Deck

Question 1

Does IAM apply to regional assets?

Answer 1

No, IAM is universal across the platform

Question 2

What is the root IAM account?

Answer 2

The account created when the AWS instance is first setup

Question 3

Should you use IAM roles or hard coded secrets/keys in programmatic access?

Answer 3

IAM roles

Question 4

Do new users have permissions when they are created?

Answer 4

No

Question 5

Can you view a new user’s access key id & secret access key after creation?

Answer 5

No

Question 6

Can you use the access keys to login to the AWS console?

Answer 6

No

Question 7

Should the root account have MFA setup?

Answer 7

Yes, always

Question 8

True or False: AWS recommends that EC2 instances have credentials stored on them so that the instances can access other resources (such as S3 buckets).

Answer 8

False

Question 9

What is the best way to enable your EC2 instance to read files in an S3 bucket?

Answer 9

Create an IAM role with read access to S3 and assign the role to the EC2 instance

Question 10

What is an IAM Policy?

Answer 10

A JSON document which defines one or more permissions

Question 11

What IAM entity can you use to delegate access to your AWS resources to users, groups or services?

Answer 11

IAM Role

Question 12

What are the EC2 Options

Answer 12

On Demand, Reserved, Spot, Dedicated Hosts

Question 13

What is the Reserved EC2 Option

Answer 13

provides you with a capacity reservation, and offer a significant discount on the hourly charge for an instance. 1 or 3 year term reservation

Question 14

FIGHTDRMCPX

Answer 14

FPGA, IOPS, Graphics, High Disk Throughput, Cheap General Purpose(T2 Micro), Density, Ram, Main choice for general purpose apps(M), Compute, Graphics(Pics), Extreme Memory

Question 15

What is Amazon EBS?

Answer 15

Elastic Block Storage (disk)

Question 16

What EBS type would I use for more than 10000 IOPS?

Answer 16

IO1 aka, not GP2

Question 17

What EBS type would I use for less than 10000 IOPS?

Answer 17

GP2

Question 18

What is the On Demand EC2 Option

Answer 18

Allows you to pay a fixed rate by the hour or second with no commitment

Question 19

What is the Spot EC2 option

Answer 19

enables you to bid whatever price you want for the instance - instances are brought online when the price drops at or below your bid and then terminated when the price goes back up

Question 20

What is the dedicated hosts EC2 option

Answer 20

Physical EC2 server dedicated for your use.

Question 21

True or False: When a sport EC2 instance is terminated by Amazon, you will not be charged for the partial hour of use

Answer 21

True

Question 22

What types of SSD storage does Amazon offer for EC2?

Answer 22

General Purpose SSD and Provisioned IOPS SSD

Question 23

What types of Magnetic storage does Amazon offer for EC2?

Answer 23

Throughput Optimized HDD, Cold HDD, and Magnetic

Question 24

What is an EC2 Security Group

Answer 24

Virtual Firewall

Question 25

What types of Load balancers exist on Amazon

Answer 25

Application, Network, and Classic Load Balancer

Question 26

What are application load balancers

Answer 26

Best suited for load balancing HTTP/S traffic and operate at layer 7

Question 27

What are network load balancers

Answer 27

Best suited for TCP traffic where extreme performance is needed, operates at layer 4

Question 28

What are classic load balancers

Answer 28

Legacy elastic load balancers, does both layer 4 and layer 7

Question 29

With a classic load balancer, what happens when your application stops responding

Answer 29

Load balancer responds with a 504 error

Question 30

What is the X-Forwarded-For header

Answer 30

Header that contains the actual client IP Address for a request that came through a classic load balancer

Question 31

What is Amazon Route53

Answer 31

Amazon DNS service

Question 32

What services can you map domain names to with Route53

Answer 32

EC2 instances, Load Balancers, S3 Buckets

Question 33

What do all AWS CLI commands start with

Answer 33

AWS

Question 34

How much access should I grant to CLI users

Answer 34

The least amount needed to do their job

Question 35

Should users be assigned to groups

Answer 35

Yes, this is preferred way of granting permissions

Question 36

How can you access Amazon services from EC2 instances without an access key

Answer 36

Use IAM Roles assigned to the instance

Question 37

What is the preferred way of granting access to Amazon services for EC2 instances

Answer 37

IAM Roles

Question 38

What controls what an IAM Role can do

Answer 38

JSON Policy

Question 39

When do changes to policies on a role take affect

Answer 39

Immediately

Question 40

Can you attach or detach a role from a running EC2 instance

Answer 40

Yes

Question 41

If you create an EBS volume from an encrypted snapshot, is the newly created volume encrypted?

Answer 41

Yes

Question 42

If you create an EBS volume from an unencrypted snapshot, is the newly created volume unencrypted?

Answer 42

Yes

Question 43

If you create an EBS volume from an encrypted snapshot, is the newly created volume unencrypted?

Answer 43

No

Question 44

If you create an EBS volume from an unencrypted snapshot, is the newly created volume encrypted?

Answer 44

No

Question 45

Do your EC2 instances need to be in the same availability zone as the EBS volumes they use?

Answer 45

Yes

Question 46

When creating a volume from a snapshot, can you change whether the drive is encrypted or not?

Answer 46

No, the un/encryption is all based on the snapshot itself and cannot be changed

Question 47

What are the two ways for encrypting a root EBS drive?

Answer 47

Using the OS, like Bitlocker, or by taking a snapshot in AWS Console

Question 48

What is the preferred way of encrypting a root EBS drive?

Answer 48

Using the AWS Console and a snapshot

Question 49

Can you encrypt an unencrypted EBS snapshot?

Answer 49

Yes

Question 50

How do you encrypt an unencrypted EBS snapshot?

Answer 50

Create a copy of the snapshot

Question 51

What is Amazon RDS

Answer 51

Relational Database Service

Question 52

What is Amazon Elasticache

Answer 52

Web service that makes it easy to deploy, operate, and scale an in-memory cache

Question 53

What two open-source in-memory caching engines are supported by Elasticache

Answer 53

Memcached and Redis

Question 54

Is Amazon RDS service for OLTP or OLAP

Answer 54

OLTP

Question 55

What is Amazon’s NoSQL Db?

