Exam Answers Flashcards
With ASG, the Cooldown timer is only supported by which scaling policy?
Simple Scaling Policy
True or False, you can attach user-defined metadata directly to S3 objects?
True
What is the user-defined metadata size limited to in S3?
2KB
What are the 5 types of EBS Storage?
- General Purpose (SSD) - (gp2)
- Provisioned IPOS (SSD) - (io1)
- Throughput Optimized HDD - (st1)
- Cold HDD - (sc1)
- EBS Magnetic - (standard)
What is IOPS?
Input/Output per second : It is the speed at which non-continuous reads and writes can be performed on a storage medium
What is Throughput?
The data transfer rate to and from the storage medium in megabytes per second
What is Bandwidth?
The measurement of the total possible speed of data movement along the network
When is EBS General Purpose (SSD) (gp2) best used?
for general usage without specific requirements
When is EBS provisioned IOPS (SSD) (io1) best used?
When you require really fast input and ouput
When is EBS Throughput Optimised HDD (st1) best used?
magnetic drive optimised for quick throughput
When is EBS Cold HDD (sc1) best used?
Lowest cost HDD volume for infrequently accessed workloads
What are the use cases for EBS general purpose?
Most workloads
What are the use cases for EBS Provisioned IOPS SSD?
- Large databases
- IOPS greater than 16,000
- Throughput greater than 250 MiB
What are the use cases for EBS Throughput optimised HDD?
- Data warehouses
- Big data
- Log processing
What are the use cases for EBS Cold HDD?
File storage
What are the use cases for EBS Magnetic?
Archival storage
Volume size for EBS General purpose?
1 GB - 16 TB
Volume size for EBS Provisioned IOPS SSD?
4GB - 16 TB
Volume size for EBS Throughput Optimised HDD?
500 GB - 15 TB
Volume size for EBS Cold HDD?
500 GB - 15 TB
Volume size for EBS Magnetic
500 GB - 15 TB
Max IOPS for EBS General Purpose?
16,000
Max IOPS for EBS Provisioned IOPS SSD?
64,000
Max IOPS for EBS Throughput Optimised HDD?
500
Max IOPS for EBS Cold HDD?
250
Max IOPS for EBS Magnetic?
40 - 200
How do you move an EBS Volume from one AZ to another?
1, take a snapshot of the volume
2, create an AMI from the snapshot
3, launch new EC2 in the desired AZ
How do you move an EBS Volume from one region to another?
1, take a snapshot of the volume
2, create an AMI from the snapshot
3, copy the AMI to another region
4, launch new EC2 instance from the copied AMI
True or False; DynamoDB allows you to provision your capacity to have a guarantee of reads and writes per second at any scale?
True
What is DocumentDB?
- MongoDB compatible database
- Can store JSON data
- Very fast but there is no guarantee of reads and writes per second at scale.
True or False; DocumentDB is Highly Available?
False; since it can only launch a single instance which would be susceptible becoming unavailable if that single AZ failed.
What should be referred to if you want to map Amazon Elastic Block Store to an Amazon EC2 instance for AWS CloudFormation resources?
Reference the logical IDs of both the block stores and the instance
An application running on an EC2 instance managed by an Auto Scaling Group and which backed by an RDS Postgres database is gaining in popularity the database cannot keep up with the number of queries being request. What solution would improve the performance of this architecture?
ElastiCache in front of the database.
ElastiCache can be placed in front of RDS to cache the most read common queries and would resolve our performance issues.
True or False; You can only log across all AWS Accounts with a trail that is created in the master account
True
True or False; AWS Glue can be more suited for large batches?
True
Which AWS service allow you to transform raw streaming data into formats like Apache Parquet, and dynamically partition streaming data without building your own processing pipelines.
Kinesis Firehose
True or False; Kinesis Firehose has the ability to archive, encrypt as well as transform JSON to parquet?
True
What is Amazon FPS?
Amazon Flexible Payment Service, a service that allows for building very flexible payment systems. The service can be classified as a part Gateway and part Integration (offsite processor).
What is Amazon DevPay?
A simple-to-use online billing and account management service that makes it easy for businesses to sell applications that are built in, or run on top of, Amazon Web Services. It is designed to make running applications in the cloud and on demand easier for developers.
True or False; EC2 can be used for caching?
True, EC2 any kind of computing so you can do anything you like as long as you’re willing to maintain the instances yourself.
A web application which consists of a single EC2 instance that has an Elastic IP (EIP) is accessed by employees from remote locations. How can the IP addreses from the inbound traffic be audited to determine if they are company approved IP addresses?
VPC Flow Logs:
Turning on VPC Flow Logs within your VPC will capture inbound traffic from the internet into your VPC. Within these logs contains the IP address of the source of the incoming request.
True or False; CloudTrail can help provide insight into the failure of an instance?
False; CloudTrail is for governance and auditing about who has accessed what services.
What is the SQS FIFO limit?
300 messages per second
True or False’ ElastiCache is a global service?
False; it is regional
Which IAM policy condition key should be used if you want to check whether the request was sent using SSL?
Secure Transport.
To determine HTTP or HTTPS requests in a bucket policy, use a condition that checks for the key “aws:SecureTransport”. When this key is true, then request is sent through HTTPS.
What is Amazon Macie?
Amazon Macie is a data security and data privacy service that uses machine learning (ML) and pattern matching to discover and protect your sensitive data.
What are the 3 S3 Glacier Flexible Retrieval Options?
- Expedited = 1-5 mins
- Standard = 3-5 hours
- Bulk = 5-12 hours
How many consumers can Kinesis Firehose have?
Just 1, and it is generally S3
How many consumers can Kinesis Data Streams have?
Multiple
True or False; Encryption is turned on by default for CloudTrail logs that are delivered to S3?
True, by SSE-S3 (AES)
True or False; Interface Endpoints support S3?
False; but Gateway Endpoints do
An Internet Gateway in your VPC enable instances within a public or Private subnet to reach the Internet?
Public - check this
An application is running within a private subnet and needs an outbound connection to the internet to fetch package updates. Which solution will provide that instance with a connection to the Internet?
Launch a NAT Gateway in the public subnet and create a route in the route table for 0.0.0.0/0 for the NAT
A NAT in a public subnet in your VPC enables instances in the private subnet to initiate outbound IPv4 traffic to the Internet
True or False; You can failover to a website hosted on a S3?
True
A company has an on-premise Cassandra database with an existing large workload which they are migrating to AWS to an EC2 Which EBS Volume Type would be most the most performance their use case?
EBS Provisioned IOPS SSD
A company is utilizing multiple cloud computing providers for computing capacity. Sometimes these public-facing instances on platforms other than AWS become unresponsive and need to be manually restarted. The company needs a way to detect these failing instances so it can take action to replace them. What solution will resolve this issue?
Use Route 53 Health Checks
Route53 Health Checks takes an endpoint from anywhere. So it can check the health of an instance if its public-facing and alert you.
True or False; CloudWatch logs are real-time?
False
True or False; to use Kinesis Data Analytics you must have an input and output stream?
True
A company has an application which runs in multiple regions. The company needs to analyze the application logs in real-time to detect suspicious behaviour attempting to abuse their platform. Which solution could they use to complete their analysis?
Send logs to Kinesis Data Streams which in turn sends it to Kinesis Data Analytics which in turn sends it to Kinesis Firehose to then later store the results in S3.
Kinesis is a streaming service which is designed to perform operations in realtime. Kinesis Data Analytics is used to allow you to perform queries on incoming data in realtime. To use Kinesis Data Analytics you must have an input and output stream. For the input stream if we use Kinesis Data Stream we can transform the application logs into a format that will easily queryable when it reaches Data Analytics and then we can place it in output stream to Kinesis Firehose. Kinesis Firehose is just a buffer and will allow us to dump the results easily to S3.
A company has a DynamoDB table which when an item is inserted they want to evaluate the contents of the item to decide whether they should receive an alert via email. Which solution would be most performant to meet their requirements?
Stream new records to a Lambda function
DynamoDB Streams allows you to trigger a Lambda function when records are inserted into a table. DyanmoDB Streams do not consume you read capacity so you need not worry about adjust your provision capacity settings.
When launching containers in Amazon ECS, where may PortMapping be defined?
Task definition
True or False; You can automatically create and backup to another region Redshift snapshots via Snapshot Schedule within the Redshift console?
True
True or False; Elastic Load Balancer can send traffic to instances within private subnet?
True
How many AWS managed Customer Master Keys can you have for EBS?
AWS managed Customer Master Keys (CMKs) are keys created by default for you by AWS. These keys are managed by AWS as the name implies. There is only one AWS managed CMK for EBS called aws/ebs
What are customer created Customer Master Keys?
Customer managed Customer Master Keys are unique keys created by you the customer
True or False; Lambda can run C#?
True
What is the advantage of instantiating AWS clients outside the scope of the handler when constructing a Lambda function?
Taking advantage of connection re-use
A company handles documents received through an Amazon S3 bucket. Users can upload documents to an S3 bucket using a web user interface.
When files are received in S3, an AWS Lambda function is executed to process them, but the Lambda function times out on a regular basis.
What happens to the S3 event if the Lambda function is setup with the default settings?
The S3 event is discarded after the event is retried twice
If the function returns an error, Lambda attempts to run it two more times. When an event expires or fails all processing attempts, Lambda discards it.
NAT Gateways should be launched in public or private subnets?
Public, or they won’t be able to access the internet
What connection speeds does Direct Connect allow?
Direct Connect can handle low bandwith 50-500MB and high bandwidth connections 1GB or 10GB
What is a good use case for Route 53 Geoproximity Routing Policy?
For very specific location requirements
What does the Transform section of a CloudFormation template do?
Specifies the version of the AWS Serverless Application Model (AWS SAM) to use for serverless applications (also referred to as Lambda-based applications),
What are particularly suited for batch job workloads?
Docker containers
What allows you to change the configuration of your database such a number of connections?
Parameter Groups
A company has a fleet of EC2 instances managed by an Auto Scaling Group which are processing various files of different sizes but no larger than 1TB. These files need to be stored in the same location and it’s important that this storage is highly available and resilient. Which storage solution would meet this company needs?
A single S3 bucket
True or False; DynamoDB Streams allows you to trigger Lambdas when records are inserted?
True
A Solution Architect has been tasked with keeping the usage of Redshift cost-effective. Which of the following would ensure no additional charge occur?
Avoid increasing the backup retention period or taking additional snapshots.
Thousands of sensitive audio and video data must be stored in an Amazon S3 bucket. All data written to this bucket must be encrypted according to organizational security rules.
How can this policy’s compliance be ensured?
Configure an Amazon S3 bucket policy to prevent the upload of objects that do not contain the x-amz-server-side-encryption header.
To encrypt an object at the time of upload, you need to add a header called x-amz-server-side-encryption to the request to tell S3 to encrypt the object using SSE-C, SSE-S3, or SSE-KMS.
True or False; NAT Gateways are AZ specific?
True, so a NAT needs to be launched for each AZ.
True or False; an ASG’s are AZs specifc?
False, ASGs are not bound to AZs.
PCI Compliance; what is PCI?
Payment Card Industry
True or False; Internet Gateways (IGW) can only be attached each to a single VPC
True
True or False; VPC Endpoints cannot be set for RDS?
True
True or False; RDS Multi-AZ uses asynchronous replication?
False; it uses synchronous replication
True or False; RDS read replicas uses asynchronous replication?
True
True or False; you can promote an RDS read replica to a master?
True
True or False; for DynamoDB; one strategy for distributing loads more evenly across a partition keyspace is to add a random number to the end of the partition key values?
True, this randomizes the writes across the larger space.
Athena is used for searching full-text or querying structured data?
Querying structured data
What is AWS Cloudsearch?
CloudSearch is AWS’s managed full-text search engine
When should I choose Provisioned IOPS over Standard RDS storage?
If you use production online transaction processing (OLTP) workloads
Amazon RDS provisions that IOPS rate and storage for the lifetime of the DB instance or until you change it. Provisioned IOPS storage is optimized for I/O intensive, online transaction processing (OLTP) workloads that have consistent performance requirements.
An application running in a private subnet needs to access financial documents stored on S3. Due to the content of these documents they should not traverse outbound on the internet. How can these documents stay within the AWS network?
Create a Gateway Endpoints
A Gateway Endpoint is a gateway that you specify as a target for a route in your route table for traffic destined to a supported AWS service. Gateway Endpoint only supports two AWS services:
- S3
- DynamoDB
So when you need to keep traffic within AWS for S3 you need to use a Gateway Endpoint
True or False; CloudWatch Logs only publishes metric data for events that happen after the metric filter is created?
