Exam Pro Cheat Sheets

Question 1

How does S3 provide high availability?

Answer 1

Replicate data across at least 3 AZs

Question 2

What size can S3 objects be?

Answer 2

Between 0 Bytes and 5 Terraytes

Question 3

True or False; S3 Bucket names must be unique across all accounts?

Answer 3

True

Question 4

What is used to automatically move S3 objects between storage classes and automatically delete based on a schedule?

Answer 4

Lifecycle Managment

Question 5

True or False; S3 MFA delete requires versioning to be turned on?

Answer 5

True

Question 6

True or False; you can turn off versioning on S3?

Answer 6

False; once versioning is turned on it cannot be turned off, only suspended

Question 7

True or False; all new S3 Buckets are private by default?

Answer 7

True

Question 8

Two ways access is controlled in S3 Buckets?

Answer 8

• Bucket Policies
• Access Control Lists (ACL) (LEGACY)

Question 9

How are Bucket Policies defined?

Answer 9

Using JSON documents

Question 10

What is security in transit (S3)?

Answer 10

Uploading files over SSL

Question 11

What does SSE stand for?

Answer 11

Server Side Encryption

Question 12

What are the 3 options for S3 server side encryption?

Answer 12

• SSE-AES
• SSE-KMS
• SSE-C

Question 13

True or False; for CRR in S3, you must have versioning turned on in the source and destination bucket?

Answer 13

True

Question 14

True or False; using CRR in S3, you can replicate to a bucket in another AWS account?

Answer 14

True

Question 15

What S3 option provides faster and secure uploads from anywhere in the world using a distinct URL and an Edge Location?

Answer 15

Transfer Acceleration

Question 16

What are commonly used to access private S3 objects?

Answer 16

Presigned URLs

Question 17

What 2 ways can you use to generate S3 presigned URLs?

Answer 17

• AWS CLI
• AWS SDK

Question 18

What provides temporary access to write or download object data in S3

Answer 18

Presigned URLs

Question 19

6 different S3 storage classes

Answer 19

• Standard
• Intelligent Tiering
• Standard Infrequent Access
• Infrequent Access One Zone
• Glacier
• Glacier Deep Archive

Question 20

Which S3 tier should you use if you access your files less than once a month?

Answer 20

Standard Infrequently Accessed

Question 21

What availability is S3 One Zone IA?

Answer 21

99.5%

Question 22

How long is data retrieval for Glacier?

Answer 22

Minutes to hours

Question 23

How long is data retrieval for Glacier Deep Archive?

Answer 23

12 hours

Question 24

What size does Snowballs come in?

Answer 24

• 50TB
• 80TB

Question 25

What size does Snow Edges come in?

Answer 25

• 100TB
• 100TB clustered

Question 26

What size does a Snowmobile come in?

Answer 26

100PB

Question 27

True or False; You can use Snowballs or Snowmobiles to both export and import data?

Answer 27

True

Question 28

Which member of the Snow family can undertake local processing and edge-computing workloads?

Answer 28

Snowball Edge

Question 29

3 Snowball Edge device configurations:

Answer 29

• Storage optimised (24 vCPUs)
• Compute optimised (54 vCPUs)
• GPU (54 vCPUs)

Question 30

Which service helps keep traffic between AWS services within the AWS network?

Answer 30

VPC Endpoints

Question 31

What are the 2 types of VPC Endpoints?

Answer 31

• Interface Endpoint
• Gateway Endpoint

Question 32

True or False; Interface Endpoints are free?

Answer 32

False

Question 33

True or False; Gateway Endpoints are free?

Answer 33

True

Question 34

Which type of VPC Endpoint uses an Elastic Network Interface (ENI) with Private IP?

Answer 34

Interface Endpoint

Question 35

Which type of VPC Endpoint is a target for a specific route in your route table?

Answer 35

Gateway Endpoint

Question 36

True or False; Interface Endpoints support many AWS Services?

Answer 36

True

Question 37

True or False; Gateway Endpoints support many AWS Services?

Answer 37

False, Gateway Endpoints only support S3 and DynamoDB

Question 38

Which VPC service monitors the in-and-out traffic of your Network Interfaces within your VPC?