Answer 55

DynamoDB

Question 56

What is Amazon’s OLAP service?

Answer 56

Redshift

Question 57

By default, can resource security groups talk to one antoher?

Answer 57

No

Question 58

How can you make it so one security group can talk to another?

Answer 58

Define an inbound rule for the target security group from the source security group. i.e. Db group and web server group

Question 59

What are the two types of RDS backups in AWS?

Answer 59

Automated backups and Database snapshots

Question 60

How can you restore a RDS db from an Automated Backup

Answer 60

You can restore to any point within a retention period

Question 61

How long is the retention period for an Automated Backup

Answer 61

one to 35 days

Question 62

True or False: Automated RDS backups take a full snapshot daily

Answer 62

true

Question 63

Do Automated backups store transaction logs throughout the day?

Answer 63

Yes

Question 64

How accurate is a recovery from an Automated Backup for RDS

Answer 64

Down to a second

Question 65

Where does Amazon store the Automated backups

Answer 65

In a S3 bucket

Question 66

Ture or False: When you restore a RDS from a backup,, a new database is created

Answer 66

True

Question 67

True or False: When you restore a RDS from a Automated Backup, a new database is created

Answer 67

True

Question 68

True or False: When you restore a RDS from a snapshot, a new database is created

Answer 68

True

Question 69

Does a RDS instance restored from a backup get a new DNS pointer?

Answer 69

Yes

Question 70

Can you encrypt an existing RDS instance in place?

Answer 70

No, you must create a snapshot

Question 71

In RDS, what is Multi-AZ

Answer 71

When you select to have a database live in multiple availability zones for disaster recovery

Question 72

In RDS, is Multi-AZ designed and used for high availability?

Answer 72

No, for disaster recovery

Question 73

Do you ever use a public IP when working with a RDS database instance?

Answer 73

No, never use public IP - always use the DNS name

Question 74

When should you use the DNS name to connect to a RDS instance?

Answer 74

Always

Question 75

True or False: RDS Multi-AZ is used for disaster recovery only

Answer 75

True

Question 76

True or False: RDS Multi-AZ is used for increasing performance

Answer 76

False

Question 77

How would I increase performance of my RDS instance?

Answer 77

Using a read replica

Question 78

What is a RDS read replica

Answer 78

Automatically updated RDS instances used to increase read throughput for your database instance

Question 79

Can you have read replicas of a read replica?

Answer 79

Yes

Question 80

True or False: RDS Read replica is used for disaster recovery only

Answer 80

False

Question 81

True or False: RDS Read Replica is used for increasing performance

Answer 81

True

Question 82

True or False: Each read replica of a RDS instance will have its own DNS endpoint

Answer 82

True

Question 83

Can you have Multi-AZ for read replicas?

Answer 83

Yes

Question 84

Can you have both Read Replica and Multi-AZ RDS instances?

Answer 84

Yes

Question 85

True or False: A read replica can be promoted to become its own RDS instance?

Answer 85

True

Question 86

What does promoting a read replica to its own database do?

Answer 86

Creates a RDS instance from the read replica and breaks replication

Question 87

True or False: You can’t have read replicas in a second region?

Answer 87

False, you can

Question 88

Which Elsticache provider do you use to have Multi-AZ

Answer 88

Redis

Question 89

Does the Memcached Elasticache provider allow for Multi-AZ

Answer 89

No

Question 90

Which Elasticache provider should I use if object caching is my primary goal?

Answer 90

Memcached

Question 91

Which Elasticache provider should I use if I want the simplest possible approach

Answer 91

Memcached

Question 92

Which Elasticache provider should I use if I am planning on running large cache nodes, and require multithreaded performance with utilization of multiple cores?

Answer 92

Memcached

Question 93

Which Elasticache provider should I use if I need to scale my cache horizontally as i grow?

Answer 93

Memcached

Question 94

Which Elasticache provider should I use if I have more advanced datatypes

Answer 94

Redis

Question 95

Which Elasticache provider should I use if sorting and ranking datasets in memory will help me

Answer 95

Redis

Question 96

Which Elasticache provider should I use if persistance of my keystore is important

Answer 96

Redis

Question 97

Which Elasticache provider should I use if I want to run Multi-AZ

Answer 97

Redis

Question 98

If my database is under a lot of stress/load and is read heavy executing many OLTP, what Amazon service should i use to alleviate this?

Answer 98

Elasticache

Question 99

If my database is under a lot of stress/load and is executing OLAP, what Amazon service should I use to alleviate this?

Answer 99

Redshift

Question 100

Which Elasticache provider should I use if I need pub/sub capabilities?

Answer 100

Redis

Question 101

Which Elasticache provider should I use if I am implementing leaderboards?

Answer 101

Redis

Question 102

What is S3?

Answer 102

Simple Storage Service

Question 103

What does S3 provide to customers?

Answer 103

secure, durable, highly-scalabale object storage

Question 104

What is the main purpose of S3?

Answer 104

To store objects, not operating systems or databases

Question 105

Can I use S3 to store/run a database?

Answer 105

No

Question 106

Can I use S3 to store/run an operating system?

Answer 106

No

Question 107

Can I use S3 to store a webpages, files, or images?

Answer 107

Yes

Question 108

Is S3 a safe place to store your files?

Answer 108

Yes

Question 109

Does S3 store your objects across multiple devices and facilities?

Answer 109

Yes

Question 110

Does S3 have high availability built in?

Answer 110

Yes

Question 111

True or False: S3 has an element of disaster recovery built in?

Answer 111

True

Question 112

How big can one file be in S3?

Answer 112

5TB

Question 113

True or False: S3 provides unlimited storage

Answer 113

True

Question 114

True or False: S3 limits your total amount of storage

Answer 114

False

Question 115

If I have a 4.5TB file, can I store this in S3?

Answer 115

Yes

Question 116

If I have a 5.1TB file, can I store this in S3?

Answer 116

No

Question 117

What are folders called in S3?

Answer 117

Buckets

Question 118

What is a bucket in S3?

