General Knowledge Flashcards
S3 Standard
99.99% availability. 99.9999999999% (11 9s) of durability, stored reduntatnly across multiple devices in multiple facilities, and is designed to sustain the loss of 2 facilities concurrently.
S3 - IA
(Infrequently Accessed): For data that is accessed less frequently, but requires rapid access when needed. Lower fee than S3, but you are charged a retrieval fee.
S3 One Zone - IA
Lower cost than IA. For when you want a lower-cost option for infrequently accessed data, but do not require the multiple Availability Zone data resilience.
S3 Inteligent Tiering
Designed to optimize costs by automatically moving data to the most cost-effective access tier, without the performance impact or operational overhead.
S3 Glacier
S3 Glacier is a secure, durable, and low-cost storage class for data archiving. You can reliably store any amount of data at costs that are competitive with cheaper than on-premises solutions. Retrieval times configurable from minutes to hours.
S3 Glacier Deep Archive
Amazon’s S3’s lowest-cost storage class where a retrieval time of 12 hours is acceptable.
What type of storage is S3?
Object based i.e. files, videos, word documents, txt, files, photos. Files can be 0-5TB in size, stored in buckets all with unique names which generate an https link.
Can you install a database or operating system on S3?
No, S3 is object based. You would use block based storage for operating systems and databases.
How can you protect S3 objects?
Turn on MFA Delete for objects.
What are the key fundamentals of S3?
Key (name of the object) Object (Data that is made up of bytes) Version ID Metadata ( data bout the data you're storing) Subresources: Access Controls Lists Torrents
What is the S3 Consistency Model?
Read AFTER Write consistency for PUTS of new objects. (read right after creating)
Eventual Consistencies for overwrite PUTS and DELETES (can take some time to propagate)
How do you control access to S3 Buckets?
Bucket ACL
Bucket Policies
How is encryption in transit achieved?
Over HTTPS
How is encryption at rest achieved in S3?
S3 Managed Keys - SSE S3 (Server side encryption S3) - Amazon manages all the keys.
AWS Key Management Service, Managed Keys - SSE-KMS - The customer and AWS manage the keys together
Server Side Encryption With Customer Provided Keys - SSE-C - You provide the keys
Client Side Encryption
How does versioning work on S3?
Stores all version of an object including writes and even if you delete an object)
Great backup tool
Cannot be disabled, only suspended.
Integrates with lifecycle rules
Versining’s MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security.
How do you manage the automatic transition to other S3 classes, the expiration of an object, and the automatic deletion of an object in S3?
Create a lifecycle rule.
What is lifecycle management?
Automates moving your objects between the different storage tiers
Can be used in conjunction with versioning
Can be applied to current and previous versions as well.
Will your objects currently in an S3 bucket replicate when the bucket is cross region replicated?
No, but any objects uploaded to either bucket will appear in both buckets both. Deletions will only appear in one bucket.
Cross Region Replication
Versioning must be enabled on both the source and destination buckets
Regions must be unique
Files in an existing bucket are not replicated automatically
All subsequent updated files will be replicated automatically
Delete markers are not replicated
Deleting individual version or delete markers will not be replicated.
Will you be charged for clearing an object cashed in an edge location?
Yes.
What is a Cloudfront Web Distribution?
A CF distribution typically used for websites.
What is a Cloudfront RTMP distribution?
A CF distribution typically used for media streaming.
Are edge location read only?
No, you can also write to edge locations.
How long is data cahsed in Cloudfront stored for?
Objects are cahsed for the life of the TTL (Time To Live) specified when setting up the Cloudfront distribution.
What service would you use to transfer large amount of data into the cloud?
Snowball or snowmobile depending on the size.
What is storage gateway?
Connects on premisise software applicance with cloud storage. Security store data to the AWS Cloud.
What is the File Gateway?
For flat files, stores directly on S3
What is Volume Gateway?
Stored volumes - Entire Dataset is stored on site and asynchronously backed up to S3
Cached Volumes
Entire Dataset is stored on S3 and the most accessed data is cached on site.
What is Tape Gateway?
A way to put all your tape backup on AWS
How do you access the APIs and Command Line?
Using the Access Key ID and Secret Access Key.
Is Termination Protection automatically turns on or off when provisioning new EC2 EBS voumes?
Off.
The default action is for the root EBS volume to be deleted when the instance is terminated.
When you make a rule change on a security group in an EC2 instance, does that change take affect immediately?
Yes!
What is the difference between a security group and a NACL?
A security group are statefull and NACL are stateless. When you create an inbound rule an outbound rule is created automatically. When something is allowed in with a security group, it is automatically allowed out. This prevents security groups can therefore not be used for blacklisting, but NACL can be used for blacklisting.
What is a security group?
A virtual firewall.
Is all traffic blocked by default on EC2?
Yes. But all outbound traffic is automatically allowed.
How do you move your EC2 Instance and EBS Volume(s) into another availability zone and/or region?
Create a EBS Snapshot then create an AMI from that `Snapshot, then launch that AMI into the new availability zone.
You can create an AMI from Snapshots and volumes.
What is the difference between EBS and Instance Store?
For EBS VolumesL The root device for an instance launched from the AMI is an EBS volume created from an EBS Snapshot.
For Instance Store Volumes: The root device is an instance launched from the AMI is an instance store volume created from a template stored in Amazon S3
What is the difference between EBS and Instance Store?
For EBS VolumesL The root device for an instance launched from the AMI is an EBS volume created from an EBS Snapshot.
For Instance Store Volumes: The root device is an instance launched from the AMI is an instance store volume created from a template stored in Amazon S3
Are snapshots of encrypted volumes encrypted automatically?
Yes
Are volumes restored from encrypted snapshots encrypted automatically?
Yes.
Can you share encrypted snapshots?
No
Can you encrypt a root device volume upon creation of an EC2 Instance?
Yes.
How fast is the refresh time for standard CloudWatch monitoring?
It refreshes every 5 minutes.
How fast is the refresh time for detailed CloudWatch monitoring
It refreshes every 1 minute.
What is the metadata for an instance used for?
Get information about an instance such public IP, and Private IP
What file protocol does EFS support?
Network File System version 4 (NFSv4)
What EFS’ payment structure?
You only pay for the storage you use.
How large can EFS scale to?
Petabytes
How many NFS connections can EFS handle concurrently?
Thousands
What is the consistency model for EFS?
Reed after write
What is an EC2 Placement Group?
A way of placing your EC2 Instances in the AWS Infrastructure
What are the three types of EC2 Placement Groups?
Clustered Placement Groups
Spread Placement Groups
Partitioned Placement Groups
What is a Clustered Placement Group?
A grouping of instances within a single Availability Zone. For applications that need low latency, high network throughput, or both. Only certain instances can be launched in to a CPG.
What is a Spread Placement Group?
A group of instances that are each placed on distinct underlying hardware. For applications that have a small number of critical instances that should be kept separate from each other. This can either be in the same AZ or different AZs.
What is a Partition Placement Group?
When using this type of group, Amazon EC2 divides each group into logical segments called partitions. EC2 ensures that each partition within a placement group has its own network and powersource. No two partitions within a placement group share the same racks, allowing you to isolate the impact of hardware failure within your application.
What are RDS’ key feature?
Multi-AZ - for disaster recovery
Read Replicas - for performance
Comes in: SQL MySQL Postgre SQL Oracle Aurora Maria DB
What is Amazon Redshift?
Non-relational data warehouse used to query big business data sets. “Online analytics processing”
Used for Business Intelligence or Data Warehousing
What is Elasticashe?
Used to speed up the performance of existing databases by cashing frequently identical queries.
Can you SSH into an RDS instance?
No, RDS runs on virtual machines but you cannot ssh into those machines.
Who is responsible for patching of RDS Operating systems and DB?
Amazon
Is RDS serverless?
No. The exception is aurora, which has a serverless option.
How can you improve preformance for an RDS database?
Use read replicas and Elasticash
What is the primary use case for Read Replicas?
Read heavy databases.
Must Read Replicas have automatic backups turned on?
Yes
Does each read replicas have their own DNS end point?
Yes
Can you have Multi-AZ turned on for read replicas?
