Design Resilient Architectures

Question 1

What does IAM comprise of?

Answer 1

Users
Groups
Policies
Roles

Question 2

How are policies formatted?

Answer 2

In JSON

Question 3

What type of access does new users have when they are assigned an Access Key and Secret Access Key

Answer 3

Programmatic Access; Cannot use to log into the AWS console.

Question 4

What can new users utilize their new Access Key and Secret Access Key on?

Answer 4

AWS via CLI and API.

Question 5

What access does a Power User have?

Answer 5

Access to all AWS services except the management of groups and users within IAM

Question 6

What is the size limit of S3?

Answer 6

0 Bytes to 5 TB

Question 7

What is the S3 successful upload code?

Answer 7

HTTP 200

Question 8

What does S3 consist of?

Answer 8

• Key
• Value
• Version ID
• Metadata
• Access Control Lists (permissions of objects)
• Torrent

Question 9

S3 Data Consistency for PUTS of new objects

Answer 9

Read after Write (read immediately)

Question 10

S3 Data Consistency for overwrites of PUTS

Answer 10

Eventual consistency

Question 11

S3 Data Consistency for overwrites of DELETES

Answer 11

Eventual Consistency

Question 12

Storage that is 99.99% availability, 99.999999999% durability

Answer 12

Standard S3

Question 13

What is S3 – IA (Infrequently Accessed) ?

Answer 13

Data that is Accessed less frequently but requires rapid access. Lower fee than S3 but you are charged a retrieval fee.

Question 14

What is S3 – IA (Infrequently Accessed) One Zone?

Answer 14

99.50% availability, Lower cost option, does not require multiple Availability Zones

Question 15

Storage Tier that uses machine learning, automatically moves data to the most cost-efficient tier without performance impact or operational overhead.

Answer 15

S3 – Intelligent Tiering

Question 16

S3 Glacier

Answer 16

Data archiving (Minutes to hours retrieval)

Question 17

S3 Glacier Deep Archive

Answer 17

Lowest cost storage class with a retrieval time of 12 hours

Question 18

Use this capability for large uploads for APIs of objects.

Answer 18

Multipart Upload

Question 19

Used to move object to different storage tiers.

Answer 19

Lifecycle Management

Question 20

How to control access to buckets

Answer 20

Bucket Access Control Lists or Bucket Policies.

Question 21

True or False: By default, newly created buckets are public.

Answer 21

False

Question 22

How are S3 buckets encrypted in Transit?

Answer 22

SSL/TLS (HTTPS)

Question 23

What are the different server side encryptions at rest for S3? (what is stored)

Answer 23

• SSE-S3: Managed By Amazon
• SSE-KMS (User and Amazon manage together)
• SSE -C: Give Amazon your own keys that you manage

Question 24

Logging all requests made to the S3 bucket.

Answer 24

By creating Access Logs

Question 25

True/False: Access logs in S3 CAN BE sent to another bucket in another account.

Answer 25

TRUE

Question 26

TRUE/FALSE: Versoning in S3 can be deleted.

Answer 26

FALSE; only suspended

Question 27

On Organizational and Individual Accounts, how are AWS services enabled/disabled

Answer 27

Using Service Control Policies

Question 28

Ways to share buckets across accounts.

Answer 28

• Using Bucket Policies & IAM
• Using Bucket ACLs (Access Control Lists) & IAM
• Cross-account IAM Roles

Question 29

What is S3 Transfer Acceleration?

Answer 29

Utilizes the CloudFront Edge Network to accelerate uploads to S3. Instead of uploading directly to your S3 bucket, you can use a distinct URL to upload directly to an edge location which will then transfer that file to S3.

Question 30

Types of CDN Distribution.

Answer 30

• Web Distribution – Typically for websites

- RTMP – For media streaming/Adobe Media

Question 31

TRUE/FALSE: Edge locations are read only.

Answer 31

False; you can write to them as well. (ex. Put an object to it)

Question 32

What is Storage Gateway?