Answer 118

Location files are stored (folder)

Question 119

True or False: S3 bucket names must be unique globally

Answer 119

True

Question 120

What HTTP code is returned when you successfully upload a file to S3?

Answer 120

200 OK

Question 121

What data consistency does S3 provide for PUTs of new objects?

Answer 121

Read after write

Question 122

How long do I have to wait to access my file in S3 after I have finished uploading it?

Answer 122

You don’t have to wait at all

Question 123

What data consistency does S3 provide for overwriting an existing file with a PUT or DELETEs on a file?

Answer 123

Eventual Consistency

Question 124

True or False: S3 is a key-value store

Answer 124

True

Question 125

An S3 object consists of _______

Answer 125

Key, Value, Version ID, Metadata, Subresources

Question 126

Does S3 support versioning of specific files?

Answer 126

Yes

Question 127

Is S3 designed to sustain the loss of 2 facilities at the same time?

Answer 127

Yes

Question 128

What is S3 - IA?

Answer 128

S3 for infrequently accessed data

Question 129

When using S3 - IA, do I pay per data retrieval?

Answer 129

Yes

Question 130

What is S3 - One Zone IA?

Answer 130

S3 for infrequently accessed data that is only in one availability zone

Question 131

What is S3 reduced redundancy storage?

Answer 131

S3 for data that is easy to recreate, like thumbnails

Question 132

What is S3 Glacier?

Answer 132

Very cheap S3 bucket for archiving data.

Question 133

How long do you have to wait before accessing your data in Glacier?

Answer 133

3-5 hours

Question 134

Which S3 storage class has the highest availability and durability?

Answer 134

Standard

Question 135

What is S3 Intelligent tiering?

Answer 135

automatically moves your S3 buckets to the most cost effective tier based on how you access each object

Question 136

What is S3 intelligent tiering used for?

Answer 136

Unknown or unpredictable access patterns

Question 137

What are the two tiers for S3 intelligent tiering?

Answer 137

Frequent and infrequent

Question 138

How long does data have to go unaccessed before it is moved to the infrequent tire in S3 intelligent tiering?

Answer 138

30 consecutive days

Question 139

How much does S3 Intelligent tiering cost?

Answer 139

$0.0025 per 1000 objects/month

Question 140

What do you get charged for in S3

Answer 140

Storage per GB, Requests, Storage management pricing, data management pricing(for moving data out of S3), Transfer Acceleration (using cloudfront)

Question 141

True or False: Newly created buckets in S3 are publicly available?

Answer 141

False

Question 142

True or False: Newly created buckets in S3 are private?

Answer 142

True

Question 143

What are the mechanisms for controlling access to your S3 buckets?

Answer 143

Bucket policies and access control lists

Question 144

What is an S3 Bucket Policy

Answer 144

Access control policy at the bucket level

Question 145

What is a S3 Access Control List

Answer 145

Access control policy at the object level

Question 146

Can I configure my S3 bucket to log accesses?

Answer 146

Yes

Question 147

Can I configure my S3 bucket to log accesses and store those logs in another bucket?

Answer 147

Yes

Question 148

Does S3 support encryption on objects?

Answer 148

Yes

Question 149

Will S3 encrypt your objects for you?

Answer 149

Yes

Question 150

True or False: I must encrypt files myself before uploading them to S3 if I want them to be encrypted

Answer 150

False

Question 151

True or False: I cannot log API actions at the bucket level in S3

Answer 151

False

Question 152

What tool can I use to log actions at the bucket level in S3

Answer 152

CloudTrail, for additional cost

Question 153

Can I monitor the performance of requests into my S3 buckets?

Answer 153

Yes, using CloudWatch

Question 154

Can you upload a publicly available file to a private bucket?

Answer 154

No, the bucket must be publicly available

Question 155

If a bucket is publicly available, are all the objects automatically publicly available?

Answer 155

No

Question 156

What types of encryption does S3 support?

Answer 156

In transit and at rest

Question 157

What types of in transit security are supported by S3?

Answer 157

SSL/TLS

Question 158

What types of at rest encryption does S3 support?

Answer 158

SSE-S3, SSE-KMS, SSE-C

Question 159

Can I encrypt existing objects in my S3 bucket?

Answer 159

Yes

Question 160

Can I provide my own keys for S3 encryption?

Answer 160

Yes

Question 161

How would I enforce S3 object encryption on my bucket for all newly uploaded files?

Answer 161

Using a bucket policy

Question 162

What encryption parameter should you include to encrypt your files at upload time?

Answer 162

x-amz-server-side-encryption: AES256 or ams:kms

Question 163

Does S3 support CORS access?

Answer 163

Yes

Question 164

What is CloudFront?

Answer 164

Amazon’s CDN

Question 165

What is an Edge Location in CloudFront?

Answer 165

Geographically dispersed data centers that you can select to host your CDN in

Question 166

What is an Origin in CloudFront?

Answer 166

This is the origin of all the files that the CDN will distribute

Question 167

What are valid Origins for a CloudFront CDN?

Answer 167

S3 Bucket, EC2 instance, Elastic Load Balancer, or Route53

Question 168

What is a CloudFront Distribution

Answer 168

Name given to a CDN which consists of a collection of edge locations

Question 169

What is a CloudFront Web Distribution?

Answer 169

A distribution typically used for WebSites

Question 170

What is RTMP in CloudFront?

Answer 170

A distribution used for media streaming on the CDN

Question 171

What does RTMP stand for in CloudFront

Answer 171

Real Time Messaging Protocol

Question 172

If I want to optimize performance for global users of my S3 backed website, what tool should I use?

Answer 172

CloudFront

Question 173

Can I use CloudFront with any non-AWS Origin server?

Answer 173

Yes

Question 174

Is a CloudFront edge location the same thing as an AWS Region or Availability Zone?

Answer 174

No

Question 175

True or False: CloudFront edge locations are read-only

Answer 175

False

Question 176

How long are objects cached in an edge location?

