Design Resilient Architectures Flashcards
(89 cards)
1
Q
What does IAM comprise of?
A
Users
Groups
Policies
Roles
2
Q
How are policies formatted?
A
In JSON
3
Q
What type of access does new users have when they are assigned an Access Key and Secret Access Key
A
Programmatic Access; Cannot use to log into the AWS console.
4
Q
What can new users utilize their new Access Key and Secret Access Key on?
A
AWS via CLI and API.
5
Q
What access does a Power User have?
A
Access to all AWS services except the management of groups and users within IAM
6
Q
What is the size limit of S3?
A
0 Bytes to 5 TB
7
Q
What is the S3 successful upload code?
A
HTTP 200
8
Q
What does S3 consist of?
A
- Key
- Value
- Version ID
- Metadata
- Access Control Lists (permissions of objects)
- Torrent
9
Q
S3 Data Consistency for PUTS of new objects
A
Read after Write (read immediately)
10
Q
S3 Data Consistency for overwrites of PUTS
A
Eventual consistency
11
Q
S3 Data Consistency for overwrites of DELETES
A
Eventual Consistency
12
Q
Storage that is 99.99% availability, 99.999999999% durability
A
Standard S3
13
Q
What is S3 – IA (Infrequently Accessed) ?
A
Data that is Accessed less frequently but requires rapid access. Lower fee than S3 but you are charged a retrieval fee.
14
Q
What is S3 – IA (Infrequently Accessed) One Zone?
A
99.50% availability, Lower cost option, does not require multiple Availability Zones
15
Q
Storage Tier that uses machine learning, automatically moves data to the most cost-efficient tier without performance impact or operational overhead.
A
S3 – Intelligent Tiering
16
Q
S3 Glacier
A
Data archiving (Minutes to hours retrieval)
17
Q
S3 Glacier Deep Archive
A
Lowest cost storage class with a retrieval time of 12 hours
18
Q
Use this capability for large uploads for APIs of objects.
A
Multipart Upload
19
Q
Used to move object to different storage tiers.
A
Lifecycle Management
20
Q
How to control access to buckets
A
Bucket Access Control Lists or Bucket Policies.
21
Q
True or False: By default, newly created buckets are public.
A
False
22
Q
How are S3 buckets encrypted in Transit?
A
SSL/TLS (HTTPS)
23
Q
What are the different server side encryptions at rest for S3? (what is stored)
A
- SSE-S3: Managed By Amazon
- SSE-KMS (User and Amazon manage together)
- SSE -C: Give Amazon your own keys that you manage
24
Q
Logging all requests made to the S3 bucket.
A
By creating Access Logs
25
True/False: Access logs in S3 CAN BE sent to another bucket in another account.
TRUE
26
TRUE/FALSE: Versoning in S3 can be deleted.
FALSE; only suspended
27
On Organizational and Individual Accounts, how are AWS services enabled/disabled
Using Service Control Policies
28
Ways to share buckets across accounts.
- Using Bucket Policies & IAM
- Using Bucket ACLs (Access Control Lists) & IAM
- Cross-account IAM Roles
29
What is S3 Transfer Acceleration?
Utilizes the CloudFront Edge Network to accelerate uploads to S3. Instead of uploading directly to your S3 bucket, you can use a distinct URL to upload directly to an edge location which will then transfer that file to S3.
30
Types of CDN Distribution.
- Web Distribution – Typically for websites
| - RTMP – For media streaming/Adobe Media
31
TRUE/FALSE: Edge locations are read only.
False; you can write to them as well. (ex. Put an object to it)
32
What is Storage Gateway?
service that connects an on-premises software appliance with cloud-based storage
33
Types of Storage Gateway:
- File Gateway
- Volume Gateway
- Tape Gateway (VTL) Virtual Tape Library
34
Types of Volume Gateways:
- Stored Volumes – Entire Data set is stored on site primary data locally. Asynchronously backed up to S3.
- Cached Volumes – Entire Dataset is stored on S3 and the most frequently accessed data is cached onsite.
35
What is Athena?
Severless interactive query service which enables you to analyze and query data located in S3 using standard SQL. Turns S3 into a giant DB.
36
What is Macie?
Security service which uses Machine Learning and NLP (Natural Language Processing) to discover, classify and protect sensitive data stored in S3. Can also analyze CloudTrail logs.
37
What are the EC2 Pricing models?
On Demand, Reserved, Spot, Dedicated Hosts.
38
What is the Spot EC2 pricing model?
Everyone is not using EC2 at once. Enables you to bid whatever price you want for instance capacity.
39
What is the On Demand EC2 pricing model?
Pay fixed rate by the hour (or by the second) with no commitment. For short term unpredictable uploads.
40
What is the Reserved EC2 pricing model?
For predictable usage. Provides capacity reservation and for 1 Year or 3 Year contract terms.
41
TRUE/FALSE: Reserved pricing of EC2 can be moved from one region to another.
FALSE
42
What is the Dedicated Host EC2 pricing model?
