General Flashcards
1
Q
6 advantages of cloud
A
- Trade capital expense for variable expense
- Benefit from massive economies of scale
- Stop guessing about capacity
- Increase speed and agility
- Stop spending money running and maintaining data centers
- Go global in minutes
2
Q
3 types of cloud computing
A
- IAAS
- PAAS
- SAAS
3
Q
3 types of Cloud Computing deployments
A
- Public Cloud (AWS, Azure)
- Private Cloud (Your own datacenter
- Hybrid (Mix of both)
4
Q
Availability Zone
A
One or more closely-located data centers, each with redundant power, networking, connectivity
5
Q
Region
A
A geographical area
6
Q
A region always has at least _____ AZs
A
2
7
Q
Edge Location
A
Endpoint for caching content
8
Q
Factors for choosing the right Region
A
- Data sovereignty laws (data needs to be physically stored in a certain location)
- Latency to end-users
- AWS Services (us-east-1 has the most services available)
9
Q
4 Support Plans (Names)
A
- Basic
- Developer
- Business
- Enterprise
10
Q
Basic Support Plan (not including response times)
A
- Free
- No tech support
- No TAM
11
Q
Developer Support Plan (not including response times)
A
- $29/month
- Tech support via email during business hours
- No TAM
- 1 person can open unlimited support cases
12
Q
Business Support Plan (not including response times)
A
- $100/month (at least)
- 24 x 7 tech support via email, chat, phone
- No TAM
- Unlimited people can open unlimited support cases
13
Q
Enterprise Support Plan (not including response times)
A
- $15,000/month
- 24 x 7 tech support via email, chat, phone
- Includes TAM
- Unlimited people can open unlimited support cases
14
Q
What support level includes a TAM
A
Enterprise
15
Q
Basic Support Plan response times
A
None
16
Q
Developer Support Plan response times
A
- General guidance: < 24 business hrs
- System impaired: < 12 business hrs
17
Q
Business Support Plan response times
A
- General guidance: < 24 hrs
- System impaired: < 12 hrs
- Prod system impaired: < 4 hrs
- Prod system down: < 1 hr
18
Q
Enterprise Support Plan response times
A
- General guidance: < 24 hrs
- System impaired: < 12 hrs
- Prod system impaired: < 4 hrs
- Prod system down: < 1 hr
- Business-critical system down: < 15 min
19
Q
Root account
A
Email address account used to set up AWS account. Always has admin access
20
Q
How are permissions given to users in a group
A
Policies are associated to the group, and users inherit the permissions in these policies
21
Q
Credential Report
A
IAM report that lists all users in your account
22
Q
7 S3 Storage Classes (names)
A
- Standard
- Infrequently Accessed (IA)
- One Zone IA
- Intelligent Tiering
- Glacier
- Glacier Deep Archive
- Outposts
23
Q
“Standard” S3 storage class
A
99.99% available
24
Q
“Infrequently Accessed (IA)” S3 storage class
A
Accessed less frequently, but still need rapid access. Charged retrieval fee.
25
"One Zone IA" S3 storage class
Same as IA but without multiple AZ resilience
26
"Intelligent Tiering" S3 storage class
Auto move data to most cost-effective tier
27
"Glacier" S3 storage class
Retrieval times from minutes to hours
28
"Glacier Deep Archive" S3 storage class
12 hour retrieval time
29
"Outposts" S3 storage class
For on-prem Outpost environments
30
S3 file size range
0B to 5TB
31
S3 storage limit
Unlimited
32
Timing for S3 operations (Write/Read, Update, Delete)
- New files are readable instantly
| - Update/Delete takes up to a second to propagate
33
S3 Cross-region replication
Replicating contents of a bucket into another region
34
3 ways to restrict bucket access
- Bucket policy
- Object policy
- IAM policies to users/groups
35
What is the advantage of static websites in S3
S3 scales to meet demand, so many concurrent visitors will be handled automatically
36
Default TTL for CloudFront
Greater of the two: 24 hrs or configured minimum TTL
37
3 components of CloudFront
- Edge location (caching location)
- Origin (orig file source)
- Distribution (name of cdn)
38
2 types of CloudFront distributions
- Web
| - RTMP (Adobe's flash protocol)
39
EC2 pricing models (names)
- On Demand
- Reserved
- Spot
- Dedicated Hosts
40
"On Demand" EC2 pricing model
Fixed rate by hour/second, no up-front cost
41
"Reserved" EC2 pricing model
Pay up front; discounted hourly rate but you must lock into 1 or 3 year contract
42
"Spot" EC2 pricing model
You set desired cost, and instanced is auto-provisioned when current price hits that bid; Instance is terminated if price changes from bid
43
"Dedicated Hosts" EC2 pricing model
Physical EC2 servers for software licenses that require dedicated hosts
44
What happens if a Spot EC2 instance is terminated by AWS?
