EC2 Flashcards

Question 1

Q

What are the four ways to pay for EC2?

Answer

A

On-Demand Reserved Spot Dedicated hosts

Question 2

Q

Conditions on payment for termination of a Spot EC2 instance

Answer

A

If the customer terminate the instance, he pays for the hour. If AWS terminate the instance, Amazon pays for the hour.

Question 3

Q

EBS Volume Types

Answer

A

SSD-GP2: General Purpose SSD (up to 10.000 IOPS) SSD-IO1: Provisioned IOPS SSD (up to 20.000 IOPS) HDD-ST1: Throughput Optimized HDD (magnetic. Frequently accessed workloads. No boot. Ex: big data, DWH, log processing) HDD-SC1: Cold HDD (magnetic. Less frequently accessed data. No boot. Lowest cost storage. Ex: File Server) HDD-Magnetic (standard): lowest bootable cost.

Question 4

Q

On how many EC2 instances can a EBS volume be mounted?

Answer

A

An EBS volume can only be mounted on one EC2 instance. If you want to use shared disks, use EFS.

Question 5

Q

What is the status of Termination Protection by default?

Answer

A

Termination Protection is turned-off by default. It must be turned on manually.

Question 6

Q

What is the default action on the EBS root volume when the instance is terminated?

Answer

A

On an EBS-backed instance, the default action is for the root EBS volume to be deleted when the instance is terminated.

Question 7

Q

Can root volumes be encrypted?

Answer

A

EBS boot (root) volumes can be encrypted (but not by default). This feature is based on another feature that allows you to copy an EBS snapshot while also applying encryption.

Question 8

Q

Volumes exist on … and Snapshots exist on ….

Answer

A

EBS and S3

Question 9

Q

When you take a Snapshot of a Volume, where does the Snapshot is stored?

Question 10

Q

Are Snapshots incremental?

Answer

A

Yes. Only the blocks that have changed since your last Snapshot are moved to S3. The first Snapshot may take some time to create.

Question 11

Q

What are Snapshots?

Answer

A

Snapshots are point in time copies of Volumes. Snapshots are incremental.

Question 12

Q

If you take a Snapshot of a encrypted Volume, will the Snapshot be encrypted?

Answer

A

Yes. Snapshots of encrypted Volumes are encrypted automatically.

Question 13

Q

If you restore a Volume from a encrypted Snapshot, will the Volume be encrypted?

Answer

A

Yes. Volumes restored from encrypted Snapshots are encrypted automatically.

Question 14

Q

Can snapshots can be shared?

Answer

A

Yes, but only if they are unencrypted. The Snapshots can be shared with other AWS account or made public.

Question 15

Q

What happens with the EC2 instance if you take a Snapshot of its EBS boot (root) Volume?

Answer

A

You can take a snapshot of an attached volume that is in use (although you should probably better stop it before). However, snapshots only capture data that has been written to your Amazon EBS volume at the time the snapshot command is issued. AWS will not reboot or stop the instance.

Question 16

Q

Instance Store volumes are also known as…

Answer

A

Ephemeral Storage

Question 17

Q

What happen if you stop an Instance Store instance?

Answer

A

The data in the Instance Store volumes will be lost

Question 18

Q

What is the difference between Instance Store volumes backed instances and EBS backed instances at Shutdown (Stop) time?

Answer

A

Instance Store backed instances cannot be stopped (only rebooted or terminated). EBS backed instances can be stopped without losing data.

Question 19

Q

What is the difference between Instance Store volumes backed instances and EBS backed instances at Reboot time?

Answer

A

Nothing. Both instance types can be rebooted without problems.

Question 20

Q

What happen if you reboot an Instance Store instance?

Answer

A

Nothing. An Instance Store backed instance can be rebooted without problems.

Question 21

Q

What happen to Instance Store and EBS boot (root) volumes when the instance is terminated?

Answer

A

By default, both root volumes will be deleted on termination. However with EBS volumes, you can tell AWS to keep the root device volume.

Question 22

Q

How do you tell AWS to keep an EBS root volume after terminating the instance?

Answer

A

Using the console, you can configure the DeleteOnTermination attribute when you launch an instance. To change this attribute for a running instance, you must use the command line.

Question 23

Q

How can I take a Snapshot of a RAID array?

Answer

A

Due to interdependencies of the array, there can be problems doing a hot Snapshot because of data held in cache by applications and the SO. To solve this, and application consistent snapshot must be taken. That is, stop the applications from writing to disk and flush all caches to disk. This can be done freezing the filesystem, unmounting the array or, more easily, shutting down the associated EC2 instance.

