Final Review Flashcards
What are the following with regards to IAM
- Users
- Groups
- Policies
- Roles
- Security
- AWS CLI
- AWS SDK
- Access Keys
- IAM Credential Reports & IAM Access Advisor
IAM Credential Reports: a report that lists all your account’s users and the status of their various
credentials
IAM Access Advisor: shows the service permissions granted to a user and when those
services were last accessed.
For security groups, by default, inbound and outbound traffic are …
Inbound traffic is blocked by default
Outbound traffic is authorized by default
What type of rules do security groups contain?
Security groups on contain ‘allow’ rules
What are the following ports:
22
21
80
443
3389
What are the following with regards to EC2
- EC2 Instance
- Security Groups
- EC2 User Data
- SSH
- EC2 Instance Role
- Purchasing Options: On-Demand, Spot, Reserved (Standard + Convertible + Scheduled), Dedicated Host, Dedicated Instance
Where are EBS Snapshots stored if not accessed often?
EBS Snapshot Archive
What are the following for EC2 Instance Storage
- EBS volumes
- AMI
- EC2 Image Builder
- EC2 Instance Store
- EFS
- EFS-IA
- FSx for Windows
- FSx for Lustre
What are the differences between the following:
Application Load Balancer
Network Load Balancer
Gateway Load Balancer
What are the following for ELB and ASG
- High Availability vs Scalability (vertical and horizontal) vs Elasticity vs Agility in the Cloud
- Elastic Load Balancers (ELB)
- Classic (old), Application (HTTP – L7), Network (TCP – L4), Gateway (L3)
- Auto Scaling Groups (ASG)
What is the pricing model for AWS Snowball Edge?
Exam: need to know that you have to pay for everything but data INTO AWS
What are the differences between the: snowcone / snowcone SSD, Snowball Edge Compute / Storage
What are the following for S3
- Buckets vs Objects
- S3 security
- S3 Websites
- S3 Versioning
- S3 Replication
- S3 Storage Classes
- Snow Family
- OpsHub
- Storage Gateway
What are Read Replicas / Multi-AZ / Multi-Region for RDS deployment?
AWS Databases Summary. What are the following for use cases:
- Relational Databases
- Differences between Multi-AZ, Read Replicas, Multi-Region
- In-memory Database:
- Key/Value Database:
- Warehouse - OLAP
- Hadoop Cluster
- query data on Amazon S3 (serverless & SQL)
- dashboards on your data (serverless)
- “Aurora for MongoDB” (JSON – NoSQL database)
- Financial Transactions Ledger (immutable journal, cryptographically verifiable)
- managed Hyperledger Fabric & Ethereum blockchains
- Managed ETL (Extract Transform Load) and Data Catalog service
- Database Migration
- Graph database
What are the following
- Docker
- ECS
- Fargate
- ECR
- Batch
- Lightsail
What are the following for Lambda
- Lambda Billing
- Language Support
- Invocation time
- Use cases:
- API Gateway
What are the following for cloud deployment? Which is AWS only and which is a hybrid service?
- CloudFormation
- Beanstalk
- CodeDeploy
- Systems Manager
- OpsWorks
What are the following for developer services
- CodeCommit
- CodeBuild
- CodeDeploy
- CodePipeline
- CodeArtifact
- CodeStar
- Cloud9
- AWS CDK
What is the difference between Global Accelerator and CloudFront?
CloudFront is a content delivery network, you cache content at the edge and Global Accelerator is to make your request go faster and go through the internal AWS network globally
What are the differences between the following Global Applications Architectures:
- Single Region, Single AZ
- Single Region, Multi AZ
- Multi Region, Active-Passive
- Multi Region, Active-Active
What are the following for global infrastructure
- Route 53
- CloudFront
- S3 Transfer Accelerator
- AWS Outposts
- AWS Wavelength
- AWS Local Zones
What are the following for Integration
- SQS
- SNS
- Kinesis
- Amazon MQ
What is CodeGuru? CodeGuru Reviewer? CodeGuru Profiler?
CodeGuru Reviewer: automated code reviews with static code analysis. Gives recommendations.
CodeGuru Profiler: when your application is in production or in pre-prod, and it helps understand the runtime behaviour of your application, and to look at what consumes excessive CPU capacity
What are the following for monitoring
- CloudWatch:
- Metrics
- Alarms
- Logs
- Events (or EventBridge)
- CloudTrail
- CloudTrail Insights
- X-Ray
- AWS Health Dashboard
- AWS Account Health Dashboard
- Amazon CodeGuru
What are Site to Site VPNs? Direct Connect? What are needed to establish a VPN?
What are the following with regards to VPC
- VPC
- Subnets
- Internet Gateway
- NAT Gateway / Instances
- NACL
- Security Groups
- VPC Peering
- Elastic IP
- VPC Endpoints
- PrivateLink
- VPC Flow Logs
- Site to Site VPN
- Client VPN
- Direct Connect
- Transit Gateway
What are the AWS Root User Privileges? What are the four most important ones?
Four most important:
Change account settings
Close your AWS account
Change or cancel your AWS Support plan
Register as a seller in the Reserved Instance Marketplace
What are the following for Security and Compliance
- Shared Responsibility on AWS
- Shield
- WAF
- KMS
- CloudHSM
- AWS Certificate Manager
- Artifact
- GuardDuty
- Inspector
- Network Firewall
- Config
- Macie
- CloudTrail
- AWS Security Hub
- Amazon Detective
- IAM Access Analyzer
What are the following for Machine Learning
- Rekognition
- Transcribe
- Translate
- Lex
- Connect
- Comprehend
- SageMaker
- Forecast
- Kendra
- Personalize
- Textract
What is AWS Trusted Advisor? What are the 5 categories it provides recommendations for?
What are included in the Basic/Developer and Business/Enterprise support plans for AWS Trusted Advisor?
What are the following for Account Best Practices
- Organizations
- SCP (service control policies)
- AWS Control Tower
- Tags & Cost Allocation Tags
- IAM guidelines
- Config
- CloudFormation
- Trusted Advisor
- Service Logs and Access Logs
- CloudTrai
- AWS Service Catalog
What are the following for billing and costing tools
- Compute Optimizer
- Pricing Calculator
- Billing Dashboard
- Cost Allocation Tags
- Cost and Usage Reports
- Cost Explorer
- Billing Alarms
- Budgets
- Savings Plans
- Cost Anomaly Detection
- Service Quotas
What are the following for Advanced Identity
- IAM
- Organizations
- Security Token Service (STS)
- Cognito
- Directory Services
- IAM Identity Center
What are the following AWS Services
- Amazon WorkSpace
- Amazon AppStream 2.0
- AWS IoT Core
- Amazon Elastic Transcoder
- AWS AppSync
- AWS Amplify
- AWS Device Farm
- Backup
- AWS Elastic Disaster Recovery (DRS)
- AWS DataSync
- AWS Application Discovery Service
- AWS Application Migration Service (MGN)
- AWS Migration Evaluator
- AWS Migration Hub
- Fault Injection Simulator (FIS)
- AWS Step Functions
- Ground Station
- Amazon Pinpoint
- Amazon WorkSpaces: virtual desktop
- Amazon AppStream 2.0: desktop app streaming
- AWS IoT Core: for IoT things
- Amazon Elastic Transcoder: convert S3 media for devices
- AWS AppSync: store and sync data across mobile/web devices (GraphQL)
- AWS Amplify: set of tools for develop and deploy a web/mobile app
- AWS Device Farm: test web/mobile apps against devices
- Backup: centrally manage and automate backups
- AWS Elastic Disaster Recovery (DRS): recover servers into AWS
- AWS DataSync: move large amounts of data into AWS
- AWS Application Discovery Service: gather info about on-prem centers
- AWS Application Migration Service (MGN): simplify migration
- AWS Migration Evaluator: build a case for migration
- AWS Migration Hub: central location for migration stuff
- Fault Injection Simulator (FIS): chaos engineering, fault injection
- AWS Step Functions: serverless workflow
- Ground Station: satellites
- Amazon Pinpoint: 2-way inbound/outbound marketing communications
What are the following disaster recovery strategies? Which is the most/least expensive
Backup and Restore
Pilot Light
Warm Standby
Multi-Site / Hot-Site
What are the 6 Pillars of the Well Architected Framework?
What is the AWS Cloud Adoption Framework? What are the six perspectives?
With regards to CAF Perspectives, what are the three business capabilities?
With regards to CAF Perspectives, what are the three technical capabilities?
What is AWS re:Post? Is re:Post used for time-sensitive help?
What are the four AWS CAF Transformation Phases?
What are the 3 tiers of AWS Support?
