Glossary

Question 1

EC2

Answer 1

elastic cloud compute

virtual computer, secure, resizable compute capacity in the cloud

Question 2

ECS

Answer 2

elastic container service - highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS

Question 3

Fargate

Answer 3

serverless container service - provision and manage servers
only supports container images hosted on ECS or docker hub
task storage is ephemeral

Question 4

AMI

Answer 4

Amazon machine image - create new EC2 with root volume

Question 5

S3

Answer 5

simple storage service - flat files, static websites, multi AZ, scalability, durability

Question 6

EBS

Answer 6

elastic block storage - hard drive in the cloud, designed for use with EC2

Question 7

EFS

Answer 7

elastic file system linux based

Question 8

NFS

Answer 8

network file system - database backup for EFS

Question 9

RDS

Answer 9

relational database service - managed service, set up operate and scale a relational database in the cloud
provides metrics in real time for the operating system (OS) that your DB instance runs on

Question 10

Aurora

Answer 10

MySQL and PostreSQL database, 5x faster, for infrequent intermittent unpredictable workloads

Question 11

DynamoDB

Answer 11

non relational database service for any scale
NoSQL key-value database, single-digit millisecond
streams function

Question 12

Redshift

Answer 12

datawarehouse

Question 13

Elasticache

Answer 13

edge location frequent caching
redis
memcached

Question 14

Redis

Answer 14

fast, opensource, in-memory data store and cache

Question 15

Memcache

Answer 15

widely adopted memory object caching system

Question 16

Neptune

Answer 16

graph database

Question 17

EMR

Answer 17

big data, hadoop

Question 18

Athena

Answer 18

analyse S3 using SQL, serverless

Question 19

DocumentDB

Answer 19

mongoDB compatible

Question 20

DMS

Answer 20

database migration service

Question 21

Kendra

Answer 21

highly accurate and easy to use enterprise search service, powered by machine learning

Question 22

Kinesis

Answer 22

streaming data

Question 23

Lambda

Answer 23

event driven run code without servers

Question 24

Codebuild

Answer 24

fully managed continuous integration service compiles code, runs tests and produces software packages

Question 25

Codedeploy

Answer 25

fully managed deployment, on prem

Question 26

Codepipeline

Answer 26

fully managed end-to-end

Question 27

Codecommit

Answer 27

source control service that hosts secure Git-based repositories

Question 28

Codestar

Answer 28

unified UI, enabling you to easily manage your software development activities in one place

Question 29

Xray

Answer 29

distributed tracing system, debug, useful for lambdas

Question 30

Opsworks

Answer 30

chef and puppet platform to automate server processes on prem

Question 31

Cloudwatch

Answer 31

monitors applications, logs and metrics | multi-platform CloudWatch agent which can be installed on both Linux and Windows-based instances

Question 32

Cloudtrail

Answer 32

API calls monitory, auditable

Question 33

Config

Answer 33

AWS resource inventory, config history

Question 34

Shield

Answer 34

DDoS, standard or advance

Question 35

Trusted Advisor

Answer 35

infrastructure, security, performance, costs

Question 36

Inspector

Answer 36

assesses security of AWS resources, automated security and compliance source control service that hosts secure Git-based repositories

Question 37

GuardDuty

Answer 37

threat detection

Question 38

Macie

Answer 38

AI security to identify PII personally identifiable information S3, cloudtrail logs, dashboards, reports alerting

Question 39

Rekognition

Answer 39

video image analysis security

Question 40

IAM

Answer 40

identity and access management

Question 41

Identities

Answer 41

IAM resource objects

Question 42

Resources

Answer 42

identity provider objects

Question 43

Entities

Answer 43

IAM users, federated users

Question 44

Principals

Answer 44

root account

Question 45

Cognito

Answer 45

simple and secure user sign up and in for 3rd party sign-up, sign-in, and access control to your web and mobile apps quickly and easily. With Amazon Cognito, you also have the option to authenticate users through social identity providers such as Facebook, Twitter, or Amazon, with SAML identity solutions, or by using your own identity system. In addition, Amazon Cognito enables you to save data locally on users’ devices, allowing your applications to work even when the devices are offline. You can then synchronize data across users’ devices so that their app experience remains consistent regardless of the device they use.