Answer 38

VPC Flow Logs

Question 39

At which 3 levels can you utilise VPC Flow Logs

Answer 39

• VPC
• Subnet
• Network Interface

Question 40

True or False; you can change the configuration of a flow log after it’s created?

Answer 40

False

Question 41

True or False; you cannot enable flow logs for VPCs which are peered with your VPC?

Answer 41

True, unless it is in the same account

Question 42

Where can VPC Flow Logs be delivered to?

Answer 42

• S3
• CloudWatch Logs

Question 43

What two pieces of information are contained in VPC Flow Logs?

Answer 43

• Source IP address
• Destination IP address

Question 44

Which pieces of instance traffic are not monitored by VPC Flow Logs (5)?

Answer 44

• Instance traffic generated by contacting the AWS DNS servers
• Windows license activation traffic
• Traffic between instance metadata address (169.254.169.254_
• DHCP Traffic
• Any traffic to the reserved IP address of the default VPC router

Question 45

What does NACL stand for?

Answer 45

Network Access Control List

Question 46

What rules are automatically given to the default NACL?

Answer 46

• Allow all outbound and inbound traffic

Question 47

True or False; each subnet within a VPC must be associated with a NACL?

Answer 47

True

Question 48

True or False; subnets can only be associated with 1 NACL at a time?

Answer 48

True, associating a subnet with a new NACL will remove the previous association

Question 49

True or False; NACLs have inbound and outbound rules?

Answer 49

True

Question 50

True or False; NACLs can either allow or deny traffic?

Answer 50

True

Question 51

True or False; NACLs are stateful?

Answer 51

False, NACLs are stateless

Question 52

What does stateless mean?

Answer 52

Responses to outbound traffic are not automatically allowed, they’re subject to inbound traffic rules. And Vice versa.

Question 53

What does statefull mean?

Answer 53

Response to outbound / inbound traffic are automatically allowed

Question 54

True or False; when you create a NACL it will deny all traffic by default?

Answer 54

True

Question 55

True or False; NACLs contain a numbered list of rules that gets evaluated in order from lowest to highest?

Answer 55

True

Question 56

True or False; NACLs can be used to block a single IP address?

Answer 56

True, NACLs have both allow and deny rules

Question 57

What acts as a firewall at the instance level?

Answer 57

Security Groups

Question 58

True or False; in security groups all inbound traffic is allowed by default?

Answer 58

False, inbound traffic is blocked by default

Question 59

True or False; in security groups all outbound traffic is allowed by default?

Answer 59

True

Question 60

Security Groups are stateful or stateless?

Answer 60

Security Groups are statefull

Question 61

True or False; EC2 instances can belong to multiple security groups?

Answer 61

True

Question 62

True or False; security groups can contain multiple EC2 instances?

Answer 62

True

Question 63

True or False; you can block specific IP addresses using Security Groups?

Answer 63

False, you would need to use NACLs to do this

Question 64

How many Security Groups can you have per region?

Answer 64

10,000 (default 2,500)

Question 65

How many rules can you have per Security Group?

Answer 65

60 inbound and 60 outbound

Question 66

How many security groups can be associated with an ENI?

Answer 66

16 (default is 5)

Question 67

Which AWS service connects on-premise storage to cloud storage?

Answer 67

Storage Gateway

Question 68

3 types of storage gateways:

Answer 68

• File Gateway
• Volume Gateway
• Tape Gateway

Question 69

Which type of storage gateway acts as a local file system using NFS or SMB, extending your local hard drive to S3?

Answer 69

File Gateway

Question 70

Which type of storage gateway is used for backups?

Answer 70

Volume Gateway

Question 71

What are the two types of Volume Gateway?

Answer 71

• Stored Volume Gateway
• Cached Volume Gateway

Question 72

Which type of Volume Gateway has the primary data on-premise?

Answer 72

Stored Volume Gateway

Question 73

Which type of Volume Gateway continuously backs up local storage to S3 as EBS Snapshots?