True
A parent company has an S3 bucket containing instructional documents they want to provide to a branch office which has their own AWS account. What means can be used to restrict access to these S3 objects to only the branch office’s AWS account?
- Bucket policies
- Access Control Lists
True or False; When you create a VPC from scratch it does not let you Enable DNS hostname on creation?
True; You need to turn this on afterwards. DNS Hostnames will generate a domain url so you don’t have to use your public IP address.
There is a requirement to host a database server. This server should not be able to connect to the Internet except while downloading required database patches. What is the best way to achieve this?
Setup the database in a private subnet which connects to the Internet via a NATInstance.
True or False; CloudFront can distribute videos to user?
True; it is a file, why not?
How many AZs does an AWS service need to run in to be considered ‘highly available’?
3
True or False; For an EC2 instance to connect to the internet, you have to ensure that the Route table has an entry to the Internet Gateway?
True. This is required for instances to communicate over the Internet.
When should you use S3 multipart uploads?
In general, when your object size reaches 100 MB, you should consider using multipart uploads instead of uploading the object in a single operation.
A company has assigned two web servers instances to an Elastic Load Balancer. However, the instances and the ELB are not reachable via URL to the elastic load balancer serving the web app data from the EC2 instances. How might you resolve the issue so that your instances are serving the web app data to the public Internet? Choose the correct answer from the options given below
Attach an Internet Gateway to the VPC and route it to the subnet.
If the Internet Gateway is not attached to the VPC, which is a prerequisite for the instances to be accessed from the Internet, the instances will not be reachable.
A customer wants to import their existing virtual machines to the cloud. Which service can they use for this?
VM Import/Export
VM Import/Export enables customers to import Virtual Machine (VM) images in order to create Amazon EC2 instances.
True or False; you can point Route53 Failover policy at an Auto Scaling Group?
False
True or False; resource tags can be used to control access via an IAM Policy?
True
A company’s requirement is to have a Stack-based model for its resources in AWS. There is a need to have different stacks for the Development and Production environments. Which of the following can be used to fulfil this required methodology?
Use AWS OpsWorks to define the different layers for your application.
True or False; you can use Reserved Instances for Redshift Clusters?
True
What is AWS RAM?
Resource Access Manager (RAM) is a service that enables you to easily and securely share AWS resources with AWS account or within your AWS Organisation
What is AWS ParallelCluster?
An AWS-supported open-source cluster management tool that makes it easy for you to deploy and manage High-Performance Computing (HPC) clusters on AWS.
What is Transit Gateway?
It acts as a cloud router that allows you to integrate multiple networks.
How can you improve data security on a Redis Server?
Using Redis AUTH command can improve data security by requiring the user to enter a password before they are granted permission to execute Redis commands on a password-protected Redis server.
What is an Aurora Serverless DB cluster?
An Aurora Serverless DB cluster is a DB cluster that automatically starts up, shuts down, and scales up or down its compute capacity based on your application’s needs.
When to use Aurora Serverless?
Aurora Serverless provides a relatively simple, cost-effective option for infrequent, intermittent, sporadic or unpredictable workloads.
True or False; an Aurora Provisioned DB cluster is suitable for intermittent, sporadic, and unpredictable transactional workloads?
False
What is the Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for Amazon Aurora Global Database?
Recovery Point Objective (RPO) of 1 second and a Recovery Time Objective (RTO) of less than 1 minute.
How to securely serve this private content by using CloudFront?
– Require that your users access your private content by using special CloudFront signed URLs or signed cookies.
– Require that your users access your content by using CloudFront URLs, not URLs that access content directly on the origin server (for example, Amazon S3 or a private HTTP server). Requiring CloudFront URLs isn’t necessary, but we recommend it to prevent users from bypassing the restrictions that you specify in signed URLs or signed cookies.
If you want to serve private content through CloudFront, when to use signed URLs and when to use signed cookies?
Use signed URLs for the following cases:
– You want to use an RTMP distribution. Signed cookies aren’t supported for RTMP distributions.
– You want to restrict access to individual files, for example, an installation download for your application.
– Your users are using a client (for example, a custom HTTP client) that doesn’t support cookies.
Use signed cookies for the following cases:
– You want to provide access to multiple restricted files, for example, all of the files for a video in HLS format or all of the files in the subscribers’ area of a website.
– You don’t want to change your current URLs.
Amazon S3 supports which 3 destinations where it can publish events?
- SNS topic
- SQS queue
- AWS Lambda
How many destination can an Amazon S3 event notification be sent to?
1
True or False; S3 can be used for file storage?
False; it is ‘object storage’, not ‘file storage’.
True or False; Amazon Aurora typically involves a cluster of DB instances instead of a single instance?
True
True or False; you can create custom endpoints in Aurora?
True
5 Custom CloudWatch metrics for EC2
- Memory utilisation
- Disk swap utilisation
- Disk space utilisation
- Page file utilisation
- Log collection
Amazon ECS enables you to inject sensitive data into your containers by storing your sensitive data in which two services?
- AWS Secrets manager
- AWS Systems Manager Parameter Store
True or False; Amazon ECS supports resource-based policies.
False; use a role based policy instead
What is an egress-only internet gateway?
A horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the internet and prevents it from initiating an IPv6 connection with your instances.
What is AWS Network Firewall?
A managed service that makes it easy to deploy essential network protections for all of your Amazon Virtual Private Clouds (VPCs)
A NAT Gateway is for IPv4, IPv6 or both?
IPv4 only
What is AWS Directory Service?
It provides multiple ways to use Amazon Cloud Directory and Microsoft Active Directory (AD) with other AWS services.
True or False; You can invoke an AWS Lambda function from RDS to capture data-modifying events (INSERT, DELETE, UPDATE)?
False; RDS events only provide operational events such as DB instance events, DB parameter group events, DB security group events, and DB snapshot events.
True or False; You can invoke an AWS Lambda function from an Amazon Aurora MySQL-Compatible Edition DB cluster with a native function or a stored procedure?
True
True or False; When you create or update Lambda functions that use environment variables, AWS Lambda encrypts them using the AWS Key Management Service?
True
True or False; Amazon RDS provides metrics in real time for the operating system (OS) that your DB instance runs on
True
For RDS, where does CloudWatch gather metrics about CPU utilization from?
