General Cloud Concepts -

Question 1

How does CloudFront work?

Answer 1

CloudFront delivers your content through a worldwide network of data centers called edge locations. When a user requests content that you’re serving with CloudFront, the request is routed to the edge location that provides the lowest latency (time delay), so that content is delivered with the best possible performance.

Question 2

What are Six advantages of cloud computing?

Answer 2

Trade capital expense for variable expense
Benefit from massive economies of scale
Stop guessing capacity
Increase speed and agility
Stop spending money on running and maintaining data centers
Go global in minutes

Question 3

What is AWS Lambda?

Answer 3

A compute service that lets you run code without provisioning or managing servers. Lambda runs your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring, and logging.

Question 4

How long can an AWS Lambda function execute?

Answer 4

AWS Lambda functions can be configured to run up to 15 minutes per execution. You can set the timeout to any value between 1 second and 15 minutes.

Question 5

How will I be charged for using AWS Lambda functions?

Answer 5

AWS Lambda is priced on a pay-per-use basis. Please see the AWS Lambda pricing page for details.

Question 6

Can I save money on AWS Lambda with a Compute Savings Plan?

Answer 6

Yes. In addition to saving money on Amazon EC2 and AWS Fargate, you can also use Compute Savings Plans to save money on AWS Lambda. Compute Savings Plans offer up to 17% discount on Duration, Provisioned Concurrency, and Duration (Provisioned Concurrency). Compute Savings Plans do not offer a discount on Requests in your Lambda bill. However, your Compute Savings Plans commitment can apply to Requests at regular rates.

Question 7

What are the 4 ways to pay for EC2?

Answer 7

On-Demand
Spot
Reserved
Dedicated

and a fifth - Savings plans

Question 8

What is Reserved Instance in the EC2 pricing model?

Answer 8

Best Long-Term

steady-state or predictable usage or require reserved capacity
commit to EC2 over a 1-3 year term (longer terms = more savings)

Amazon EC2 Reserved Instances (RI) provide a significant discount (up to 72%) compared to On-Demand pricing and provide a capacity reservation when used in a specific Availability Zone.

he following summarizes features of all RIs.

Provide a significant discount compared to running instances On-Demand.
Can apply to usage across all Availability Zones in an AWS region, or can provide a capacity reservation when assigned to a specific Availability Zone.
Are offered under three upfront payment options to provide you with payment flexibility at the point of purchase.
Can be shared between multiple accounts within a consolidated billing family.

Question 9

Can you resell your AWS EC2 Reserved Instances?

Answer 9

Yes
The Reserved Instance Marketplace is a platform that supports the sale of third-party and AWS customers’ unused Standard Reserved Instances, which vary in term lengths and pricing options. For example, you might want to sell Reserved Instances after moving instances to a new AWS Region, changing to a new instance type, ending projects before the term expiration, when your business needs change, or if you have unneeded capacity.

Question 10

What is Service Quotas?

Answer 10

With Service Quotas, you can view and manage your quotas for AWS services from a central location. Quotas, also referred to as limits in AWS services, are the maximum values for the resources, actions, and items in your AWS account. Each AWS service defines its quotas and establishes default values for those quotas. If your business needs aren’t met by the default limit of service resources or operations that apply to an AWS account or an AWS Region, you might need to increase your service quota values. Service Quotas enables you to look up your service quotas and to request increases. AWS Support might approve, deny, or partially approve your requests.

Question 11

EC2 Reserved Instance Cost Considerations

Answer 11

Since reserved instances are basically discounts applied to on-demand instances, their prices are tied to the base price of the on-demand instance.

However, four key variables determine the cost of a reserved instance:

Instance attributes -
four instance attributes (instance type, region, tenancy, and platform) determine if a discount is applied.

Term commitment -
One year, defined as 3,1536,000 seconds (365 days)
Three years, defined as 94,608,000 seconds (1,095 days)

Payment options -
Three payment options are available for AWS reserved instances:

All Upfront (where full payment is made at the beginning of the term)
Partial Upfront
No Upfront
You receive better savings when you pay more upfront.