Answer 73

Stored Volume Gateway

Question 74

Which type of Volume Gateway has the primary stored on S3?

Answer 74

Cached Volume Gateway

Question 75

Which type of Volume Gateway cached the frequently used files on-premise?

Answer 75

Cached volume Gateway

Question 76

How big are stored volumes for Volume Storage Gateway?

Answer 76

1GB to 16TB

Question 77

How big are cached volumes for Cached Volume Gateway?

Answer 77

1GB to 32GB

Question 78

Which type of storage gateway backs up virtual tapes to S3 Glacier for long archive storage?

Answer 78

Tape Gateway

Question 79

True or False; when creating a NAT instance you must disable source and destination checks on the instance?

Answer 79

True

Question 80

True or False; NAT instances must exist in a private subnet?

Answer 80

False, NAT instances must exist in a public subnet?

Question 81

True or False; you must have a route out of the private subnet to the NAT instance?

Answer 81

True

Question 82

True or False; the size of a NAT instance determines how much traffic can be handled?

Answer 82

True

Question 83

True or False; NAT Gateways are redundant inside an Availability Zone?

Answer 83

True, they can survive failure of an EC2 instance

Question 84

True or False; you can have multiple NAT Gateways inside an AZ?

Answer 84

False, you can only have 1 NAT Gateway in an AZ, which cannot span AZs

Question 85

What speeds can a NAT Gateway get?

Answer 85

5 Gbps to 45 Gbps

Question 86

True or False; when creating a NAT Gateway you must disable source and destination checks on the instance?

Answer 86

False, for NAT Instances this is True

Question 87

True or False; NAT Gateways are automatically assigned a public IP address?

Answer 87

True

Question 88

True or False; resources in multiple AZs sharing a Gateway will lose internet access if the Gateway goes down?

Answer 88

True, unless you create a Gateway in each AZ and configure route tables accordingly

Question 89

Which AWS service is used to manage access to users and resources?

Answer 89

IAM

Question 90

What does IAM stand for?

Answer 90

Identity Access Management

Question 91

True or False; new IAM accounts have no permissions by default?

Answer 91

True

Question 92

3 parts to IAM:

Answer 92

• IAM Users
• IAM Groups
• IAM Roles

Question 93

What is the name for JSON documents which grant permissions for a specific user, group, or role to access services?

Answer 93

IAM Policies

Question 94

What is the name for IAM policies provided by AWS and cannot be edited?

Answer 94

Managed Policies

Question 95

What is the name for IAM policies created by you the customer, which you can edit?

Answer 95

Customer Managed Policies

Question 96

What is the name for IAM policies which are directly attached to a user?

Answer 96

Inline Policies

Question 97

Which AWS service would you use when you need to easily add authentication to your mobile and desktop app?

Answer 97

Cognito

Question 98

What part of AWS Cognito allows users to authenticate using OAuth to IpD such as Facebook, Google, Amazon to connect to web-applications?

Answer 98

User pools

Question 99

What do Cognito User Pools use to persist authentication?

Answer 99

JWTs (JSON web tokens)

Question 100

How do Cognito Identity Pools allow access to AWS services?

Answer 100

Using temporary AWS credentials

Question 101

What does Cognito Sync snyc across devices with one line of code?

Answer 101

User data and preferences

Question 102

What is OIDC?

Answer 102

A type of Identity Provider which uses OAuth

Question 103

What is SAML?

Answer 103

A type of Identity Provider which is used for Single Sign-on

Question 104

What does DNS (Domain Name System) do?

Answer 104

An internet service that converts domain names into routable IP addresses

Question 105

How many bits are in an IPv4 address?

Answer 105

32 bits

Question 106

How many bits are in an IPv6 address?

Answer 106

128 bits

Question 107

Give an example of a top-level domain

Answer 107

amazon.com (the .com)

Question 108

give an example of a second-level domain

Answer 108

amazon.co.uk (the .co)

Question 109

What is the name of 3rd party companies who you register domains through?

Answer 109

Domain Registrars

Question 110

What is a Name Server

Answer 110

The server(s) which contain the DNS records for a domain

Question 111

What is a Start of Authority (SOA)?

