Exam 7 services

Question 1

Amazon Managed Service for Prometheus

Answer 1

Fully managed monitoring service
Prometheus - an open-source monitoring and alerting toolkit, similar to CloudWatch.
Cloud-agnostic

Question 2

Amazon Managed Service for Prometheus

Answer 2

Fully managed visualisation and analysis service
Grafana - open source visualisation and analytics dashboards. Similar to dashboard elements of CloudWatch
Cloud-agnostic

Question 3

Amazon KeySpaces and Apache Cassandra.

Answer 3

Amazon Keyspaces is a fully managed database service for running Cassandra workload, Cassandra is the Apache Cassandra Database (NoSQL)

Question 4

Security Hub (4 points)

Answer 4

• Sums security findings for AWS and partner products.
• Continuous checking of AWS resources for best practice
• Auto fix by integrating with lambda and config.
• Main dashboard to view and manage security posture through AWS

Still quite a general tool

Question 5

AWS proton (4 points)

Answer 5

• fully managed containerization service
• service and environment templates
• AWS Proton service is an instantiation of a service template
• Useful when frequent resource changes.

Question 6

QuickSight (2 points)

Answer 6

• Business-Intelligence (BI) for interactive dashboards and visualizations. uses ML
• Can intake from Amazon Athena and S3 (for example)

Question 7

X-ray (1 point)

Answer 7

• Debug and analyse microservices applications by tracing requests so you can find the root cause.

Question 8

Elastic Map Reduce (3 points)

Answer 8

• Runs big data applications at PETABYTE scale (e.g. Apache Spark)
• Does stuff like data analysis in logs, web indexes, ML
• Sort of similar to Athena and Redshift.

Question 9

NetApp ONTAP and FSx for ONTAP (4 points)

Answer 9

• NetApp’s ONTAP is a file system.
• FSx for ONTAP - FULLY MANAGED
• supports NFS, SMB and ISCSi
• Single and Multi-AZ deploys.

Question 10

Netapp SnapMirror (1 point)

Answer 10

-Replication solution for NetApp storage systems.

Question 11

Compute Optimizer (4 points)

Answer 11

• Suggests ideal AWS resources for your workloads to lower cost and up performance
• supports 1) EC2, 2) EC2 ASG, 3) EBS, 4) Lambda
• Last 14 days
• Opt-in

Question 12

AWS timestream (3 points)

Answer 12

• fully managed
• Time-series database for IoT and operational apps.
• Store and analyse trillions of events per day cheaper than SQL databases

Question 13

AWS Lake Formation (3 points)

Answer 13

• S3 based, Integrates with Redshift, EMR, Amazon Athena
• Provides cross-account permissions
• Has tag-based access control

Question 14

Transfer Family (2 points)

Answer 14

• Fully Managed
• Secure file transfer over protocols such as SFTP, FTPS, and FTP directly into and out of Amazon S3 or Amazon EFS

Question 15

SNS mobile push (1 point)

Answer 15

send push notifications to mobile devices

Question 16

DynamoDB streams (2 points)

Answer 16

• capture changes to items, each change is recorded as a stream record, which can be processed asynchronously.

Question 17

Transfer Accelerator (2 points)

Answer 17

• Sort of the like the upload version of S3 upload version of Global Accelerator
• Speeds up file upload/download by using CF edge locations.

Question 18

Key Material vs KMS key (1 point)

Answer 18

Key material: The actual cryptographic key for encrypting/decrypting
KMS key: logical container with the key material, metadata and policies for it’s use

Importing the key material is a one time thing.

Question 19

FSX with OpenZFS

Answer 19

• NFSI only
• Sub mili-second latency and high-performance storage

Question 20

CloudTrail Lake (2 points)

Answer 20

• Fully managed
• Collect, store, analyze AWS API activity logs in a data lake. It allows for advanced querying and analysis of logs to enhance security and compliance monitoring.

Question 21

WAF vs NF (2 points in each for what they do)

Answer 21

WAF - APPLICATION SPECIFIC SECURITY

• Layer 7 - XSS and SQL injection
• Rules to control the web traffic pattern access to the app layer

NF - NETWORK PROTECTION

• The network layer
• Filter traffic coming in and out of VPC, i.e. manage IP addresses and ports.

Question 22

When to use Aurora Serverless Vs Aurora provisioned

Answer 22

Serverless:

• unpredictable
• infrequent
• sporadic

Provisioned:

• predictable

Question 23

Are Application load balancers in one region?

Answer 23

YES

Question 24

AWS Systems Manager Automation runbooks

Answer 24

AWS Systems Manager Automation runbooks are predefined procedures designed to automate common tasks and processes

Question 25

mysqldump (2)

Answer 25

• Back up MySQL databases hosted on Amazon RDS (Relational Database Service) or on EC2 instances
• Dumps stuff needed to recreate the schema and data

Question 25

PrivateLink (vs VPC endpoint) (5 points - 1 for VPC endpoint, 4 for Private Link)

Answer 25

VPC endpoint - The ENTRY POINT in your VPC that allows you to connect privately to a service.

AWS PrivateLink - A TECHNOLOGY providing connectivity between VPCs and services.

Can be done with without internet and VPC peering

Can be your own services or provided by AWS

What enables Interface endpoints. Allows injection of an ENI

Question 26

Transparent Data Encryption (2 points)

Answer 26

• Encrypt Data AT REST
• RDS for SQL and Oracle.