Offering class - t
there are two offering classes
1. Standard Instances

You receive the highest savings with standard instances, but they cannot be exchanged. They can only be modified. Standard reserved instances bind you to one instance family on the same operating system. This instance class is recommended for reliable workloads and maximum savings.

2. Convertible Instances

Discounts are lower for convertible instances compared to standard instances. However, they can be exchanged or modified. Convertible reserved instances provide the flexibility to change families, operating systems, and tenancies, but at a lower discount.

These variables determine the amount of savings you can expect with a reserved instance compared to the on-demand pricing.

Question 12

AWS IAM Access Analyzer provides the following capabilities

Answer 12

IAM Access Analyzer helps identify resources in your organization and accounts that are shared with an external entity.

IAM Access Analyzer validates IAM policies against policy grammar and best practices.

IAM Access Analyzer generates IAM policies based on access activity in your AWS CloudTrail logs.

Question 13

A large enterprise with multiple VPCs in several AWS Regions around the world needs to connect and centrally manage network connectivity between its VPCs.
Which AWS service or feature meets these requirements?
A. AWS Direct Connect
B. AWS Transit Gateway
C. AWS Site-to-Site VPN
D. VPC endpoints

Answer 13

B. AWS Transit Gateway
Keyword here is “centrally”. Transit gateway acts as a central hub to connect VPCs.

AWS Transit Gateway routes all traffic to and from each VPC or VPN, and you have one place to manage and monitor it all.

Question 14

A company is preparing to launch a new web store that is expected to receive high traffic for an upcoming event. The web store runs only on AWS, and the company has an AWS Enterprise Support plan.
Which AWS resource will provide guidance about how the company should scale its architecture and operational support during the event?
A. AWS Abuse team
B. The designated AWS technical account manager (TAM)
C. AWS infrastructure event management
D. AWS Professional Services

Answer 14

B
The designated AWS technical account manager (TAM)

Note : c provides this too

tricky - not real sure if B or C is the real answer

Question 15

A user wants to deploy a service to the AWS Cloud by using infrastructure-as-code (IaC) principles.
Which AWS service can be used to meet this requirement?
A. AWS Systems Manager
B. AWS CloudFormation
C. AWS CodeCommit
D. AWS Config

Answer 15

b

Question 16

What does AWS Global Accelerator do?

Answer 16

AWS Global Accelerator
Improve application availability, performance, and security using the AWS global network

Question 17

What is AWS Direct Connect?

Answer 17

AWS Direct Connect is a networking service that provides an alternative to using the internet to connect to AWS. Using AWS Direct Connect, data that would have previously been transported over the internet is delivered through a private network connection between your facilities and AWS. In many circumstances, private network connections can reduce costs, increase bandwidth, and provide a more consistent network experience than internet-based connections. All AWS services, including Amazon Elastic Compute Cloud (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), and Amazon DynamoDB can be used with AWS Direct Connect.

Question 18

What is the difference between AWS PrivateLink vs AWS Direct Connect?

Answer 18

AWS Direct Connect is a cloud service that helps us to create a network connection from our location to AWS. It also helps to transfer data through a private connection. Data is transferred between the facilities and AWS. This was previously delivered over the Internet. The advantages of AWS Direct Connect are as follows:

Low network costs
High bandwidth
Stable network

AWS PrivateLink on the other hand streamlines data security. It prevents data from being exposed to the public Internet when exchanged with cloud apps. With PrivateLink, we can connect services across several accounts and VPCs. This results in a simple network architecture. The advantages of PrivateLink are as follows:

Secure Traffic
Simple network management
Ease of Migration

Question 19

AWS tool to visualize you AWS usage and bills by service

Answer 19

AWS Cost Explorer is a tool provided by Amazon Web Services (AWS) that allows users to visualize their AWS usage and bills by service. AWS Cost Explorer allows users to document and manage AWS expenses through cost, usage and Reserved Instance (RI) reports.

Question 20

AWS Local Zones

Answer 20

AWS Local Zones places compute, storage, database, and other select AWS resources close to large population and industry centers. You can use Local Zones to provide your users with low-latency access to your applications.

Question 21

What are some reasons for using AWS local zones?

Answer 21

Here are some reasons to use AWS Local Zones.

Run low-latency applications at the edge — Build and deploy applications close to end users to enable real-time gaming, live streaming, augmented and virtual reality (AR/VR), virtual workstations, and more.

