Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

AWS > Exam1-Part1 > Flashcards

Exam1-Part1 Flashcards

1
Q

RDS enhanced monitoring

A

Monitoring the CPU utilization of a database using Amazon CloudWatch alone is incorrect because it does not provide the specific percentage of CPU bandwidth and total memory consumed by each database process. While you can use CloudWatch Logs and a CloudWatch dashboard for monitoring, the data is not as detailed as the Enhanced Monitoring feature in Amazon RDS. Additionally, direct access to the instances/servers of an RDS database instance is not available, unlike with EC2 instances. Furthermore, the claim that the CPU% and MEM% metrics are readily available in the Amazon RDS console is incorrect; these metrics are not available as stated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A pharmaceutical company has resources hosted on both their on-premises network and in AWS cloud. They want all of their Software Architects to access resources on both environments using their on-premises credentials, which is stored in Active Directory.

A

Identity federation refers to a mechanism or framework that allows multiple organizations or systems to establish a trust relationship and share user authentication and authorization information securely. It enables users from one organization or system to access resources or services in another organization or system without requiring separate user accounts and passwords.

Since the company is using Microsoft Active Directory which implements Security Assertion Markup Language (SAML), you can set up a SAML-Based Federation for API Access to your AWS cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Identity Provider (IdP)

A

An Identity Provider (IdP) is a trusted system or service that manages the authentication and identity information of users. It serves as a central authority responsible for verifying user identities and issuing security tokens or assertions that can be used to authenticate users in other systems or services.

The primary role of an IdP is to authenticate users when they attempt to access resources or services provided by other systems, known as Service Providers (SPs). Instead of each SP individually verifying user identities, they delegate this responsibility to the IdP, relying on its authentication and identity management capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Federation Proxy

A

A federation proxy, also known as a federation gateway or identity federation proxy, is a component or service that facilitates the integration and communication between identity providers (IdPs) and service providers (SPs) in a federated identity management system.

In a federated identity management scenario, multiple organizations or systems maintain their own IdPs, which handle user authentication and identity information. These organizations or systems also provide services or resources that can be accessed by users from other organizations or systems.

A federation proxy acts as an intermediary between the IdPs and SPs, providing a unified interface and protocol translation to enable secure communication and interoperability. It allows users from one organization or system to access services or resources in other organizations or systems without requiring separate authentication or user accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

relational database system does not scale well for the following reasons

A
  • It normalizes data and stores it on multiple tables that require multiple queries to write to disk.
  • It generally incurs the performance costs of an ACID-compliant transaction system.
  • It uses expensive joins to reassemble required views of query results.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

DynamoDB, it scales well due to these reasons

A
  • Its schema flexibility lets DynamoDB store complex hierarchical data within a single item. DynamoDB is not a totally schemaless database since the very definition of a schema is just the model or structure of your data.
  • Composite key design lets it store related items close together on the same table.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Best practices for designing and using partition keys effectively on DynamoDB

A
  1. Using burst capacity effectively
  2. To better accommodate uneven access patterns, DynamoDB adaptive capacity enables your application to continue reading and writing to ‘hot’ partitions without being throttled, by automatically increasing throughput capacity for partitions that receive more traffic.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

event Bridge

A

a serverless event bus that makes it easy to connect applications together. It uses data from your own applications, integrated software as a service (SaaS) applications, and AWS services. This simplifies the process of building event-driven architectures by decoupling event producers from event consumers. This allows producers and consumers to be scaled, updated, and deployed independently. Loose coupling improves developer agility in addition to application resiliency.

You can use Amazon EventBridge to run Amazon ECS tasks when certain AWS events occur. You can set up an EventBridge rule that runs an Amazon ECS task whenever a file is uploaded to a certain Amazon S3 bucket using the Amazon S3 PUT operation.

https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatch-Events-tutorial-ECS.html

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Best practices for designing and using partition keys effectively on DynamoDB

A
  1. Using burst capacity effectively
  2. To better accommodate uneven access patterns, DynamoDB adaptive capacity enables your application to continue reading and writing to ‘hot’ partitions without being throttled, by automatically increasing throughput capacity for partitions that receive more traffic.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Amazon Macie

A

Amazon Macie is an ML-powered security service that helps you prevent data loss by automatically discovering, classifying, and protecting sensitive data stored in Amazon S3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

S3 Object Lock

A

you can store objects using a write-once-read-many (WORM) model. Object Lock can help prevent objects from being deleted or overwritten for a fixed amount of time or indefinitely. You can use Object Lock to help meet regulatory requirements that require WORM storage or to simply add another layer of protection against object changes and deletion.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

S3 Object Lock provides two retention modes

A
  • Governance mode: users can overwrite or delete an object version or alter its lock settings with specific IAM permissions.
  • Compliance mode: users can not overwrite or delete rpotected object versions during the retention period
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

S3 Legal Hold

A

With Object Lock, you can also place a legal hold on an object version. Like a retention period, a legal hold prevents an object version from being overwritten or deleted. However, a legal hold doesn’t have an associated retention period and remains in effect until removed. Legal holds can be freely placed and removed by any user who has the s3:PutObjectLegalHold permission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

AWS (31 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions