. create, manage, and use cryptographic keys. control the use of keys across a wide range of services and in your applications.

Answer 68

Web Application Firewall. monitor network requests that come into your web applications. Works with CloudFront and Application Load Balancer. Uses Web ACL.

Answer 69

automated security assessments. prioritizes by severity level, including a detailed description of each security issue and a recommendation for how to fix it.

Answer 70

intelligent threat detection for AWS infrastructure and resources. do not have to deploy or manage any additional security software. continuously analyzes data from multiple AWS sources, including VPC Flow Logs and DNS logs.

Answer 71

enables you to monitor and manage various metrics and configure alarm actions based on data from those metrics. uses metrics to represent the data points for your resources.

Answer 72

automatically perform actions if the value of your metric has gone above or below a predefined threshold.

Answer 73

enables you to access all the metrics for your resources from a single location. customize separate dashboards for different business purposes, applications, or resources.

Answer 74

records API calls for your account. includes the identity of the API caller, the time of the API call, the source IP address of the API caller, and more.

Answer 75

optional feature allows CloudTrail to automatically detect unusual API activities in your AWS account.

Answer 76

a web service that inspects your AWS environment and provides real time recommendations in accordance with AWS best practices. five categories: cost optimization, performance, security, fault tolerance, and service limits.

Answer 77

Always Free, 12 months free (first 12 months after opening account), Trials (short term product trials).

Answer 78

Pay for what you use; pay less when you reserve; pay less with volume based discounts when you use more.

Answer 79

pay your AWS bill, monitor your usage, and analyze and control your costs. Compare your current month to date balance with the previous month, and get a forecast of the next month based on current usage. View month to date spend by service. View Free Tier usage by service. Access Cost Explorer and create budgets. Purchase and manage Savings Plans. Publish AWS Cost and Usage Reports.

Answer 80

receive a single bill for all AWS accounts in your organization. The default maximum number of accounts allowed for an organization is 4, but you can contact AWS Support to increase your quota, if needed. you can review itemized charges incurred by each account. share bulk discount pricing, Savings Plans, and Reserved Instances across the accounts in your organization.

Answer 81

create budgets to plan your service usage, service costs, and instance reservations. updates three times a day

Answer 82

enables you to visualize, understand, and manage your AWS costs and usage over time. includes a default report of the costs and usage for your top five cost accruing AWS services. You can apply custom filters and groups

Answer 83

Basic, Developer, Business, Enterprise

Answer 84

free for all AWS customers. whitepapers, documentation, and support communities. access to a limited selection of AWS Trusted Advisor checks. can use the AWS Personal Health Dashboard

Answer 85

Best practice guidance, Client side diagnostic tools, Building block architecture support, which consists of guidance for how to use AWS offerings, features, and services together

Answer 86

Use case guidance to identify AWS offerings, features, and services that can best support your specific needs, All AWS Trusted Advisor checks, Limited support for third party software, such as common operating systems and application stack components

Answer 87

Application architecture guidance, which is a consultative relationship to support your company’s specific use cases and applications, Infrastructure event management: A short term engagement with AWS Support that helps your company gain a better understanding of your use cases. This also provides your company with architectural and scaling guidance. A Technical Account Manager

Answer 88

With an Enterprise Support plan. Primary POC at AWS. provide guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications.

Answer 89

igital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS. several categories, such as Infrastructure Products, Business Applications, Data Products, and DevOps.

Answer 90

Cloud Adoption Framework. 6 Perspectives. Business, People, Governance, Platform, Security, Operations

Answer 91

ensures that IT aligns with business needs and that IT investments link to key business results. Business managers, Finance managers, Budget owners, Strategy stakeholders

Answer 92

supports development of an organization wide change management strategy for successful cloud adoption. Human resources, Staffing, People managers

Answer 93

focuses on the skills and processes to align IT strategy with business strategy. Chief Information Officer (CIO), Program managers, Enterprise architects, Business analysts, Portfolio managers

Answer 94

principles and patterns for implementing new solutions on the cloud, and migrating on premises workloads to the cloud. Chief Technology Officer (CTO), IT managers, Solutions architects

Answer 95

ensures that the organization meets security objectives for visibility, auditability, control, and agility. Chief Information Security Officer (CISO), IT security managers, IT security analysts

Answer 96

helps you to enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders. IT operations managers, IT support managers

Answer 97

rehosting, replatforming, refactoring/re architecting, repurchasing, retaining, retiring.