Simplify hybrid cloud migrations — Migrate your applications to a nearby AWS Local Zone, while still meeting the low-latency requirements of hybrid deployment.

Meet stringent data residency requirements — Comply with state and local data residency requirements in sectors such as healthcare, financial services, iGaming, and government.

Question 22

How does AWS global accelerator work?

Answer 22

Take advantage of the performance, security, and availability of the AWS Global Infrastructure to onboard your user traffic at one of the Global Accelerator edge locations. Users can access your application endpoints through static IP addresses to enjoy deterministic routing independent of DNS.

AWS Global Accelerator uses a global network of 104 Points of Presence in 88 cities across 48 countries.

Question 23

Which AWS-managed service can be used to process vast amounts of data using a hosted Hadoop framework?

Answer 23

Amazon EMR
Amazon Elastic Map Reduce (EMR) is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data. EMR utilizes a hosted Hadoop framework running on Amazon EC2 and Amazon S3.

Question 24

What is VPC peering?

Answer 24

A VPC peering connection is a networking connection between two VPCs that enables you to route traffic between them using private IPv4 addresses or IPv6 addresses. Instances in either VPC can communicate with each other as if they are within the same network. You can create a VPC peering connection between your own VPCs, or with a VPC in another AWS account. The VPCs can be in different Regions (also known as an inter-Region VPC peering connection).

AWS uses the existing infrastructure of a VPC to create a VPC peering connection; it is neither a gateway nor a VPN connection, and does not rely on a separate piece of physical hardware. There is no single point of failure for communication or a bandwidth bottleneck.

A VPC peering connection helps you to facilitate the transfer of data. For example, if you have more than one AWS account, you can peer the VPCs across those accounts to create a file sharing network. You can also use a VPC peering connection to allow other VPCs to access resources you have in one of your VPCs.
What is a AWS transit gateway?

Pricing for a VPC peering connection
There is no charge to create a VPC peering connection. All data transfer over a VPC Peering connection that stays within an Availability Zone (AZ) is free. Charges apply for data transfer over a VPC Peering connections that cross Availability Zones and Regions.

Question 25

What is a aws transit gateway?

Answer 25

A transit gateway is a network transit hub that you can use to interconnect your virtual private clouds (VPCs) and on-premises networks. As your cloud infrastructure expands globally, inter-Region peering connects transit gateways together using the AWS Global Infrastructure. Your data is automatically encrypted and never travels over the public internet.

Pricing
You are charged hourly for each attachment on a transit gateway, and you are charged for the amount of traffic processed on the transit gateway.

Question 26

What is the aws AWS Systems Manager Session Manager used for?

Answer 26

Session Manager is a fully managed AWS Systems Manager capability that lets you manage your Amazon EC2 instances through an interactive one-click browser-based shell or through the AWS CLI. Session Manager provides secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys.

Question 27

Where does AWS cloudtrail write logs to?

Answer 27

writes it to log files that are stored in an Amazon Simple Storage Service (Amazon S3) bucket you specify.

You can have CloudTrail deliver log files from multiple AWS accounts into a single Amazon S3 bucket.

Question 28

What can I do with my cloudtrail log files?

Answer 28

You can perform more advanced tasks with your CloudTrail files. Create multiple trails per region. Monitor CloudTrail log files by sending them to CloudWatch Logs. Share log files between accounts. Use the AWS CloudTrail Processing Library to write log processing applications in Java.

Question 29

What is AWS cloudtrail Lake?

Answer 29

By using CloudTrail Lake, you can also capture and store events from multiple accounts. Additionally, you can designate up to three delegated administrator accounts to create, update, query, or delete organization trails or CloudTrail Lake event data stores at the organization level. Learn more about AWS CloudTrail pricing.

Question 30

What is Cloud trail?

Answer 30

AWS CloudTrail enables auditing, security monitoring, and operational troubleshooting. CloudTrail records user activity and API calls across AWS services as events. CloudTrail events help you answer the question of “Who did what, where, and when?”

Question 31

What is Amazon CloudWatch Events or Amazon EventBridge?