Answer 111

Contains information about the DNS zone and associated DNS records

Question 112

What does an A record do?

Answer 112

Directly converts a domain name into an IP address

Question 113

What does a CNAME record do?

Answer 113

Lets you convert a domain name into another domain name

Question 114

What is Time to Live (TTL)?

Answer 114

The time that a DNS record will be cached for

Question 115

7 Route53 routing policies:

Answer 115

• Simple Routing
• Weighted Routing
• Latency-Based Routing
• Failover Routing
• Geolocation Routing
• Geo-proximity Routing
• Multi-Value Routing

Question 116

Which Route53 tool is a visual editor, for chaining routing policies which allows versioning for easy rollback?

Answer 116

Traffic Flow

Question 117

What is the name of AWS’ smart DNS record that detects changed IPs for AWS resources and adjusts automatically?

Answer 117

AWS Alias Record

Question 118

What part of Route53 lets you regionally route DNS queries between your VPCs and your network Hybrid Environments?

Answer 118

Route53 Resolver

Question 119

5 EC2 instance types specialised for different roles?

Answer 119

• General Purpose
• Compute Optimised
• Storage Optimised
• Memory Optimised
• Accelerated Optimised

Question 120

What EC2 Instance type is ideal for compute bound applications that benefit from high performance processor

Answer 120

Compute Optimised

Question 121

Which EC2 Instance type provides fast performance for workloads that process large data sets in memory?

Answer 121

Memory optimised

Question 122

Which EC2 Instance type provide high, sequential read and write access to very large data sets on local storage?

Answer 122

Storage optimised

Question 123

What allows you to choose the logical placement of your EC2 instance to optimise for communication, performance or durability?

Answer 123

Placement Groups

Question 124

What is the IP address to get an EC2 instances metadata?

Answer 124

http://169.254.169.254/latest/meta-data

Question 125

What is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts?

Answer 125

Instance Profile

Question 126

4 EC2 pricing models:

Answer 126

• On-demand
• Reserved
• Spot
• Dedicated

Question 127

What provides the information required to launch an instance?

Answer 127

AMI

Question 128

True or False; AMIs are region specific?

Answer 128

True

Question 129

True or False; you can copy an AMI into another region using ‘Copy AMI’?

Answer 129

True

Question 130

What information does an AMI hold?

Answer 130

• A template for the root volume for the instance, eg, an operating system, an application server, and applications
• Launch permissions that control which AWS accounts can use the AMI to launch instances
• A block device mapping that specifies the volumes to attach to the instance when it’s launched

Question 131

What is the name for a collection of EC2 instances grouped for scaling and management?

Answer 131

Auto Scaling Group

Question 132

What 3 things are an Auto Scaling Group based on?

Answer 132

• Min
• Max
• Desired Capacity

Question 133

Which ASG scaling policy scales based on when a target value for a metric is breached?

Answer 133

Target Scaling Policy

Question 134

Which ASG scaling policy triggers a scaling when an alarm is breached?

Answer 134

Simple Scaling

Question 135

What does an ASG use to launch a new instance?

Answer 135

Launch Configuration

Question 136

True or False; Launch Configurations cannot be edited and must be cloned or a new one created?

Answer 136

True

Question 137

3 types of Elastic Load Balancers?

Answer 137

• Classic Load Balancer
• Network Load Balancer
• Application Load Balancer

Question 138

What is the minimum number of availability zones for an ELB?

Answer 138

2 AZs min

Question 139

True or False; ELBs can be cross-region?

Answer 139

False; not cross-region, you must create one per region

Question 140

What 3 things does an ALB use to route traffic?

Answer 140

• Listeners
• Rules
• Target Groups

Question 141

What 2 things does an NLB use to route traffic?

Answer 141

• Listeners
• Target Groups

Question 142

How does the classic load balancer route traffic?

Answer 142

It uses listeners and EC2 instances are directly registered as targets to CLB

Question 143

What protocols is Network load Balancer for?

Answer 143

TCP / UDP

Question 144

When is Network Load Balancer used?

