Key Services (Cloud) Flashcards

Question

Amazon Lightsail

Answer 1

Amazon Lightsail is an easy-to-use cloud platform that offers you everything needed to build an application or website, or launch and manage a virtual private server with AWS. Amazon Lightsail offers several preconfigured, one-click-to-launch operating systems, development stacks, and web applications, including Linux, Windows OS, and WordPress. Lightsail plans include everything you need to jumpstart your project: a virtual machine, SSD- based storage, data transfer, DNS management, and a static IP address. Amazon Lightsail comes with monthly payment plans and does not support per second billing.

Answer 2

Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. Macie automatically provides an inventory of Amazon S3 buckets including a list of unencrypted buckets, publicly accessible buckets, and buckets shared with AWS accounts outside those you have defined in AWS Organizations. Then, Macie applies machine learning and pattern matching techniques to the buckets you select to identify and alert you to sensitive data, such as personally identifiable information (PII). This service is for securing data and has nothing to do with an EC2 security assessment. Macie cannot be used to check OS vulnerabilities.

Answer 3

Amazon Managed Blockchain (AMB) is a fully managed service designed to help you build resilient Web3 applications on both public and private blockchains. Amazon Managed Blockchain is a fully managed service that makes it easy to create and manage scalable blockchain networks using the popular open source frameworks Hyperledger Fabric and Ethereum. It allows multiple parties to execute transactions without the need of a trusted, central authority.

Answer 4

Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers on AWS. Amazon MQ reduces your operational responsibilities by managing the provisioning, setup, and maintenance of message brokers for you. Because Amazon MQ connects to your current applications with industry-standard APIs and protocols, you can easily migrate to AWS without having to rewrite code. If you're using messaging with existing applications, and want to move the messaging functionality to the cloud quickly and easily, AWS recommends you consider Amazon MQ. It supports industry-standard APIs and protocols so you can switch from any standards-based message broker to Amazon MQ without rewriting the messaging code in your applications. If you are building brand new applications in the cloud, AWS recommends you consider Amazon SQS and Amazon SNS.

Answer 5

Amazon Neptune is a serverless fully managed graph database service designed for superior scalability and availability. Amazon Neptune Analytics is an analytics database engine for quickly analyzing large volumes of graph data to get insights and find trends from data stored in Amazon S3 buckets or a Neptune database. Amazon Neptune is a fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. It's not the right fit to store recommendation results with the LEAST operational overhead for any scale.

Answer 6

Amazon OpenSearch Service makes it easy for you to perform interactive log analytics, real-time application monitoring, website search, and more. OpenSearch is an open source, distributed search and analytics suite derived from Elasticsearch.

Answer 7

Amazon Pinpoint allows marketers and developers to deliver customer-centric engagement experiences by capturing customer usage data to draw real-time insights. Pinpoint cannot be used to debug performance issues for this serverless application built using a microservices architecture.

Answer 8

Amazon Polly is a service that turns text into lifelike speech, allowing you to create applications that talk, and build entirely new categories of speech-enabled products. Polly's Text-to-Speech (TTS) service uses advanced deep learning technologies to synthesize natural sounding human speech.

Answer 9

Amazon QuickSight is a fast, cloud-powered business intelligence (BI) service that makes it easy for you to deliver insights to everyone in your organization. You can create and publish interactive dashboards.

Answer 10

Amazon Relational Database Service (Amazon RDS) is an AWS regional managed cloud database service that helps organizations easily set up, operate, and scale relational databases in the AWS cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need. It offers a variety of database engines, including: Amazon Aurora, PostgreSQL, SQL Server, MySQL, MariaDB, Oracle Database, and Amazon RDS on AWS Outposts. RDS can encrypt your database instances. Data that is encrypted at rest includes the underlying storage for DB instances, its automated backups, read replicas, and snapshots. Encryption for RDS is an additional feature and the user needs to enable it. Schema change on a relational database is not easy and straight-forward as it is on a NoSQL database. Amazon RDS does not support flexible schema. Amazon RDS is less operationally efficient than Amazon DynamoDB while building a highly scalable solution.