Physical EC2 servers that are dedicated for your use. Good for regulatory requirements.
43
TRUE/FALSE: EBS Termination Protection is turned on by default.
FALSE; Must be turned on in case of accidental termination of EC2 instance.
44
True/False: All inbound traffic is blocked by default.
True.
45
True/False: All outbound traffic is blocked by default.
False; does not have effect on security group.
46
TRUE/FALSE: Security Groups are Stateless.
FASLE: o If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again.
47
TRUE/FALSE: Specific IP address can be blocked using Security Groups.
False; Network Access Control Lists
48
What is Amazon EBS (Elastic Block Store) ?
Provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Basically a virtual hard disk in the cloud.
49
Types of EBS storage:
- General Purpose (SSD)
- Provisioned IOPS (SSD)
- Throughput Optimized Hard Disk Drive (HDD)
- Cold Hard Disk Drive (HDD) - Magnetic
50
TRUE/FALSE: Wherever the EC2 instance is, the volume will be in the same Availability Zone
TRUE
51
Where do Snapshots exist?
In s3.
52
What needs to be done to create a snapshot for Amazon EBS volumes that serve as root devices?
Stop the instance before taking the snapshot. However, you can take a snapshot while the instance is running.
53
What can be created from Snapshots?
AMIs
54
TRUE/FALSE: Instance Store Volume backed instances can be stopped. You will not lose the data on this instance if it is stopped
FALSE - EBS Volumes
55
TRUE/FALSE: Encrypted snapshots can be shared.
False: only if they are unencrypted.
56
What is EFS (Elastic File System)?
NFS File storage for EC2 instances and Linux based applications.
57
EC2 Clustered Placement
Grouping of instances close together within a single Availability Zone. Low network latency, high network throughput.
58
EC2 Spread Placement
Group of instances that are each placed on distinct underlying hardware. Individual critical EC2 instances.
59
Partitioned Placement in EC2
Can have multiple EC2 instances within a logical segments (partition).
60
TRUE/FALSE: EC2 Clustered Placement can span multiple AZ's.
FALSE; A spread placement and partitioned group can; but they must be in the same region.
61
Types of instances can be launched in a placement group.
- Compute Optimized
- GPU
- Memory Optimized
- Storage Optimized
62
TRUE/FALSE: You can't move an existing instance into a placement group.
False; Before you move the instance, the instance must be in the stopped state.
63
TRUE/FALSE; You can move or remove an instance via the console.
You can move or remove an instance using the AWS CLI or an AWS SDK, you can’t do it via the console yet.
64
How to block malicious IP addresses.
- AWS WAF (Web Application Firewall)
| - Network ACLs
65
Relational DBs on AWS
- SQL Server
- Oracle
- MySQL Server
- PostgreSQL
- Aurora
- MariaDB
66
Amazon’s NoSQL solution.
DynamoDB
67
Key feature of RDS.
- Multi-AZ – For disaster recovery
| - Read Replicas – For performance (Up to 5 copies)
68
What does a Nonrelational DB consist of?
- Collection = Table
- Document = Row
- Key Value Pairs = Fields/Columns
69
Amazon Redshift
Used to analyze data; For Business Intelligence or Data Warehousing
70
What is Elasticache used for?
To speed up performance of existing databases (frequent identical queries)
71
Types of Elasticache
- Memcached
| - Redis
72
TRUE/FALSE: RDS is serverless.
FALSE.
73
Types of RDS backups
- Automated Backups (Enabled by default, stored in S3)
| - Database Snapshots – Done manually
74
What databases support encryption at rest?
- MySQL
- Oracle
- SQL Server
- PostgreSQL
- MariaDB
- Aurora
75
How are RDS instances encrypted at rest?
Using the AWS KMS (Key Management Service)
76
What is Mutli-AZ used for?
Disaster Recovery
77
DBs that support read replicas.
- mySQL
- PostgreSQL
- MariaDB
- Oracle
- Aurora
78
TRUE/FALSE: Redshift can be Multi-AZ
FALSE
79
What DBs are compatible with Amazon Aurora?
MySQL and PostgreSQL
80
TRUE/FALSE: Memcached is Multi-AZ
FALSE; Redis
81
What is created by default on a VPC?
A default Route Table, Network Access Control List (NACL) and default security group.
82
How many IPs does Amazon reserve within subnets?
5
83
TRUE/FALSE: When provisioning a Load Balancer, you need at least three public subnets.
False; two
84
What are Bastions?
Used to securely administer EC2 instances (Using SSH or RDP).
85
What is CloudFormation?
A way of completely scripting your cloud environment.
86
What is Elastic Beanstalk?
Quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications.
87
What is Elastic Transcoder?
Coverts media files from their original files to multiple device formats (phone, tablet, etc.).
88
What is Kinesis?
A platform on AWS to send all your streaming data to for 24 hours to 7 days.
89
TRUE/FALSE: Elastic Load Balancers (ELB) help deliver stateless services.
FALSE; Stateful
