Deck 1

Question 1

S3 object size

Answer 1

From 1 byte to 5 TB

Question 2

S3 bucket URL format

Answer 2

https://S3-.amazonaws.com/

Question 3

S3 response when upload successful

Answer 3

HTTP 200 response

Question 4

S3 Data consistency model

Answer 4

Read after write for PUTS

Eventual consistency for overwrite PUTS and DELETES

Question 5

S3 objects consist in…

Answer 5

Key
Value (sequence of bytes)
Version ID
Metadata
Subresources (ACL, Torrent)

Question 6

Things to take in account when naming S3 objects

Answer 6

First 16 characters determine node where S3 stores the file

Add randomness to the file name

Question 7

S3 availability and durability

Answer 7

Availability 99,99%

Durability 99,999999999% (11 nines)

Question 8

S3 storage tiers

Answer 8

S3 (default, 99,99% availability 99,999999999% durability)
Infrequent Access (cheaper storage fee, retrieval fee 99,9% availability 99,999999999% durability )
Reduced Redundancy Storage ( 99,99% availability 99,99% durability)
Glazier (Archival, really cheap, 3-5 hours to restore)

Question 9

Is it possible to remove S3 versioning?

Answer 9

No, only disable

Question 10

How much space is occupied when S3 versioning is enabled?

Answer 10

The sum of all versions

Question 11

How to restore a deleted file with versioning enabled in S3?

Answer 11

Delete the delete marker

Question 12

Is it possible to use lifecycle management in conjunction with versioning?

Answer 12

Yes

Question 13

How many days should you wait before deleting an object from Glacier?

Answer 13

Glacier is designed to store objects for at least 90 days. Costs incur for 90 danys

Question 14

What is an edge location in CloudFront?

Answer 14

Location where content will be cached

Question 15

What is an origin in CloudFront?

Answer 15

Origin of all files that the CDN will distribute.
Can be:
-S3 bucket
-EC2 instance
-ELB
-Route 53

Question 16

What is a distribution in CloudFront?

Answer 16

Name given to the CDN.

Consists in a collection of edge locations

Question 17

Types of distributions in CloudFront

Answer 17

• Web distribution

- RTMP (media streaming)

Question 18

Is it possible to write to an edge location?

Answer 18

Yes

Question 19

What determines the amount of time an object is cached in CloudFront?

Answer 19

TTL

Question 20

Is it possible to clear cached objects in CloudFront?

Answer 20

Yes, but you will be charged

Question 21

Is it possible to restrict access to contents in CloudFront?

Answer 21

Yes, you can use signed URLs or signed cookies

Question 22

How to set up access to an S3 bucket?

Answer 22

ACL

Bucket Policies

Question 23

Where can you store access logs for an S3 bucket?

Answer 23

Another bucket

Another AWS account

Question 24

Ways of encrypting data in S3

Answer 24

• In transit:
• -SSL/TLS
• At rest:
• -Server side encryption:
• –SSE-S3 (S3 managed keys)
• –SSE-KMS (AWS Key Management Service managed keys)
• –SSE-C (Customer provided keys)

–Client side encryption

Question 25

Types of Storage Gateway

Answer 25

• Files Gateway (NFS)
• Volumes Gateway(iSCSI)
• -Stored volumes
• -Cached volumes
• Tape Gateway (VTL)

Question 26

What you can do with Snowball?

Answer 26

Export data from S3

Import data to S3

Question 27

What is S3 transfer acceleration?

Answer 27

Accelerates uploads to S3 using edge locations.

User uploads to edge location and data is uploaded to S3 through AWS backbone.

Question 28

What do you need to enable S3 cross region replication?

Answer 28

Enable versioning

Question 29

S3 lifecycle management actions permitted

Answer 29

• Transition from standard to IA (128kb and 30 days after creation)
• Archive to glacier (30 days after transfer to IA)
• Permanently delete

Question 30

Snowball types

Answer 30

Snowball
Snowball edge
Snowmobile

Question 31

What is Import / Export?

Answer 31

Allows you to send disks with data to AWS.

Deprecated (currently Snowball)

Question 32

What is S3 multipart upload?

Answer 32

Allows you to accelerate uploads by uploading multiple parts

Question 33

Are you charged for the whole hour when a spot instance is terminated?

Answer 33

If the Spot instance is terminated by Amazon EC2, you will not be charged for a partial hour of usage.
However, if you terminate the instance yourself, you will be charged for any hour in which the instance ran.