Answer 31

Amazon CloudWatch Events is the traditional serverless event bus service of AWS. Its latest version produced a separate service: Amazon EventBridge. But both services correspond to the same thing. AWS just renamed the new features of the CloudWatch Events as EventBridge to emphasize and market them. Over time, CloudWatch Events will be named as Amazon EventBridge.

Question 32

What is the difference between CloudWatch events and alarms?

Answer 32

An event triggers when it is created or according to a schedule, but an alarm needs a threshold reached

CloudWatch alarm watches a metric for a specific period and triggers if it exceeds above or decreases below a threshold you define. If you defined an action for the alarm, it is also performed.

However, a standard CloudWatch event is triggered when it is created. If it is a schedulled event, it is triggered according to its schedule. If you have a rule that performs an action for that event, it is also performed, just like an action of an alarm. But CloudWatch Events have more integrations with other services than alarms.

Question 33

Describe the basics of AWS Cloud migration?

Answer 33

There are six most common strategies you can implement for your application migration:

Rehosting
Replatforming
Refactoring
Repurchasing
Retaining
Retiring

Question 34

What is AWS CAF?

Answer 34

AWS CAF is a framework that walks you through migration of applications to the cloud. Cloud Adaption Framework.

It provides suggestions assisting you in the migration process.

CAF has six focus areas:

Business
People
Governance
Platform
Security
Operations

Question 35

What is the CAF Business perspective?

Answer 35

Business Perspective
The Business Perspective is about justifying the investment.

The Business Perspective ensures that business and IT objectives meets the investment.

Roles in the Business Perspectives are:

Budget owners
Business managers
Finance managers
Strategy stakeholders

Question 36

What is the CAF Governance Perspectives?

Answer 36

Governance Perspective
The Governance Perspective is about minimizing the risk.

And simultaneously, to maximize the business value.

It helps you to understand the gaps.

Giving you an understanding of how to ensure processes and staff skills.

Roles in the Governance Perspectives are:

Chief Information Officer (CIO)
Enterprise architects
Business analysts
Program managers
Portfolio managers

Question 37

What three of the following CAF perspectives focus on the technical capabilities?
Business
People
Governance
Platform
Security
Operations

Answer 37

Platform
Security
Operations

Question 38

What does CAF help with?

Answer 38

AWS CAF helps with
migrating
of applications to the cloud

Question 39

What is AWS Snowball?

Answer 39

AWS Snowball is a service that provides secure, rugged devices, so you can bring AWS computing and storage capabilities to your edge environments, and transfer data into and out of AWS. Those rugged devices are commonly referred to as AWS Snowball or AWS Snowball Edge devices. Previously, AWS Snowball referred specifically to an early hardware version of these devices, however that model has been replaced by updated hardware. Now the AWS Snowball service operates with Snowball Edge devices, which include on-board computing capabilities as well as storage.

Question 40

What are the two types of snowball devices?

Answer 40

AWS Snowball is available in two device types. Snowball Edge Compute Optimized with more computing capabilities, suited for higher performance workloads and Snowball Edge Storage Optimized with more storage, which is suited for large-scale data migrations and capacity-oriented workloads.

Question 41

What kind of service is AWS SageMaker?

Answer 41

SageMaker is a machine learning service

Question 42

Differentiate between the various billing options for Amazon EC2?

Answer 42

Amazon EC2 is free to try. There are multiple ways to pay for Amazon EC2 instances: On-Demand, Savings Plans, Reserved Instances, and Spot Instances. You can also pay for Dedicated Hosts, which provide EC2 instance capacity on physical servers dedicated for your use.

the free EC2 instance - This includes 750 hours of Linux and Windows t2.micro instances (t3.micro for the regions in which t2.micro is unavailable), each month for one year.

Question 43

When is EC2 Spot instances are recommended for?

Answer 43

Applications that have flexible start and end times
Applications that are feasible only at very low compute prices
Users with urgent computing needs for large amounts of additional capacity

Question 44

When are EC2 on-demand recommended to be best for?

Answer 44

On-Demand instances are recommended for:

Users that prefer the low cost and flexibility of Amazon EC2 without any upfront payment or long-term commitment
Applications with short-term, spiky, or unpredictable workloads that cannot be interrupted
Applications being developed or tested on Amazon EC2 for the first time

Question 45

When would you want to use a EC2 savings plan?