Answer 144

For high network throughput, eg. video games

Question 145

What can be used to get the original IP of incoming traffic passing through an ELB?

Answer 145

X-Forwarded-For (XFF)

Question 146

Which type of ELB can be attached to a WAF?

Answer 146

ALB

Question 147

True or False; You can attach Amazon Certification Manager SSL to any of the ELBs for SSL?

Answer 147

True

Question 148

True or False; ALB has advanced Request Routing rules where you can route based on subdomain header, path and other HTTP(S) information?

Answer 148

True

Question 149

True or False; sticky sessions can be enabled for CLB and ALB via cookies?

Answer 149

True

Question 150

What protocol does EFS support?

Answer 150

Network File System version 4 (NFSv4)

Question 151

How are you charged for EFS?

Answer 151

per GB of storage per month

Question 152

How large can EFS volumes grow to?

Answer 152

Petabytes

Question 153

True or False; EFS volumes can grow and shrink to meet current data stored?

Answer 153

True

Question 154

True or False; EFS can support thousands of concurrent connections?

Answer 154

True

Question 155

With EFS your data is storage across multiple AZs within a region?

Answer 155

True

Question 156

True or False; you can mount multiple EC2 instances to a single EFS?

Answer 156

True, as long as they are all in the same VPC

Question 157

True or False; EFS creates Mount Points in all your VPC subnets so you can mount from anywhere within your VPC?

Answer 157

True

Question 158

What type of consistency does EFS provide?

Answer 158

Read After Write

Question 159

True or False; EBS snapshots are incremental?

Answer 159

True

Question 160

What is a durable, block-level storage device that you can attach to a single EC2 instance?

Answer 160

EBS volume

Question 161

True or False; EBS Volumes can be modified on the fly, eg, storage type or volume size?

Answer 161

True

Question 162

What are temporary storage types located on disks that are physically attached to a host machine?

Answer 162

Instance Store Volumes

Question 163

True or False; EBS volumes can have termination protection?

Answer 163

True

Question 164

True or False; Snapshots or restored encrypted volumes will also be encrypted?

Answer 164

True

Question 165

True or False; you can share snapshots that have been encrypted?

Answer 165

False

Question 166

True or False; unencrypted snapshots can be shared with other AWS accounts or made public?

Answer 166

True

Question 167

Which AWS service makes a website load faster by serving cached content that is nearby?

Answer 167

CloudFront

Question 168

True or False; CloudFront Edge Locations are read-only?

Answer 168

False; you can write to them, eg. PUT Objects

Question 169

What CloudFront features defines how long until the cache expires?

Answer 169

TTL (Time To Live)

Question 170

How do you force a CloudFront cache to immediately expire?

Answer 170

Invalidate it

Question 171

True or False; refreshing a CloudFront cache costs money because of transfer costs to update edge locations?

Answer 171

True

Question 172

Regarding CloudFront, what is the name given to where the original copies of your files reside?

Answer 172

Origin

Question 173

Regarding CloudFront, what is a collection of edge locations and behaviour on how it should handle your cached content?

Answer 173

Distribution

Question 174

Two types of CloudFront distributions:

Answer 174

• Web distribution (static website content)
• RTMP (streaming media)

Question 175

What does OAI stand for?

Answer 175

Origin Identity Access

Question 176

What does CloudFront use to access private S3 buckets?

Answer 176

OAI (Origin Identity Access)

Question 177

How can access to cached content in CloudFront be protected?

Answer 177

Signed URLs or Signed Cookies

Question 178

What CloudFront feature allows you to pass each request through a Lambda to change the behaviour of the response?

Answer 178

Lambda@Edge

Question 179

6 relational database options for RDS:

Answer 179

• Postgres
• MySQL
• Aurora
• MariaDB
• Oracle
• Microsoft SQL Server

Question 180

True or False; RDS Multi-AZ automatically synchronises changes in the database over to the standby copy?

Answer 180

True

Question 181

True or False; RDS Multi-AZ has automatic failover protection?

Answer 181

True, if one AZ goes down failover will occur and the standby slave will be promoted to master

Question 182

What can be enabled on your RDS database to alleviate the workload of your primary database to improve performance?

