Merge 1 Flashcards

Question 1

Q

AWS Global Infrastructure consists of…

Answer

A

Regions2. Availability Zones3. Edge Locations

Question 2

Q

What is a Region?

Answer

A

A Region is a geographical area.

Question 3

Q

What is an Availability Zone?

Answer

A

An Availability Zone (AZ) is simply a data center.

Question 4

Q

What is an Edge Location?

Answer

A

Edge locations are CDN endpoints for CloudFront.

Question 5

Q

Why are AZs isolated/independent from one another?

Answer

A

E.g. in case there is a flood in one, the other won’t be affected. Low latency between each AZ.

Question 6

Q

VPC

Answer

A

Virtual data center

Question 7

Q

Route53

Answer

A

DNS service

Question 8

Q

CloudFront

Answer

A

CDN - edge locations to cache files

Question 9

Q

Direct Connect

Answer

A

connect physical datacenter to AWS directly using a dedicated phone line

Question 10

Q

Use Direct Connect when…

Answer

A

…you need a very reliable internet connection for pushing lots of data to AWS or down from AWS

Question 11

Q

EC2

Answer

A

virtual machines in cloud

Question 12

Q

Elastic Beanstalk

Answer

A

deploy code to AWS, AWS provisions infrastructure

Question 13

Q

Lambda

Answer

A

upload code, code will respond to events

Question 14

Q

S3

Answer

A

Virtual disk in the cloud where you can store objects (files). Don’t use to store DBs or OSs or apps

Question 15

Q

Glacier

Answer

A

Archive files from S3

Question 16

Q

EFS (Elastic File Service)

Answer

A

Block-based storage that you can share (can install DBs, apps, etc)

Question 17

Q

Storage Gateway

Answer

A

Virtual machine that connects S3 to your on-premises datacenter

Question 18

Q

RDS

Answer

A

relational database service

Question 19

Q

DynamoDB

Answer

A

nonrelational database

Question 20

Q

RedShift

Answer

A

data warehousing

Question 21

Q

Elasticache

Answer

A

cache data in cloud (takes load off of database)

Question 22

Q

Snowball

Answer

A

move terabytes of data into cloud

Question 23

Q

DMS

Answer

A

migrate on-premise database to the cloud, migrate databases inside AWS to other regions or services. no down time, can convert databases