Question 46

AWS organisations

Answer 46

consolidated billing

Question 47

Objects ACLs

Answer 47

access to individual objects

Question 48

Bucket ACLs

Answer 48

write permissions ot bucket

Question 49

Bucket policies

Answer 49

cross-account bucket ACLs

Question 50

IAM policies

Answer 50

create users and groups attach policies

Question 51

KMS

Answer 51

key management service, server side encryption

Question 52

MQ

Answer 52

different software systems communication in different languages

Question 53

SQS

Answer 53

simple queue service, integrated and decouple software systems and components

Question 54

SNS

Answer 54

simple notification service, decouple microservices highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications

Question 55

SES

Answer 55

simple email service, send mail from applications, marketers

Question 56

NACL

Answer 56

network access control list, stateless, subnet level

Question 57

Security group

Answer 57

stateful instance level, allow rules only

Question 58

AWS artifact

Answer 58

central compliance reports

Question 59

SOC

Answer 59

service organisation control

Question 60

PCI

Answer 60

payment card industry

Question 61

ISO

Answer 61

international organisation for standardisation

Question 62

CSA

Answer 62

cloud security alliance

Question 63

HIPAA

Answer 63

medication record storage US

Question 64

CloudFront

Answer 64

content delivery network using edge locations, distribute your users (including illegitimate requests) across multiple regions CDN - system of distributed servers that delivers webpages and other web content improves latency

Question 65

Global accelerator

Answer 65

improves global availability, two global static customer facing IPs

Question 66

ELB

Answer 66

elastic load balancer

Question 67

NLB

Answer 67

network load balancer - static IP, TCP layer 4, route requests to one or more targets using the TCP protocol and specified port numbetr

Question 68

ALB

Answer 68

application load balancer - http/https layer 7

Question 69

Route tables

Answer 69

subnet private/public

Question 70

WAF

Answer 70

web application firewall

Question 71

Route53

Answer 71

DNS, route internet traffic to the resources fro your domain, check health of resources TTL - length DNS is cached

Question 72

Internet gateway

Answer 72

VPC to the internet

Question 73

Virtual private gateway

Answer 73

VPC to on prem

Question 74

Direct connect

Answer 74

on prem to AWS, physical line

Question 75

NAT gateway

Answer 75

network address translation gateway, public IP instance to internet or AWS service

Question 76

Peering

Answer 76

VPC to VPC

Question 77

transit gateway

Answer 77

VPC and on prem to gateway

Question 78

Elastic beanstalk

Answer 78

no servers, code to web servers

Question 79

Cloud9

Answer 79

integrated development environment, code editor

Question 80

Durability

Answer 80

region replication

Question 81

Amazon Appstream

Answer 81

an agreement between major Linux vendors to create an infrastructure for application installers on Linux and sharing of metadata

Question 82

Kinesis Data Firehouse

Answer 82

fully managed service that automatically provisions, manages and scales compute, memory, and network resources required to process and load your streaming data

Question 83

Kinesis Data analytics

Answer 83

analyse streaming data

Question 84

Kinesis Data stream

Answer 84

massively scalable and durable real-time data streaming service, records in real time

Question 85

AWS Glue

Answer 85

a serverless ETL service that crawls your data, builds a data catalog, performs data preparation, data transformation, and data ingestion

Question 86

Amazon FSx for lustre

Answer 86

delivers the performance to satisfy a wide variety of high-performance workloads works natively with S3 making it easy to access data to run processing workloads

Question 87

ECR

Answer 87

managed docker container registry, highly available

Question 88

VPC

Answer 88

virtual private cloud - logically isolated from other virtual networks in the cloud

Question 89

Datasync

Answer 89

move large amounts of data to AWS agent is deployed as an agent on a server automatically encrypts data and accelerates transfer over the WAN copy data and metadata to AWS NFS and SMB compatible systems

Question 90

Storage gateway

Answer 90

connects on prem software appliance with cloud based storage can download as VMware file (flat files), tape (magnetic drive) or volume (stored or cached) supports the Amazon S3 Standard, Amazon S3 Standard-Infrequent Access, Amazon S3 One Zone-Infrequent Access and Amazon Glacier storage classes. When you create or update a file share, you have the option to select a storage class for your objects. You can either choose the Amazon S3 Standard or any of the infrequent access storage classes such as S3 Standard IA or S3 One Zone IA. Objects stored in any of these storage classes can be transitioned to Amazon Glacier using a Lifecycle Policy.

Question 91

ENI

Answer 91

elastic network interface - virtual network card

Question 92

EN

Answer 92

enhanced networking - uses single root I/O virtualisation (SR-IOV) to provide high-performance networking capabilities on supported instance types

Question 93

EFA

Answer 93

elastic fabric adapter - a network device that you can attach to your EC2 instance to accelerate HPC and machine learning applications provides lower and more consistent latency and higher throughput than TCP transport traditionally

Question 94

DAX

Answer 94

dynamodb accelerator - fully managed, highly availabile, in-memory cache 10x performance improvement

Question 95

ARN

Answer 95

amazon reference number

Question 96

Transfer accelerator

Answer 96

speed up content transfers to and from Amazon S3 by as much as 50-500% for long-distance transfer of larger objects

Question 97

Amazon DynamoDB Stream

Answer 97

ordered flow of information about changes to items in DynamoDB

Question 98

AWS secrets manager

Answer 98

easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle

Question 99

systems manager parameter store

Answer 99

keep the database credentials and then encrypt them using AWS KMS

Question 100

CORS

Answer 100

cross origin resource sharing - a way for client web applications that are loaded in one domain to interact with resources in a different domain. With CORS support, you can build rich client-side web applications with Amazon S3 and selectively allow cross-origin access to your Amazon S3 resources.