Answer 45

Savings Plans are a flexible pricing model that offers low prices on EC2 and Fargate usage, in exchange for a commitment to a consistent amount of usage (measured in $/hour) for a one- or three-year term.

So, if you are looking for cost savings and you will definitely need a specific usage for at least a 1 -3 years.

Question 46

What is EC2 Auto Scaling?

Answer 46

EC2 Auto Scaling can be added as a buffer on top of your instances.

It can add new instances to the application when necessary and terminate them when no longer needed.

You can set up a group of instances.

Here you can set a minimum capacity of instances that will always be running. The rest will operate when necessary.

Question 47

What is a Dedicated host ec2 instance?

Answer 47

A Dedicated Host is a physical EC2 server dedicated for your use. Dedicated Hosts can help you reduce costs by allowing you to use your existing server-bound software licenses, including Windows Server, SQL Server, and SUSE Linux Enterprise Server (subject to your license terms), and can also help you meet compliance requirements. Learn more.

Can be purchased On-Demand (hourly).
Can be purchased as a Reservation for up to 70% off the On-Demand price.

Question 48

AWS Command Line Interface

Answer 48

AWS Command Line Interface is also called “AWS CLI”.

CLI saves you time when making API requests.

It allows you to control multiple AWS services with one tool.

CLI allows you to automate actions on services with scripts.

Question 49

How to Provision AWS Resources

Answer 49

First, you can use the aws managment console, or the CLI or the SDK to provision resouces and services like EC2 and S3 buckets.

Second,
How to Provision AWS Resources - AWS offers two managed tools: AWS Elastic Beanstalk and AWS CloudFormation.

Question 50

what is a virtual private network?

Answer 50

The Virtual Private Gateway allows you to make a Virtual Private Network (VPN) between the VPC and private network.

It only allows traffic from approved networks.

Many businesses use VPNs to ensure that their traffic and data are secure.

Question 51

Which S3 storage class offers the folllowing:
Lower storage price but higher data retrieval price.

It is higher priced than other classes.

Answer 51

S3 Standard-Infrequent Access
S3 Standard-Infrequent Access is also called S3 Standard-IA

S3 Standard-IA is ideal for data that is often accessed.

It has the same level of data availability as S3 Standard.

It stores data in at least three Availability Zones.

Lower storage price but higher data retrieval price.

It is higher priced than other classes.

Question 52

Comparison of AWS EBS and AWS S3. Which is faster?

Answer 52

ebs
Faster performance than AWS S3

Question 53

Comparison of AWS EBS and AWS S3. Which is more durable

Answer 53

S3
stored across three AZs
Data does not suffer loss, degradation, or a corruption for a very long time

Question 54

comparison of aws ebs and efs?

Answer 54

Compared to AWS ebs, EFS is ideal if many services need to access the same data at the same time.

AWS EFS saves the data in many Availability Zones.

Scaling AWS EFS does not disrupt applications.

Question 55

AWS KMS

Answer 55

AWS KMS is also known as AWS Key Management Service.

It ensures the security of your application data with cryptographic keys.

A cryptographic key is a sequence of characters that may be used to encrypt or decrypt data.

Data encryption is locking the data.

Data decryption is unlocking the data.

You are in complete control of your keys.

You can allow IAM users to manage AWS KMS keys.

Question 56

Amazon Inspector

Answer 56

Amazon Inspector helps you improve applications security.

It also helps improve applications compliance.

It checks the application for software versions and other vulnerabilities.

It offers you a report of all security issues and solutions recommendations for your application.

Question 57

Amazon GuardDuty

Answer 57

Amazon GuardDuty is a threat detection service.

It detects threats for AWS resources and infrastructure.

It does so by constantly monitoring activity on the network.

Like Amazon Inspector, it reports found threats and fixes recommendations.

Question 58

What Are the Benefits of the AWS Cloud?

Answer 58

There are six crucial benefits of the AWS Cloud:

Trade upfront expense for variable expense
Benefit from massive economies of scale
Stop guessing capacity
Increase speed and agility
Stop spending money running and maintaining data centers
Go global in minutes