From the hypervisor for a DB instance
For RDS, where does RDS Enhanced Monitoring gather metrics about CPU utilization from?
An agent on the instance
Which sort of database can handle frequent schema changes or provides a flexible schema?
NoSQL, SQL databases are rigid
What are RDS and DynamoDBs optimised for?
- RDS is optimised for storage
- DynamoDB is optimised for compute
What is Amazon EventBridge?
Amazon EventBridge (formerly called CloudWatch Events) is a serverless event bus that makes it easy to connect applications together.
This simplifies the process of building event-driven architectures by decoupling event producers from event consumers.
Which uses synchronous data replication; RDS Read Replicas or RDS Multi-AZ deployment?
RDS Multi-AZ deployment
A Docker application, which is running on an Amazon ECS cluster behind a load balancer, is heavily using DynamoDB. You are instructed to improve the database performance by distributing the workload evenly and using the provisioned throughput efficiently.
What would you consider to implement for your DynamoDB table?
Use partition keys with high-cardinality attributes, which have a large number of distinct values for each item.
What are Amazon S3 access points?
Amazon S3 access points simplify data access for any AWS service or customer application that stores data in S3. Access points are named network endpoints that are attached to buckets that you can use to perform S3 object operations, such as GetObject and PutObject.
What is IAM DB Authentication?
You can authenticate to your DB instance using AWS Identity and Access Management (IAM) database authentication. IAM database authentication works with MySQL and PostgreSQL. With this authentication method, you don’t need to use a password when you connect to a DB instance. Instead, you use an authentication token.
True or False; when you use client-side master key for client-side data encryption, your client-side master keys and your unencrypted data are never sent to AWS?
True
True or False; for SQS queues, you have to ensure that you delete the message after processing to prevent the message from being received and processed again once the visibility timeout expires?
True
What are the maximum days for the EFS lifecycle policy?
90 days
True or False; Reserved Instances are not physical instances, but rather a billing discount applied to the use of On-Demand Instances in your account?
True
What is AWS Transfer for SFTP?
AWS Transfer for SFTP enables you to easily move your file transfer workloads that use the Secure Shell File Transfer Protocol (SFTP) to AWS without needing to modify your applications or manage any SFTP servers.
True or False; You can use AWS Transfer for SFTP to transfer files to an S3 Bucket?
True
True or False; EFS lifecycle management can delete objects?
False; it can only transition files in and out of the “Infrequent Access” tier
What type of file system is Amazon FSx For Lustre?
Lustre is a popular open-source parallel file system
What is Amazon FSx For Lustre?
Amazon FSx For Lustre is a high-performance file system for fast processing of workloads
What is AWS Lake Formation?
AWS Lake Formation is a service that makes it easy to set up a secure data lake in days.
True or False; AWS Lake Formation allows you to assign permissions to IAM users, roles, groups, and Active Directory users?
True
How to achieve fault tolerance?
- You need to have redundant resources in place to avoid any system degradation in the event of a server fault or an Availability Zone outage.
- This entails an extra cost in running additional resources than what is usually needed.
True or False; API Gateway will automatically scale and handle massive traffic spikes?
False; although it can scale using AWS Edge locations, you still need to configure the throttling to further manage the bursts of your APIs.
True or False; when you create an AWS KMS CMK in a custom key store, AWS KMS generates and stores the non-extractable key material for the CMK in an AWS CloudHSM cluster that you own and manage?
True
What protocol does SSH use?
TCP
True or False; Storage Gateway is suitable for transferring large sets of data to AWS?
False; Storage Gateway is mainly used in providing low-latency access to data by caching frequently accessed data on-premises while storing archive data securely and durably in Amazon cloud storage services.
Which AWS service should be used to move cold data from expensive on-premises storage systems directly to durable and secure long-term storage on AWS?
AWS DataSync (not AWS Storage Gateway)
What is Amazon EKS?
Amazon EKS is a portable, extensible, and open-source platform for managing containerized workloads and services.
What do MX records do?
MX record specifies the mail server responsible for accepting email messages on behalf of a domain name.
True or False; you can disable IPv4 support for your VPC and subnets?
False, You cannot disable IPv4 support for your VPC and subnets since this is the default IP addressing system for Amazon VPC and Amazon EC2. IPv4 is required.
What is Amazon Data Lifecycle Manager (Amazon DLM) ?
You can use Amazon Data Lifecycle Manager (Amazon DLM) to automate the creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes.
True or False; EBS volumes can be attached to any EC2 Instance in any Availability Zone?
False; EBS volumes can only be attached to an EC2 instance in the same Availability Zone.
True or False; EBS volumes support live configuration changes while in production which means that you can modify the volume type, volume size, and IOPS capacity without service interruptions?
True
True or False; You can use Amazon SNS message filtering to assign a filter policy to the topic subscription, and the subscriber will only receive a message that they are interested in?
True
True or False; ALBs can route and load balance gRPC traffic?
True
What is RDS Proxy?
RDS Proxy helps you manage a large number of connections from Lambda to an RDS database by establishing a warm connection pool to the database. Your Lambda functions interact with RDS Proxy instead of your database instance.
True or False; With AWS DMS, you can perform one-time migrations, and you can replicate ongoing changes to keep sources and targets in sync?
True
What is Amazon GuardDuty?
Amazon GuardDuty can generate findings based on suspicious activities such as requests coming from known malicious IP addresses, changing of bucket policies/ACLs to expose an S3 bucket publicly, or suspicious API call patterns that attempt to discover misconfigured bucket permissions.
What is AWS Inspector?
Inspector is basically an automated security assessment service that helps improve the security and compliance of applications deployed on AWS.
What are AWS Budgets?
AWS Budgets allows you to be alerted and run custom actions if your budget thresholds are exceeded.
What is Amazon EMR?
Amazon EMR is a managed cluster platform that simplifies running big data frameworks, such as Apache Hadoop and Apache Spark, on AWS to process and analyze vast amounts of data.
What do you specify when you create a DynamoDB Gateway endpoint?
- VPC
- route table that will be associated with the endpoint
True or False; DynamoDB on-demand backups cannot be copied to a different account or Region?
True; to create backup copies across AWS accounts and Regions and for other advanced features, you should use AWS Backup.
Which 2 services that you can use for creating a decoupled architecture in AWS?