Yes
Can you have a read replicas in a second region?
Yes.
What are the two different types of back ups for RDS?
Automatic Backups and Database Backups (manual)
Read Replicas
Can Be Multi-AZ
Used to increase performance
Must have backups turned on
Can be in different regions
Can be MySQL, PostgreSQL, Maria DB, Oracle, and Aurora.
Can be Promoted to Master, this will bread the Read Replica
Muti-AZ
Used for DR
You can force failover from one AZ to another be rebooting the RDS instance
What RDS database types is encryption supported for?
MySQL, Oracle, SQL Server, PostgreSQL, MariaDB, and Aurora.
How is RDS encryption done?
AWS KMS. Data at rest in ynderlying storage is also encrypted as are it’s automated backups, read replicas and snapshots.
What is DynamoDB?
NoSQL database. Common use case: mobile, web, gaming, ad-tech, IoT
How is dynamo db stored?
SSD
How is dynamo db geographically distributed?
Across three geographically distinct data centers.
What are DyanmoDB’s read models?
Eventual Consistent Reads - Best read performance - Consistency reached within 1 second
Strongly consistent reads - Consistency reached under 1 second
What is Amazon Redshift used for?
Business intelligence through massive data analysis.
Is Redshift only available in 1 AZ at a time?
Yes.
How to Redshift Backups work?
Enabled by default within 1 day retetion period. Max retention period is 35 days
Redshift always attempts to maintain at least three copies of your data.
Redshift can asynchronously replicate your snapshots in another reason for disaster recovery.
What is Aurora?
Amazon’s own proprietary database that is contained in each availability zone, with minimum of 3 availability zones, and 6 copies of your data.
Can you share Aurora shapshots to other aws accounts?
Yes.
What are the two types of Aurora Replicas?
Aurora Replicas and MySQL Replicas.
Automated failover is only available with Aurora Replicas
Does Aurora have automated backups turned on by default?
Yes. You can also take snapshots of Aurora.
What is Elasticash?
Chases frequently used data to increase database and web application performance.
Do ELBs ever have a pre-defined IPv4 address?
No, you must resolve them use a DNS name.
What is an Alias Record?
Used to map resource record sets in your hosted zone to ELBs, CloudFront, or S3 Buckets that ar econfigured as websites. Works like CNAME in that allows you to map one DNS name to another target DNS name.
What is a CNAME?
Used to resolve one domain name to another. For example: https://www.m.cloud.guru to https://www.mobile.clould.guru
In the exam, you are given a choice between an ALIAS name and CNAME. Which do you always choose?
ALIAS
What is the difference between an ALIAS Record vs a CNAME?
A CNAME can’t be used for naked domain names (domains with out www. or other sub-domains such as .au)
What is a Simple Routing Policy?
Only one DNS record with multiple IP addresses. If you specify multiple values (IPs for example) in a record, Route 53 will return al values to the user in a random order.
What is a Weighted Routing Policy?
Allows you to split your traffic based on different weights assigns.
For example. You can set 10% of your traffic to go to US-EAST-1 and 90% to go to EU-WEST-1
What happens if a DNS record set fails a health check?
It will be removed from Route 53 until it passes the health check.
What is a Latency Based Policy?
Allows you to route your traffic based on the lowest level network latency for your end user (ie which region will give you the fastest response time)
What is a Geolocation Routing Policy?
Routing that lets you choose where your traffic will be sent based on the geographic location of your users. Ex. a European customer may be provided a version of your site in their language.
What is a Geoproximity Routing Policy?
Routing that allows Amazon Route 53 to route traffic to your rousrouces based on geographic location of your users and your resources. You can slo optionally choose to route more traffic or less to a given resource by specifying a value knows as a bias. A bias expands or shrinks the size of the geographic region from which traffic is routed to a resource. You must use Route 53 Traffic Fflow.
What is a Multivalue Answer Routing Policy?
“Simple routing with health checks”
Routing that lets you configure Amazon Route 53 to return multiple values, such as IP addresses for your web servers, in response to DNS queries. Also lets you check the health of the server with a health check to Route 53 only values for healthy resources. “Simple routing with health checks”