Question 24

Q

EMR

Answer

A

big data processing. know what it is and how to access it

Question 25

Q

Kinesis

Answer

A

streaming and analyzing real-time data at massive scale

Question 26

Q

Cloud Search/Elastic Search

Answer

A

if you need to create search capabilities for website

Question 27

Q

Data Pipeline

Answer

A

move data from one place to another

Question 28

Q

IAM

Answer

A

sign in, authenticate, manage users and permissions

Question 29

Q

Inspector

Answer

A

agent installed on VMs, inspects and reports on security

Question 30

Q

Certificate Manager

Answer

A

free SSL certificate for domains

Question 31

Q

Directory Service

Answer

A

Using Active Directory, connects active directory to AWS

Question 32

Q

WAF

Answer

A

give application-level protection to your website

Question 33

Q

Artifacts

Answer

A

compliance documentation in AWS console

Question 34

Q

CloudWatch

Answer

A

monitor performance

Question 35

Q

CloudFormation

Answer

A

document that turn infrastructure into code

Question 36

Q

CloudTrail

Answer

A

audits AWS resources

Question 37

Q

Opsworks

Answer

A

automates deployments using Chef

Question 38

Q

Config

Answer

A

monitors/audits environment, can set alerts based on compliance

Question 39

Q

Trusted Advisor

Answer

A

automated way of scanning environment, giving security tips

Question 40

Q

SWF

Answer

A

coordinating automated and human tasks

Question 41

Q

API Gateway

Answer

A

door for apps to access backend data

Question 42

Q

Elastic Transcoder

Answer

A

Changes video format to suitable devices

Question 43

Q

CodeCommit

Question 44

Q

CodeBuild

Answer

A

compile code

Question 45

Q

CodeDeploy

Answer

A

deploys code to EC2 instances

Question 46

Q

CodePipeline

Answer

A

keep track of all versions of code

Question 47

Q

Mobile Hub

Answer

A

design mobile apps

Question 48

Q

Cognito

Answer

A

sign in w/ Identity Federation

Question 49

Q

Device Farm

Answer

A

mobile testing

Question 50

Q

Mobile Analytics

Answer

A

analyze mobile data

Question 51

Q

WorkSpaces

Answer

A

have desktop in cloud

Question 52

Q

SNS

Answer

A

task notification

Question 53

Q

SQS

Answer

A

queue system to decouple apps

Question 54

Q

SES

Answer

A

send/receive emails

Question 55

Q

AWS Global Infrastructure consists of…

Answer

A

Regions, Availability Zones, Edge Locations

Question 56

Q

What is a Region?

Answer

A

A Region is a geographical area. Each Region consists of 2 or more Availability Zones.

Question 57

Q

What is an Availability Zone?

Answer

A

An Availability Zone (AZ) is simply a data center.

Question 58

Q

What are Availability Zones, physically?

Answer

A

They are facilities that are close to each other but not dependent on one another. For example, one AZ in Manhattan, another in New Jersey.

Question 59

Q

Why are AZs isolated/independent from one another?

Answer

A

E.g. in case there is a flood in one (e.g. Manhattan), the other (NJ) won’t be affected.

Question 60

Q

T/F: There is low latency between 2 AZs in the same region.

Question 61

Q

What is an Edge Location?

Answer

A

Edge locations are CDN endpoints for CloudFront.

Question 62

Q

What is an example of what CDN used for?

Answer

A

To cache large media files in the cloud. Example: if I am a user in NY and if I want to download a video hosted in Australia, the first time, the video has to travel to the edge location in NY prior to downloading. Next time, the video would be cached at the NY edge location.

Question 63

Q

Think of VPC as…

Answer

A

…a logical datacenter.

Question 64

Q

Where do you deploy a VPC?

Answer 62

A

Amazon VPC lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define.

Answer 63

A

You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

Answer 64

A

Create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems (e.g. databases, application servers) in a private-facing subnet with no internet access

Answer 65

A

…security groups and Network ACLs to help control access to EC2 instances in each subnet.

Answer 66

A

10.0.0.0-10.255.255.255 (10/8 prefix)
172.16.0.0-172.31.255.255 (172.16/12 prefix)
192.168.0.0-192.168.255.255 (192.168/16 prefix)

Answer 67

A

Internet Gateway, Virtual Private Gateway

Answer 68

A

Allows you to connect to the Internet

Answer 69

A

Allows you to terminate VPN connections

Answer 70

A

It routes traffic based on what is defined in the route tables

Answer 71

A

Internet-accessible subnet

Answer 72

A

Not Internet-accessible subnet

Answer 73

A

Webservers, bastion host

Answer 74

A

Database servers, application servers

Answer 75

A

Launch instances into a subnet of your choosing
Assign custom IP address ranges in each subnet
Configure route tables between subnets
Create internet gateway and attach it to our VPC
Much better security control over your AWS resources
Instance security groups
Subnet network access control lists (ACLs)

Answer 76

A

Whether a subnet is public or private

Answer 77

A

If one of the answers is “attach another IGW to the VPC,” DON’T PICK THAT ONE!

Answer 78

A

If you create a rule allowing traffic in, it automatically allows traffic out.

Answer 79

A

If you create a rule allowing traffic in, you need to create a rule allowing the traffic back out.

Answer 80

A

User friendly, allowing you to immediately deploy instances
All subnets in default VPC have a route out to the internet
Each EC2 instance has both a public and private IP address
If you delete the default VPC the only way to get it back is to contact AWS.