- SQS
- Amazon SWF (Simple Work FLow)
What is Amazon SWF?
Amazon Simple Work Flow (SWF) is a web service that makes it easy to coordinate work across distributed application components.
True or False; you can create a VPC peering for your on-premises network and AWS VPC?
False
True or False; API Gateway enables you to build RESTful APIs and WebSocket APIs?
True
True or False; With AWS Config you can verify if your resources comply with your desired configurations and learn which specific resources are noncompliant?
True
What is AWS Proton?
AWS Proton allows you to deploy any serverless or container-based application with increased efficiency, consistency, and control. You can define infrastructure standards and effective continuous delivery pipelines for your organization
What is AWS Network Firewall?
AWS Network Firewall is a stateful, managed network firewall and intrusion detection and prevention service for your virtual private cloud (VPC)
What is AWS ACM?
ACM (AWS Certificate Manager) is a service that lets you easily provision, manage, and deploy public and private SSL/TLS certificates for use with AWS services and your internal connected resources
True or False; you need to configure a NAT instance to establish a successful VPN connection?
False
An accounting application uses an RDS database configured with Multi-AZ deployments to improve availability. What would happen to RDS if the primary database instance fails?
The canonical name record (CNAME) is switched from the primary to standby instance.
True or False; Systems Manager Parameter Store rotates it’s parameters by default?
False - parameters are usually static, unlike passwords
True or False; If one of your instances serving a particular function fails, its network interface can be attached to a replacement or hot standby instance pre-configured for the same role in order to rapidly recover the service?
True
True or False; you can assign an Elastic IP address to an Application Load Balancer?
False; The alternative method you can do is assign an Elastic IP address to a Network Load Balancer in front of the Application Load Balancer.
What is an Auto Ssaling Group’s default cooldown period?
300 seconds (5 mins)
True or False; you can use an AWS Lambda function to process records in Amazon Kinesis Data Streams?
True; Lambda can process up to 10 batches in each shard simultaneously.
True or False; AWS Lambda can be set as its destination for Kinesis Firehose?
False; but Kinesis Data Analytics can
True or False; you can enable or disable hibernation for an instance after it has been launched?
False; must enable to on launch
True or False; an EC2 instance has an underlying physical host computer. If the instance is stopped, AWS usually moves the instance to a new host computer?
True
True or False; an ENI will stay attached to your EC2 instance even if you stopped your EC2 instance?
True
True or False; an Elastic IP address is disassociated with an instance after stopping it?
False
What is Provisioned capacity for S3 Glacier?
Provisioned capacity ensures that your retrieval capacity for expedited retrievals is available when you need it.
True or False; Use AWS Database Migration Service (AWS DMS) to migrate data from an Aurora DB cluster to a Aurora Serverless database?
True
What is a reader endpoint for an Aurora DB cluster?
A reader endpoint for an Aurora DB cluster provides load-balancing support for read-only connections to the DB cluster. Use the reader endpoint for read operations, such as queries.
What is a cluster endpoint for an Aurora DB cluster?
a cluster endpoint (also known as a writer endpoint) simply connects to the current primary DB instance for that DB cluster.
True or False; You will be billed when your On-Demand EC2 instance is in pending state?
False; you will not be billed if your instance is in pending state.
True or False; you will be billed when your On-Demand EC2 instance is preparing to hibernate with a stopping state?
True
What is the primary way to control access to KMS keys?
Key policy
What does a Lambda resource policy specify?
Who can invoke the Lambda function
True or False; Your Lambda function automatically scales based on the number of events it processes. If your Lambda function accesses a VPC, you must make sure that your VPC has sufficient ENI capacity to support the scale requirements of your Lambda function?
True
True or False; Amazon FSx for Windows File Server provides low-latency access from on-premises?
False; use Storage Gateway for low-latency access to storage from on-premises
Target groups are primarily used in ELBs or Auto Scaling Groups?
ELBs
How are Network ACL rules evaluated?
Rules are evaluated starting with the lowest numbered rule. As soon as a rule matches traffic, it’s applied immediately regardless of any higher-numbered rule that may contradict it.
What is the easiest way to load streaming data into data stores and analytics tools?
Kinesis Firehose
RDS Read-Replicas use Synchronous or Asynchronous replication?
Asynchronous
True or False; RDS Read-Replicas provide synchronous replication and automatic failover in the case of Availability Zone service failures?
False; this is Multi-AZ
True or False; Fargate works with both Amazon Elastic Container Service (ECS) and Amazon Elastic Kubernetes Service (EKS)?
True
How much free ephermeral storage are Fargate tasks given?
Fargate tasks are given a minimum of 20 GiB of free ephemeral storage
What is Amazon AppFlow?
Amazon AppFlow is an integration service for transferring data securely between Software-as-a-Service (SaaS) applications like Salesforce, SAP, Zendesk, Slack, ServiceNow, and AWS services.
What is a Route53 Active Active Failover configuration?
Use this failover configuration when you want all of your resources to be available the majority of the time. When a resource becomes unavailable, Route 53 can detect that it’s unhealthy and stop including it when responding to queries.
What is a Route53 Active Passive Failover configuration?
Use an active-passive failover configuration when you want a primary resource or group of resources to be available the majority of the time and you want a secondary resource or group of resources to be on standby in case all the primary resources become unavailable.
What is the maximum backup retention period for automated backups for RDS
35 days.
True or False; Every subnet that you create is automatically associated with the main route table for the VPC?
True
True or False; each subnet maps to a single Availability Zone?
True
True or False; IAM Roles can be attached to IAM Groups?
False
True or False; IAM Policies can be attached to IAM Groups?
True
What is the default retention period for Kinesis Data Streams?
24 hours
True or False; by default, Amazon EBS root device volumes are automatically deleted when the instance terminates?
True, However, by default, any additional EBS volumes that you attach at launch, or any EBS volumes that you attach to an existing instance persist even after the instance terminates. This behavior is controlled by the volume’s DeleteOnTermination attribute, which you can modify.
True or False; there is a vCPU-based On-Demand Instance limit per region?
True; to increase it you can submit the limit increase form to AWS
What is AWS Systems Manager Parameter Store?
Parameter Store provides secure, hierarchical storage for configuration data and secrets management.
3 Destinations where S3 Notifications can publish events?
- SNS
- SQS
- Lambda
Elastic Load Balancers is single or multi region?