Answer 98

lift and shift” involves moving applications without changes.

Answer 99

“lift, tinker, and shift,” involves making a few cloud optimizations to realize a tangible benefit. Optimization is achieved without changing the core architecture of the application.

Answer 100

reimagining how an application is architected and developed by using cloud native features. Refactoring is driven by a strong business need to add features, scale, or performance that would otherwise be difficult to achieve in the application’s existing environment.

Answer 101

moving from a traditional license to a software as a service model.

Answer 102

keeping applications that are critical for the business in the source environment. This might include applications that require major refactoring before they can be migrated, or, work that can be postponed until a later time.

Answer 103

removing applications that are no longer needed.

Answer 104

small, rugged, and secure edge computing and data transfer device. It features 2 CPUs, 4 GB of memory, and 8 TB of usable storage.

Answer 105

Storage Optimized: large scale data migrations and recurring transfer workflows, 80TB block/S3, 1TB SSD block, 40v CPU & 80 GiB memory for EC2 sbe1 Instances

Answer 106

use cases such as machine learning, full motion video analysis, analytics, and local computing stacks. 42TB for S3/EBS, 7.68 TB SSD for EBS, 52 vCBU, 208 GiB memory, optional GPU

Answer 107

exabyte scale data transfer service used to move large amounts of data to AWS. You can transfer up to 100 petabytes of data per Snowmobile, a 45 foot long ruggedized shipping container, pulled by a semi trailer truck.

Answer 108

Operational Excellence, Security, Reliability, Performacne Efficiency, Cost optimization

Answer 109

``` Run/monitor systems for business value organization prepare operate evolve ```

Answer 110

the ability to protect information, systems, and assets while delivering business value through risk assessments and mitigation strategies.

Answer 111

the ability of a system to do the following: Recover from infrastructure or service disruptions, Dynamically acquire computing resources to meet demand, Mitigate disruptions such as misconfigurations or transient network issues

Answer 112

the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.

Answer 113

the ability to run systems to deliver business value at the lowest price point.

Answer 114

Collection of interrelated applications, infrastructure, policy, governance, and operations running on aws that provide business or operational value.

Answer 115

``` operational excellence security reliability performance efficiency cost optimization ```

Answer 116

organization, priorities & structure prepare, design for operations operate, health of workload evolve, learn from experiences

Answer 117

``` identity & access management detection infrastructure protection data protection incident response ```

Answer 118

foundations Workload architecture change management failure management

Answer 119

selection of right resources review selections periodically monitor performance of resources trade offs between performance and efficiency

Answer 120

``` cloud financial management spend and usage awareness cost effective resources manage demand and supply resources optimize over time Achieve critical business outcomes at lowest cost ```

Answer 121

Perimeter (physical security) Environmental (force majeure) Infrastructure (fire, hvac, power) Data (data protection/destruction policies)

Answer 122

Used for AWS CLI, the AWS SDKs, or direct HTTPS Each user can have two active access keys

Answer 123

For SSH or RDP connections to an Amazon Elastic Cloud Compute (EC2) instance. No identity tracking not best for daily access. Use Active Directory or LDAP routinely.

Answer 124

centrally manage access secrets for AWS, on premises, and third party services. database credentials, passwords, third party API keys, and even arbitrary text. replace hardcoded credentials in your code with an API call to Secrets Manager to retrieve the secret programmatically. automatically rotate the secret

Answer 125

Single Sign On Compatible with Microsoft Active Directory Access multiple AWS accounts

Answer 126

web service for temporary, limited privilege credentials for IAM users. used for users taking different role or are being federated.

Answer 127

AWS Directory Service for Microsoft Active Directory enables Active Directory in the AWS Cloud. built on actual Microsoft Active Directory and does not require you to synchronize or replicate data from your existing Active Directory to the cloud.

Answer 128

Centrally manage and enforce policies for multiple AWS accounts. group accounts into organizational units and use service control policies to centrally control AWS services. automate the creation of new accounts through APIs simplify billing w/ single payment method for all accounts in organization w/ consolidated billing. no additional charge for service

Answer 129

add user sign up, sign in, and access controls to your web and mobile apps. define roles and map users to different roles. User sign in by a third party identity provider, or directly via Amazon Cognito.

