Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

AWS TD Cheat Sheets > EKS > Flashcards

EKS Flashcards

1
Q

What is EKS?

A

A managed service that allows you to run Kubernetes on AWS without installing, operating, or maintaining your own Kubernetes control plane or nodes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What AWS services can EKS integrate with?

A

-Amazon ECR for container images
-Elastic Load Balancing for load distribution
-IAM for authentication
-Amazon VPC for isolation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does an EKS cluster consist of?

A

-EKS Control Plane
-EKS Nodes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does EKS Control Plane do?

A

-It is made up of nodes that run the Kubernetes software (API server & ).
-Each cluster is single-tenant and unique, and runs on its own set of EC2 instances.
-Cluster control plane is provisioned across multiple AZs and fronted by an ELB Network Load Balancer.
-Use AWS KMS to encrypt data stored by nodes and associated EBS volumes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are EKS Nodes?

A

-A cluster consists of one or more EC2 nodes on which pods are scheduled.
-Connects to the cluster’s control plane via the API server endpoint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

True/False. The API server endpoint is not public to the internet by default, but you can enable private access to keep communication between nodes and the API server within the VPC.

A

False. The API server endpoint IS public to the internet by default, but you can enable private access to keep communication between nodes and the API server within the VPC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What autoscaling products does EKS support?

A

-Cluster Autoscaler – uses AWS Auto Scaling groups.
-Karpenter – works directly with the Amazon EC2 Fleet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

True/False. By default, cluster control plane logs aren’t sent to CloudWatch Logs. In order to send logs for your cluster, you have to enable each log type individually.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What authentication and authorization does an EKS cluster use?

A

EKS cluster uses IAM / OIDC for authentication and Kubernetes RBAC for authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

True/False. Nodes must not be in the same VPC as the subnets you chose when creating a cluster.

A

False. Nodes MUST BE in the same VPC as the subnets you chose when creating a cluster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What do Nodes represent from the perspective of the Kubernetes API?

A

From the perspective of the Kubernetes API, nodes represent the compute resources provisioned for your cluster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What prevents PODs from being scheduled on the wrong nodes?

A

Taints and tolerations prevent pods from being scheduled on the wrong nodes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

True/False. (Self-Managed Nodes) A cluster can have several node groups.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

True/False. (Self-Managed Nodes) A node group is a collection of one or more EC2 instances deployed in an Amazon EC2 Auto Scaling group.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

(Self-Managed Nodes) What characteristics must an instance have in a Node Group?

A

-Same instance type
-Running the same AMI
-Uses the same EKS node IAM role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

True/False. (Self-Managed Nodes) Node groups with different instance types and host operating systems cannot exist in a cluster.

A

False. Node groups with different instance types and host operating systems CAN exist in a cluster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

(Self-Managed Nodes) What methods are used for updating self-managed Node Groups in a cluster to use a new AMI?

A

-Migrating to a new node group
-Updating an existing self-managed node group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What are Managed Node Groups?

A

Automates the provisioning and lifecycle management of nodes in EKS clusters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

True/False. Every managed node is provisioned as part of Amazon EC2 Auto Scaling group.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

True/False. When nodes are launched as part of a managed node group, they are not automatically tagged for auto-discovery by Kubernetes Cluster Autoscaler.

A

False. When nodes are launched as part of a managed node group, they ARE automatically tagged for auto-discovery by Kubernetes Cluster Autoscaler.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

True/False. (Managed node groups) Use node group to apply Kubernetes labels to nodes.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

True/False. Multiple managed node groups can exist in a single cluster.

A

True.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What options do you have when creating Managed Node Groups?

A

you have the option of selecting On-Demand or Spot instances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How do applications remain available in a Managed Node Group?

