General Knowledge

Question 1

S3 Standard

Answer 1

99.99% availability. 99.9999999999% (11 9s) of durability, stored reduntatnly across multiple devices in multiple facilities, and is designed to sustain the loss of 2 facilities concurrently.

Question 2

S3 - IA

Answer 2

(Infrequently Accessed): For data that is accessed less frequently, but requires rapid access when needed. Lower fee than S3, but you are charged a retrieval fee.

Question 3

S3 One Zone - IA

Answer 3

Lower cost than IA. For when you want a lower-cost option for infrequently accessed data, but do not require the multiple Availability Zone data resilience.

Question 4

S3 Inteligent Tiering

Answer 4

Designed to optimize costs by automatically moving data to the most cost-effective access tier, without the performance impact or operational overhead.

Question 5

S3 Glacier

Answer 5

S3 Glacier is a secure, durable, and low-cost storage class for data archiving. You can reliably store any amount of data at costs that are competitive with cheaper than on-premises solutions. Retrieval times configurable from minutes to hours.

Question 6

S3 Glacier Deep Archive

Answer 6

Amazon’s S3’s lowest-cost storage class where a retrieval time of 12 hours is acceptable.

Question 7

What type of storage is S3?

Answer 7

Object based i.e. files, videos, word documents, txt, files, photos. Files can be 0-5TB in size, stored in buckets all with unique names which generate an https link.

Question 8

Can you install a database or operating system on S3?

Answer 8

No, S3 is object based. You would use block based storage for operating systems and databases.

Question 9

How can you protect S3 objects?

Answer 9

Turn on MFA Delete for objects.

Question 10

What are the key fundamentals of S3?

Answer 10

Key (name of the object)
Object (Data that is made up of bytes)
Version ID
Metadata ( data bout the data you're storing)
Subresources: 
   Access Controls Lists
   Torrents

Question 11

What is the S3 Consistency Model?

Answer 11

Read AFTER Write consistency for PUTS of new objects. (read right after creating)

Eventual Consistencies for overwrite PUTS and DELETES (can take some time to propagate)

Question 12

How do you control access to S3 Buckets?

Answer 12

Bucket ACL

Bucket Policies

Question 13

How is encryption in transit achieved?

Answer 13

Over HTTPS

Question 14

How is encryption at rest achieved in S3?

Answer 14

S3 Managed Keys - SSE S3 (Server side encryption S3) - Amazon manages all the keys.

AWS Key Management Service, Managed Keys - SSE-KMS - The customer and AWS manage the keys together

Server Side Encryption With Customer Provided Keys - SSE-C - You provide the keys

Client Side Encryption

Question 15

How does versioning work on S3?

Answer 15

Stores all version of an object including writes and even if you delete an object)

Great backup tool

Cannot be disabled, only suspended.

Integrates with lifecycle rules

Versining’s MFA Delete capability, which uses multi-factor authentication, can be used to provide an additional layer of security.

Question 16

How do you manage the automatic transition to other S3 classes, the expiration of an object, and the automatic deletion of an object in S3?

Answer 16

Create a lifecycle rule.

Question 17

What is lifecycle management?

Answer 17

Automates moving your objects between the different storage tiers

Can be used in conjunction with versioning

Can be applied to current and previous versions as well.

Question 18

Will your objects currently in an S3 bucket replicate when the bucket is cross region replicated?

Answer 18

No, but any objects uploaded to either bucket will appear in both buckets both. Deletions will only appear in one bucket.

Question 19

Cross Region Replication

Answer 19

Versioning must be enabled on both the source and destination buckets

Regions must be unique

Files in an existing bucket are not replicated automatically

All subsequent updated files will be replicated automatically

Delete markers are not replicated

Deleting individual version or delete markers will not be replicated.

Question 20

Will you be charged for clearing an object cashed in an edge location?

Answer 20

Yes.

Question 21

What is a Cloudfront Web Distribution?

Answer 21

A CF distribution typically used for websites.

Question 22

What is a Cloudfront RTMP distribution?

Answer 22

A CF distribution typically used for media streaming.

Question 23

Are edge location read only?

Answer 23

No, you can also write to edge locations.

Question 24

How long is data cahsed in Cloudfront stored for?

Answer 24

Objects are cahsed for the life of the TTL (Time To Live) specified when setting up the Cloudfront distribution.

Question 25

What service would you use to transfer large amount of data into the cloud?

Answer 25

Snowball or snowmobile depending on the size.

Question 26

What is storage gateway?

Answer 26

Connects on premisise software applicance with cloud storage. Security store data to the AWS Cloud.

Question 27

What is the File Gateway?

Answer 27

For flat files, stores directly on S3

Question 28

What is Volume Gateway?

Answer 28

Stored volumes - Entire Dataset is stored on site and asynchronously backed up to S3

Cached Volumes
Entire Dataset is stored on S3 and the most accessed data is cached on site.

Question 29

What is Tape Gateway?

Answer 29

A way to put all your tape backup on AWS

Question 30

How do you access the APIs and Command Line?