Question 27

static Anycast IP (2 points)

Answer 27

• single IP advertised from multiple locations simultaneously.
• Traffic sent to this IP address is routed to the nearest/best-performing location via shortest path determined by network’s routing protocol.
• Mainly for global accelerator

Question 28

TCP vs HTTP(S) healthchecks (2 points)

Answer 28

TCP healthcheck only offered by NLB

HTTP(S) health checks are offered by ALB and NLB

Question 29

Simple Token Service (2 points)

Answer 29

• Supports SAML
• Good for identity federation, cross-account access and IAM roles.

Question 30

AWS App Mesh (1 point)

Answer 30

connect, secure, and monitor microservices across your infrastructure.

Question 31

Kubernetes Autoscalers (2)

Answer 31

• Karpenter - Launch appropriately sized compute resources, more sophisticated
• Cluster Autoscaler - adjust number of nodes in node groups, more traditional.

Question 32

Kinesis data streams - FIFO and durability

Answer 32

FIFO - yes
Data won’t go missing - yes

Question 33

Service Health vs Personal Health Dashboard

Answer 33

Service Health Dashboard:
General status and health of AWS services worldwide.

Personal Health Dashboard:
Personalized alerts and information related to issues and events affecting your specific AWS account and resources.

Question 34

Datasync vs Storage Gateway

Answer 34

AWS Storage Gateway: Use for integrating on-premises environments with cloud storage for backup, archival, and hybrid storage solutions.

AWS DataSync: fast, automated transfers and migrations between on-prem and AWS storage services, especially for large datasets or periodic synchronization.

For S3, EFS, FSX for win file server.

Connects to SMB and NFS

Question 35

Application Discovery Service (2)

Answer 35

CANT DO ACTUAL MIGRATION

Helps organizations discover and analyze their on-premises applications and infrastructure to plan effective migrations to AWS.

Question 36

AWS migration service (MGN) (1)

Answer 36

• Primary migration service recommended for lift-and-shift migrations. (Suggested over Elastic Disaster Recovery)

Question 37

AWS Replication Agent (1)

Answer 37

Component used to facilitate data replication for disaster recovery and backup purposes in AWS

Question 38

AWS Forecast (1)

Answer 38

time-series forecasting service based on machine learning (ML) and built for business metrics analysis

Question 39

Step function and task assignment (2)

Answer 39

• Tasks are never duplicated
• assigned once - task to only one worker

Question 40

Things Cloud Watch Alarms can do (3)

Answer 40

• Trigger SNS
• Change EC2 instance state or EC2 ASG
• Trigger System Manager Automation documents

Question 41

AWS Snowcone (1)

Answer 41

Small - essentially a rugged portable hard drive - up to 8 tb

Question 42

Cloudfront viewer and origin policies (3 for each)

Answer 42

Viewer policy - from user to cloudfront edge location or regional edge cache

Viewer:

HTTP/HTTPS
HTTP -> HTTPS
HTTPS only

Origin:
HTTP only
HTTPs only
Match viewer

CloudFront can serve content over both HTTP and HTTPS. You can configure CloudFront to accept only HTTPS requests, redirect HTTP to HTTPS, or accept both.

Question 43

DR Strategies (4)

Answer 43

• Backup and restore : RPO/RTO of hours
• Pilot light: RPO/RTO 10s of minutes
• Warm Standby: RPO/RTO minutes
• Multi-site active/active: RPO/RTO

Question 44

Lambda encryption (1)

Answer 44

Technically, Lambda encrypts by default using KMS. BUT using default KMS key, meaning anyone with access to Lambda console could see it.

Better to create new KMS key and uses encryption helpers (explained in another flashcard)

Question 45

Encryption Helpers (1)

Answer 45

Allow client-side encryption of environment variables in lambda.

Question 46

Where can read-replicas be for RDS read replicas (1)

Answer 46

In the same AZ, Cross AZ, or Cross Region

Question 47

API Gateway caching (1)

Answer 47

Can do it. Sort of similar to others, has Cache invalidation, TTL, etc.

Question 48

Aurora auto-scaling - what is being scaled?

Answer 48

The number of read replicas in the DB cluster.

Question 49

Native functions and stored procedures

Answer 49

Native Functions: Built-in functions provided by the RDS, perform common operations directly in SQL queries. Efficient and predefined.

Stored Procedures: User-defined programs that encapsulate SQL statements and business logic. stored in DB can include complex logic, parameters, and transaction management.

Question 50

CloudWatch Alarms vs CloudWatch Logs vs CloudWatch Events (EventBridge)

Answer 50

Alarms:

• Monitor metrics and trigger actions based on threshold breaches.
• Detect issues with resources and automatically respond to performance metrics or system health changes.

Logs:

• Collect, store, and analyze log data from various sources
• Troubleshoot applications, maintain compliance, and analyze log data for insights.

Events:

• Respond to system events and automate workflows based on changes in AWS resources
• Automate tasks in response to events, integrate services, and manage event-driven processes.

Key diff:

• EVENTS happens when it’s created or a schedule, alarms need a threshold reached.
• Can emit alarms to events

Question 51

Kendra

Answer 51

Uses NLP and ML to return specific answers to search questions from your data

Question 52

Device Farm

Answer 52

Application testing service for web and mobile apps. tests on desktop and mobile devices

Question 53

Amplify

Answer 53

JavaScript library for Frontend and mobile developers building cloud-enabled applications

Question 54

S3 transition periods with lifecycle policies

Answer 54

IA: 30 DAYS
1 Zone IA: 30 DAYS
Glacier: No time constraint apparently
Glacier deep archive: No time constraint apparently

Question 55

CloudFront Geoblocking

Answer 55

Can implement blocking based on geographical location. using allow lists.

Question 56

Can Inspector scan EBS volume?

Answer 56

No

Question 57

What can types can EBS be encrypted with?

Answer 57

Customer-managed or AWS-managed key, but not AWS owned key.