Question 24

Q

What’s is the scope of an AMI? (Global, regional…)

Answer

A

AMI’s are regional. An AMI can only be launched from the region in which is stored. However, AMI’s can be copied to other regions using the console, CLI or AWS EC2 API.

Question 25

Q

What are the time periods for standard and detailed monitoring?

Answer

A

Standard monitoring: 5 minutes Detailed monitoring: 1 minute

Question 26

Q

What is CloudWatch for?

Answer

A

CloudWatch is for performance monitoring. Don’t confuse it with CloudTrail (which is for auditing)

Question 27

Q

What can be done with CloudWatch?

Answer

A

Dashboards Alarms Events Logs Metrics (view)

Question 28

Q

What is a more secure alternative to storing access keys on EC2 instances?

Answer

A

Roles are more secure and easier to manage

Question 29

Q

How many IAM roles can be associated with an EC2 instance?

Answer

A

You can only associate one IAM role with an EC2 instance.

Question 30

Q

When can a role be assigned to an EC2 instance?

Answer

A

The role can be assigned at creation time or assigned/replaced/unassigned in runtime (Actions -> Instance Settings -> Attach/Replace IAM role, Select role or “No Role”). Previously, roles could be assigned only when the EC2 instance was launched (that is when it was being provisioned).

Question 31

Q

What’s is the scope of Roles? (Global, regional…)

Answer

A

Roles are global.

Question 32

Q

What is the URL to get instance metadata?

Answer

A

http://169.254.169.254/latest/meta-data/

Question 33

Q

What is the URL to get user data?

Answer

A

http://169.254.169.254/latest/user-data

Question 34

Q

What protocol does EFS support?

Question 35

Q

What are the storage limits of an EFS volume?

Answer

A

Can scale up to petabytes.

Question 36

Q

How many concurrent connections does an EFS volume supports?

Answer

A

Thousands of concurrent connections.

Question 37

Q

How is EFS data stored? (one AZ, multiple AZ, …)

Answer

A

Data is stored across multiple AZ’s within a region

Question 38

Q

What is the consistency model of EFS?

Answer

A

Read after Write consistency

Question 39

Q

What is Lambda?

Answer

A

AWS Lambda is a serverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you.

Question 40

Q

How can be Lambda used?

Answer

A

As an event-driven compute service As a compute service to run your code in response to HTTP requests using Amazon API Gateway or API calls using AWS SDKs.

Question 41

Q

Can I delete a snapshot of an EBS volume that is used as the root device of a registered AMI?

Answer

A

No. You can’t delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first deregister the AMI before you can delete the snapshot.

Question 42

Q

Can a (Clustered) Placement Group be deployed across multiple AZs?

Question 43

Q

What is the command line command to create a snapshot?

Answer

A

ec2-create-snapshot

Question 44

Q

Can you attach an EBS volume to more than one EC2 instance at the same time?

Question 45

Q

A (Clustered) placement group is ideal for…

Answer

A

EC2 instances that require high network throughput and low latency across a single AZ.

Question 46

Q

Using the console, can I add a role to an EC2 instance after the instance has been launched?

Answer

A

Yes. Roles can be assigned/replaced/unassigned using the console after the instance has been launched (Actions -> Instance Settings -> Attach/Replace IAM role, Select role or “No Role”). Previously, roles could be assigned only when the EC2 instance was launched (that is when it was being provisioned).

Question 47

Q

Can I change permissions to a role, even if that role is already assigned to an existing EC2 instance?

Answer

A

Yes. These changes will take effect immediately.

Question 48

Q

What does EBS stands for?

Answer

A

Elastic Block Store

Question 49

Q

What is Amazon EBS?

Answer

A

Amazon Elastic Block Store (Amazon EBS) provides persistent block storage volumes for use with Amazon EC2 instances in the AWS Cloud. Each Amazon EBS volume is automatically replicated within its Availability Zone to protect you from component failure, offering high availability and durability.

Question 50

Q

What are the default traffic allowances for a Security Group?

Answer

A

All Inbound Traffic is Blocked by default (when you create a Security Group, you need to explicitly create a rule for each allowed inbound protocol). All Outbound Traffic is Allowed by default (when you create a Security Group, a “All traffic” to “Anywhere” rule is automatically created).

Question 51

Q

Can the volume type be changed when recovering a Volume from a Snapshot?

Answer

A

Yes. The Volume type can be changed from the default Volume type of the Volume from which the Snapshot was originally created.