Answer 30

Using the Access Key ID and Secret Access Key.

Question 31

Is Termination Protection automatically turns on or off when provisioning new EC2 EBS voumes?

Answer 31

Off.

The default action is for the root EBS volume to be deleted when the instance is terminated.

Question 32

When you make a rule change on a security group in an EC2 instance, does that change take affect immediately?

Answer 32

Yes!

Question 33

What is the difference between a security group and a NACL?

Answer 33

A security group are statefull and NACL are stateless. When you create an inbound rule an outbound rule is created automatically. When something is allowed in with a security group, it is automatically allowed out. This prevents security groups can therefore not be used for blacklisting, but NACL can be used for blacklisting.

Question 34

What is a security group?

Answer 34

A virtual firewall.

Question 35

Is all traffic blocked by default on EC2?

Answer 35

Yes. But all outbound traffic is automatically allowed.

Question 36

How do you move your EC2 Instance and EBS Volume(s) into another availability zone and/or region?

Answer 36

Create a EBS Snapshot then create an AMI from that `Snapshot, then launch that AMI into the new availability zone.

You can create an AMI from Snapshots and volumes.

Question 37

What is the difference between EBS and Instance Store?

Answer 37

For EBS VolumesL The root device for an instance launched from the AMI is an EBS volume created from an EBS Snapshot.

For Instance Store Volumes: The root device is an instance launched from the AMI is an instance store volume created from a template stored in Amazon S3

Question 38

What is the difference between EBS and Instance Store?

Answer 38

For EBS VolumesL The root device for an instance launched from the AMI is an EBS volume created from an EBS Snapshot.

For Instance Store Volumes: The root device is an instance launched from the AMI is an instance store volume created from a template stored in Amazon S3

Question 39

Are snapshots of encrypted volumes encrypted automatically?

Answer 39

Yes

Question 40

Are volumes restored from encrypted snapshots encrypted automatically?

Answer 40

Yes.

Question 41

Can you share encrypted snapshots?

Answer 41

No

Question 42

Can you encrypt a root device volume upon creation of an EC2 Instance?

Answer 42

Yes.

Question 43

How fast is the refresh time for standard CloudWatch monitoring?

Answer 43

It refreshes every 5 minutes.

Question 44

How fast is the refresh time for detailed CloudWatch monitoring

Answer 44

It refreshes every 1 minute.

Question 45

What is the metadata for an instance used for?

Answer 45

Get information about an instance such public IP, and Private IP

Question 46

What file protocol does EFS support?

Answer 46

Network File System version 4 (NFSv4)

Question 47

What EFS’ payment structure?

Answer 47

You only pay for the storage you use.

Question 48

How large can EFS scale to?

Answer 48

Petabytes

Question 49

How many NFS connections can EFS handle concurrently?

Answer 49

Thousands

Question 50

What is the consistency model for EFS?

Answer 50

Reed after write

Question 51

What is an EC2 Placement Group?

Answer 51

A way of placing your EC2 Instances in the AWS Infrastructure

Question 52

What are the three types of EC2 Placement Groups?

Answer 52

Clustered Placement Groups
Spread Placement Groups
Partitioned Placement Groups

Question 53

What is a Clustered Placement Group?

Answer 53

A grouping of instances within a single Availability Zone. For applications that need low latency, high network throughput, or both. Only certain instances can be launched in to a CPG.

Question 54

What is a Spread Placement Group?

Answer 54

A group of instances that are each placed on distinct underlying hardware. For applications that have a small number of critical instances that should be kept separate from each other. This can either be in the same AZ or different AZs.

Question 55

What is a Partition Placement Group?

Answer 55

When using this type of group, Amazon EC2 divides each group into logical segments called partitions. EC2 ensures that each partition within a placement group has its own network and powersource. No two partitions within a placement group share the same racks, allowing you to isolate the impact of hardware failure within your application.

Question 56

What are RDS’ key feature?

Answer 56

Multi-AZ - for disaster recovery
Read Replicas - for performance

Comes in: 
SQL
MySQL
Postgre SQL
Oracle
Aurora
Maria DB

Question 57

What is Amazon Redshift?

Answer 57

Non-relational data warehouse used to query big business data sets. “Online analytics processing”

Used for Business Intelligence or Data Warehousing

Question 58

What is Elasticashe?

Answer 58

Used to speed up the performance of existing databases by cashing frequently identical queries.

Question 59

Can you SSH into an RDS instance?

Answer 59

No, RDS runs on virtual machines but you cannot ssh into those machines.

Question 60

Who is responsible for patching of RDS Operating systems and DB?

Answer 60

Amazon

Question 61

Is RDS serverless?

Answer 61

No. The exception is aurora, which has a serverless option.

Question 62

How can you improve preformance for an RDS database?

Answer 62

Use read replicas and Elasticash

Question 63

What is the primary use case for Read Replicas?

Answer 63

Read heavy databases.

Question 64

Must Read Replicas have automatic backups turned on?

Answer 64

Yes

Question 65

Does each read replicas have their own DNS end point?