Single
In CloudFormation, what do you do when you want to wait on resource configuration actions before stack creation proceeds?
Configure a CreationPolicy
True or False; AWS Resource Access Manager (RAM) allows you to launch new AWS accounts with preapproved configurations?
False
True or False; instance store volumes have greater I/O performance than EBS volumes?
True
What is Instance Store / EBS RAID 1 used for?
Data mirroring
What is Instance Store / EBS RAID 0 used for?
Improving performance (IOPS / Throughput)
What is Amazon FSx for Windows File Server?
Amazon FSx for Windows File Server provides fully managed, highly reliable, and scalable file storage that is accessible over the industry-standard Service Message Block (SMB) protocol.
True or False; you can integrate Amazon S3 with your existing Active Directory to provide authentication and access control?
False
What is CloudWatch Logs agent?
CloudWatch Logs agent provides an automated way to send log data to CloudWatch Logs from Amazon EC2 instances
When are static AnyCast IP addresses primarily used?
For AWS Global Accelerator
True or False; you can create Cross-Region Snapshots in Amazon Redshift Clusters?
True
True or False; In CloudFront it is possible to set up an origin failover by creating an origin group with two origins. Specify one as the primary origin and the other as the second origin which CloudFront automatically switches to when the primary origin returns specific HTTP status code failure responses?
True
What is Amazon FSx for Windows File Server?
Amazon FSx for Windows File Server is a fully managed Microsoft Windows file system with full support for the SMB protocol, Windows NTFS, Microsoft Active Directory (AD) Integration.
True or False; S3 is suitable for storing data that is rapidly changing?
False
True or False; you can assign an Elastic IP address to an Application Load Balancer?
False
True or False; you can assign an Elastic IP address to an Network Load Balancer?
True
What is Trusted Advisor?
Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices.
What is AWS Resource Groups Tag Editor?
AWS Resource Groups Tag Editor simply allows you to add, edit, and delete tags to multiple AWS resources at once for easier identification and monitoring.
What can Service Control Policies (SCP) be attached to (3)?
- organisation root
- organisational unit
- directly to an account
Which EC2 metrics does CloudWatch have as standard?
- CPU Utilisation
- Disk reads activity
- Network packets out
When you create an encrypted EBS volume and attach it to a supported instance type, what types of data are encrypted?
– Data at rest inside the volume
– All data moving between the volume and the instance
– All snapshots created from the volume
– All volumes created from those snapshots
What protocol and ports does FTP use?
TCP via ports 20 and 21
What credentials does a brand new IAM user created using the AWS CLI or AWS API have?
No credentials for any kind
An organization needs to control the access for several S3 buckets. They plan to use a gateway endpoint to allow access to trusted buckets. How best to achieve this requirement?
Generate an endpoint policy for trusted S3 buckets.
True or False; when you create a Gateway endpoint, you can attach an endpoint policy that controls access to the service to which you are connecting?
True
What is the primary way to control access to KMS keys?
Through key policies
True or False; Unless the key policy explicitly allows it, you cannot use IAM policies to allow access to a KMS key. Without permission from the key policy, IAM policies that allow permissions have no effect.
True
How do you allow a Lambda function to be able to decrypt a KMS key?
Attach the kms:decrypt permission to the Lambda function’s execution role.
True or False; Trusted Advisor is real-time?
True
For S3, which key provider provides you with an audit trail that shows when your CMK was used and by whom?
- AWS KMS-Managed Keys (SSE-KMS)
- Amazon S3-Managed Keys (SSE-S3)
- Customer-Provided Keys (SSE-C)
AWS KMS-Managed Keys (SSE-KMS)
A web application is hosted in an Auto Scaling group of EC2 instances deployed across multiple Availability Zones behind an Application Load Balancer. You need to implement an SSL solution for your system to improve its security which is why you requested an SSL/TLS certificate from a third-party certificate authority (CA).
Where can you safely import the SSL/TLS certificate of your application? (Choose TWO.)
- AWS Certificate Manager
- IAM certificate store
True or False; S3 is a suitable service to store the SSL certificates?
False
What are EC2 On-Demand Capacity Reservations?
By creating Capacity Reservations, you ensure that you always have access to EC2 capacity when you need it, for as long as you need it.
True or False; ACM (AWS Certificate Manager) sends daily expiration events for all active certificates (public, private and imported) starting 45 days prior to expiration?
True
IAM database authentication works with which databases?
IAM database authentication works with MySQL and PostgreSQL.
In ECS what is a service?
A Service is used to guarantee that you always have some number of Tasks running at all times.
What is Amazon Redshift Enhanced VPC Routing?
Redshift Enhanced VPC Routing allows Redshift to utilize VPC components such as VPC Endpoints when turned on. To keep your connection secure you want to keep all traffic within the AWS network.
What is a good use case for NAT Gateways?
Allowing an instance in a private subnet to reach the internet for system updates. Not for enabling inbound traffic
True or False; VPC Flow Logs can be used with CloudFront?
False; VPC flow logs capture information about the IP traffic going to and from network interfaces in a-VPC but not for CloudFront.
If you run PCI or HIPAA-compliant workloads, how can you log your CloudFront usage data?
- Enable CloudFront access logs.
- Capture requests that are sent to the CloudFront API.
If an instance’s security group is configured to allow SSH from any IP address and deny all outbound traffic, can you access this instance?
Yes; with Security groups, responses are stateful. So if an incoming request is granted, by default an outgoing request will also be granted.
Network ACLs are stateful or Stateless?
Stateless
How many VPCs can an Internet Gateway be attached to?
1
True or False; default NACL has an allow inbound rule?
True
There is a requirement to host a database server. This server should not be able to connect to the Internet except while downloading required database patches. Which of the following solutions would best satisfy all the above requirements?
Setup the database in a private subnet which connects to the Internet via a NATInstance.
What to do if your identity store is not compatible with SAML 2.0?
If your identity store is not compatible with SAML 2.0 then you can build a custom identity broker application to perform a similar function. The broker application authenticates users, requests temporary credentials for users from AWS, and then provides them to the user to access AWS resources.
What is server access logging for S3 buckets?
If you enable server access logging for an S3 bucket you receive detailed information about every access request sent to the S3 bucket including:
- the referrer
- turn-around time information
- the requester
- bucket name
- request time
- request action
- error code information
True or False; new EC2 instances automatically get a DNS hostname because the DNS resolution and DNS hostnames attributes are enabled in the newly created VPC?