Question 52

Q

What type of RAID is discouraged by Amazon?

Question 53

Q

When to use RAID on AWS?

Answer

A

When you are not getting the disk I/O that you require (typically RAID 0 or RAID 10).

Question 54

Q

What are Security Groups?

Answer

A

A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance.

Question 55

Q

What is an AMI?

Answer

A

An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You specify an AMI when you launch an instance, and you can launch as many instances from the AMI as you need. You can also launch instances from as many different AMIs as you need.

Question 56

Q

What does an AMI include?

Answer

A

A template for the root volume for the instance (for example, an operating system, an application server, and applications) Launch permissions that control which AWS accounts can use the AMI to launch instances A block device mapping that specifies the volumes to attach to the instance when it’s launched

Question 57

Q

With whom can an AMI be shared?

Answer

A

Publicly or with particular AWS accounts

Question 58

Q

What are the types or AMIs according its storage types?

Answer

A

EBS and Instance Store

Question 59

Q

You can select your AMI based on…

Answer

A

Region OS Architecture (32-bit or 64-bit) Launch permissions Storage for the root device (Instance Store or EBS)

Question 60

Q

Stopping vs Rebooting an EC2 instance

Answer

A

When you stop an EBS boot instance you are giving up the physical hardware that the server was running on and EC2 is free to start somebody else’s instance there. When you reboot, it’s a simple reboot at the OS level and the instance stays running on the same hardware, with the same private and public IP addresses, keeps the same Elastic IP address (if associated), and keeps the same ephemeral storage without getting wiped.

Question 61

Q

What is configured at Target Group level?

Answer

A

Mainly, “Health check settings”: - Protocol, Path (ex: /text.html) - Healthy threshold, Unhealthy threshold, Timeout, Interval and Success codes.

Question 62

Q

What component does and ELB depends on?

Answer

A

An ELB depends on a Target Group. The Target Group can be created in the same ELB creation steps (on a existing Target Group can be chosen)

Question 63

Q

What is configured at ELB level?

Answer

A

Name, Scheme (internet-facing, internal), Listeners, AZs Security Groups Target Group Targets

Question 64

Q

On what level are EC2 metrics and what kind of metrics can I monitor using CloudWatch?

Answer

A

EC2 metrics are on a hypervisor level. CPU, Disk, Network and Status (Memory is missing).

Answer 60

A

$HOME/.aws/credentials

Answer 61

A

aws configure

Answer 62

A

Create a Launch Configuration

Answer 63

A

Is a template that your Auto Scaling group will use to launch instances; its creation process is very similar to an EC2 instance creation process.

Answer 64

A

You can use Auto Scaling to manage Amazon EC2 capacity automatically, maintain the right number of instances for your application, operate a healthy group of instances, and scale it according to your needs.

Answer 65

A

Name, size (of EC2 instances), VPC, Subnets, Load Balancing (specify is traffic is received from an ELB and Target Group selection). Scaling Policies: - Keep this group at its initial size - Use scaling policies to adjust the capacity of this group (Increase Group Size, Decrease Group Size)

Answer 66

A

A (Clustered) placement group is a logical grouping of instances within a single Availability Zone. Using placement groups enables applications to participate in a low-latency, 10 Gbps network. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both.

Answer 67

A

A Clustered Placement Group can’t span multiple AZs. - A Spread Placement Group can. - The name must be unique within a AWS account - Only certain types of instances can be launched in a Placement Group (compute optimised, GPU, memory optimised, etc…) - AWS recommends homogenous instances within Placement Groups - You can’t merge Placement Groups - You can’t move and existing instance into a Placement Group. You can create an AMI from an existing instance, and then launch a new instance from the AMI into a Placement Group.

Answer 68

A

Per hour for Windows instances and per second for Linux instances (for On-Demand, Reserved and Spot, with a minimum of 60 seconds)

Answer 69

A

Amazon EC2 usage of Linux based instances that are launched in On-Demand, Reserved and Spot form will be billed on one second increments, with a minimum of 60 seconds

Answer 70

A

F for FPGA I for IOPS G - Graphics H - High Disk Throughput T cheap general purpose (think T2 Micro) D for Density R for RAM M - main choice for general purpose apps C for Compute P - Graphics (think Pics) X - Extreme Memory

Answer 71

A

1 Year or 3 Year Terms.

Answer 72

A

No. Security Groups only support rules to Allow (everything is Denied by default). To deny specific IPs, Network ACLs have to be used.