Answer 11

Amazon Redshift is a fully-managed, petabyte-scale cloud-based data warehouse service designed for large scale data set storage and analysis, that makes it simple and cost-effective to analyze all your data. Amazon Redshift does not support flexible schema. Amazon Redshift is the most popular and fastest cloud data warehouse. Though analytics can be run on Redshift, in the current use case, old data is residing on S3, and Athena is the right choice since analytics can be run directly while data is sitting on S3. You cannot use Amazon Redshift for SQL analysis on S3 based data.

Answer 12

Amazon Rekognition is a Software as a Service (Saas) model that can add image and video analysis to your applications using proven, highly scalable, deep learning technology that requires no machine learning expertise. Amazon Rekognition can identify objects, people, text, scenes, and activities in images and videos as well as detect any inappropriate content. Amazon Rekognition also provides highly accurate facial analysis and facial search capabilities that you can use to detect, analyze, and compare faces for a wide variety of user verification, people counting, and public safety use cases.

Answer 13

Amazon Route 53 provides highly available and scalable cloud Domain Name System (DNS) web service, domain name registration, Routing Policy, and health-checking web services. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. It cannot be used to improve application availability and performance using the AWS global network. Amazon Route 53 cannot provide secure shell access to EC2 instances. You cannot use Amazon Route 53 to connect your on-premises network with AWS Cloud.

Answer 14

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. This means customers of all sizes and industries can use it to store and protect any amount of data for a range of use cases, such as websites, mobile applications, backup and restore, archive, enterprise applications, IoT devices, and big data analytics. As S3 is object-based storage, so it cannot be used for file sharing between instances. S3 service is not free and you pay to depend on the storage class you choose for your data. It is not a database service. Amazon S3 is a unique service in the sense that it follows a global namespace but the buckets are regional. You specify an AWS Region when you create your Amazon S3 bucket. This is a regional service.

Answer 15

Amazon Simple Notification Service (Amazon SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications for both application-to-application (A2A) and application-to-person (A2P) communication. The A2A pub/sub functionality provides topics for high-throughput, push-based, many-to-many messaging between distributed systems, microservices, and event-driven serverless applications. Amazon SNS allows applications to send time-critical messages to multiple subscribers through a “push” mechanism, which implies that the receiving applications have to be present and running to receive the messages. Using Amazon SNS topics, your publisher systems can fan-out messages to a large number of subscriber endpoints for parallel processing, including Amazon SQS queues, AWS Lambda functions, and HTTP/S webhooks. Additionally, SNS can be used to fan out notifications to end users using mobile push, SMS, and email.

Answer 16

Amazon Simple Queue Service (Amazon SQS) is a reliable, highly scalable fully managed message queuing service for storing messages as they travel between computers. It enables you to decouple and scale microservices, distributed systems, and serverless applications. Amazon SQS lets you easily move data between distributed application components and helps you build applications in which messages are processed independently (with message-level ack/fail semantics), such as automated workflows. SQS offers two types of message queues - Standard queues vs FIFO queues. SQS cannot be used to monitor CPU utilization for EC2 instances or send emails. It is not a pub/sub messaging service, and it uses a pull-based system. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

Answer 17

Amazon S3 SRR (Same-Region Replication) is an S3 feature that automatically replicates data between buckets within the same AWS Region.

Answer 18

Amazon Timestream offers fully managed, purpose-built time-series database engines for workloads from low-latency queries to large-scale data ingestion.

Answer 19

You can use Amazon Transcribe to add speech-to-text capability to your applications. Amazon Transcribe uses a deep learning process called automatic speech recognition (ASR) to convert speech to text quickly and accurately. Amazon Transcribe can be used to transcribe customer service calls, to automate closed captioning and subtitling, and to generate metadata for media assets.

Answer 20

Amazon Translate is a neural machine translation web service that uses deep learning to deliver more accurate and natural translation than traditional algorithms.