Answer 176

For the TTL (Time to LIve)

Question 177

True or False: I cannot manually clear an edge location cache

Answer 177

False, you can

Question 178

True or False: Manually clearing an edge location cache is free

Answer 178

False, it costs

Question 179

I have content on my website that I want to restrict to paid users only and I’m using CloudFront for CDN. How do I achieve this?

Answer 179

By using the Signed URLs/Signed Cookies option

Question 180

True or False: The first time a user access a file using cloudfront, the file will load fast

Answer 180

False

Question 181

When does a file get cached in an edge location by cloudfront?

Answer 181

The first time a user access the file

Question 182

How would I optimize performance for my GET-Intensive S3 workloads?

Answer 182

CloudFront CDN

Question 183

How would I optimize performance for my Mixed Request Type workloads

Answer 183

Using a random key name instead of a sequential one

Question 184

What are the S3 storage classes?

Answer 184

S3, S3 - IA, S3 - One Zone IA, S3 - Reduced Redundancy, Glacier

Question 185

What is the default TTL for CloudFront cache?

Answer 185

24 hours

Question 186

True or False: If you want to enable a user to download private data directly from S3, you can use a signed URL

Answer 186

True

Question 187

What is the largest file size you can transfer to S3 using a PUT operation?

Answer 187

5GB

Question 188

What are the ways to trigger an AWS lambda

Answer 188

HTTP Triggers and event triggers

Question 189

What is API Gateway

Answer 189

The API proxy service

Question 190

What languages are supported by Lambda

Answer 190

Node.js, Java, Python, C#, Go

Question 191

If I execute less than 1 million requests per month, will I incur a charge for my lambda functions?

Answer 191

No

Question 192

If I execute more than 1 million requests per month, will I incur a charge for my lambda functions?

Answer 192

Yes, $0.20 per 1 million requests

Question 193

Is there a charge for the duration my lambda functions run?

Answer 193

Yes, $0.00001667 per GB-Second

Question 194

True or False: Lambda scales out (not up) automatically

Answer 194

True

Question 195

Are my lambda functions independent, meaning 1 trigger means 1 function?

Answer 195

Yes

Question 196

Is lambda a compute service?

Answer 196

Yes

Question 197

What services in AWS are serverless?

Answer 197

Lambda, S3, API Gateway, Dynamo Db

Question 198

Can my lambda function trigger other lambda functions?

Answer 198

Yes

Question 199

What service allows you to debug your lambda functions

Answer 199

AWS X-Ray

Question 200

Are lambdas limited to interacting with other services that are in the same region as the lambda itself?

Answer 200

No

Question 201

True or False: An AWS API Gateway exposes HTTPS Endpoints to define a RESTful API

Answer 201

True

Question 202

Can I track and control API usage using an AWS API Gateway?

Answer 202

Yes

Question 203

Can I cache API Responses with API Gateway

Answer 203

Yes, for a specified TTL

Question 204

What are the Lambda triggers?

Answer 204

API Gateway, AWS IoT, Alexa Skills Kit, Alexa Smart Home, CloudFront, CloudWatch events, CloudWatch Logs, CodeCommit, Cognito Sync Trigger, DynamoDb, Kinesis, S3, SNS

Question 205

Does AWS Lambda support versioning

Answer 205

Yes

Question 206

Can I have more than one version of my Lambda published?

Answer 206

Yes

Question 207

What are the ARN types for Lambda functions

Answer 207

Qualified and Unqualified

Question 208

What is a Qualified ARN

Answer 208

The function ARN with the version suffix

Question 209

What is an Unqualified ARN

Answer 209

The function ARN without the version suffix

Question 210

What is a Lambda alias

Answer 210

A name that points to a particular version of your lambda function

Question 211

Can I change a lambda function version after I have published it?

Answer 211

No, you must edit the $LATEST version

Question 212

Can I split traffic across two versions of a lambda?

Answer 212

Yes

Question 213

How would I split traffic across two versions of a lambda?

Answer 213

Using an alias

Question 214

Can I include the $LATEST version in an alias that splits traffic between two versions of a lambda

Answer 214

No, you can only used published versions

Question 215

What are step functions?

Answer 215

These allow you to visualize and test your serverless applications by providing a GUI to arrange and visualize the components of your applications

Question 216

What is AWS X-Ray

Answer 216

A service that collects data about requests that your application serves and provides tools you can use to view, filter, and gain insights into that data to identify issues

Question 217

How does data flow in X-Ray

Answer 217

X-Ray SDK -> X-Ray Daemon -> X-Ray API -> X-Ray Console

Question 218

What services does X-Ray work with?

Answer 218

Elastic Load Balancers, Lambda, API Gateway, EC2, Elastic Beanstalk

Question 219

What programming languages does X-Ray support

Answer 219

Java, Go, Node.js, python, Ruby, .NET

Question 220

True of False: One can import a API definition to API Gateway

Answer 220

True

Question 221

What specification should an API Definition be written in to import it to API Gateway

Answer 221

Swagger v2.0/OpenAPI

Question 222

What is the steady state default throttling setting for API Gateway

Answer 222

10000 requests per second

Question 223

What is the maximum concurrent requests for API Gateway

Answer 223

5000

Question 224

What error will you receive if you exceed your request throttling limits with API Gateway

Answer 224

429 Too Many Requests

Question 225

If a caller submits 10000 requests evenly across a one second time span, will API Gateway process them all?

Answer 225

Yes

Question 226

If a caller submits 10000 requests in the first millisecond of a one second time span, will API Gateway process them all?

Answer 226

No, only 5000 will get handled, the others will get a 429

Question 227

If a caller submits 5000 requests in the first millisecond and then evenly spreads 5000 requests across the remaining 999 milliseconds in a one second time span, will API Gateway process them all?

Answer 227

Yes

Question 228

Can you use API Gateway to pass through SOAP requests?

Answer 228

Yes

Question 229

Can you lift the DynamoDb default throttling limits?

Answer 229

Yes

Question 230

What are the data models supported by DynamoDB

Answer 230

document and key/value pairs

Question 231

What physical storage technology is utilized by DynamoDb

Answer 231

SSDs

Question 232

Do DynamoDBs get spread across regions?