Answer 73

A

No, changes to Security Groups take effect immediately.

Answer 74

A

Yes. You can have any number of EC2 instances within a Security Group.

Answer 75

A

Yes. You can have multiple Security Groups attached to EC2 instances.

Answer 76

A

No, Security Groups deny everything by default. You can only specify Allow rules.

Answer 77

A

If you create an inbound rule allowing traffic in, that traffic is automatically allowed out again.

Answer 78

A

The default VPC Security Group has an inbound all traffic rule from itself. So, all instances in this security group can communicate with them. It has also the usual all outbound traffic enabled.

Answer 79

A

Yes. We can modify volumes (even the root one) on the fly (type, size…). There won’t be downtimes, but a performance hit.

Answer 80

A

No. Volumes will ALWAYS be in the same availability zone as the EC2 instance.

Answer 81

A

Create a snapshot from the volume, and then: - Copy the snapshot to another region (Actions -> Copy), or - Create a new volume from the snapshot in another AZ (Actions -> Create Volume. The volume type can also be changed in this process), or - Create an Image from the snapshot which then can be copied (Actions -> Create Image. Image -> Actions -> Copy AMI).

Answer 82

A

Create a snapshot from the EC2 instance volume and create an image from the snapshot, or create an image directly from the EC2 instance, and then move the image to another AZs or regions (to then launch an EC2 instance from the image).

Answer 83

A

From: - EBS-backed EC2 instances - EBS volumes’ snapshots

Answer 84

A

With EBS backed instances, if the underlying hypervisor fails, the instance can be stopped and, when started again, it will start in a different hypervisor. This can’t be done with an Instance Store. If the underlying hypervisor fails, the instance is lost.

Answer 85

A

No. Instance Store volumes don’t even appear in the Volumes list, so you can’t detach them.

Answer 86

A

Application Load Balancers - Network Load Balancers - Classic Load Balancers (“Elastic Load Balancers”, ELBs)

Answer 87

A

HTTP 504 Gateway Timeout

Answer 88

A

Through the X-Forwarded-For header

Answer 89

A

HTTP 503 Service Unavailable

Answer 90

A

InService or OutOfService

Answer 91

A

No. Only a DNS name.

Answer 92

A

You can specify User Data to run a configuration script during launch. When creating: Advanced Details -> User Data (during instance creation). In runtime: Actions -> Instance Settings -> View/Change User Data.

Answer 93

A

Clustered Placement Group - Spread Placement Group

Answer 94

A

Yes, although it may take some time.

Answer 95

A

No. The public IP address is not managed in the instance. It is instead ana lias applied as a NAT of the private IP address. It can not be managed via instance meta-data.

Answer 96

A

default: your instance runs on shared hardware. - dedicated: your instance runs on single-tenant hardware. - host: your instance runs on a Dedicated Host, which is an isolated server with configurations that you can control.

Answer 97

A

Yes. It is possible to transition between those modes by stopping the instance, setting the other mode and starting it again.

Answer 98

A

(As of Oct 2017) Amazon EC2 allows customers to switch the tenancy of existing VPCs from dedicated to default instantly, by using the AWS CLI/SDK. Modifying the instance tenancy of the VPC does not affect the tenancy of any existing instances in the VPC. The next time you launch an instance in the VPC, it has a tenancy of default, unless you specify otherwise during launch. You cannot change the instance tenancy attribute of a VPC to dedicated.

Answer 99

A

With proper scripting and scaling policies, the On-demand instances behind the Spot instances will deliver the most cost-effective solution because the On-demand will only spin up if the Spot instances are not available.

Answer 100

A

Launch permissions - User-defined tags - S3 bucket permissions

Answer 101

A

ALBs allow you to set up multiple targets and route to them based on the path and/or hostname (previously, ALBs couldn’t direct traffic based on the hostname, but now they can)

Answer 102

A

Cold (sc1) Throughput Optimized (st1)

Answer 103

A

ECS allows you to control the scheduling and placement of your containers and tasks. ECR can be used to store Docker images. You can install and manage Kubernetes on AWS, yourself. You can have AWS manage Kubernetes for you. To be able to use ECS, you must use the ECS Agent.

Answer 104

A

Yes, through the AWS APIs, CLI, and AWS Console.

Answer 105

A

Nitro Xen

Answer 106

A

Your fleet of EC2 instances requires high network throughput and low latency within a single availability zone.

Brainscape's Knowledge GenomeTM

EC2 Flashcards

Brainscape's Knowledge Genome^TM