Answer 21

Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your IP address range, creation of subnets, and configuration of route tables and network gateways. An Amazon Virtual Private Cloud (Amazon VPC) spans all of the Availability Zones (AZ) in the Region. You cannot use Amazon VPC to connect your on-premises network with AWS Cloud.

Answer 22

AWS Artifact is your go-to, central resource for compliance-related information that matters to your organization. It provides on-demand access to AWS security and compliance reports and select online agreements. Reports available in AWS Artifact include our Service Organization Control (SOC) reports, Payment Card Industry (PCI) reports, and certifications from accreditation bodies across geographies and compliance verticals that validate the implementation and operating effectiveness of AWS security controls. Different types of agreements are available in AWS Artifact Agreements to address the needs of customers subject to specific regulations. For example, the Business Associate Addendum (BAA) is available for customers that need to comply with the Health Insurance Portability and Accountability Act (HIPAA). It is not a service, it's a no-cost, self-service portal for on-demand access to AWS compliance reports.

Answer 23

AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS. AWS Batch can be used to plan, schedule and execute batch computing workloads across the full range of AWS compute services. AWS Batch dynamically provisions the optimal quantity and type of compute resources (e.g., CPU or memory-optimized instances) and optimizes the job distribution based on the volume and specific resource requirements of the batch jobs submitted.

Answer 24

AWS Budgets gives the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount from the simplest to the most complex use cases. AWS Budgets can set reservation utilization or coverage targets and receive alerts by email or Amazon SNS notification when actual or forecasted cost and usage exceed your budget threshold, or when your actual RI and Savings Plans' utilization or coverage drops below your desired threshold. Budgets can be created at the monthly, quarterly, or yearly level, and you can customize the start and end dates. You can further refine your budget to track costs associated with multiple dimensions, such as AWS service, linked account, tag, and others. With AWS Budget Actions, you can also configure specific actions to respond to cost and usage status in your accounts, so that actions can be executed automatically or with your approval to reduce unintentional over-spending. Reservation alerts are supported for Amazon EC2, Amazon RDS, Amazon Redshift, Amazon ElastiCache, and Amazon Elasticsearch reservations. You cannot use AWS Budgets to set up consolidated billing and a single payment method for multiple AWS accounts.

Answer 25

The AWS Cloud Adoption Framework (AWS CAF) leverages AWS experience and best practices to help you digitally transform and accelerate your business outcomes through innovative use of AWS. AWS CAF identifies specific organizational capabilities that underpin successful cloud transformations. AWS CAF identifies and prioritize transformation opportunities, evaluate and improve your cloud readiness, and iteratively evolve your transformation roadmap. These capabilities provide best practice guidance that helps you improve your cloud readiness. AWS CAF groups its capabilities in six perspectives: Business, People, Governance, Platform, Security, and Operations. Each perspective comprises a set of capabilities that functionally related stakeholders own or manage in your cloud transformation journey. The platform perspective focuses on accelerating the delivery of your cloud workloads via an enterprise-grade, scalable, hybrid cloud environment. It comprises seven capabilities shown in the following figure. Operations perspective helps ensure that your cloud services are delivered at a level that meets the needs of your business. Performance and capacity management under the Operations perspective is part of the AWS CAF. Common stakeholders include Chief Technology Officer (CTO), technology leaders, architects, and engineers.

Answer 26

The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services. With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts. CLI cannot be used with language-specific APIs.

Answer 27

The AWS Cloud Development Kit (AWS CDK) is an open source software development framework to define your cloud application resources using familiar programming languages.

Answer 28

AWS CloudFormation is an infrastructure as code (IaC) service that provides a common language for users easily model, provision, and manage AWS and third-party infrastructure resources needed for your applications across all Regions and accounts in an automated and secure manner by using different programming languages or a simple text file (in YAML or JSON format). In AWS CloudFormation, you have to explicitly specify which resources you want to provision. This is very different from Beanstalk where you just upload your application code and Beanstalk automatically figures out what resources are required to deploy that application. AWS CloudFormation does not provide the general status of AWS services availability for all Regions. You cannot use CloudFormation to track changes to each resource on AWS. CloudFormation cannot auto-scale resources.

Answer 29

AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your encryption keys on the AWS Cloud. With CloudHSM, you can manage your encryption keys using FIPS 140-2 Level 3 validated HSMs. It is a fully-managed service that automates time-consuming administrative tasks for you, such as hardware provisioning, software patching, high-availability, and backups. CloudHSM cannot be used to prevent Distributed Denial-of-Service (DDoS) attack. CloudHSM cannot be used for the security assessment of applications deployed on AWS.

Answer 30

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. AWS CloudTrail can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. AWS CloudTrail provides the event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services. AWS CloudTrail can record AWS API calls and other activity for your AWS account and save the recorded information to log files in an Amazon Simple Storage Service (Amazon S3) bucket that you choose. By default, the log files delivered by CloudTrail to your S3 bucket are encrypted using server-side encryption with Amazon S3 managed keys (SSE-S3). Think account-specific activity and audit; think CloudTrail. You cannot use CloudTrail to track changes to each resource on AWS. CloudTrail cannot help in identifying the right AWS services to build solutions on AWS Cloud. CloudTrail cannot be used to monitor CPU utilization for EC2 instances or send emails.

Answer 31

Amazon CloudWatch is a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. CloudWatch provides data and actionable insights to monitor applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health. This is an excellent service for building Resilient systems. Think resource performance monitoring, events, and alerts; think CloudWatch. CloudWatch cannot be used to protect from web exploits such as SQL injection and cross-site scripting.

Answer 32

AWS CodeArtifact - AWS CodeArtifact is a fully managed artifact repository (also called code dependencies) service that makes it easy for organizations of any size to securely store, publish, and share software packages used in their software development process.

Answer 33

AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don't need to provision, manage, and scale your own build servers, it is serverless.

Answer 34

AWS CodeCommit is a secure, highly scalable, managed source control service that makes it easier for teams to collaborate on code. It also provides software version control.

Answer 35

AWS CodeDeploy is a service that automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises.

Answer 36

AWS CodePipeline is a fully managed continuous delivery service that helps you automate your release pipelines for fast and reliable application and infrastructure updates.

Answer 37

AWS Compute Optimizer is a service that analyzes your AWS resources' configuration and utilization metrics to provide you with rightsizing optimization recommendations for optimal AWS resources for your workloads to reduce costs and improve performance of your workloads by using machine learning to analyze historical utilization metrics. Over-provisioning resources can lead to unnecessary infrastructure costs, and under-provisioning resources can lead to poor application performance. Compute Optimizer helps you choose optimal configurations for three types of AWS resources: Amazon EC2 instances, Amazon EBS volumes, and AWS Lambda functions, based on your utilization data.

Answer 38

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations. Think resource-specific history, audit, and compliance; think Config.

Answer 39

AWS Cost Explorer is an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time. It lets you explore your AWS costs and usage at both a high level and at a detailed level of analysis, and empowering you to dive deeper using many filtering dimensions (e.g., AWS Service, Region, Linked Account). AWS Cost Explorer includes a default report that helps you visualize the costs and usage associated with your top five cost-accruing AWS services, and gives you a detailed breakdown on all services in the table view. The reports let you adjust the time range to view historical data going back up to twelve months to gain an understanding of your cost trends. Cost Explorer does not offer any recommendations vis-a-vis AWS best practices for cost optimization, security, and performance improvement. You cannot use AWS Cost Explorer to set up consolidated billing and a single payment method for multiple AWS accounts. It's a handy tool to keep track of costs of AWS resources, but auto-scaling is not part of its feature set.

Answer 40

The AWS Cost & Usage Report (AWS CUR) contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, credit, fees, taxes, discounts, cost categories, Reserved Instances, and Savings Plans. The AWS Cost & Usage Report (AWS CUR) itemizes usage at the account or Organization level by product code, usage type and operation. These costs can be further organized by Cost Allocation tags and Cost Categories. The AWS Cost & Usage Report (AWS CUR) is available at an hourly, daily, or monthly level of granularity, as well as at the management or member account level. The AWS Cost & Usage Report (AWS CUR) cannot provide the estimate of the monthly AWS bill based on the list of AWS services.