False; new EC2 instances does not automatically get a DNS hostname because the DNS resolution and DNS hostnames attributes are disabled in the newly created VPC.
What is CloudWatch Logs Insights?
CloudWatch Logs Insights enables you to interactively search and analyze your log data in Amazon CloudWatch Logs.
What is a unified CloudWatch agent?
Automatically collects and pushes data to CloudWatch logs from EC2 instances
In S3 when do you set object permissions?
On upload
In S3, what are Requester Pays buckets?
With Requester Pays buckets, the requester instead of the bucket owner pays the cost of the request and the data download from the bucket. The bucket owner always pays the cost of storing data.
What is DynamoDB Auto Scaling?
DynamoDB Auto Scaling uses the AWS Application Auto Scaling service to dynamically adjust provisioned throughput capacity on your behalf, to handle sudden increases in traffic, without throttling.
True or False; You can add multi-factor authentication (MFA) to a Cognito user pool?
True
What network device that you can attach to your Amazon EC2 instance to accelerate High Performance Computing (HPC) and machine learning applications?
Elastic Fabric Adaptor (EFA)
Benefits of Elastic Fabric Adaptor (EFA)?
- EFA provides lower and more consistent latency and higher throughput than the TCP transport traditionally used in cloud-based HPC systems.
- It enhances the performance of inter-instance communication which is critical for scaling HPC and machine learning applications.
-It is optimized to work on the existing AWS network infrastructure, and it can scale depending on application requirements.
True or False; EFAs (Elastic Fabric Adaptors) do not support OS-bypass capabilities?
False
What is an Auto Scaling Group predictive scaling policy?
Predictive scaling uses machine learning to predict capacity requirements based on historical data from CloudWatch.
What is Lambda@Edge?
Lambda@Edge is a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency.
True or False; you can use Amazon EMR to transform and move large amounts of data into and out of other AWS data stores and databases such as Amazon S3 and Amazon DynamoDB?
True
How many times is message delivery for SQS Standard Queue?
At-Least-Once
How many times is message delivery for SQS Fifo Queue?
Exactly-Once
True or False; Amazon SWF ensures that a task is never duplicated and is assigned only once?
True
True or False; you can modify a launch configuration after you’ve created it?
False; you can’t modify it
True or False; Amazon EventBridge can directly check for IAM events that show the age of IAM access keys?
False
In Amazon MQ for RabbitMQ, what setup is recommended to ensure high availability?
a cluster broker deployment setup is recommended to ensure high availability.
What is the primary use-case of read-replicas for RDS?
scaling your database with a high number of read/select SQL operations
What is the primary use-case of Multi-AZ for RDS?
High Availability and fast failover
Which is the default queue in SQS?
Standard (not FIFO) Queue
True or False; A Kinesis data stream is a set of shards that has a sequence of data records, and each data record has a sequence number that is assigned by Kinesis Data Streams?
True
True or False; you must create the corresponding public subnet in the same Availability Zone of your private EC2 servers in order for it to properly communicate with the load balancer.
True
For EBS volumes, what is the maximum ratio of provisioned IOPS to the requested volume size (in GiB)?
50:1.
Egs:
- 10GB volume x 50 = 500 max IOPS
- 100GB volume x 50 = 5,000 max IOPS
- 1,280GB volume x 50 = 64,000 max IOPS (64,000 is the maximum for io1)
True or False; Athena helps you analyze unstructured, semi-structured, and structured data stored in Amazon S3?
True, Examples include CSV, JSON, or columnar data formats such as Apache Parquet and Apache ORC.
True or False; Amazon S3 allows you to run sophisticated Big Data analytics on your data without moving the data into a separate analytics system?
True
What is Redshift Spectrum?
allows you to directly run SQL queries against exabytes of unstructured data in Amazon S3
What are the enhanced monitoring metrics that Amazon CloudWatch gathers from Amazon RDS DB instances which provide more accurate information?
- RDS processes
- OS processes
What SQS metric is useful when applications have time-sensitive messages and you need to ensure that messages are processed within a specific time period?
ApproximateAgeOfOldestMessage
What is Amazon CloudWatch Application Insights?
Amazon CloudWatch Application Insights facilitates observability for your applications and underlying AWS resources. It helps you set up the best monitors for your application resources to continuously analyze data for signs of problems with your applications
True or False; Attempting to log in as the administrator more than twice with the wrong password zeroizes your HSM appliance?
True
What is the default message retention period for SQS queues?
4 days
How many PUT requests and how many GET requests per second than S3 handle?
- 3,500 PUT requests
- 5,500 GET requests
What is the default Auto Scaling termination policy designed to do?
Ensure that your network architecture spans availability zones evenly
What rules does the default Auto Scaling termination policy follow?
Short:
1, AZ with most instances
2, Oldest Launch Configuration
3, Instances closest to next billing hour
4, Randomly
Long:
- If there are instances in multiple Availability Zones, choose the Availability Zone with the most instances and at least one instance that is not protected from scale in. If there is more than one Availability Zone with this number of instances, choose the Availability Zone with the instances that use the oldest launch configuration.
- Determine which unprotected instances in the selected Availability Zone use the oldest launch configuration. If there is one such instance, terminate it.
- If there are multiple instances to terminate based on the above criteria, determine which unprotected instances are closest to the next billing hour. (This helps you maximize the use of your EC2 instances and manage your Amazon EC2 usage costs.) If there is one such instance, terminate it.
- If there is more than one unprotected instance closest to the next billing hour, choose one of these instances at random.
What does instance protection do?
Stops an instance being terminated
True or False; Elastic Fabric Adapter (EFA) are supported on Windows instances?
False
True or False; AWS ParallelCluster provides higher bandwidth, higher packet per second (PPS) performance, and lower inter-instance latencies
False
How does Amazon EC2 provide enhanced networking capabilities?
Via the Elastic Network Adapter (ENA)
What benefits does EC2 enhanced networking provides?
- higher bandwidth
- higher packet per second (PPS) performance
- consistently lower inter-instance latencies
True or False; Application Load Balancers can be used for blocking traffic by creating rules?
False; rule are for request routing, not blocking
True or False; EBS volume can be used while taking a snapshot?