A

To ensure that your applications remain available, node updates and terminations drain nodes automatically.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
What kind of Nodes can you have with EKS?
-Managed Node Groups -Self Managed Node Groups -AWS Fargate
26
What must you do first before scheduling PODs on Fargate in your cluster?
You must first define a Fargate profile before scheduling pods on Fargate in your cluster.
27
True/False. If a pod matches more than one Fargate profile, Amazon EKS picks one at random.
True.
28
Are Fargate Profiles immutable and what components do they contain?
Yes. -Pod execution role -Subnets -Selectors -Namespace -Labels
29
True/False. Fargate runs only one pod per node.
True.
30
True/False. Regarding Fargate, Pod storage is not ephemeral, and data is encrypted with AWS Fargate managed keys.
False. Pod storage IS ephemeral, and data is encrypted with AWS Fargate managed keys.
31
Regarding Fargate, how do you encrypt ephemeral POD storage?
To encrypt ephemeral pod storage, you can use AWS Fargate managed keys.
32
How are Workloads deployed?
Workloads are deployed in containers and define the applications that run on a Kubernetes cluster
33
Can a POD contain one or more containers?
Yes.
34
What adjusts your PODs' CPU and memory reservations?
Vertical Pod Autoscaler adjusts your pods’ CPU and memory reservations.
35
What adjusts the number of PODs in a deployment?
Horizontal Pod Autoscaler adjusts the number of pods in a deployment, replication controller, or replica set based on CPU utilization.
36
What does an EKS connector do?
Enables you to register and connect any Kubernetes cluster to AWS.
37
How can you view the status, configuration, and workloads of a cluster?
You can view the status, configuration, and workloads of the cluster in the Amazon EKS console after it has been connected.
38
What is Container Storage Interface (CSI)?
Container Storage Interface (CSI) enables third-party storage providers to create and deploy plugins in Kubernetes that provide alternative storage systems without modifying the core Kubernetes code.
39
How is the lifecycle of persistent volumes, such as EBS volumes handled?
The lifecycle of persistent volumes, such as EBS volumes, is handled by EKS clusters.
40
What does EBS CSI need to make calls to the AWS APIs?
To make calls to AWS APIs, the EBS CSI plugin requires IAM permissions.
41
True/False. Although the Amazon EBS CSI controller can be run on Fargate, volumes cannot be mounted to Fargate pods.
True.
42
True/False. You can also manage the EBS CSI driver as an EKS add-on.
True.
43
True/False. EKS clusters do not manage the EFS file system lifecycle.
False. EKS clusters manage the EFS file system lifecycle.
44
True/False. Container images based on Windows are compatible with the EFS CSI driver.
False. Container images based on Windows are INCOMPATIBLE with the EFS CSI driver.
45
True/False. Regarding EFS CSI driver, Fargate nodes only support static provisioning.
True.
46
True/False. A pod running on Fargate automatically mounts an EFS file system.
True.
47
True/False. EKS clusters cannot manage the lifecycles of FSx file systems.
False. EKS clusters CAN also manage the lifecycles of FSx file systems.
48
True/False. Fargate does not support the Lustre CSI driver.
True.
49
What is Amazon FSx for NetApp ONTAP CSI driver?
A storage service for fully-managed ONTAP file systems in the cloud.
50
What ways can you create a VPC for an EKS cluster?
-Private Subnets -Public Subnets -Public and Private Subnets
51
EKS networking, how are private subnets distributed across different AZs?
Three private subnets are distributed across different AZs.
52
How can EKS nodes send/receive internet traffic in a Private subnet?
Nodes have the option of sending and receiving internet traffic via a NAT instance or NAT gateway.
53
EKS networking, how are public subnets distributed across different AZs?
Three public subnets are distributed across different AZs.
54
True/False. Nodes are assigned public IPv4 addresses by default and can send and receive internet traffic via an internet gateway.
True.
55
True/False. When cluster endpoints are in a public subnet they cannot be accessed from outside your VPC. Traffic from worker nodes will leave your VPC to connect to the endpoint.
False. The cluster endpoint CAN be accessed from outside your VPC. Traffic from worker nodes will leave your VPC to connect to the endpoint.
56
True/False. EKS clusters can be in both a public and private subnet.
True.
57
How are EKS cluster assigned network addresses when configured with both private and public subnets?
-Nodes are deployed to private subnets. -Load balancers are assigned to public subnets to load balance traffic to pods running on nodes.
58
True/False. Public IPv4 addresses are automatically assigned to nodes deployed in public subnets.
True.
59
True/False. IPv6 addresses cannot be assigned to nodes in both public and private subnets.
False. IPv6 addresses CAN be assigned to nodes in both public and private subnets.
60
When EKS clusters are in both a private and public subnet, how can the POD talk to the internet?
A NAT gateway (IPv4) or an egress-only Internet gateway (IPv6) can be used to allow pods to communicate outbound to the internet.
61
When EKS is in both a private and public subnet, how can cluster endpoints be accessed?
The cluster endpoint can be accessed from outside your VPC. Traffic from worker nodes to the endpoint will remain within your VPC.
62
What allows communication between the control plane and the cluster's compute resources?
The cluster security group manages communication between the control plane and the cluster’s compute resources (worker nodes and Fargate pods).
63
True/False. You can use AWS PrivateLink to privately access the management APIs of Amazon EKS from within your VPC.
True.
64
With POD networking, how are private IP addresses assigned to each POD?
Container Network Interface (CNI) is a plugin that assigns a private IPv4/IPv6 address from VPC to each pod.
65
With POD networking, VPC CNI plugin is deployed to each EC2 node in a Daemonset under the name and consists of what two components?