Answer 130

capture & collect logs (CloudTrail) monitoring & notification (CloudWatch) Auditing (Mgmt Console & CLI): S3, ELB, CloudWatch, CloudTrail, and VPC

Answer 131

continuous monitoring and assessment detect non compliance configurations almost in real time. view current and historic configurations

Answer 132

``` via Isolation. VPC: subnet routing, ACLs, Security Groups App/OS Security w/ AWS Systems Manager AWS Firewall Manager AWS Direct Connect AWS CloudFormation ```

Answer 133

centrally configure and manage AWS WAF rules across your accounts and applications

Answer 134

Protection at Rest: Client side encryption (user managed) & Server side encryption (AWS managed) Protection in transit: HTTPS endpoints using TLS deploy, and manage public and private certificates used for TLS w/ AWS IPsec with VPN connectivity into AWS

Answer 135

hardware security modules (HSM) in AWS Cloud. (a computing device that processes cryptographic operations and provides secure storage for cryptographic keys)

Answer 136

creates and manages public SSL/TLS certificates for AWS based websites and applications. ACM can also be used to issue private SSL/TLS X.509 certificates that identify users, computers, applications, services, servers, and other devices internally.

Answer 137

uses machine learning to automatically discover, classify, and protect sensitive data in AWS. recognizes sensitive data such as personally identifiable information (PII) or intellectual property. dashboards and alerts give visibility into data access/movement

Answer 138

APIs automate incident response tasks Forensics using EBS snapshots CloudFormation to quickly create new trusted environment AWS Step Functions to tie together multiple steps in a forensic/recovery process.

Answer 139

coordinate multiple AWS services into serverless workflows. build and update apps quickly. design and run workflows that stitch together services such as AWS Lambda and AWS CloudFormation.

Answer 140

Using AWS Edge. Diversifies points of access between services and data accessed via web. Route 53, CloudFront, Shield

Answer 141

protects from common web exploits. | customizable web security rules.

Answer 142

Direct Attached Storage HDD, SSD physically attached to server

Answer 143

Storage Area Network centralized block storage disk arrays, tape storage usually isolated from LAN (LAN & SAN traffic don't compete for bandwidth )

Answer 144

Redundant Array of Independent Disks block storage works on Amazon EBS (software level RAID) RAID 5/6 not recommended on EBS, consomes IOPS available

Answer 145

connected to one server at a time (if server goes down, needs be connected to another) no metadata pay for all storage within a block whether used or not (EBS scales blocks, not bits)

Answer 146

backup/recovery persistent local storage relational/noSQL databases data warehousing enterprise applications big data processing

Answer 147

SSD Volumes gp2 (default for EBS) gp3 (new gen, 20% cheaper than gp2) io1 (high IOPS) io2 (faster than io1) io2 Block Express (fastest) HDD Volumes st1 (throughput optimized) sc1 (cold HDD)

Answer 148

Managed File Storage System for Windows: SSD backed Native support for NTFS, SMB, Active Directory, DFS Automatic daily backup for CRM, ERP, Active Directory, dotnet, home directory, etc. Lustre Parallel Distributed File System high performance for compute intensive apps ML, modeling, big data, video processing data on many servers accessible by many compute instances concurrently

Answer 149

Data stored as objects in a bucket. Accessed via metadata and unique object ID Amazon S3 ``` PRO: Scalability, durability, cost CON: interface & application compatibility performance (slower than file/block storage) ```

Answer 150

typically use cloud storage appliance Data Cache Hot Data is frequently read/write Cold Data: less frequently read/write Dirty Data: written, not yet uploaded to cloud Dirty data is uploaded to buffer and then to storage appliance User reads data from cache. If not there, downloaded from cloud.

Answer 151

File Gateway Appliance SMB/NFS integrated Volume Gateway Appliance iSCSI integration Tape Gateway Appliance virtual tape storage appliance iSCSI/VTL integration

Answer 152

Amazon FS/Storage Gateway: iSCSI, NFS, SMB, NTFS Amazon S3 RESTful API, AWS SDKs AWS Data Transfer FTP, SFTP