Question 34

EC2 instance families

Answer 34

DRMCGIFTPX

Question 35

EC2 instance types

Answer 35

on demand, spot, reserved, dedicated hosts

Question 36

EBS types

Answer 36

General purpose 
Provisioned IOPS
Throughput optimized (no boot)
Cold (no boot)
Magnetic standard

Question 37

Is it possible to connect an EBS volume to multiple EC2 instances?

Answer 37

No, you should use EFS instead

Question 38

Is it possible to encrypt an EBS root volume from an AWS AMI?

Answer 38

You can’t encrypt a root volume from a created AMI. Instead, you should use a 3rd party tool or create your own AMI and encrypt it during creation

Question 39

Traffic allowed by default in SG

Answer 39

Inbound: None
Outbound: All

Question 40

How many EC2 instances per SG?

Answer 40

Any number

Question 41

Is it possible to attach an EBS volume to an instance I. A different AZ?

Answer 41

No

Question 42

What to do in case you need more IOPS than an EBS volume can provide?

Answer 42

Create more than one volume an create a RAID 0 or 10.

Amazon discourages RAID 5.

Question 43

How to take a consistent snapshot from a RAID?

Answer 43

Application consistent snapshot.

• Freeze filesystem
• Unmount array
• Stop EC2 instance

Question 44

How to take a snapshot from an EBS root volume?

Answer 44

Stop the EC2 instance first

Question 45

Is it possible to share an encrypted snapshot?

Answer 45

No

Question 46

How to encrypt the snapshot of an encrypted volume?

Answer 46

It is encrypted automatically

Question 47

How to encrypt a volume restored from an encrypted volume?

Answer 47

It is done automatically

Question 48

Is it possible to stop an instance store backed instance?

Answer 48

No

Question 49

What will happen with root volumes on termination?

Answer 49

By default, all will be deleted, but you can chose to keep EBS backed root volumes during creation

Question 50

How to resolve the IP address of an ELB?

Answer 50

It is not possible, AWS gives you a DNS name

Question 51

CloudWatch host level metrics enabled by default

Answer 51

• CPU
• Network
• Disk (read/write, not space consumption)
• Status checks

Question 52

CloudWatch monitoring types and default interval

Answer 52

Default monitoring, enabled by default. No cost and 5 minute interval.
Detailed monitoring, not enabled by default. Has cost and 1 minute interval.

Question 53

Is it possible to us a role in a different region?

Answer 53

Yes, roles are universal

Question 54

Instance meta-data URL

Answer 54

http://169.254.169.254/latest/meta-data/

Question 55

Define warm up and cool down periods

Answer 55

Warm up period: period for the instance to start participating to the metrics
Cooldown period: amount of time between autoscaling events

Question 56

What is a placement group?

Answer 56

A placement group is a logical grouping of instances within a single Availability Zone. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking.

Question 57

Is it possible to expand a placement group to more than one AZ?

Answer 57

No

Question 58

Is it possible to use the same name in more than one placement group?

Answer 58

No, name must be unique in your AWS account

Question 59

Is it possible to launch any instance type in a placement group?

Answer 59

No, only in compute, GPU, memory or storage optimised instances

Question 60

Is it possible to merge placement groups?

Answer 60

No

Question 61

Is it possible to add an existing instance to a placement group?

Answer 61

No, but you can create an AMI from the instance and launch a new instance from the AMI into the placement group

Question 62

Is it possible to delete an EBS snapshot used as root volume for a registered AMI?

Answer 62

No, you should deregister the AMI first

Question 63

Is it possible to launch an AMI in a different region from where it is stored?

Answer 63

No, AMIs are regional. You can copy an AMI to other region using console, command line or EC2 API

Question 64

How to obtain the IP address of an ELB?

Answer 64

ELBs don’t have predefined IPv4 addresses. You resolve to them using a DNS name

Question 65

Differences between alias and CNAME

Answer 65

• Alias allow to resolve a zone apex

- AWS does not charge for alias resolution

Question 66

Route53 routing policies

Answer 66

• Simple
• Weighted
• Latency
• Failover
• Geolocation

Question 67

Route53 domain name number soft limit

Answer 67

50

Question 68

What do you need in order to create a read replica in RDS?

Answer 68

Enable automatic backups

Question 69

Maximum number of read replicas in RDS

Answer 69

5

Question 70

Is it possible to have a read replica from a read replica?

Answer 70

Yes, but latency problems can appear

Question 71

Is it possible to enable MultiAZ in a read replica?

Answer 71

No

Question 72

Differences scaling RDS and DynamoDB

Answer 72

• RDS: hard to scale. Bigger instance or read replicas

- DynamoDB: Scales on the fly

Question 73

DynamoDB consistency models

Answer 73

Eventual consistency ( best read performance, default)
Strong consistency

Question 74

Dynamoy billing blocks

Answer 74

Blocks of:
Read:50 (cheap)
Write:10 (expensive)

Question 75

When is suitable to use ElastiCache?

Answer 75

Database with frequent reads and few changes

Question 76

What are the charges for the data transferred from RDS masters to replicas?

Answer 76

None

Question 77

If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines what is the maximum size RDS volume you can have by default?

Answer 77

6Tb

Question 78

Maximum provisioned IOPS capacity on an Oracle and MySQL RDS instance (using provisioned IOPS)

Answer 78

30,000 IOPS

Question 79

How many copies of your data do you have with Aurora?

Answer 79

6, 2 copies in 3 AZ

Question 80

How many copies can Aurora handle loosing?

Answer 80

3 copies without affecting reads

2 copies without affecting writes

Question 81

Types of Aurora replicas

Answer 81

Aurora replicas ( up to 15)
MySQL replicas ( up to 5)

Question 82

Redshift node configuration

Answer 82

• Single node ( 160Gb)
• Multinode:
• -Leader node: manages client connections, receives queries
• -Compute node:stores data, performs queries and computations (up to 128 compute nodes)

Question 83

Is it possible to expand a subnet to more than one AZ?

Answer 83

No

Question 84

How many IGW per VPC?

Answer 84

1

Question 85

Is it possible to perform transitive peering in VPC?

Answer 85

No, VPC peering is done through star configuration

Question 86

VPC allowed CIDR block ranges?

Answer 86

Between /16 and /28

Question 87

What is created by default when you create a VPC?

Answer 87

Route table
Network ACL
Security Group

Question 88

To which route table is associated a subnet when it is created?

Answer 88

Default

Question 89

What you should disable in a NAT instance?

Answer 89

Source/destination check

Question 90

What to do is NAT instance is the bottleneck ?

Answer 90

Increase instance size

Question 91

How to deploy a NAT instance in HA?

Answer 91

• Two instances in different AZs

- Script to automate failover between them

Question 92

How many NACL per subnet?

Answer 92

1, when you associate a new NACL, old is removed

If not associated, it is associated with default NACL

Question 93

Traffic allowed by default in NACL

Answer 93

Default: all
Custom: any

Question 94

How many subnet per NACL?

Answer 94

Multiple

Question 95

How many VPC per region by default?

Answer 95

5

Question 96

How many subnet to provide HA?

Answer 96

Minimum of 2

Question 97

Difference NAT and bastion instances?

Answer 97

NAT to provide internet traffic to instances in private subnet
Bastion to manage instances in private subnet

Question 98

Does an instance in a public subnet have internet access by default?

Answer 98

No, you have to assign a public address or an EIP to the instance

Question 99

What AWS region(s) can I connect to via a DirectConnect connection?

Answer 99

Each AWS Direct Connect location enables connectivity to the geographically nearest AWS region. You can access all AWS services available in that region.
Direct Connect locations in the US can also access the public endpoints of the other AWS regions using a public virtual interface.

Question 100

How many types of block devices does Amazon EC2 support?

Answer 100

• Instance store

- EBS

Question 101

What does Amazon EBS stand for?

Answer 101

Elastic Block Store

Question 102

What is SWF?

Answer 102

Simple WorkFlow Service.

Service to coordinate tasks

Question 103

Main differences between SQS and SWF

Answer 103

• SQS has a retention period of 14 days, SWF up to 1 year for workflow executions
• SQS message oriented API, SWF task oriented API
• SWF ensures task is processed one time

Question 104

SWF actors

Answer 104

• Starters
• Deciders
• Workers

Question 105

Maximum size of an SQS message

Answer 105

256kb of text in any format

Question 106

SQS order

Answer 106

Does not provide FIFO

Question 107

SQS visibility timeout

Answer 107

12 hours

Question 108

How many times a message will be delivered to SQS?

Answer 108

At least 1.

You should prepare your application so processing message more than one time does not generate errors or inconsistencies

Question 109

How is SQS billed?

Answer 109

• 64kb chunks (each chunk is charged as a request. Example: 1 API call with 256kb payload is charged = 4 requests)
• first 1 million SQS requests are free
• $0,50 per million thereafter

Question 110

How many messages per request in SQS?

Answer 110

10

Maximum payload of 256kb

Question 111

SNS deliver methods

Answer 111

• Push notification to mobile devices
• SMS
• Email
• SQS
• HTTP endpoint
• Lambda

Question 112

Main difference between SQS and SNS

Answer 112

SQS is pull

SNS is push

Question 113

What does a “domain” refer to in Amazon SWF?