Answer 32

service that connects an on-premises software appliance with cloud-based storage

Question 33

Types of Storage Gateway:

Answer 33

• File Gateway
• Volume Gateway
• Tape Gateway (VTL) Virtual Tape Library

Question 34

Types of Volume Gateways:

Answer 34

• Stored Volumes – Entire Data set is stored on site primary data locally. Asynchronously backed up to S3.
• Cached Volumes – Entire Dataset is stored on S3 and the most frequently accessed data is cached onsite.

Question 35

What is Athena?

Answer 35

Severless interactive query service which enables you to analyze and query data located in S3 using standard SQL. Turns S3 into a giant DB.

Question 36

What is Macie?

Answer 36

Security service which uses Machine Learning and NLP (Natural Language Processing) to discover, classify and protect sensitive data stored in S3. Can also analyze CloudTrail logs.

Question 37

What are the EC2 Pricing models?

Answer 37

On Demand, Reserved, Spot, Dedicated Hosts.

Question 38

What is the Spot EC2 pricing model?

Answer 38

Everyone is not using EC2 at once. Enables you to bid whatever price you want for instance capacity.

Question 39

What is the On Demand EC2 pricing model?

Answer 39

Pay fixed rate by the hour (or by the second) with no commitment. For short term unpredictable uploads.

Question 40

What is the Reserved EC2 pricing model?

Answer 40

For predictable usage. Provides capacity reservation and for 1 Year or 3 Year contract terms.

Question 41

TRUE/FALSE: Reserved pricing of EC2 can be moved from one region to another.

Answer 41

FALSE

Question 42

What is the Dedicated Host EC2 pricing model?

Answer 42

Physical EC2 servers that are dedicated for your use. Good for regulatory requirements.

Question 43

TRUE/FALSE: EBS Termination Protection is turned on by default.

Answer 43

FALSE; Must be turned on in case of accidental termination of EC2 instance.

Question 44

True/False: All inbound traffic is blocked by default.

Answer 44

True.

Question 45

True/False: All outbound traffic is blocked by default.

Answer 45

False; does not have effect on security group.

Question 46

TRUE/FALSE: Security Groups are Stateless.

Answer 46

FASLE: o If you create an inbound rule allowing traffic in, that traffic is automatically allowed back out again.

Question 47

TRUE/FALSE: Specific IP address can be blocked using Security Groups.

Answer 47

False; Network Access Control Lists

Question 48

What is Amazon EBS (Elastic Block Store) ?

Answer 48

Provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Basically a virtual hard disk in the cloud.

Question 49

Types of EBS storage:

Answer 49

• General Purpose (SSD)
• Provisioned IOPS (SSD)
• Throughput Optimized Hard Disk Drive (HDD)
• Cold Hard Disk Drive (HDD) - Magnetic

Question 50

TRUE/FALSE: Wherever the EC2 instance is, the volume will be in the same Availability Zone

Answer 50

TRUE

Question 51

Where do Snapshots exist?

Answer 51

In s3.

Question 52

What needs to be done to create a snapshot for Amazon EBS volumes that serve as root devices?

Answer 52

Stop the instance before taking the snapshot. However, you can take a snapshot while the instance is running.

Question 53

What can be created from Snapshots?

Answer 53

AMIs

Question 54

TRUE/FALSE: Instance Store Volume backed instances can be stopped. You will not lose the data on this instance if it is stopped

Answer 54

FALSE - EBS Volumes

Question 55

TRUE/FALSE: Encrypted snapshots can be shared.

Answer 55

False: only if they are unencrypted.

Question 56

What is EFS (Elastic File System)?

Answer 56

NFS File storage for EC2 instances and Linux based applications.

Question 57

EC2 Clustered Placement

Answer 57

Grouping of instances close together within a single Availability Zone. Low network latency, high network throughput.

Question 58

EC2 Spread Placement

Answer 58

Group of instances that are each placed on distinct underlying hardware. Individual critical EC2 instances.