You will not be charged for the partial hour of usage
45
EC2 Reserved Instance pricing types (names)
- Standard
- Convertible
- Scheduled
46
"Standard" EC2 Reserved Instance pricing type
Up to 75% off on-demand pricing
47
"Convertible" EC2 Reserved Instance pricing type
Up to 54% off on-demand pricing, but can change attributes of instance as long as it results in an instance of equal or greater value; Can't revert
48
"Scheduled" EC2 Reserved Instance pricing type
Can launch within time windows you reserve
49
EC2 Instance Type Mnemonic
Fight Dr. McPxz Australia
| FIGHTDRMCPXZAU
50
EBS
- Elastic Block Storage
- Installing Operating Systems or Databases
- Virtual storage volumes used by EC2 instances
51
4 Types of EBS volumes
- General Purpose SSD
- Provisioned IOPS SSD
- Throughput Optimized HDD
- Cold HDD
52
Security Groups
- Virtual firewalls in the cloud
| - You must open ports to use them
53
Ports for 4 common protocols when using Security Groups
- 22 (SSH)
- 80 (HTTP)
- 443 (HTTPS)
- 3389 (RDP)
54
3 ways to interact with AWS
- Console
- CLI
- SDK
55
Which is more secure: roles or access keys?
Roles
56
3 types of Load Balancers
- Application (ALB) - has access to code
- Network (NLB) - extreme performance; static IPs
- Classic - Test/Dev; keeps costs low
57
Amazon Macie
Fully managed data security/privacy service that uses machine learning to discover and protect sensitive data in AWS
58
VPC Peering
Allows access between two VPCs
59
Internet Gateway
Horizontally scaled, highly-available VPC component that allows communication from a VPC to the internet
60
How to design EC2 for failure
Put one instance in each AZ
61
6 RDS DB Engines
- SQL Server
- Oracle
- MySQL Server
- PostgreSQL
- Aurora
- MariaDB
62
Red Shift
Data warehouse for OLAP (Online Analytics Processing)
63
RDS 2 key features
- multi-AZ (for disaster recovery)
| - read replicas (for performance)
64
Read Replicas (RDS)
Auto-replicated database used only for reading
65
ElastiCache
- Web service for deploying/operating/scaling in-memory caches in the cloud
- Place to store most frequently used queries
66
2 caching engines supported by ElastiCache
- Memcached
| - Redis
67
3 Compute Services
- EC2
- Lambda
- Elastic Beanstalk
68
Elastic Beanstalk
- A way of deploying web apps to the cloud
| - Automatically handles capacity provisioning, load balancing, scaling, health monitoring
69
Elastic Beanstalk vs. CloudFormation
- Both auto-provision resources
| - Elastic beanstalk is not programmable, CF is
70
Benefits of Cloud Computing vs Traditional Computing
- IT Assets as provisioned resources
- Global, available, and scalable capacity
- Higher level managed services
- Built-in security
- Architecting for cost
- Operations on AWS (refactoring, rearchitecting)
71
Pillars of AWS Well-Architected Framework
- Operational Excellence
- Security
- Reliability
- Performance Efficiency
- Cost Optimization
72
AWS Graph DB
Amazon Neptune
73
Global AWS Services
- IAM
- Route53
- CloudFront
- SNS
- SES (not all regions)
74
AWS Services that can be used on-prem
- Snowball
- Snowball Edge
- Storage Gateway
- CodeDeploy
- Opsworks
- IoT Greengrass
75
CloudWatch EC2 default monitoring interval
5 minutes
76
How to increase CloudWatch EC2 monitoring interval
Turn on detailed monitoring (1 minute)
77
Opsworks
Uses Chef to deploy app code to EC2 or OnPrem Opsworks env
78
Snowball
Disk shipped to data center to migrate data (80TB), then shipped back to AWS
79
Storage Gateway
Similar to Snowball, but never leaves your datacenter
80
AWS Systems Manager
- Connects to EC2 instances or VMs via installed agent
- In AWS or on-prem
- Run commands, apply patches
81
Service Health Dashboard
Monitor health of entire services (not resources)
82
Personal Health Dashboard
Monitor health of services you actually use
83
EFS
- Elastic File System
| - File storage for EC2 instances
84
Difference between EBS and EFS
EFS is elastic (size is adjusted automatically)
85
Global Accelerator
Create accelerators to improve availability and PERFORMANCE of your apps for users where internet is ingested
86
Load Balancer vs Autoscaling Group
Autoscaling group spins up new instances, Load Balancer redirects traffic to already running instances
87
AWS Trusted Advisor
A tool that provides you real time guidance to help you provision your resources following AWS best practices
88
AWS Certificates Manager
A service that lets you manage public and private SSL/TLS certificates for use with AWS services and your internal connected resources
89
AWS Artifact
A service that provides on-demand access to AWS’ security and compliance reports and select online agreements
90
Customer-inherited controls
Physical and Environmental controls
91
Shared Controls
- Patch management
- Configuration management
- Awareness and training
92
Customer Specific Controls
Service and Communications Protection or Zone Security