Answer 41

AWS Database Migration Service (AWS DMS) is a managed migration and replication service that helps move your database and analytics workloads to AWS quickly, securely, and with minimal downtime and zero data loss. AWS DMS supports migration between 20-plus widely used commercial and open-source databases and analytics engines. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database.

Answer 42

The AWS Developer Support plan can be used if you are testing or doing early development on AWS and want the ability to get email-based technical support during business hours as well as general architectural guidance as you build and test. This plan only supports general architectural guidance on how services can be used for various use cases, workloads, or applications. This plan provides access to just the core Trusted Advisor checks from the Service Quota and basic Security checks. You do not get access to Infrastructure Event Management with this plan.

Answer 43

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS, bypassing the internet to deliver more consistent, lower-latency performance. AWS Direct Connect can establish a private connectivity between AWS and your datacenter, office, or colocation environment, which in many cases can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections. When creating a new connection, you can choose a hosted connection provided by an AWS Direct Connect Delivery Partner, or choose a dedicated connection from AWS—and deploy at over 100 AWS Direct Connect locations around the world. AWS Direct Connect provides consistently high bandwidth, low-latency access and it is generally used between on-premises data centers and AWS network. Direct Connect is overkill for the given requirement. AWS Direct Connect can establish a private virtual interface from your on-premise network directly to your Amazon VPC, providing you with a private, high bandwidth network connection between your network and your VPC. This connection is private and does not go over the public internet. It takes at least a month to establish this physical connection.

Answer 44

AWS Elastic Beanstalk is an easy-to-use Platform as a Service (PaaS) model for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. You only manage data and applications. The user uploads code and AWS Elastic Beanstalk automatically handles the deployment, from capacity provisioning, load balancing, auto-scaling to application health monitoring. At the same time, you retain full control over the AWS resources powering your application and can access the underlying resources at any time. There is no additional charge for AWS Elastic Beanstalk - you pay only for the AWS resources needed to store and run your applications. AWS Elastic Beanstalk provisions servers so it is not a serverless service. You cannot use Beanstalk to distribute incoming traffic across multiple targets.

Answer 45

AWS Elastic Load Balancing (ELB) automatically distributes incoming application or network traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions that you are running in one or more Availability Zones (AZs). You can use Elastic Load Balancing to manage incoming requests by optimally routing traffic so that no one instance is overwhelmed. Your load balancer acts as a single point of contact for all incoming web traffic to your application. When an instance is added, it needs to register with the load balancer or no traffic is routed to it. When an instance is removed, it must deregister from the load balancer or traffic continues to be routed to it. Elastic Load Balancing (ELB) scales your load balancer as traffic to your application changes over time. It can automatically scale to the vast majority of workloads. Elastic Load Balancing (ELB) cannot be used to improve application availability and performance using the AWS global network. This falls under Horizontal Scaling.

Answer 46

AWS Fargate is a serverless compute engine for (Docker) containers. It works with both Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Kubernetes Service (Amazon EKS). AWS Fargate makes it easy for you to focus on building your applications. AWS Fargate removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design. AWS Fargate allocates the right amount of compute, eliminating the need to choose instances and scale cluster capacity. You only pay for the resources required to run your containers, so there is no over-provisioning and paying for additional servers. AWS Fargate runs each task or pod in its kernel providing the tasks and pods their own isolated compute environment. This enables your application to have workload isolation and improved security by design. You don't need to provision and maintain the infrastructure (=no EC2 instances to manage). It is Serverless.

Answer 47

AWS Global Accelerator is a networking service that improves the availability, performance, and security of your public applications with local or global users, but it cannot be used on S3. It provides two global static public IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions, such as your Application Load Balancers, Network Load Balancers, Amazon EC2 instances, and elastic IPs. AWS Global Accelerator uses the AWS global network to optimize the path from your users to your applications, improving the performance of your traffic by as much as 60%.

