Key Terms

Question 1

TCP

Answer 1

Transmission Control Protocol

Question 2

VPC

Answer 2

Virtual Private Cloud

Question 3

access key

Answer 3

A special set of keys linked to a specific AWS IAM user.

Question 4

ACID

Answer 4

The storage consistency of a relational database, based on atomicity, consistency, isolation, and durability.

Question 5

active-active

Answer 5

Multi-region active-active deployment of resources across multiple regions for workloads requiring high availability and failover.

Question 6

alarm

Answer 6

A warning issued when a single metric crosses a set threshold over a defined number of time periods.

Question 7

Amazon CloudFront

Answer 7

The AWS content delivery network (CDN) hosted in all edge locations.

Question 8

Amazon EBS

Answer 8

Amazon Elastic Block Store (EBS)
A virtual hard disk block storage device that is attached to Amazon EC2 instances.
EBS is not mountable outside the AZ. EBS volumes do not provide NFS mounts

Question 9

Amazon Elastic Compute Cloud (EC2)

Answer 9

A web service that provides secure, resizable compute capacity in the cloud. It enables you to launch and manage virtual servers, called Amazon Elastic Compute Cloud (EC2) instances, in the AWS cloud.

Question 10

Amazon ElastiCache

Answer 10

A distributed in-memory data store.

Question 11

AMI

Answer 11

Amazon Machine Image
A template of an instance’s root drive.

Question 12

application programming interface (API)

Answer 12

A defined set of protocols that enables applications and services to communicate with each other.

Question 13

archive

Answer 13

An Amazon S3 Glacier grouping of compressed and encrypted files.

Question 14

asymmetric key

Answer 14

One key of a public/private key pair.

Question 15

Auto Scaling

Answer 15

An AWS service that adjusts compute capacity to maintain desired performance.

Question 16

ASG

Answer 16

Auto Scaling Group
A group of Amazon EC2 instances that is controlled (that is, scaled up, scaled down, or maintained) using the EC2 Auto Scaling service.

Question 17

availability zone (AZ)

Answer 17

An insulated separate location within a region that contains at least one data center.

Question 18

AWS Artifact

Answer 18

Allows AWS customers to review the compliance standards supported by AWS.

Question 19

AWS Direct Connect

Answer 19

A dedicated private fiber connection to AWS VPCs or AWS public services.

Question 20

access control list (ACL)

Answer 20

A list that enables you to control access to Amazon S3 buckets by granting read/write permissions to other AWS accounts.

Question 21

AWS Identity and Access Management (IAM)

Answer 21

The hosted security system for the AWS cloud that controls access to AWS resources.

Question 22

AWS Key Management Service (KMS)

Answer 22

An AWS service that centrally manages AWS customers’ cryptographic keys and policies across AWS services that require data encryption.

Question 23

AWS well-architected framework

Answer 23

A framework for designing, deploying, and operating workloads hosted at AWS.

Question 24

block storage

Answer 24

Data records stored in blocks on a storage area network.

Question 25

bucket

Answer 25

The storage unit for an Amazon S3 object.

Question 26

bucket policy

Answer 26

A resource policy that is assigned directly to a storage entity such as an Amazon S3 bucket.

Question 27

burst capacity

Answer 27

The ability of a storage unit or a compute instance to increase processing power for a short period of time.

Question 28

burst credits

Answer 28

Performance credits that make it possible to burst above a defined performance baseline.

Question 29

capacity units

Answer 29

A measure of Amazon DynamoDB performance in terms of either reading or writing.

Question 30

certificate authority (CA)

Answer 30

A company or an entity that validates the identities of websites or domains using cryptographic public/private keys.

Question 31

CloudWatch log group

Answer 31

A group that logs information in near real time.

Question 32

codebase

Answer 32

The body of source code for a software program or application.

Question 33

cold storage

Answer 33

Infrequently accessed storage.

Question 34

condition

Answer 34

Special rule in a permission policy.

Question 35

connection draining

Answer 35

The process of deregistering (removing) a registered instance from a load balancer target group.

Question 36

cooldown period

Answer 36

A defined time period when no changes are allowed.

Question 37

cost allocation tags

Answer 37

Tags that are used to categorize and track AWS costs displayed with monthly and hourly cost allocation reports.

Question 38

Cost and Usage Report (CUR)

Answer 38

Tracks your AWS usage and provides estimated charges associated with your account for the current month.