Answer 182

Read-replicas

Question 183

True or False; RDS Read-Replicas use synchronous replication?

Answer 183

False, RDS read-replicas use asynchronous replication

Question 184

True or False; you must have automatic backups enabled to use Read Replicas?

Answer 184

True

Question 185

What is the max number of RDS read-replicas you can have?

Answer 185

5

Question 186

True or False; you can have RDS read-replicas in another region?

Answer 186

True (Cross-Region Read Replicas)

Question 187

True or False; you can have replicas of read-replicas?

Answer 187

True

Question 188

What are the 2 types of RDS backup solutions?

Answer 188

• Automated Backups
• Manual Snapshots

Question 189

What is the retention period for RDS Automated Backups?

Answer 189

Between 1 and 35 days

Question 190

What is the costs for RDS automated backup storage?

Answer 190

No additional cost

Question 191

What RDS database is fully-managed, scalable and has automatic backups and high availability?

Answer 191

Aurora

Question 192

How much faster is Aurora over MySQL and Postgres

Answer 192

• MySQL 5x
• Postgres 3x

Question 193

How does Aurora replicate your database across different availability zones?

Answer 193

Aurora replicates 6 copies of your database across 3 availability zones

Question 194

How many replicas can Aurora have?

Answer 194

Aurora allows up to 15 replicas

Question 195

True or False; an Aurora database can span multiple regions?

Answer 195

True, via Aurora Global Database

Question 196

What Aurora feature allows you to stop and start Aurora and scale automatically while keeping costs low?

Answer 196

Aurora Serverless

Question 197

What type of projects is Aurora Serverless ideal for?

Answer 197

New projects or projects with infrequent database usage

Question 198

What is Redshift

Answer 198

Redshift is a Columnar Store database which can make SQL-like queries and is OLAP

Question 199

How many data can Redshift handle?

Answer 199

Petabytes worth of data

Question 200

2 common use cases for Redshift?

Answer 200

• Data warehousing
• Business Intelligence

Question 201

How many AZs can Redshift run in?

Answer 201

1 (Single-AZ)

Question 202

True or False; Redshift can run via a single node or multi-node (clusters)?

Answer 202

True

Question 203

What is the size of a single Redshift node?

Answer 203

160GB

Question 204

What is the two types of node in Redshift multi-node mode?

Answer 204

• 1 Leader
• Multiple compute nodes

Question 205

How are you charged for Redshift nodes?

Answer 205

You are billed per hour for each node (excluding leader node - which isn’t charge for)

Question 206

How many Redshift compute nodes can you have?

Answer 206

128

Question 207

What are the two types of nodes in Redshift?

Answer 207

• Dense Compute
• Dense Storage

Question 208

How does Redshift attempt to backup your data?

Answer 208

3 copies:
- the original
- on compute node
- on S3

Question 209

On Redshift how is similar data stored for faster reads?

Answer 209

Sequentially

Question 210

Two ways Redshift database can be encrypted?

Answer 210

• AWS KMS
• CloudHSM

Question 211

Redshift default and maximum backup retention?

Answer 211

• Default is 1 day
• Max is 35 days

Question 212

True or False; Redshift can asynchronously back up your snapshot to another region via S3?

Answer 212

True

Question 213

What does Redshift use to distribute queries and data across all loads?

Answer 213

Massively Parallel Processing (MPP)

Question 214

Which AWS service is a fully-managed NoSQL key/value and document database?

Answer 214

DynamoDB

Question 215

True or False; DynamoDB scales with whatever read and write capacity per second that you specify?

Answer 215

True

Question 216

Two types of data consistency in DynamoDB?

Answer 216

• Eventually consistent reads
• Strongly consistent reads

Question 217

What is DynamoDB Eventually consistent reads?

Answer 217

Data is returned immediately but can be inconsistent. Copies of data will be generally consistent in 1 second

Question 218

What is DynamoDB Strongly Consistent Reads?

Answer 218

DynamoDB will wait until data is consistent. Data will never be inconsistent but latency will be higher. Copies of data will be consistent with a guarantee of 1 second

Question 219

How does DynamoDB store copies of data?

Answer 219

IT stores 3 copies of data on SSD drives across 3 regions

Question 220

Two formats that CloudFormation template can be written in?

Answer 220

• JSON
• YAML

Question 221

What happens when CloudFormation encounters an error?

Answer 221

It will rollback with ‘ROLLBACK_IN_PROGRESS’

Question 222

Max size of CloudFormation template for direct upload?

Answer 222

51,200 bytes / 0.05 MB

Question 223

How can large CloudFormation templates be imported?

Answer 223

Via an S3 bucket

Question 224

What helps you break up CloudFormation templates into smaller reuseable templates that can be composed into larger templates?

Answer 224

NestedStacks

Question 225

What must be defined in a CloudFormation template for it to be valid?

Answer 225

At least one resource

Question 226

In CloudFormation what is MetaData used for?

Answer 226

Providing extra information about your template

Question 227

CloudWatch is a collection of monitoring services. Name 5 of these services:

Answer 227

• Dashboards
• Events
  -Alarms
• Logs
• Metrics

Question 228

What does CloudWatch logs do?

Answer 228

Log data from AWS services, eg. CPU Utilisation

Question 229

What does CloudWatch Metrics do?

Answer 229

Represents a time-ordered set of data points, a variable to monitor, eg. CPU utilisation over time

Question 230

What does CloudWatch Events do?

Answer 230

Trigger an event based on a condition, eg. every hour take a snapshot of the server

Question 231

What do CloudWatch Alarms do?

Answer 231

Triggers notifications based on metrics when a defined threshold is breached

Question 232

What does CloudWatch dashboard do?

Answer 232

Creates visualisations based on metrics

Question 233

How often does CloudWatch monitor services?

Answer 233

• EC2 every 5 minutes or every 1 minute for detailed monitoring
• Most other services monitor at 1 minute intervals

Question 234

Installing a CloudWatch Agent on an EC2 instance allows you to track which 2 metrics?

Answer 234

• Memory usage
• Disk size

Question 235

True or False; CloudWatch Custom Metrics allow you to track High Resolution Metrics a sub minute intervals all the way down to 1 second?

Answer 235

True

Question 236

What does CloudTrail do?

Answer 236

CloudTrail logs calls between AWS services

Question 237

What 4 key terms relate to CloudTrail?

Answer 237

• Governance
• Compliance
• Operational auditing
• Risk auditing

Question 238

What AWS service do you use when you need to know who to blame?

Answer 238

CloudTrail

Question 239

CloudTrail’s Event History covers events for the previous how many days?

Answer 239

90

Question 240

In CloudTrail, what does Log File Validation do?

Answer 240

Ensure log have not been tampered with

Question 241

What can you use to encrypt CloudTrail logs?

Answer 241

KMS

Question 242

True or False; CloudTrail logs can be streamed to CloudWatch logs?

Answer 242

True

Question 243

Where are CloudTrail Trails outputed to?

Answer 243

An S3 bucket that you specify

Question 244

CloudTrail logs; two kinds of events?

Answer 244

• Management events
• Data events

Question 245

What do CloudTrail management events log?

Answer 245

Management operations, eg. AttachRolePolicy

Question 246

What do CloudTrail Data Events log?

Answer 246

Data operations for resources, eg. GetObject, DeleteObject, PutObject

Question 247

True or False; CloudTrail management events are disabled by default when creating a trail?

Answer 247

False, management events are enabled, data events are disabled

Question 248

Which AWS service can be used to analyse CloudTrail Trail logs?

Answer 248

Athena

Question 249

Max AWS Lambda runtime?

Answer 249

15 minutes

Question 250

How are you charged for Lambda usage?

Answer 250

Pay per invocation (the duration and the amount of memory used). The first 1m requests per month are free

Question 251

Max AWS Lambda memory?

Answer 251

3008 MB

Question 252

True or False; by default Lambdas run in no VPC?

Answer 252

True

Question 253

How many concurrent functions can lambda scale to?

Answer 253

1,000 as default (more with AWS service limit increase)

Question 254

Which AWS service lets you decouple services and allows apps to talk to each other

Answer 254

SQS

Question 255

Is SQS push or pull based?

Answer 255

Pull

Question 256

Two types of SQS queues

Answer 256

• Standard
• FIFO

Question 257

How many messages per second using SQS Standard queue?

Answer 257

Nearly unlimited

Question 258

Does SQS Standard queue guarantee order of delivery?

Answer 258

No

Question 259

How many times is a SQS Standard Queue message delivered?

Answer 259

At least once, you must protect against duplicate message being processed

Question 260

What is the limit of a SQS FIFO queue?

Answer 260

300

Question 261

What are the 2 types of SQS queue polling?

Answer 261

• Short polling
• Long polling

Question 262

What is SQS short polling?

Answer 262

Returns message immediately, even if the message queue being polled is empty

Question 263

What is SQS long polling?

Answer 263

Long polling waits until message arrives in the queue, or the long poll timeout expires

Question 264

Generally, which is preferred, short or long polling?

Answer 264

Long polling

Question 265

What is SQS visibility time-out?

Answer 265

The period of time that messages are invisible in the SQS queue

Question 266

What is the default SQS visibility time-out?

Answer 266

30 seconds

Question 267

What is the range of SQS visibility timeouts, min and max?

Answer 267

• Min = 0 seconds
• Max = 12 hours

Question 268

What is the range that SQS can retain messages?

Answer 268

• min = 60 seconds
• max = 14 days
• default = 4 days

Question 269

What is the range of SQS message size?

Answer 269

1 byte to 256 bytes

Question 270

Which AWS service is a managed in-memory caching service?

Answer 270

ElastiCache

Question 271

What are the 2 types of caches that ElastiCache can launch?

Answer 271

• Memcached
• Redis

Question 272

Which type of ElastiCache is a simple key / value store preferred for caching HTML fragments?

Answer 272

Memcache

Question 273

Which type of ElastiCache has richer data types and operations. Is great for leaderboards, geospatial data or keeping track of unread notifications

Answer 273

REdis

Question 274

What type of info are usually stores in a cache?

Answer 274

The most frequently accessed identical queries

Question 275

True or False; resources only within the same VPC may connect to ElasticCache to ensure low latencies

Answer 275

True

Question 276

Which AWS service handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring?

Answer 276

Elastic Beanstalk

Question 277

When should you use Elastic Beanstalk?

Answer 277

When you want to run a web-application but you don’t want to have to think about the underlying infrastructure

Question 278

True or False; Elastic Beanstalk is recommended for production environments?

Answer 278

False, it is recommended for test or development environments, not production

Question 279

True or False; you can run dockerised environments on Elastic Beanstalk?

Answer 279

True

Question 280

What is API Gateway?

Answer 280

API Gateway is a solution for creating secure APIs in your cloud environment at any scale

Question 281

How many requests per second is API Gateway throttled at?

Answer 281

10,000 requests per second (can be increased via service request)

Question 282

In API Gateway what allows you to have multiple published versions of your API?

Answer 282

Stages

Question 283

True or False; CORS can be enabled on all or individual endpoints?

Answer 283

True, CORS (cross origin resource sharing)

Question 284

How can you require authorisation to your API Gateway endpoints?

Answer 284

• AWS Cognito
• Custom lambda

Question 285

What is Amazon Kinesis?

Answer 285

It’s the AWS solution for collecting, processing and analysing streaming data in the cloud

Question 286

Which AWS service should you think of when you need ‘real-time’?

Answer 286

Kinesis

Question 287

How long does data persist for in AWS Kinesis?

Answer 287

24 hours (default) to 168 hours

Question 288

What is Kinesis Firehose?

Answer 288

Pay for only data ingested, data immediately disappears once processed

Question 289

What is Kinesis Data Analytics?

Answer 289

Allows you to perform queries in real-time. Needs a Kinesis Data Stream/Firehose as the input and output

Question 290

What is Kinesis Video Analytics?

Answer 290

Securely ingests and stores video and audio encoded data to consumers such as SageMaker, Rekognitio or other services to apply Machine Learning and video processing