Answer 48

AWS Glue is a fully managed extract, transform, and load (ETL) serverless data integration service that makes it easier to discover, prepare, move, and integrate data from multiple sources for analytics, machine learning (ML), and application development. AWS Glue job is meant to be used for batch ETL data processing. It cannot be used to discover and protect your sensitive data in AWS.

Answer 49

AWS Identity and Access Management (AWS IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. IAM enables security best practices by allowing you to grant unique security credentials to users and groups to specify which AWS service APIs and resources they can access. These features make IAM an important service for the overall security of AWS resources in your account. IAM is secure by default; users have no access to AWS resources until permissions are explicitly granted. IAM is a feature of your AWS account offered at no additional charge. It is a global service.

Answer 50

AWS Key Management Service (AWS KMS) makes it easy for you to create, manage, and control cryptographic keys and control their use across a wide range of AWS services and in your applications. It is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2 (cryptographic modules standard), or are in the process of being validated, to protect your keys. An AWS KMS key is a logical representation of a cryptographic key. A KMS key contains metadata, such as the key ID, key spec, key usage, creation date, description, and key state. Most importantly, it contains a reference to the key material that is used when you perform cryptographic operations with the KMS key. The KMS keys that you create are customer managed keys (CMK). Customer managed keys are KMS keys in your AWS account that you create, own, and manage. You have full control over these KMS keys, including establishing and maintaining their key policies, IAM policies, and grants, enabling and disabling them, rotating their cryptographic material, adding tags, creating aliases that refer to the KMS keys, and scheduling the KMS keys for deletion.

Answer 51

AWS Lambda is a serverless compute service that lets you run code and build applications without provisioning or managing servers. AWS Lambda executes your code only when needed and scales automatically, from a few requests per day to thousands per second. You pay only for the compute time and the number of requests you consume for your Lambda function - there is no charge when your code is not running. With AWS Lambda, you can run code for virtually any type of application or backend service - all with zero administration. AWS Lambda runs and scales your code on a high-availability compute infrastructure and performs all of the administration of the compute resources, including server and operating system maintenance, capacity provisioning and automatic scaling, code monitoring and logging. The lambda has a maximum execution time of 15 minutes, so it can be used to run this log backup process. You cannot use AWS Lambda to store and deploy docker container images. Lambda cannot be used to monitor CPU utilization for EC2 instances or send emails. AWS Lambda is serverless, so you don't get access to the underlying OS. AWS Lambda does not support running container applications. Lambda cannot be used to decouple components of a microservices-based application.

Answer 52

AWS Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts. AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Using AWS Organizations, you can automate account creation, create groups of accounts to reflect your business needs, and apply policies for these groups for governance. You can also simplify billing by setting up a single payment method for all of your AWS accounts. AWS Organizations is available to all AWS customers at no additional charge. AWS Organizations cannot help in identifying the right AWS services to build solutions on AWS Cloud.

Answer 53

AWS Pricing Calculator lets you explore AWS services and create an estimate for the cost of your use cases on AWS. You can model your solutions before building them, explore the price points and calculations behind your estimate, and find the available instance types and contract terms that meet your needs. This enables you to make informed decisions about using AWS. You can plan your AWS costs and usage or price out setting up a new set of instances and services. AWS Pricing Calculator can be accessed at https://calculator.aws/#/.

Answer 54

The AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. AWS Professional Services consultants can supplement your team with specialized skills and experience that can help you achieve quick results.

Answer 55

AWS Regions are a cluster of data centers, and are geographical constructs composed of two or more Availability Zones.

Answer 56

AWS Secrets Manager helps you protect secrets needed to access your applications, services, and IT resources. The service enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle. Users and applications retrieve secrets with a call to AWS Secrets Manager APIs, eliminating the need to hardcode sensitive information in plain text. With Secrets Manager, you pay based on the number of secrets stored and API calls made. It cannot be used to discover and protect your sensitive data in AWS. You cannot use AWS Secrets Manager for creating and using your own keys for encryption on AWS services. Secrets Manager cannot be used as a Hardware Security Module for data encryption operations in AWS Cloud. You cannot use AWS Secrets Manager to set up consolidated billing and a single payment method for multiple AWS accounts. Secrets Manager cannot be used for security assessment of applications deployed on AWS.