Question 59

Partitioned Placement in EC2

Answer 59

Can have multiple EC2 instances within a logical segments (partition).

Question 60

TRUE/FALSE: EC2 Clustered Placement can span multiple AZ’s.

Answer 60

FALSE; A spread placement and partitioned group can; but they must be in the same region.

Question 61

Types of instances can be launched in a placement group.

Answer 61

• Compute Optimized
• GPU
• Memory Optimized
• Storage Optimized

Question 62

TRUE/FALSE: You can’t move an existing instance into a placement group.

Answer 62

False; Before you move the instance, the instance must be in the stopped state.

Question 63

TRUE/FALSE; You can move or remove an instance via the console.

Answer 63

You can move or remove an instance using the AWS CLI or an AWS SDK, you can’t do it via the console yet.

Question 64

How to block malicious IP addresses.

Answer 64

• AWS WAF (Web Application Firewall)

- Network ACLs

Question 65

Relational DBs on AWS

Answer 65

• SQL Server
• Oracle
• MySQL Server
• PostgreSQL
• Aurora
• MariaDB

Question 66

Amazon’s NoSQL solution.

Answer 66

DynamoDB

Question 67

Key feature of RDS.

Answer 67

• Multi-AZ – For disaster recovery

- Read Replicas – For performance (Up to 5 copies)

Question 68

What does a Nonrelational DB consist of?

Answer 68

• Collection = Table
• Document = Row
• Key Value Pairs = Fields/Columns

Question 69

Amazon Redshift

Answer 69

Used to analyze data; For Business Intelligence or Data Warehousing

Question 70

What is Elasticache used for?

Answer 70

To speed up performance of existing databases (frequent identical queries)

Question 71

Types of Elasticache

Answer 71

• Memcached

- Redis

Question 72

TRUE/FALSE: RDS is serverless.

Answer 72

FALSE.

Question 73

Types of RDS backups

Answer 73

• Automated Backups (Enabled by default, stored in S3)

- Database Snapshots – Done manually

Question 74

What databases support encryption at rest?

Answer 74

• MySQL
• Oracle
• SQL Server
• PostgreSQL
• MariaDB
• Aurora

Question 75

How are RDS instances encrypted at rest?

Answer 75

Using the AWS KMS (Key Management Service)

Question 76

What is Mutli-AZ used for?

Answer 76

Disaster Recovery

Question 77

DBs that support read replicas.

Answer 77

• mySQL
• PostgreSQL
• MariaDB
• Oracle
• Aurora

Question 78

TRUE/FALSE: Redshift can be Multi-AZ

Answer 78

FALSE

Question 79

What DBs are compatible with Amazon Aurora?

Answer 79

MySQL and PostgreSQL

Question 80

TRUE/FALSE: Memcached is Multi-AZ

Answer 80

FALSE; Redis

Question 81

What is created by default on a VPC?

Answer 81

A default Route Table, Network Access Control List (NACL) and default security group.

Question 82

How many IPs does Amazon reserve within subnets?

Answer 82

5

Question 83

TRUE/FALSE: When provisioning a Load Balancer, you need at least three public subnets.

Answer 83

False; two

Question 84

What are Bastions?

Answer 84

Used to securely administer EC2 instances (Using SSH or RDP).

Question 85

What is CloudFormation?

Answer 85

A way of completely scripting your cloud environment.

Question 86

What is Elastic Beanstalk?

Answer 86

Quickly deploy and manage applications in the AWS Cloud without worrying about the infrastructure that runs those applications.

Question 87

What is Elastic Transcoder?

Answer 87

Coverts media files from their original files to multiple device formats (phone, tablet, etc.).

Question 88

What is Kinesis?

Answer 88

A platform on AWS to send all your streaming data to for 24 hours to 7 days.

Question 89

TRUE/FALSE: Elastic Load Balancers (ELB) help deliver stateless services.

Answer 89

FALSE; Stateful