Question 101

CRR

Answer 101

cross region replication - bucket-level configuration that enables automatic, asynchronous copying of objects across buckets in different AWS Regions.

Question 102

IAM DB authentication

Answer 102

MySQL and PostgreSQL authentication token is a unique string of characters that Amazon RDS generates on request. Authentication tokens are generated using AWS Signature Version 4. Each token has a lifetime of 15 minutes. You don’t need to store user credentials in the database, because authentication is managed externally using IAM. You can also still use standard database authentication

Question 103

throttling limits

Answer 103

API Gateway provides throttling at multiple levels including global and by service call. Throttling limits can be set for standard rates and bursts. For example, API owners can set a rate limit of 1,000 requests per second for a specific method in their REST APIs, and also configure Amazon API Gateway to handle a burst of 2,000 requests per second for a few seconds. Amazon API Gateway tracks the number of requests per second. Any request over the limit will receive a 429 HTTP response. The client SDKs generated by Amazon API Gateway retry calls automatically when met with this response. backend help

Question 104

RAM

Answer 104

resource access manager - enables you to easily and securely share AWS resources with any AWS account or within your AWS Organization. You can share AWS Transit Gateways, Subnets, AWS License Manager configurations, and Amazon Route 53 Resolver rules resources with RAM RAM eliminates the need to create duplicate resources in multiple accounts, reducing the operational overhead of managing those resources in every single account you own

Question 105

Control tower

Answer 105

easiest way to set up and govern a new, secure, multi-account AWS environment.

Question 106

parallel cluster

Answer 106

AWS-supported open-source cluster management tool that makes it easy for you to deploy and manage HPC clusters on AWS

Question 107

VPN

Answer 107

virtual private network - customer gateway, internet gateway

Question 108

API gateway

Answer 108

application programming interface

Question 109

Hypervisor

Answer 109

computer software, firmware, or hardware that creates and runs virtual machines EC2

Question 110

bastion

Answer 110

host computer or a “jump server” used to allow SSH access to your EC2 instances from an outside network

Question 111

signed cookies/signed urls

Answer 111

: they allow you to control who can access your content

Question 112

Matched viewer

Answer 112

an Origin Protocol Policy which configures CloudFront to communicate with your origin using HTTP or HTTPS, depending on the protocol of the viewer request. CloudFront caches the object only once even if viewers make requests using both HTTP and HTTPS protocols

Question 113

OAI

Answer 113

origin access identity When you create or update a distribution in CloudFront set up OAI and automatically update the bucket policy to give the origin access identity permission to access your bucket. Alternatively, you can choose to manually change the bucket policy or change ACLs, which control permissions on individual objects in your bucket.

Question 114

SNI

Answer 114

server name indication custom SSL relies on the SNI extension of the Transport Layer Security protocol, which allows multiple domains to serve SSL traffic over the same IP address by including the hostname which the viewers are trying to connect to not supported by classic load balancers

Question 115

Perfect Forward Secrecy

Answer 115

provides additional safeguards against the eavesdropping of encrypted data, through the use of a unique random session key. This prevents the decoding of captured data, even if the secret long-term key is compromised cloudfront and ELB

Question 116

OLTP

Answer 116

online transactional processing EC2 with ELB and autoscaling RDS also suitable

Question 117

Quicksight

Answer 117

cloud-powered business intelligence (BI) service that makes it easy for you to deliver insights to everyone in your organization

Question 118

step function

Answer 118

design and run workflows that stitch together | services such as AWS Lambda and Amazon ECS into feature-rich applications

Question 119

MQ

Answer 119

managed message broker - apache activeMQ

Question 120

Budgets

Answer 120

alert when your costs and usage exceed expectations

Question 121

lightsail

Answer 121

easiest way to launch and manage a virtual private server with AWS. Lightsail plans include everything you need to jumpstart your project – a virtual machine, SSDbased storage, data transfer, DNS management, and a static IP address – for a low, predictable price

Question 122

Sagemaker

Answer 122

machine learning fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. SageMaker removes all the barriers that typically slow down developers who want to use machine learning

Question 123

transfer for SFTP

Answer 123

fully managed service that enables the transfer of files directly into and out of Amazon S3 using the Secure File Transfer Protocol (SFTP)—also known as Secure Shell (SSH) File Transfer Protocol

Question 124

amplify

Answer 124

create, configure, and implement scalable mobile applications powered by AWS. Amplify seamlessly provisions and manages your mobile backend and provides a simple framework to easily integrate your backend with your iOS, Android, Web, and React Native frontends. Amplify also automates the application release process of both your frontend and backend allowing you to deliver features faster.

Question 125

app mesh

Answer 125

monitor and control microservices running on AWS. App Mesh standardizes how your microservices communicate, giving you end-to-end visibility and helping to ensure high-availability for your applications

Question 126

CloudHSM

Answer 126

cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud

Question 127

LDAP

Answer 127

light weight directory access protocol