Answer 65

Yes

Question 66

Can you have Multi-AZ turned on for read replicas?

Answer 66

Yes

Question 67

Can you have a read replicas in a second region?

Answer 67

Yes.

Question 68

What are the two different types of back ups for RDS?

Answer 68

Automatic Backups and Database Backups (manual)

Question 69

Read Replicas

Answer 69

Can Be Multi-AZ
Used to increase performance
Must have backups turned on
Can be in different regions
Can be MySQL, PostgreSQL, Maria DB, Oracle, and Aurora.
Can be Promoted to Master, this will bread the Read Replica

Question 70

Muti-AZ

Answer 70

Used for DR

You can force failover from one AZ to another be rebooting the RDS instance

Question 71

What RDS database types is encryption supported for?

Answer 71

MySQL, Oracle, SQL Server, PostgreSQL, MariaDB, and Aurora.

Question 72

How is RDS encryption done?

Answer 72

AWS KMS. Data at rest in ynderlying storage is also encrypted as are it’s automated backups, read replicas and snapshots.

Question 73

What is DynamoDB?

Answer 73

NoSQL database. Common use case: mobile, web, gaming, ad-tech, IoT

Question 74

How is dynamo db stored?

Answer 74

SSD

Question 75

How is dynamo db geographically distributed?

Answer 75

Across three geographically distinct data centers.

Question 76

What are DyanmoDB’s read models?

Answer 76

Eventual Consistent Reads - Best read performance - Consistency reached within 1 second

Strongly consistent reads - Consistency reached under 1 second

Question 77

What is Amazon Redshift used for?

Answer 77

Business intelligence through massive data analysis.

Question 78

Is Redshift only available in 1 AZ at a time?

Answer 78

Yes.

Question 79

How to Redshift Backups work?

Answer 79

Enabled by default within 1 day retetion period. Max retention period is 35 days

Redshift always attempts to maintain at least three copies of your data.

Redshift can asynchronously replicate your snapshots in another reason for disaster recovery.

Question 80

What is Aurora?

Answer 80

Amazon’s own proprietary database that is contained in each availability zone, with minimum of 3 availability zones, and 6 copies of your data.

Question 81

Can you share Aurora shapshots to other aws accounts?

Answer 81

Yes.

Question 82

What are the two types of Aurora Replicas?

Answer 82

Aurora Replicas and MySQL Replicas.

Automated failover is only available with Aurora Replicas

Question 83

Does Aurora have automated backups turned on by default?

Answer 83

Yes. You can also take snapshots of Aurora.

Question 84

What is Elasticash?

Answer 84

Chases frequently used data to increase database and web application performance.

Question 85

Do ELBs ever have a pre-defined IPv4 address?

Answer 85

No, you must resolve them use a DNS name.

Question 86

What is an Alias Record?

Answer 86

Used to map resource record sets in your hosted zone to ELBs, CloudFront, or S3 Buckets that ar econfigured as websites. Works like CNAME in that allows you to map one DNS name to another target DNS name.

Question 87

What is a CNAME?

Answer 87

Used to resolve one domain name to another. For example: https://www.m.cloud.guru to https://www.mobile.clould.guru

Question 88

In the exam, you are given a choice between an ALIAS name and CNAME. Which do you always choose?

Answer 88

ALIAS

Question 89

What is the difference between an ALIAS Record vs a CNAME?

Answer 89

A CNAME can’t be used for naked domain names (domains with out www. or other sub-domains such as .au)

Question 90

What is a Simple Routing Policy?

Answer 90

Only one DNS record with multiple IP addresses. If you specify multiple values (IPs for example) in a record, Route 53 will return al values to the user in a random order.

Question 91

What is a Weighted Routing Policy?

Answer 91

Allows you to split your traffic based on different weights assigns.

For example. You can set 10% of your traffic to go to US-EAST-1 and 90% to go to EU-WEST-1

Question 92

What happens if a DNS record set fails a health check?

Answer 92

It will be removed from Route 53 until it passes the health check.

Question 93

What is a Latency Based Policy?

Answer 93

Allows you to route your traffic based on the lowest level network latency for your end user (ie which region will give you the fastest response time)

Question 94

What is a Geolocation Routing Policy?

Answer 94

Routing that lets you choose where your traffic will be sent based on the geographic location of your users. Ex. a European customer may be provided a version of your site in their language.

Question 95

What is a Geoproximity Routing Policy?

Answer 95

Routing that allows Amazon Route 53 to route traffic to your rousrouces based on geographic location of your users and your resources. You can slo optionally choose to route more traffic or less to a given resource by specifying a value knows as a bias. A bias expands or shrinks the size of the geographic region from which traffic is routed to a resource. You must use Route 53 Traffic Fflow.

Question 96

What is a Multivalue Answer Routing Policy?

Answer 96

“Simple routing with health checks”

Routing that lets you configure Amazon Route 53 to return multiple values, such as IP addresses for your web servers, in response to DNS queries. Also lets you check the health of the server with a health check to Route 53 only values for healthy resources. “Simple routing with health checks”