Answer 232

Yes, spread across three geographically distinct data centers

Question 233

What data consistency models does DynamoDb support?

Answer 233

Eventual Consist Reads and strongly consistent reads

Question 234

In DynamoDb, what is Eventually Consistent reads?

Answer 234

Consistency across all copies of data is reached within a second.

Question 235

What DynamoDb consistency model offers the best read performance?

Answer 235

Eventually Consistent Reads

Question 236

In DynamoDB, what is Strongly Consistent Reads?

Answer 236

Reflects all writes that received a successful response prior to the read

Question 237

In DynamoDb, what specifications can i use in a stored document?

Answer 237

JSON, HTML, XML

Question 238

What types of Primary Keys does DynamoDb use?

Answer 238

Partition key and composite key

Question 239

What is a partiion key in dynamodb

Answer 239

A unique attribute(column) on teh data i.e. UserId

Question 240

What is a composite key in dynamodb

Answer 240

A partition key coupled with a sort key

Question 241

When should I use a composite key instead of a partition key

Answer 241

When the partition key is not unique to my table i.e. forum posts

Question 242

If I have multiple records in a DynamoDb table that will have the same partition key, what primary key type should I use?

Answer 242

Composite Key

Question 243

Does DynamoDb allow for restricting users’ access to only their own data?

Answer 243

Yes, via an IAM Condition

Question 244

How would I restrict DynamoDb access so that a user can only access their own data?

Answer 244

Using an IAM Condition

Question 245

What does DynamoDb consist of?

Answer 245

Tables, items, and Attributes

Question 246

Hos is general access to a DynamoDb database controlled?

Answer 246

IAM Policies

Question 247

If I want to enable fine grained access control for my dynamoDb, i.e. row level security, what IAM condition parameter would I use?

Answer 247

dynamodb:LeadingKeys

Question 248

What are the types of indexes supported by DynamoDb

Answer 248

Local Secondary Index and Global Secondary Index

Question 249

In dynamodb, what is a local secondary index?

Answer 249

created at table creation time, same partition key as your table, different sort key, increases query performance for the composite key used to define it

Question 250

In dynamodb, what is a global secondary index?

Answer 250

created whenever, different partition and sort key, increases query performance when using the composite key used to define it

Question 251

Does a local secondary index use the same partition key as the table?

Answer 251

Yes

Question 252

Does a local secondary index us the same sort key as the table?

Answer 252

No

Question 253

Does a global secondary index use the same partition key as the table its on?

Answer 253

No

Question 254

Does a global secondary index use the same sort key as the table its on?

Answer 254

No

Question 255

When can you create a local secondary index?

Answer 255

At table creation time

Question 256

When can you create a global secondary index?

Answer 256

Any time

Question 257

Can I create a local secondary index after i have created my table?

Answer 257

No

Question 258

What are the ways to get data out of a dynamodb table?

Answer 258

Scan and Query

Question 259

What is a dynamodb query?

Answer 259

Operation that finds items in a table based on the primary key

Question 260

For a dynamodb query, what is a ProjectionExpression?

Answer 260

The equivalent of the select statement for sql - filters the attributes returned for a given query

Question 261

Can you reverse the order that a query returns results in for DynamoDb?

Answer 261

Yes

Question 262

What parameter would I use to reverse the query results in dynamo db?

Answer 262

ScanIndexForward

Question 263

What consistency model do queries use by default?

Answer 263

Eventually Consistent

Question 264

Can I use a different consistency model for my dynamodb queries?

Answer 264

Yes, can set to Strongly Consistent

Question 265

What is a scan operation in DynamoDb

Answer 265

an operation that examines every item in the table

Question 266

Can you limit attributes returned by a scan operation?

Answer 266

Yes

Question 267

How would I limit the attributes returned by a scan operation?

Answer 267

Use the ProjectExpression parameter

Question 268

Does a scan operation filer the data on the server side?

Answer 268

No, it dumps the data out, then filters it

Question 269

What is the most efficient way to get data out of a dynamodb table?

Answer 269

Query

Question 270

True or False: A scan dumps the entire table to memory, then filters

Answer 270

True

Question 271

Can you page results from a dynamo query or scan

Answer 271

Yes

Question 272

What is the default order of results for a dynamodb data operation?

Answer 272

Ascending Order

Question 273

What is DynamoDb provisioned throughput?

Answer 273

Throttling for Dynamodb measured in capacity units configured when you create your table

Question 274

How do you calculate how many read units are needed for a strongly consistent table?

Answer 274

you take the size of each item / 4KB, round up to the nearest whole number, then multiply by the number of reads per second

Question 275

How do you calculate how many read units are needed for an eventually consistent table?

Answer 275

You take the number needed for a strongly consistent table and divide by two

Question 276

How do you calculate how many write units are needed?

Answer 276

You take the size of each item, divide by 1 KB, round up to the nearest whole number, multiply by the number of writes per second

Question 277

What is one write capacity unit?

Answer 277

1 x 1 KB Write per second

Question 278

What is one read capacity unit?

Answer 278

1 x 4 KB Strongly consistent read OR 2 x 4 KB Eventually consistent reads per second

Question 279

What is the DynamoDb on-demand capacity model?

Answer 279

Allows your DB to automatically scale for the workload

Question 280

If I have unpredictable or unknown capacity needs, what capacity model should I use?

Answer 280

On demand

Question 281

Can I change the capacity model my dynamodb uses after its created?

Answer 281

Yes

Question 282

How often can I change the dyanmodb capacity model

Answer 282

Once per day

Question 283

What is DAX

Answer 283

DynamoDb Accelerator

Question 284

What is DynamoDb Accelerator (DAX)?

Answer 284

A Fully managed, clustered in-memory cache for dynamodb

Question 285

How much faster is DAX?

Answer 285

10x read performance

Question 286

Does DAX improve write performance?

Answer 286

No

Question 287

What consistency model and operation does DAX use if there is a cache miss?

Answer 287

Eventually Consistent GetItem

Question 288

What caching strategies are available in ElastiCache

Answer 288

Lazy Loading and Write Through

Question 289

What is the lazy loading strategy in ElastiCache

Answer 289

Loads the data into the cache only when it’s necessary

Question 290

When using the lazy loading strategy in ElastiCache, what happens when there is a cache miss?