Question 39

data consistency

Answer 39

A definition of how data records are either the same or not the same due to replication.

Question 40

data transfer

Answer 40

Incoming (ingress) and outgoing (egress) packet flow.

Question 41

defense in depth (DiD)

Answer 41

Deployment of multiple security controls (physical, administrative, and technical) to protect a hosted workload.

Question 42

dependencies

Answer 42

Cloud services, applications, servers, and various technology components that depend upon each other when providing a business solution.

Question 43

distributed session

Answer 43

A user session for which user state information is held in a separate durable storage location.

Question 44

DHCP

Answer 44

Dynamic Host Configuration Protocol

Question 45

EBS

Answer 45

Amazon Elastic Block Storage (EBS).

Question 46

EC2

Answer 46

Amazon Elastic Compute Cloud (EC2).

Question 47

ECR

Answer 47

Elastic Container Registry

Question 48

ECS

Answer 48

Elastic Container Service

Question 49

EFS

Answer 49

Amazon Elastic File System (EFS)
EFS can provide a simple NFS mount point. These mount points can be accessed and mounted from outside the VPC, either in another region, via VPN or VPC peering, or over a Direct Connect or VPN connection to an on-premises location

Question 50

egress-only Internet gateway (EOIG)

Answer 50

A one-way gateway connection for EC2 instances with IPv6 addresses.

Question 51

EKS

Answer 51

Elastic Kubernetes Service

Question 52

Elastic IP (EIP) address

Answer 52

A static public IP address that is created and assigned to your AWS account.

Question 53

endpoint

Answer 53

A location where communication is made; a private connection from a VPC to AWS services.

Question 54

ENI

Answer 54

Elastic Network Interface

Question 55

ephemeral storage

Answer 55

Temporary local block storage.

Question 56

event notification

Answer 56

Communications about changes in the application stack.

Question 57

externally authenticated user

Answer 57

A user that has authenticated outside Amazon before requesting access to AWS resources.

Question 58

FedRAMP

Answer 58

Federal Risk and Authorization Management Program, establishes the security requirements for usage of cloud services for federal government agencies.

Question 59

health check

Answer 59

A status check for availability.

Question 60

high availability

Answer 60

A group of compute resources that continue functioning even when some of the components fail.

Question 61

IAM group

Answer 61

A group of AWS IAM users.

Question 62

IAM role

Answer 62

A permission policy that provides temporary access to AWS resources.

Question 63

IAM

Answer 63

AWS Identity and Access Management (IAM).

Question 64

immutable

Answer 64

During deployment and updates components are replaced rather than changed.

Question 65

IOPS

Answer 65

Input-Output Operations per Second
A performance specification that defines the rate of input and output per second when storing and retrieving data.

Question 66

Internet gateway (IG)

Answer 66

An AWS connection to the Internet for a virtual private cloud (VPC).

Question 67

KMS

Answer 67

AWS Key Management Service (KMS).

Question 68

key-value

Answer 68

An item of data where the key is the name and the value is the data.

Question 69

Lambda@Edge

Answer 69

A custom-created function to control ingress and egress Amazon CloudFront traffic.

Question 70

launch template

Answer 70

A set of detailed EC2 instance installation and configuration instructions.

Question 71

lifecycle hook

Answer 71

A custom action to be performed before or after an Amazon EC2 instance is added to or removed from an Auto Scaling Group.

Question 72

lifecycle policy

Answer 72

A set of rules for controlling the movement of Amazon S3 objects between S3 storage classes.

Question 73

lifecycle rules

Answer 73

Rules that allow customers to transition backups that are stored in warm storage to cheaper cold storage.

Question 74

listener

Answer 74

A load balancer process that checks for connection requests using the defined protocols and ports.

Question 75

load balancer capacity unit (LCU)

Answer 75

Defines the maximum resource consumed calculated on new connections, active, connections, bandwidth, and rule evaluations.

Question 76

Local Zone

Answer 76

A single deployment of compute, storage, and select services close to a large population center.

Question 77

metric

Answer 77

Data collected for an AWS CloudWatch variable.

Question 78

mount point

Answer 78

A logical connection to a directory in a file system; a method to attach Amazon EFS storage to a Linux workload.

Question 79

multi-factor authentication (MFA)

Answer 79

Authentication that involves multiple factors, such as something you have and something you know.

Question 80

multipart upload

Answer 80

An upload in which multiple parts of a file are synchronously uploaded.

Question 81

NACL

Answer 81

Network Access Control Lists
A stateless subnet firewall that protects both inbound and outbound subnet traffic.

Question 82

NAT

Answer 82

Network Address Translation

Question 83

NAT gateway service

Answer 83

A service that provides indirect Internet access to Amazon EC2 instances that are located on private subnets.

Question 84

Nitro

Answer 84

The latest AWS hypervisor, which replaces the Xen hypervisor and provides faster networking, compute, encryption, and management services.

Question 85

NoSQL

Answer 85

A database that does not follow SQL rules and architecture, hence the name “no” SQL.

Question 86

NVMe

Answer 86

Non-Volatile Memory Express, a standard hardware interface for SSD drives connected using PCI Express bus.

Question 87

object storage

Answer 87

Data storage as a distinct object with associated metadata containing relevant information.

Question 88

origin access identity (OAI)

Answer 88

A special AWS IAM user account that is provided the permission to access the files in an Amazon S3 bucket.

Question 89

origin failover

Answer 89

An alternate data source location for Amazon CloudFront distributions.

Question 90

password policy

Answer 90

A policy containing global password settings for AWS account IAM users.

Question 91

peering connection

Answer 91

A private networking connection between two VPCs or two transit gateways.

Question 92

Pilot light

Answer 92

An active/passive disaster recovery design that involves maintaining a limited set of compute and data records to be used in case of a disaster to the primary application resources. The compute records are turned off until needed, but the data records are active and are kept up-to-date.

Question 93

primary database

Answer 93

The primary copy of database records.

Question 94

queue

Answer 94

A redundant storage location for messages and application state data for processing.

Question 95

read capacity unit

Answer 95

One strongly consistent read per second, or two eventually consistent reads per second, for items up to 4 KB in size.

Question 96

read replica

Answer 96

A read-only copy of a linked primary database.

Question 97

recovery point objective (RPO)

Answer 97

A metric that specifies the acceptable amount of data that can be lost within a specified period.

Question 98

recovery time objective (RTO)

Answer 98

A metric that specifies the maximum length of time that a service can be down after a failure has occurred.

Question 99

region

Answer 99

A set of AWS cloud resources in a geographic area of the world.

Question 100

regional edge cache

Answer 100

A large throughput cache found at an edge location that provides extra cache storage.

Question 101

regional endpoint

Answer 101

A device that provides HTTPS access to AWS services within a defined AWS region.

Question 102

reliability

Answer 102

The reasonable expectation that an application or service is available and performs as expected.

Question 103

Reserved instance

Answer 103

An Amazon EC2 instance for which you have prepaid.

Question 104

RPO

Answer 104

recovery point objective (RPO).

Question 105

RTO

Answer 105

recovery time objective (RTO).

Question 106

SG

Answer 106

Security Group

Question 107

scale out

Answer 107

To increase compute power automatically.

Question 108

scaling policy

Answer 108

A policy that describes the type of scaling of compute resources to be performed.

Question 109

security group

Answer 109

A stateful firewall protecting Amazon EC2 instances’ network traffic.

Question 110

Server Message Block (SMB)

Answer 110

A network protocol used by Windows systems on the same network to store files.

Question 111

serverless

Answer 111

A type of computing in which compute servers and integrated services are fully managed by AWS.

Question 112

server-side encryption (SSE)

Answer 112

Encryption of data records at rest by an application or a service.

Question 113

service-level agreement (SLA)

Answer 113

A commitment between a cloud service provider and a customer indicating the minimum level of service to be maintained.

Question 114

service-level indicator (SLI)

Answer 114

Indicates the quality of service an end user is receiving at a given time. SLIs are measured as a level of performance.

Question 115

service-level objective (SLO)

Answer 115

An agreement defined as part of each service-level agreement. Objectives could be uptime or response time.

Question 116

service quota

Answer 116

A defined limit for AWS services created for AWS accounts.

Question 117

simple scaling

Answer 117

Scaling instances up or down based on a single AWS CloudWatch metric.

Question 118

SLA

Answer 118

service-level agreement (SLA).

Question 119

snapshot

Answer 119

A point-in-time incremental backup of an EBS volume.

Question 120

Snow device

Answer 120

A variety of network-attached storage devices that can be used to transfer and receive data records to and from Amazon S3 storage.

Question 121

standby database

Answer 121

A synchronized copy of a primary database that is available in the event of a failure.

Question 122

stateful

Answer 122

Refers to a service that requires knowledge of all internal functions.

Question 123

stateless

Answer 123

Refers to a self-contained redundant service that has no knowledge of its place in the application stack.

Question 124

step scaling

Answer 124

Scaling up or down by percentages.

Question 125

sticky session

Answer 125

A user session for which communication is maintained with the initial application server for the length of the session. It ensures that a client is bound to an individual backend instance.

Question 126

Structured Query Language (SQL)

Answer 126

The de facto programming language used in relational databases.

Question 127

subnet

Answer 127

A defined IP address range hosted within a VPC.

Question 128

symmetric key

Answer 128

A key that can both lock and unlock.

Question 129

T instance

Answer 129

An instance provided with a baseline of compute performance.

Question 130

table

Answer 130

A virtual structure in which Amazon DynamoDB stores items and attributes.

Question 131

target group

Answer 131

A group of registered instances that receives specific traffic from a load balancer.

Question 132

task definition

Answer 132

A blueprint that describes how a Docker container should launch.

Question 133

Throughput Optimized

Answer 133

An EBS hard disk drive (HDD) volume option that provides sustained throughput of 500 Mb/s.

Question 134

tiered pricing

Answer 134

The more you use the less you are charged.

Question 135

time to live (TTL)

Answer 135

A value that determines the storage time of an Amazon CloudFront cache object.

Question 136

uptime

Answer 136

the percentage of time that a website is able to function during the course of a calendar year.

Question 137

user state

Answer 137

Data that identifies an end user and the established session between the end user and a hosted application.

Question 138

versioning

Answer 138

A process in which multiple copies of Amazon S3 objects, including the original object, are saved.

Question 139

virtual private cloud (VPC)

Answer 139

A logically isolated virtual network in the AWS cloud.

Question 140

virtual private gateway (VPG)

Answer 140

The AWS side of a VPN connection to a VPC.

Question 141

warm standby

Answer 141

An active/passive disaster recovery design that maintains a limited set of compute and data records that are both on and functioning. When the primary application resources fail, the warm standby resources are resized to production values.

Question 142

write capacity unit (WCU)

Answer 142

One write per second for items up to 1 KB in size.

Question 143

write-once/read-many (WORM)

Answer 143

A security policy that can be deployed on an Amazon S3 bucket or in S3 Glacier storage. The policy indicates that the contents can be read many times but are restricted from any further writes once the policy is enacted.

Question 144

zonal

Answer 144

Refers to an availability zone location.

Question 145

Amazon Timestream

Answer 145

is a fast and scalable serverless time series database designed to store and analyze trillions of events per day.

Question 146

AWS Backup

Answer 146

allowing you to schedule, copy, tag, and life cycle your DynamoDB on-demand backups automatically.

Question 147

VPC peering

Answer 147

is to connect two VPCs with low management overhead. VPC peering is perfect for simple VPC connectivity, such as connecting two VPCs. VPC peering works between AWS accounts and regions. Beyond creating the peering relationship and configuring the routing tables, there is no management with this solution.

Question 148

S3 Access Points

Answer 148

were created to simplify the use of varying access permissions with the same S3 bucket. You can create a separate S3 access for each group or service that requires access to S3 objects, with each point having its own Access Points policy.

Question 149

AWS Transfer Family

Answer 149

includes FTP, SFTP, and FTPS. Using this service would require no changes for companies accessing the shared data.

Question 150

AWS Config

Answer 150

can record all changes and alert through AWS Config rules and inventory. AWS Config can also provide relationship details across account resources. AWS Change Control is a made-up service name. Amazon CloudWatch is not designed to provide inventory, relationships, and record changes. AWS CloudTrail will log the API calls but cannot provide inventory

Question 151

AWS Cost Explorer

Answer 151

Visualize and manage AWS costs and usage over a daily or monthly granularity.

Question 152

TLD

Answer 152

Top Level Domain

Question 153

Service Quotas

Answer 153

utility is used to request a quota increase through AWS support.

Question 154

Elastic Fabric Adapter

Answer 154

provides the best networking performance, much faster than an elastic network interface.

Question 155

Compute Savings Plan

Answer 155

provides deep discounts for both EC2 instances and containers managed by AWS Fargate.

Question 156

DynamoDB on-demand

Answer 156

offers simple pay-per-request pricing for read and write requests so that you only pay for what you use, making it easy to balance costs and performance. For tables using on-demand mode, DynamoDB instantly accommodates customers’ workloads as they ramp up or down to any previously observed traffic level.