Answer 57

AWS Shield is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection. There are two tiers of AWS Shield - Standard and Advanced. Shield is general protection against DDos attacks for all resources in the AWS network, and not an instance-level security assessment service. Shield cannot be used to check OS vulnerabilities. AWS Shield cannot be used to block users from certain geographies. AWS Shield cannot be used to handle resource-specific security on AWS.

Answer 58

The AWS Snow Family is a service that helps customers who need to run operations in austere, non-data center environments, and in locations where there's no consistent network connectivity.

Answer 59

Snowball Edge is best-suited to move petabytes of data and offers computing capabilities.

Answer 60

AWS Snowcone is a small, portable, rugged, and secure edge computing and data transfer device. It provides up to 8 TB of usable storage.

Answer 61

Snowmobile is used to move exabytes of data in or out of AWS (1 EB=1,000PBs=1,000,000TBs). You should use Snowmobile if you'd like to move more than 10PBs of data.

Answer 62

AWS Software Developer Kit (SDKs) take the complexity out of coding by providing language-specific APIs and libraries for AWS services. For example, the AWS SDK for JavaScript simpliﬁes the use of AWS Services by providing a set of libraries that are consistent and familiar for JavaScript developers. It provides support for API lifecycle considerations such as credential management, retries, data marshaling, serialization, and deserialization. AWS SDKs are offered in several programming languages to make it simple for developers working on different programming and scripting languages. So, AWS SDK can help with using AWS services from within an application using language-specific APIs. It is not used to deploy infrastructure using familiar programming languages.

Answer 63

AWS Step Functions service lets you coordinate multiple AWS services into serverless workflows. You can design and run workflows that stitch together services such as AWS Lambda, AWS Glue and Amazon SageMaker. AWS Step Functions cannot be used to decouple components of a microservices-based application. Step Function cannot be used to run a process on a schedule.

Answer 64

AWS Storage Gateway is a hybrid cloud storage service that connects users' existing on-premises environments to access virtually unlimited cloud storage and AWS storage infrastructure in the cloud, providing a secure and seamless integration between the two. Customers use AWS Storage Gateway to simplify storage management and reduce costs for key hybrid cloud storage use cases. These include moving tape backups to the cloud, reducing on-premises storage with cloud-backed file shares, providing low latency access to data in AWS for on-premises applications, as well as various migration, archiving, processing, and disaster recovery use cases. AWS Storage Gateway service provides three different types of gateways – Tape Gateway, File Gateway, and Volume Gateway – that seamlessly connect on-premises applications to cloud storage, caching data locally for low-latency access.

Answer 65

AWS Systems Manager is the operations hub for AWS. It gives you visibility and control of your infrastructure on AWS. AWS Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. AWS Systems Manager can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS instances, by application, view operational data for monitoring and troubleshooting, and take action on your groups of resources. Secrets Manager cannot be used to run a process on a schedule. It automates operational tasks for Amazon EC2 instances or Amazon RDS instances. Systems Manager simplifies resource and application management, views operational data for monitoring and troubleshooting, implements pre-approved change workflows, audits operational changes for your groups of resources, shortens the time to detect and resolve operational problems, and makes it easier to operate and manage your infrastructure at scale. It is used for patching systems at scale.

Answer 66

AWS Trusted Advisor is an online tool that provides real-time guidance to help provision your resources following AWS best practices on cost optimization, security, fault tolerance, service limits, and performance improvement. Whether establishing new workflows, developing applications, or as part of ongoing improvement, recommendations provided by AWS Trusted Advisor regularly help keep your solutions provisioned optimally. All AWS customers get access to the seven core Trusted Advisor checks to help increase the security and performance of the AWS environment. AWS Trusted Advisor analyzes your AWS environment and provides best practice recommendations in five categories: Cost Optimization, Performance, Security, Fault Tolerance, Service Limits. Trusted Advisor does not describe prohibited uses of the web services offered by Amazon Web Services. Trusted Advisor cannot be used for assessing vulnerabilities for applications deployed on AWS. Trusted Advisor cannot be used to prevent Distributed Denial-of-Service (DDoS) attack.