True; Snapshots occur asynchronously; the point-in-time snapshot is created immediately, but the status of the snapshot is pending until the snapshot is complete
How many virtual private gateways can you attach to a VPC at a single time?
a VPC can only have a single virtual private gateway attached to it one at a time
True or False; Amazon EFS can only handle Linux workloads?
True
What is AWS Resource Access Manager (RAM) primarily used for?
AWS Resource Access Manager (RAM) is primarily used to securely share your resources across AWS accounts or within your Organization and not on a single AWS account.
What is AWS AppSync?
AWS AppSync is a serverless GraphQL and Pub/Sub API service that simplifies building modern web and mobile applications.
For S3 Lifecycle Policies, can an object be transitioned from Standard to Standard Infrequently access after a week?
No, it must be stored for 30 days before transitioning it to Infrequently Accessed
For S3 Lifecycle Policies, can an object be transitioned from Standard to One-Zone Standard Infrequently access after a week?
No, it must be stored for 30 days before transitioning it to One-Zone Infrequently Accessed
For S3 Lifecycle Policies, can an object be transitioned from Standard to Glacier after a week?
Yes
For S3 Lifecycle Policies, can an object be transitioned from Standard to Glacier Deep Archive after a week?
Yes
True or False; CloudTrail event log files are automatically encrypted using the Amazon S3 server-side encryption (SSE)?
True
True or False; load balancers have a DNS name?
True
True or False; IP addresses associated with Elastic Load Balancing can change at any time?
True
What are Auto Scaling Group lifecycle hooks?
You can add a lifecycle hook to your Auto Scaling group so that you can perform custom actions when instances launch or terminate.
What is AWS Systems Manager Run Command?
AWS Systems Manager Run Command lets you remotely and securely manage the configuration of your managed instances. A managed instance is any Amazon EC2 instance or on-premises machine in your hybrid environment that has been configured for Systems Manager.
True or False; there is a limit on the number of instances in a Placement Group?
False
True or False; It is recommended that you launch the number of instances that you need in the placement group in a single launch request and that you use the same instance type for all instances in the placement group?
True
What do you do if you try to add new instances to a placement group that already has running EC2 instances and you receive an ‘insufficient capacity error’?
Stop and restart the instances in the Placement Group and then try the launch again.
Restarting the instances may migrate them to hardware that has capacity for all the requested instances.
What is AWS Global Accelerator?
AWS Global Accelerator is a service that improves the availability and performance of your applications with local or global users.
If you have multiple resources in multiple regions, what can you use to reduce the number of IP addresses?
AWS Global Accelerator.
By creating an endpoint group, you can add all of your EC2 instances from a single region in that group. You can add additional endpoint groups for instances in other regions. After it, you can then associate the appropriate ALB endpoints to each of your endpoint groups. The created accelerator would have two static IP addresses that you can use to create a security rule in your firewall device. Instead of regularly adding the Amazon EC2 IP addresses in your firewall, you can use the static IP addresses of AWS Global Accelerator to automate the process and eliminate this repetitive task.
True or False; IAM database authentication provides network traffic to and from the database to be encrypted using Secure Sockets Layer (SSL)?
True
True or False; Amazon EFS is designed to be highly durable and highly available?
True
What jobs is Amazon Managed Grafana suited to?
Grafana is suited for the visualization of time-series data such as system metrics (CPU load, disk storage, memory utilization, temperature, etc)
What is the successor to Elasticsearch?
OpenSearch
True or False; you cannot track nor view the CPU utilization of an ALB?
True
True or False; data transferred between EC2 instances in the same region is free?
False; they could still be charged with inter-Availability Zone data transfers if the instances are distributed across different availability zones. You must deploy the instances in the same Availability Zone to avoid the data transfer costs.
What is cross-zone load balancing?
Each node (EC2 instance) receives it’s fair proportion of the overall load, irrespective of which AZ it is in and how many AZs are being used. Eg; 10 nodes, each receives 10% of the traffic.
True or False; Amazon Aurora has the ability to replicate a database in a fast and efficient manner without impacting performance, thanks to its underlying storage system?
True
What can you use to create a new cluster that uses the same Aurora cluster volume and has the same data?
Aurora cloning
What response time does Amazon Redshift Deliver?
Amazon Redshift delivers sub-second response times.
What response time does DynamoDB Deliver?
DynamoDB supports single-digit millisecond response times at any scale
Egress-Only Internet Gateway are primarily used for IPv4 or IPv6?
IPv6
True or False; it is possible to enable the EBS Encryption By Default feature for an AWS Region?
True
True or False; Elastic Container Service (ECS) provides Service Auto Scaling, Service Load Balancing, and Monitoring with CloudWatch, enabled by default?
False
True or False; Elastic Beanstalk provides Service Auto Scaling, Service Load Balancing, and Monitoring with CloudWatch, enabled by default?
True
What is Apache Parquet, and why use it?
Apache Parquet is an open-source columnar storage format that is 2x faster to unload and takes up 6x less storage in Amazon S3 as compared to other text formats.
What are Amazon S3 access points?
Amazon S3 access points simplify data access for any AWS service or customer application that stores data in S3. Access points are named network endpoints that are attached to buckets that you can use to perform S3 object operations, such as GetObject and PutObject.
True or False; bucket versioning is required for object lock?
True
True or False; S3 object lock can only be enable on bucket creation?
True
What is 504 error?
Gateway Timeout
Should you place a route table in a private or public subnet to associate it with instances in a private subnet?
Private
What is an enterprise identity federation?
In an enterprise identity federation, you can authenticate users in your organization’s network, and then provide those users access to AWS without creating new AWS identities for them and requiring them to sign in with a separate user name and password.
What is the maximum days for a EFS lifecycle policy?
90 days
What is DynamoDB DAX primarily used for?
DynamoDB Accelerator (DAX) feature is primarily used to significantly improve the in-memory read performance of your database
CloudFront and DynamoDB are compatible or incompatible?
incompatible
True or False; by default, Auto Scaling is enabled in a DynamoDB table which is created using the AWS CLI?
False
Which DNS Record type is used to commonly verify domain ownership?
TXT
True or False; data on an EC2 instance store volume is lost if the instance is restarted?
False; but it will be if it is stopped
AWS provide a registry of open data sets which can be used by customers within their applications. How much does it cost to use these datasets within AWS products?
Free
Are Elastic IPs per account, per region or per account per AZ?
per account per region
Are EIPs free?
No, EIPs have a cost if not associated with anything