Answer 290

ElastiCache returns null and Your application fetches the data from the database and then writes the data into the cache

Question 291

What is write through caching strategy for ElastiCache

Answer 291

Adds or updates data to the cache whenever data is written to the database

Question 292

True or False: DAX only supports write-through caching strategy

Answer 292

True

Question 293

True or False: You can use DAX or ElastiCache with DynamoDb

Answer 293

True

Question 294

How would I avoid stale data in my ElastiCache when using the Lazy Loading strategy?

Answer 294

Using a TTL

Question 295

What are DynamoDb transactions?

Answer 295

ACID Transactions

Question 296

What does ACID stand for?

Answer 296

Atomic, Consistent, Isolated, Durable

Question 297

Can I read/write data across multiple tables in a DynamoDb transaction?

Answer 297

Yes

Question 298

Do DynamoDb transactions allow for me to check a pre-requisite condition before writing to a table?

Answer 298

Yes

Question 299

What is DynamoDb TTL?

Answer 299

TTL attribute defines an expiry time for your data after which the data is marked for deletion

Question 300

How long can it take for an item to be deleted after the TTL expires in dynamodb?

Answer 300

Up to 48 hours

Question 301

What are DynamoDb streams?

Answer 301

Time-ordered sequence of item level modifiations

Question 302

True or False: A dynamoDb stream is like an audit trail for an item

Answer 302

True

Question 303

Are my DynamoDb streams encrypted?

Answer 303

yes, at rest

Question 304

How long are my DynamoDb streams stored?

Answer 304

24 hours

Question 305

What item update lifecycle hooks can I use for dynamodb streams?

Answer 305

Before and after

Question 306

How does my application access dynamodb streams?

Answer 306

Via a separate API from the DynamoDb one

Question 307

True or False: DynamoDb streams are NOT recorded near-real time

Answer 307

False

Question 308

Can I use DynamoDb streams as a Lambda trigger?

Answer 308

Yes

Question 309

If I exceed the provisioned throughput for my DynamoDb, what exception do I get?

Answer 309

ProvisionedThroughputExceededException

Question 310

What is exponential backoff for provisioned throughput in DynamoDB?

Answer 310

Waits progressively longer to retry a request when failed requests happen

Question 311

When using exponential backoff, if your request still has not succeeded after one minute, what does this indicate?

Answer 311

That your request may be too large for the provisioned throughput on your table and that you may need to increase the limits

Question 312

True or False: A local secondary index can be deleted at any time

Answer 312

False

Question 313

True or False: A global secondary index can be deleted at any time

Answer 313

True

Question 314

What service should you use to securely store confidential information like credentials and license codes?

Answer 314

Systems Manager Parameter Store

Question 315

What API Call should you use to get multiple items from a DynamoDb table

Answer 315

BatchGetItem

Question 316

What is KMS

Answer 316

Key Management Service

Question 317

Are KMS Encryption Keys Regional?

Answer 317

Yes

Question 318

True or False: KMS Encryption Keys are globally available

Answer 318

False

Question 319

Can I export my customer master key?

Answer 319

No

Question 320

What does a customer master key consist of?

Answer 320

alias, creation date, description, key state, key material

Question 321

What terminal command do you have to run in order to use the AWS CLI?

Answer 321

aws configure

Question 322

What CLI command do I use to encrypt a file using KMS?

Answer 322

aws kms encrypt

Question 323

What CLI command do I use to decrypt a file using KMS>

Answer 323

aws kms decrypt

Question 324

What does the CLI command aws kms encrypt do

Answer 324

encrypts a local file using KMS

Question 325

What does the CLI command aws kms decrypt do

Answer 325

decrypts a local frile using KMS

Question 326

What does the CLI command aws kms re-encrypt do

Answer 326

re encrypts an already encrypted file by decrypting it to plain text, encrypting, and immediately destroying the plain text

Question 327

What does the CLI command aws kms enable-key-rotation do

Answer 327

Turns on key rotation so that they key is changed every year

Question 328

What is KMS envelope encryption

Answer 328

The process of encrypting your envelope key

Question 329

Describe KMS envelope enccryption

Answer 329

We use the CMK to encrypt the key that is used to encrypt our data

Question 330

How long does it take to delete an encryption key

Answer 330

7 to 30 days

Question 331

What is SQS?

Answer 331

Simple Queue Service

Question 332

How big can my SQS message be?

Answer 332

256 KB

Question 333

What types of queues are available on SQS

Answer 333

Standard queues and FIFO Queues

Question 334

Do standard SQS queues have ordering

Answer 334

No

Question 335

Are standard SQS queues guaranteed to deliver a message at least once?

Answer 335

Yes

Question 336

Are standard SQS queues guaranteed to delivery a message only once?

Answer 336

No

Question 337

True or False: FIFO SQS queues have an order

Answer 337

True

Question 338

True or False: FIFO SQS queues delivery a message exactly once

Answer 338

True

Question 339

I need to guarantee my message is only processed one time - which SQS queue type should I use

Answer 339

FIFO

Question 340

What is the transaction limit for a FIFO SQS queue

Answer 340

300 transaction per second

Question 341

What is the transaction limit for a Standard SQS queue

Answer 341

There isn’t one

Question 342

True or False: SQS is Pull based

Answer 342

True

Question 343

True or False: SQS is push based

Answer 343

False

Question 344

What is the time span that a message can live in a SQS queue?

Answer 344

1 minute to 14 days

Question 345

What is the default retention period for SQS messages?

Answer 345

4 days

Question 346

What is visibility timeout in SQS?

Answer 346

The amount of time that the message is invisible in the SQS queue after a reader picks up that message

Question 347

What is the default visibility timeout

Answer 347

30 seconds

Question 348

What is the maximum visibility timeout

Answer 348

12 hours

Question 349

What is SWS Long Polling?

Answer 349

This is a type of polling that doesn’t return until a message arrives in the queue or the long poll times out

Question 350

What is amazon SNS?

Answer 350

Simple Notification Service

Question 351

What is SNS used for?

Answer 351

Think push notifications

Question 352

True or False: SNS is instantaneous push-based delivery of notification

Answer 352

true

Question 353

What pricing model is used by SNS

Answer 353

Pay as you go

Question 354

If I need to use Pull based messaging which service should I use?

Answer 354

SQS

Question 355

If I need to use push based messaging, which service should I use

Answer 355

SNS

Question 356

True or False: SNS uses a Pub-Sub model

Answer 356

True

Question 357

True or False: SQS uses a Pub-Sub model

Answer 357

False

Question 358

What format of notification can I send using SNS

Answer 358

SMS, Email, SQS, HTTP

Question 359

What is SES

Answer 359

Simple Email Service

Question 360

Can SES be used to receieve emails

Answer 360

Yes

Question 361

True or False: SES can trigger lambda functions or SNS services when email is received

Answer 361

True

Question 362

True or False: SES allows users to send automated emails

Answer 362

True

Question 363

True or False: SES can send more than just email

Answer 363

False

Question 364

What is Amazon Kinesis

Answer 364

An AWS service to send your streaming data to

Question 365

What are Kinesis streams made out of

Answer 365

Shards

Question 366

What is kinesis firehose

Answer 366

Kinesis without streams or shards

Question 367

What are kinesis analytics

Answer 367

Allows you to run SQL queries to send on to a destination

Question 368

What is elasticbeanstalk

Answer 368

A service for deploying and scaling web applications developed in various languages

Question 369

What programming languages does ElasticBeanstalk support?

Answer 369

Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker

Question 370

What web servers does ElasticBeanstalk support

Answer 370

Tomcat, Nginx, Puma, Passenger, and IIS

Question 371

Does ElasticBeanstalk autoscale up and down?

Answer 371

Yes

Question 372

What is an ElasticBeanstalk deployment policy

Answer 372

Method under which ElasticBeanstalk deploys changes or updates

Question 373

What are the options for an ElasticBeanstalk deployment

Answer 373

All at once, rolling, rolling with additional batch, immutable

Question 374

Will I have downtime with an ElasticBeanstalk all at once deployment

Answer 374

Yes

Question 375

How does an all at once ElasticBeanstalk deployment work

Answer 375

It deploys the new version to all instances simultaneously

Question 376

How do you recover from a failed all at once ElasticBeanstalk deployment

Answer 376

You must roll back the changes by re-deploying the original version to all your instances

Question 377

What is an ElasticBeanstalk rolling deployment

Answer 377

Deploys the new version in batches

Question 378

How does a rolling deployment work

Answer 378

Takes each batch of instances out of service while the deployment takes place

Question 379

Will I experience downtime with a rolling deployment?

Answer 379

No

Question 380

What is the negative impact for a rolling deployment

Answer 380

Reduced capacity

Question 381

How do I recover from a rolling deployment failure

Answer 381

You must perform an additional rolling update to roll back the changes

Question 382

What is rolling deployment with additional batch policy

Answer 382

Launches additional batch of instances during update

Question 383

Will I experience downtime during a rolling deployment with additional batch policy

Answer 383

No

Question 384

Will I experience any loss of capacity during a rolling deployment with additional batch policy

Answer 384

No

Question 385

How do I recover from a failure during a rolling deployment with additional batch policy

Answer 385

Perform an additional rolling update to roll back the changes

Question 386

What is immutable deployment in ElasticBeanstalk

Answer 386

Deploys a the new version to a fresh group of instances in their own new autoscaling group

Question 387

Will I experience downtime during an immutable deployment

Answer 387

No

Question 388

How do I recover from a failure during an immutable deployment

Answer 388

Terminate the new auto scaling group, done

Question 389

Can I customize my ElasticBeanstalk environment

Answer 389

Yes

Question 390

How would I customize my ElasticBeanstalk environment

Answer 390

Using an ElasticBeanstalk configuration file

Question 391

What specifications are supported for an ElasticBeanstalk configuration file

Answer 391

YAML and JSON

Question 392

What folder must my ElasticBeanstalk configuration files be in?

Answer 392

.ebextensions

Question 393

Does the name of my ElasticBeanstalk configuraiton file matter?

Answer 393

No

Question 394

What file extension does my ElasticBeanstalk configuration file need to have

Answer 394

.config

Question 395

Where should the .ebextensions folder go for it to configure my ElasticBeanstalk env

Answer 395

In the root of the repo

Question 396

Can I put my .config files for ElasticBeanstalk under source control

Answer 396

Yes

Question 397

What options do I have for launching an RDS instance

Answer 397

Launch within ElasticBeanstalk and Launch outside ElasticBeanstalk

Question 398

Which RDS instance launch strategy should I use for my production instance

Answer 398

Outside ElasticBeanstalk

Question 399

What is the systems manager parameter store

Answer 399

Place to store sensitive information to share across services

Question 400

What types of data are supported by the systems manager parameter store

Answer 400

String, String List, Secure String

Question 401

Does the systems manager parameter store support versioning of parameters?

Answer 401

Yes

Question 402

What API Call would you use to extend the time allowed for a SQS message to be processed by a consumer

Answer 402

ChangeMessageVisibility

Question 403

What is the maximum timeout for visibility of a message in a SQS queue

Answer 403

12 Hours

Question 404

What is the maximum long poll timeout

Answer 404

20 Seconds

Question 405

What is AWS Storage Gateway

Answer 405

Service used for attaching infrastructure located in a data center to the aws storage infrastructure

Question 406

What are all of the DevOps services prefixed with

Answer 406

Code, i.e. CodeCommit, CodeBuild, CodePipeline, CodeDeploy

Question 407

Where can I deploy code using CodeDeploy

Answer 407

EC2, on-premise systems, and lambda functions

Question 408

What are the deployment approaches when using CodeDeploy

Answer 408

In-Place and Blue/Green

Question 409

What deployment targets can I use an in-place deployment strategy from CodeDeploy for?

Answer 409

EC2 and on-premise systems

Question 410

Can I do an in-place deployment from CodeDeploy on a Lamdba

Answer 410

No

Question 411

For CodeDeploy, what doe the Blue and Green colors represent

Answer 411

Blue are the active deployment and green are the new release

Question 412

What is a CodeDeploy deployment group

Answer 412

Set of EC2 instances or Lambda functions to which a new version of the software is to be deployed

Question 413

What is a CodeDeploy Deployment

Answer 413

The process and components used to apply a new revision

Question 414

What is a CodeDeploy Deployment Configuration

Answer 414

A set of deployment rules as well as success/Failure conditions used during a deployment

Question 415

What is a CodeDeploy AppSpec File

Answer 415

Defines the deployment actions you want CodeDeploy to do

Question 416

What is a CodeDeploy revision

Answer 416

Everything needed to deploy the new version

Question 417

What is a CodeDeploy Application

Answer 417

Unique Identifier for the application you want to deploy

Question 418

What are the fields in a CodeDeploy app spec file?

Answer 418

Version, resources, hooks

Question 419

What are the CodeDploy Hooks?

Answer 419

BeforeAllowTraffic, AfterAllowTraffic, BeforeInstall, AfterInstall, ApplicationStart, ValidateStart, BeforeBlockTraffic, BlockTraffic, AfterBlockTrffic,ApplicationStop, DownloadBUndle, Install, ApplicationStart, ValidateService, AllowTraffic

Question 420

What fields does an on-premise AppSpec file have

Answer 420

version, os, files, hooks

Question 421

What are the three stages of hooks for a CodeDeploy lifecycle

Answer 421

Traffic Deregistration, Application Upgrade, Traffic Registration

Question 422

What is BigBAADBrazenIconAboutAllVisualBAAmfs

Answer 422

The order of CodeDeploy lifecycle hooks

BeforeBlockTraffic
BlockTraffic
AfterBlockTraffic
ApplicationSTop
DownloadBundle
BeforeInstall
Install
AfterInstall
ApplicationStart
ValidateService
BeforeAllowTraffic
AllowTraffic
AfterAllowTraffic

Question 423

What is CloudFormation

Answer 423

Allows you to provision infrastructure using code

Question 424

What specifications does CloudFormation support

Answer 424

YAML and JSON

Question 425

Is CloudFormation free to use?

Answer 425

Yes

Question 426

What is the only mandatory section for a CloudFormation template?

Answer 426

Resources

Question 427

What are the main sections for a CloudFormation template

Answer 427

Parameters, Conditions, Resources, Mappings, Transforms

Question 428

What is the serverless appliation model (SAM)

Answer 428

An extension of the CloudFormation used to define serverless applications

Question 429

What are the SAM cli commands

Answer 429

sam package and sam deploy

Question 430

What is a CloudFormation Nested Stack

Answer 430

Allow you to reuse your CloudFormation code

Question 431

If I want to use the output of my CloudFormation stack

as input to another CloudFormation stack, which section would I use?

Answer 431

Outputs

Question 432

How can you prevent CloudFormation from deleting your entire stack on failure?

Answer 432

Set the Rollback on failure radio button to no in the console or use the –disable-rollback flag with the AWS CLI

Question 433

Which section of the CloudTransformations spec do you use to reference code in an S3 bucket

Answer 433

Transforms

Question 434

What is web identity federation

Answer 434

Allows users to login to AWS using a 3rd part provider like Facebook, Amazon, or Google

Question 435

What is Amazon Cognito

Answer 435

Web Identity Federation provider

Question 436

What is the recommended identity provider for mobile apps running on AWS

Answer 436

Cognito

Question 437

What is a Cognito user pool

Answer 437

Directories used to managed signup and sign-in functionality for mobile and web applications

Question 438

What are Cognito identity pools

Answer 438

These enable you to create unique identifiers for your users and auth them with identity providers

Question 439

What technology does Cognito use to provide a seamless experience for you application

Answer 439

Push Synchronization

Question 440

What are the different types of IAM Policies

Answer 440

Managed Policies, Customer Managed Policies, Inline Policies

Question 441

What is a IAM managed policy

Answer 441

An IAM Policy which is created and administered by AWS

Question 442

What is a IAM Customer Managed Policy

Answer 442

An IAM policy which is created and administered by the customer

Question 443

What is a IAM Inline Policy

Answer 443

An IAM Policy that is embedded within the user, group or role to which it applied

Question 444

Can an Inline policy apply to more than one object?

Answer 444

No

Question 445

What is assume-role-with-web-identity

Answer 445

API Provided by STS that allows you to get temporary security credentials for user authenticated by a mobile or web app

Question 446

What is returned from the STS when making an assume-role-with-web-identity call

Answer 446

The role’s ARN and ID along with the toke, access key, and expiration

Question 447

What is cross account access

Answer 447

This grants access to multiple AWS instances using a single identity

Question 448

What is CLoudWatch

Answer 448

A monitoring service that allows you to keep track of your AWS resources and applications running in AWS

Question 449

What does CloudWatch monitor by default on your EC2 instances

Answer 449

CPU, Network, Disk, Status Check

Question 450

I want to Monitor RAM usage on an EC2 instance, how would I do that?

Answer 450

Create a custom CloudWatch Metric

Question 451

What is the default monitoring interval on EC2 for CloudWatch

Answer 451

5 minutes

Question 452

Can I make CloudWatch monitor my EC2 instances on a shorter interval

Answer 452

Yes, you can select detailed monitoring which shortens the interval to 1 minute

Question 453

How long does CloudWatch store your data by default

Answer 453

Indefinitely

Question 454

Can I get data about an EC2 instance after it is terminated?

Answer 454

Yes

Question 455

For custom metrics in CloudWatch, what is the minimum granularity I can have?

Answer 455

1 minute

Question 456

What is a CloudWatch alarm

Answer 456

A noification for a CloudWatch threshold

Question 457

CloudWatch VS CloudTrail

Answer 457

CloudTail is used to track API calls, CloudWatch monitors performance

Question 458

What is AWS Config

Answer 458

Records the state of your AWS environment and will notify you of changes

Question 459

What is the default S3 bucket limit per AWS account?

Answer 459

100