Answer 67

AWS Virtual Private Network (VPN) solutions establish secure connections between on-premises networks, remote offices, client devices, and the AWS global network. AWS VPN is comprised of two services: AWS Site-to-Site VPN and AWS Client VPN. Together, they deliver a highly-available, managed, and elastic cloud VPN solution to protect your network traffic.

Answer 68

AWS Wavelength is an AWS Infrastructure offering optimized for mobile edge computing applications. Wavelength combines the high bandwidth and ultra-low latency of 5G networks with AWS compute and storage services to enable developers to innovate and build a whole new class of applications. AWS Wavelength extends the AWS cloud to a global network of 5G edge locations to enable developers to innovate and build a whole new class of applications that require ultra-low latency. Wavelength Zones provide a high-bandwidth, secure connection to the parent AWS Region, allowing developers to seamlessly connect to the full range of services in the AWS Region through the same APIs and toolsets.

Answer 69

AWS Web Application Firewall (AWS WAF) is a web application firewall that helps protect web applications or APIs by giving you control over how traffic reaches your applications. It gives protection against common web exploits and attacks that may affect availability, compromise security, or consume excessive resources by allowing you to configure security rules that allow, block, or monitor (count) web requests with common attack patterns based on conditions that you define, such as IP addresses, HTTP headers, HTTP body, URI strings, SQL injection, and cross-site scripting. You can configure web access control lists (Web ACLs) on your Amazon CloudFront distributions or Application Load Balancers to filter and block requests based on request signatures. Besides, by using AWS WAF's rate-based rules, you can automatically block the IP addresses of bad actors when requests matching a rule exceed a threshold that you define. You can use the IP address based match rule to block specific geographies. The accuracy of the IP Address to country lookup database varies by Region. You can also use rate-based rules to mitigate the Web layer DDoS attack. Based on recent tests, AWS mentions that the overall accuracy for the IP address to country mapping is 99.8%. AWS WAF cannot be used to handle resource-specific security on AWS. It lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon API Gateway API, an Amazon CloudFront distribution, or an Application Load Balancer. AWS WAF charges based on the number of web access control lists (web ACLs) that you create, the number of rules that you add per web ACL, and the number of web requests that you receive (it is not a free service).

Answer 70

The AWS Well-Architected Framework provides guidance on building secure, high-performing, resilient, and efficient infrastructure for cloud based applications. Based on six pillars — operational excellence, security, reliability, performance efficiency, cost optimization and sustainability — the Framework provides a consistent approach for customers and partners to evaluate architectures, and implement designs that will scale over time.

Answer 71

AWS X-Ray can analyze and debug serverless and distributed applications such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.

Answer 72

Apache Hadoop is an open source framework that is used to efficiently store and process large datasets ranging in size from gigabytes to petabytes of data. Instead of using one large computer to store and process the data, Hadoop allows clustering multiple computers to analyze massive datasets in parallel more quickly.

Answer 73

Hadoop Distributed File System (HDFS) is a distributed file system that runs on standard or low-end hardware. HDFS provides better data throughput than traditional file systems, in addition to high fault tolerance and native support of large datasets.

Answer 74

Access advisor shows the service permissions granted to a user and when those services were last accessed.

Answer 75

IAM Access Analyzer uses provable security to analyze external access and validate that your policies match your specified corporate security standards.

Answer 76

An Internet Gateway is a horizontally scaled, redundant, and highly available VPC component that allows communication between instances in your VPC and the internet. An internet gateway serves two purposes: to provide a target in your VPC route tables for internet-routable traffic and to perform network address translation (NAT) for instances. Internet Gateway cannot be used to privately connect on-premises data center to AWS Cloud. It imposes no availability risks or bandwidth constraints on your network traffic. You cannot use an Internet Gateway to interconnect your on-premises network with AWS Cloud.