-L-IPAM daemon -CNI plugin
66
In POD networking, what does L-IPAM daemon do?
-Creates and attaches network interfaces to EC2 instances. -Assigns secondary IP addresses to network interfaces. -Maintains a warm pool of IP addresses that will be assigned to pods on each node.
67
In POD networking, what does the CNI plugin do?
Configures the host network and adds the correct network interface to the pod namespace.
68
True/False. In POD networking, uou can’t assign both IPv4 and IPv6 addresses (dual-stacked) to pods and services.
True.
69
True/False. In POD networking, with security groups for pods, you can only control inbound network traffic to PODs.
False. With security groups for pods, you can control the inbound and outbound network traffic to and from your pods.
70
How do you attach multiple network interfaces to a pod?
Attach multiple network interfaces to a pod using the Multus CNI plugin.
71
What does CNI metrics helper do?
It is a tool that allows you to: -Scrape network interface and IP address information. -Aggregate metrics at the cluster level. -Publish the cluster’s CNI metrics to CloudWatch.
72
In POD networking, what does an AWS Load Balancer Controller do?
It is in charge of managing AWS Elastic Load Balancers in a Kubernetes cluster and provisions the following load balancers: -ALB when you create a Kubernetes . -NLB when you create a Kubernetes service of type .
73
What is CoreDNS?
A DNS service within EKS clusters that allows individual containers to easily discover and connect to other containers in the cluster.
74
By default, how many CoreDNS images are deployed in an EKS cluster?
By default, two replicas of the CoreDNS image are deployed to an EKS cluster.
75
What does Kube-proxy do?
-Maintains network rules on each Amazon EC2 node. -Enables network communication to pods from network sessions inside/outside of the cluster.
76
What does Calico do?
-A network policy engine to implement network segmentation and tenant isolation. -Pod selectors and labels can be used to assign network policies to pods.
77
True/False. By default, IAM users and roles have permission to create or modify Amazon EKS resources.
False. By default, IAM users and roles do not have permission to create or modify Amazon EKS resources. An IAM administrator must first create IAM policies and attach them to the IAM users or groups that require those permissions.
78
True/False. In the Amazon EKS control plane, the IAM user or role that creates the cluster is automatically granted permissions in the cluster’s RBAC configuration.
True.
79
What do you do to grant additional AWS users/roles access to a cluster?
To grant additional AWS users or roles access to a cluster, edit the within Kubernetes and create a Kubernetes or with the name of a group specified in the .
80
How is a service-linked role defined by EKS and what can you use the role for?
A service-linked role is predefined by Amazon EKS and includes all of the permissions that the service requires to call other AWS services. You can use this roles for: -EKS clusters -EKS node groups -EKS Fargate profiles -EKS cluster connecto
81
The EKS node kubelet daemon makes calls to AWS APIs. When creating nodes, you will need to have an IAM role with what IAM policies?
-AmazonEKSWorkerNodePolicy -AmazonEC2ContainerRegistryReadOnly -AmazonEKS_CNI_Policy (IPv4) or IPv6 policy
82
True/False. In order to run pods on AWS Fargate, you need to attach the Amazon EKS pod execution role.
True.
83
True/False. To view a Kubernetes cluster to Amazon EKS, you do not need to create an Amazon EKS connector IAM role.
False. To view a Kubernetes cluster to Amazon EKS, you will need to create an Amazon EKS connector IAM role.
84
What can you do to create an OIDC provider for you cluster?
You can use or the AWS Management Console to create an OIDC provider for your cluster in order to use IAM roles for service accounts.
85
True/False. You can enable envelope encryption of Kubernetes secrets using AWS KMS.
True.
86
True/False. The AWS Secrets and Configuration Provider (ASCP) can be used to display secrets from AWS Secrets Manager and parameters from AWS Systems Manager Parameter Store as files mounted in Amazon EKS pods.
True.
87
Amazon EKS control plane logging provides audit and diagnostic logs directly to Amazon CloudWatch Logs for which EKS components?
-API server (kube-apiserver) -Audit (kube-apiserver-audit) -Authenticator (authenticator) -Controller manager (kube-controller-manager) -Scheduler (kube-scheduler)
88
How are logs sent to CloudWatch from EKS?
Logs are sent as log streams to a group in Amazon CloudWatch for each Amazon EKS cluster.
89
True/False. Amazon EKS is integrated with AWS CloudTrail, and all API calls are recorded as events.
True.
90
True/False. Each event or log entry includes information about who initiated the request: -Root or AWS IAM user credentials. -Temporary security credentials for a role or Federated user -AWS service
True.
91
True/False. You cannot deploy your Kubernetes cluster in various ways in AWS and can include additional networking add-ons to improve your containerized architecture.
False. You CAN deploy your Kubernetes cluster in various ways in AWS and can include additional networking add-ons to improve your containerized architecture.
92
A Kubernetes container can be deployed via which options?
-Amazon EKS cluster in your AWS account -Amazon EKS on AWS Outposts -Amazon EKS Anywhere -Amazon EKS Distro.
93
True/False. For each Amazon EKS cluster you create, you are charged an hourly rate.
True.
94
True/False. You are not charged for the AWS resources that you create to run Kubernetes worker nodes in Amazon EC2 with Amazon EKS managed node groups.
False. You ARE charged for the AWS resources that you create to run Kubernetes worker nodes in Amazon EC2 with Amazon EKS managed node groups.
95
How are you charged for Amazon EKS on AWS Fargate?
In Amazon EKS on AWS Fargate, you are charged for the vCPU and memory resources.

AWS TD Cheat Sheets (30 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions