Fundamentals

Question 1

IAM Policies

Answer 1

allow or deny access to AWS services when attached to IAM User, Group, or Role

Question 2

(T/F) IAM is global

Answer 2

True

Question 3

IDP (ID Provider)

Answer 3

IAM - authenticate and authorize (based on policies)

Question 4

(T/F) IAM is free

Answer 4

True

Question 5

(T/F) IAM has direct control on federated accounts.

Answer 5

False

Question 6

Access Keys

Answer 6

Long-Term credentials within IAM users. Used for CLI. Don’t change regularly or automatically. IAM user can have two access keys. Can be created, deleted, inactive, active. Default to active..

Question 7

Two parts to Access Keys

Answer 7

Key ID and Secret Access Key. Once you get the secret access key, you can’t get it again so WRITE that down

Question 8

Public Service

Answer 8

Accessed anywhere with Internet

Question 9

Private Service

Answer 9

Access through VPC

Question 10

(T/F) Nothing from the Internet can get to the VPC unless it is configured to do so.

Answer 10

True

Question 11

AWS Zones

Answer 11

Pubic Internet Zone -> AWS Public Zone -> AWS Private Zone

Question 12

Command Line Interface (CLI) use the region code (ap-southeast-2) whereas the console uses the regions name which looks like…

Answer 12

Asia Pacific (Sydney)

Question 13

VPC Default is assigned

Answer 13

One account & One Region

Question 14

Two types of VPC

Answer 14

Default and Custom

Question 15

(T/F) Custom VPC can have more than one region

Answer 15

True

Question 16

VPC CIDR

Answer 16

IP Addresses a VPC can use. Default VPC is always the same 172.31.0.0/16

Question 17

(T/F) Custom VPC can only have one CIDR

Answer 17

False

Question 18

Default VPC are always configured the same way when it comes to subnets

Answer 18

One subnet in each AZ in the region. Each subnet will have its own CIDR so subnet in AZ one could be 172.31.211.0/20

Question 19

Each VPC subnet comes with…

Answer 19

Internet Gateway, Security Group, NACL

Question 20

EC2 Instance

Answer 20

OS Configured for your needs

Question 21

(T/F) EC2 Instances are private by default

Answer 21

True, need to configure public access

Question 22

EC2 are AZ resilient which means

Answer 22

If the AZ fails, the instance fails

Question 23

EC2 On-Demand Billing

Answer 23

By second or hour depending on the OS

Question 24

EC2 Popular Types of storage

Answer 24

Local host storage or Elastic Block Storage (EBS)

Question 25

EC2 Lifecycle

Answer 25

Running, Stopped, Terminated

Question 26

EC2 Running, you pay for

Answer 26

CPU, Memory, Disk (storage), networking

Question 27

EC2 Stopped, you pay for

Answer 27

Just Disk (storage)

Question 28

EC2 Terminated, you pay for

Answer 28

Nothing but once it it is terminated it cannot be recreated

Question 29

Amazon Machine Image (AMI)

Answer 29

Used to create an EC2 instance or created from an EC2 instance. It is the image that configures the stack

Question 30

AMI Contains three things

Answer 30

Permissions, Root Volume, Block Device Mapping

Question 31

AMI Permissions

Answer 31

Public - Everyone Allowed
Owner (private) - implicit allow
Explicit - specific AWS accounts allowed

Question 32

AMI Root volume

Answer 32

Think C:\ in Windows or ROOT in Linux

Question 33

AMI Block Device Mapping

Answer 33

Which volume is boot and which is data

Question 34

Connect to EC2 by…

Answer 34

RDP for Windows or SSH for Linux

Question 35

(T/F) you need a key pair to connect through Linux

Answer 35

True

Question 36

RDP Port

Answer 36

3389

Question 37

SSH Port

Answer 37

22

Question 38

S3

Answer 38

Global storage platform
Regional based/resilient (replicated among AZ in a region)
Public server, unlimited data & multi-user
Think of it as default storage for AWS

Question 39

Two parts of S3

Answer 39

Objects and Buckets

Question 40

S3 Object

Answer 40

Files, data, etc.

Question 41

S3 Bucket

Answer 41

Containers that hold S3 Objects

Question 42

S3 Objects Two Parts

Answer 42

Object Key (think of it as filename)
Value (content being stored)

Question 43

S3 Object Value Range

Answer 43

0 - 5 TB

Question 44

S3 Bucket region?

Answer 44

Has a primary home region that it never leaves unless it is configured to do so

Question 45

Blast Radius (major disaster) =

Answer 45

Region

Question 46

(T/F) Bucket names do not need to be globally unique

Answer 46

False, pay attention to trick questions that may ask why you can’t create the bucket name. Bucket names have to be unique across all regions and all AWS accounts

Question 47

(T/F) S3 buckets can hold unlimited objects and since each object is 0-5TB, you have unlimited storage

Answer 47

True

Question 48

Flat structure

Answer 48

How S3 is structured, all items are on the root and appear as folders by the naming convention in the S3 Object Key

Question 49

S3 Bucket names Format

Answer 49

3-63 characters, all lowercase, no underscores, must start with lowercase or number, can be IP formatted

Question 50

S3 Bucket limit

Answer 50

100 soft limit
1000 hard limit

Question 51

S3 storage in AWS - object, file, or block?