Answer 113

A collection of related workflows

Question 114

With which protocols does RDS support SOAP?

Answer 114

Only HTTPS

Question 115

What is bulk copy for SQL Server?

Answer 115

The SQL Server bulk copy feature is an efficient means of copying data from a source database to your DB instance. Bulk copy writes the data that you specify to a data file, such as an ASCII file. You can then run bulk copy again to write the contents of the file to the destination DB instance.

Question 116

In the Amazon RDS which uses the SQL Server engine, what is the maximum size for a Microsoft SQL Server DB
Instance with SQL Server Express edition?

Answer 116

10 Gb

Question 117

Attaching methods for ENIs

Answer 117

You can attach an elastic network interface to an instance when it’s running (hot attach), when it’s stopped (warm attach), or when the instance is being launched (cold attach).

Question 118

If you scale your provisioned storage capacity within the month…

Answer 118

…your bill will be pro-rated.

Question 119

Backup retention period duration?

Answer 119

You can set the backup retention period to between 1 and 35 days.

Question 120

What configuration should be used to ensure the highest network performance (packets per second), lowest latency, and lowest jitter?

Answer 120

Enhanced Networking enables you to get significantly higher packet per second (PPS) performance, lower network jitter and lower latencies. This feature uses a new network virtualization stack that provides higher I/O performance and lower CPU utilization compared to traditional implementations. In order to take advantage of Enhanced Networking, you should launch an HVM AMI in VPC, and install the appropriate driver.

Question 121

The Trusted Advisor service provides insight regarding which four categories of an AWS account?

Answer 121

Security
Fault tolerance
Cost optimizing
Performance

Question 122

Which login types does AWS STS web identity federation support?

Answer 122

AWS STS web identity federation supports Login with Amazon, Facebook, Google, and any OpenID Connect (OICD)-compatible identity provider.

Question 123

Instance types only available as Amazon EBS-backed

Answer 123

T2

C4

Question 124

Main difference between CloudWatch and CloudTrail

Answer 124

CloudWatch: monitoring
CloudTrail: logging

Question 125

Is it possible to move reserved instances from one region to another?

Answer 125

No

Question 126

AWS services related with big data

Answer 126

• Kinesis: consume big data in real time (ex: social media)
• EMR:big data processing
• Redshift: BI

Question 127

What is a resource group?

Answer 127

Which resource groups you can group resources that share one or more tags

Question 128

VPC peering limitations

Answer 128

No multi region
No transitive
No CIDR overlapping

Question 129

Is it possible to authenticate in the AWS console using your AD credentials?

Answer 129

Yes, using SAML authentication

Question 130

Methodologies for encrypting data on S3?

Answer 130

SSE-KMS
SSE-S3
SSE-C

Question 131

4 pillars well architected framework

Answer 131

Security
Reliability
Performance efficiency
Cost optimisation

Question 132

What is needed before you can enable cross-region replication on an Amazon Simple
Storage Service (Amazon S3) bucket?

Answer 132

-Enable versioning on the bucket.
-Create an AWS IAM policy to allow Amazon S3
to replicate objects on your behalf.

Question 133

what you can and cannot change from an instance reservation?

Answer 133

You can change the instance type only within the same instance type family, or
you can change the Availability Zone. You cannot change the operating system nor the
instance type family.

Question 134

What can you do with dhcp option sets?

Answer 134

You can specify the domain name for instances within
an Amazon VPC and identify the IP addresses of custom DNS servers, NTP servers, and
NetBIOS servers

Question 135

What is a VPC endpoint?

Answer 135

Enables you to create a private connection between your Amazon VPC and another AWS service without requiring access over the Internet or through a NAT
instance, a VPN connection, or AWS Direct Connect. Endpoints support services within
the region only.

Question 136

The default time for an Amazon SQS visibility timeout is…

Answer 136

… 30 seconds

Question 137

The maximum time for an Amazon SQS visibility timeout is …

Answer 137

…12 hours

Question 138

What is proxy protocol?

Answer 138

You can identify the originating IP address of a client connecting to your servers using TCP load balancing. Client connection information, such as IP address and port, is typically lost when requests are proxied through a load balancer.

Question 139

What is Amazon CloudSearch?

Answer 139

Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application.

Question 140

Can the instances of s SG talk to each other?

Answer 140

Default SG - Yes

Other SGS - No

Question 141

What is erased when you delete an IAM user?

Answer 141

When you use the AWS Management Console to delete an IAM user, IAM automatically deletes the following information for you:

The user
Any group memberships—that is, the user is removed from any IAM groups that the user was a member of
Any password associated with the user
Any access keys belonging to the user
All inline policies embedded in the user (policies that are applied to a user via group permissions are not affected)
Any associated MFA device

Question 142

Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?

Answer 142

Note that you can’t delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first deregister the AMI before you can delete the snapshot.

Question 143

Pare meters retained when you promote a read replica

Answer 143

The new DB instance that is created when you promote a Read Replica retains the backup retention period, backup window period, and parameter group of the former Read Replica source.

Question 144

Public IP address remains associated when instance is stopped?

Answer 144

For instances launched in EC2-Classic, we release the private IPv4 address when the instance is stopped or terminated. If you restart your stopped instance, it receives a new private IPv4 address.

For instances launched in a VPC, a private IPv4 address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated.

Question 145

If you add a tag that has the same key as an existing tag on that resource…

Answer 145

…If you add a tag that has the same key as an existing tag on that resource, the new value overwrites the old value.

Question 146

Are Reserved Instances available for Multi-AZ Deployments?

Answer 146

Yes

Question 147

When should I choose Provisioned IOPS over Standard RDS storage?

Answer 147

If you use production online transaction processing (OLTP) workloads.

Question 148

What is an instance profile?

Answer 148

An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.

Question 149

How many active access keys we IAM user?

Answer 149

IAM permits users to have no more than two active access keys at one time.

Question 150

How to improve performance of API Gateway?

Answer 150

Use caching

Question 151

How to scale API Gateway?

Answer 151

It scales automatically

Question 152

How to prevent attacks in API Gateway?

Answer 152

Use throttling

Question 153

How to solve API Gateway error: “origin policy cannot be read at the remote resource”

Answer 153

Enable CORS

Question 154

Differences between Kinesis streams and Kinesis firehose?

Answer 154

Streams:
-uses shards
-data is sent to consumers first
Firehose:
-analizes dará automatically using lambda

Question 155

Can I encrypt connections between my application and my DB Instance using SSL?

Answer 155

Yes, this option is currently supported for the MySQL, MariaDB, SQL Server, PostgreSQL, and Oracle engines.

Question 156

Is the SQL Server Audit feature supported in the Amazon RDS SQL Server engine?

Answer 156

No

Question 157

If your DB instance runs out of storage space or file system resources, its status will change to_____ and your
DB Instance will no longer be available.

Answer 157

Storage-full

Question 158

Which Amazon storage do you think is the best for my database-style applications that frequently encounter
many random reads and writes across the dataset?

Answer 158

EBS

Question 159

How to expose a snapshot only to selected accounts?

Answer 159

SelectPrivate, enter the IDs of those AWS accounts, and clickSave.

Question 160

Define Query requests

Answer 160

Query requests are HTTP or HTTPS requests that use the HTTP verb GET or POST and a Query parameter named Action.

Question 161

Does AWS Direct Connect allow you access to all Availabilities Zones within a Region?

Answer 161

Yes

Question 162

Does Amazon SQS keep track of all tasks and events in an application?

Answer 162

No, with SQS, you must implement your own application-level tracking, especially if your application uses multiple queues.

Question 163

When editing permissions (policies and ACLs), to whom does the concept of the “Owner” refer?

Answer 163

The “Owner” refers to the identity and email address used to create the account AWS account.​​

Question 164

Once a VPC is set to Dedicated hosting, is it possible to change the VPC or the instances to Default hosting?

Answer 164

No, yvou must re-create the VPC.

Question 165

Is it possible to read Route53 internal resources from external sources?

Answer 165

Route53 has a security feature that prevents internal DNS from being read by external sources. The work around is to create a EC2 hosted DNS instance that does zone transfers from the internal DNS, and allows itself to be queried by external servers.

Question 166

Permissions to host a website on S3

Answer 166

• Modify object ACL (no bucket ACL)

- Create bucket policy

Question 167

It is possible to have a read replica in a different region in RDS?

Answer 167

Yes, for MySQL, MariaDB and Postgres instances

Question 168

To access public resources in a remote region…

Answer 168

…you must set up a public virtual interface and establish a border gateway protocol (BGP) session.

Question 169

ASG default termination policy

Answer 169

AZ with more instances
Oldest LC
Instance nearer to next billing hour

Question 170

Is it compulsory to have AWS credentials in order to use WorkSpaces?

Answer 170

No, if AWS WorkSpaces is integrated with an AD

Question 171

Is WorkSpaces persistent?

Answer 171

Yes

Question 172

On WorkSpaces, all data on D:/ is backed up every…

Answer 172

12 hours