Answer 51

Object. It is not file or block storage like EFS or EBS.
Can’t mount an S3 bucket (example: G:)
Great for large scale
Great for offloading

Question 52

Offloading

Answer 52

Input and/or output to many AWS products to S3

Question 53

ARN

Answer 53

Amazon Resource Name - uniquely reference single service in AWS. Can be with a wildcard.
Format: arn:partition:service:region:account-id:resource-id
For S3 it would be arn:aws:s3:::catgif/ = just the bucket
arn:aws:s3:::catgif/* = access objects in the bucket but not the bucket
Note ::: because there is no region because s3 is global

Question 54

CloudFormation

Answer 54

Tool that lets you create, update, and delete infrastructure in AWS

Question 55

Base of CloudFormation

Answer 55

Templates written in either YAML or JSON

Question 56

CloudFormation Template contains

Answer 56

List of resources

Question 57

Mandatory component of CloudFormation Templates

Answer 57

Resources - which AWS resources are being spun up

Question 58

Other CloudFormation Template Components

Answer 58

• Description - free text field
• AWSTemplateFormatVersion - which version, if used Description must be underneath it
• Metadata - control the UI
• Parameters - prompt user for more information
• Mappings - use lookup tables
• Conditions - decision making in the template
• Outputs - created output based on the template running, for example: “AZ Zone 2”

Question 59

Two steps to CloudFormation Conditions Component

Answer 59

Step 1 = create condition
Step 2 = use condition

Question 60

Logical Resource (CloudFormation)

Answer 60

Tells AWS what to create. For example: use “instance” for an EC2 instance.

Question 61

Stack (CloudFormation)

Answer 61

Contains all the logical resources that the template tells it to create.
Created when you take a template and tell CloudFormation to do something with the template.

Question 62

The whole point of CloudFormation

Answer 62

Any logical resources in the stack, CloudFormation makes a physical resource in your AWS account.
CloudFormation’s job is to keep the logical and phyisical creations in sync.

Question 63

CloudWatch

Answer 63

Support service used by almost all AWS Services - public service in Public Internet Zone

Question 64

Three main jobs of CloudWatch

Answer 64

Metrics, Logs, Events

Question 65

CloudWatch Events activated when?

Answer 65

If something happens (ex. an EC2 Instance Started) AND event scheduling (ex. do this at this time)

Question 66

CloudWatch Agent

Answer 66

Add functionality to CloudWatch that isn’t gathered natively (CPU usage is native; on-premises logs need CloudWatch Agent)

Question 67

Namespace (CloudWatch)

Answer 67

Namespace = container for monitoring data. All AWS data goes into a namespace as AWS/SERVICENAME or AWS/EC2. That’s reserved for AWS, you can’t name that. Outside of that you can name it as needed

Question 68

Metric (CloudWatch)

Answer 68

collection of related data points that is time ordered.

Question 69

Datapoint (CloudWatch)

Answer 69

consists of two things, timestamp and value. So for CPU utilization 2019-12-03T08:45:45Z and 98.3.

Question 70

Dimension (CloudWatch)

Answer 70

separate datapoints for different THINGS or PERSPECTIVES within the same metric

Question 71

Alarm (CloudWatch)

Answer 71

linked to metric and take an action based on that metric (example SNS)

Question 72

High Availability (HA)

Answer 72

ENSURE an agreed level of operational PERFORMANCE, usually UPTIME, for a HIGHER THAN NORMAL PERIOD

Question 73

Fault Tolerance (FT)

Answer 73

property that enables a system to CONTINUE OPERATING PROPERLY in the event of the FAILURE OF SOME (one or more faults within) of its COMPONENTS

Question 74

High Availability (HA) vs. Fault Tolerance (FT)

Answer 74

Fault tolerance is to operate through failure, high availability to maximum uptime

Question 75

Disaster Recovery (DR)

Answer 75

policies, tools and procedures to ENABLE THE RECOVERY or CONTINUATION of VITAL technology infrastructure and systems FOLLOWING A NATURAL OR HUMAN-INDUCED DISASTER

Question 76

Route53

Answer 76

Register Domains; Host Zones in managed nameservers it provides; global service; can withstand one or two regional failures and continue to run

Question 77

Hosted Zones

Answer 77

ZONE FILES in AWS, hosted on four managed name servers; can be PUBLIC or PRIVATE linked to VPC(S); stores records (RECORDSETS)

Question 78

Nameserver (NS)

Answer 78

record type .com zone to amazon.com zone

Question 79

A or AAA records

Answer 79

maps host name to IP A=IPv4 AAA=IPv6

Question 80

CNAME

Answer 80

create the equivalent of DNS shortcuts or Host to Host; create three CNAMEs for FTP, MAIL, WWW and point them all to the server so they go the right place. EXAM ALERT – CNAMES cannot point to an IP only another host name so look out for that!

Question 81

MX Records

Answer 81

How a server can find a mail server for a domain. MX records have to main parts – priority and value. MX 10 mail; MX 20 mail.other.domain. The dot to the right means it is a fully domain name. Priority says the lower number is picked first so MX 10 mail would be chosen first to deliver mail.

Question 82

TXT Record

Answer 82

add arbitrary text to a domain think Google Analytics requiring text in the TXT record so it can query it and use it.

Question 83

TTL

Answer 83

Time to Live. Set on DNS record in seconds. Tells it how long cache records for authoritative source (authoritative answer). If another client queries the same thing, they will get back a non-authoritative answer cached on the resolver server (most likely ISP server) because of TTL. It’s the TTL that may delay switching IP’s, etc.

Question 84

How many DNS root servers exist?

Answer 84

13

Question 85

Who manages DNS root servers?

Answer 85

12 different organizations

Question 86

Type of organisation maintaines the zones for a