Answer 81

A

Allows you to connect one VPC with another via a direct network route using private IP addresses

Answer 82

A

Connect: VPC for monitoring services, VPC for Active Directory, Administration VPC, Production VPC, Dev VPC, Test VPC

Answer 83

A

Peer VPCs with Dev account, Test account, Production account

Answer 84

A

Star configuration (1 central VPC peers with 4 other VPCs)

Answer 85

A

IGWs (or Virtual Private Gateways)
Route Tables
Network Access Control Lists
Subnets
Security Groups

Answer 86

A

A> Configure web server VPC security groups to allow traffic from your customers’ IPs

B> Configure your web servers to filter traffic based on the ELB’s “X-forwarded-for” header
A is obviously correct as security group can be configured to accept traffic from predefined customer IPs
You can leverage AWS WAF to configure your webserver and filter the traffic based of HTTP header passed by load balancer. Hence #B is correct
The security group can be configured to only allow the inbound or outbound traffic. When you allow certain inbound traffic in security group, the outbound traffic is automatically allowed because of the stateful nature. Hence #C is wrong
In case if you deny all outbound traffic in NACL it will accept the inbound traffic but outbound hence #D is wrong.

Answer 87

A

This can be summed up quite simply. The /16 or /24 is the number of mask bits in the CIDR address. The 16 signifies that should mask the first two octets. Leaving two additional octets for addressing needs. Each octet contains 255 addresses. Therefore a mask of /16 is 255 X 255 addresses or 65535.A /24 address is only masking 8 bits or 255 addresses. So in essense a mask of /16 is a lot more than a mask of /24.

Answer 88

A

a)amazon vpc supports vpcs from /16 to /28(in cidr)

Answer 89

A

a)main route table is created along with with vpcb)the main route table can be replaced with a custom route tableExplanations:
A is correct, as per AWS doc: “When you create a VPC, it automatically has a main route table.”
B is correct, as per AWS doc: “You cannot delete the main route table, but you can replace the main route table with a custom table that you’ve created”
C is totally wrong
D is wrong, as per AWS doc: “Each subnet must be associated with a route table, which controls the routing for the subnet. If you don’t explicitly associate a subnet with a particular route table, the subnet is implicitly associated with the main route table.”

Answer 90

A

The outbound tab is relevant where traffic originates from within the security group, whereas inbound rules are relevant from traffic originating from clients outside the security group.Taking your wordpress site example, assuming it is deployed on an instance secured by a security group for inbound traffic, say from a web browser you would want http 80 and https 443 open on inbound part of the security group whereas for Wordpress to pull updates to plugins you would want http 80 open on the outbound portion of the security group so it can poll remote plugin sites (either directly or via a nat). By default, there are no restrictions on outbound traffic, but if you wanted to limit the way in which your instance could reach out to the internet the this is one area in which you could do it.

Answer 91

A

Your approach to achieve HA for the use case you have described is ideal. if you wanted to take it a step further I’d also add an auto-scaling group so that if an instance dies in an AZ the auto-scaling group will recover it, but you’ll discover that anyway as you go through the course.Given you want to load-balance the backend instances, you have to think about which subnet(s) you’ll be launching them into, and here are 2 possible ways I have seen done:
1 - launch them into the frontend subnets; give the frontend instances access to hit the LBs via the LB security group, and give the LBs access to the backend instances via the backend’s SG.
2 - have another pair of subnets just for the LBs, and again do something similar with the SGs. You’ll need to adjust your route tables in order to put these new subnets in-between the other 2 sets. This of course presumes your VPC has enough spare IPs to allow for more subnets.
Similar to 1, it is possible to launch the LBs into the backend subnets. Usually it depends on which subnets you have room free for the LBs. Don’t forget to lock everything down security-wise with your SGs and network ACLs.

Answer 92

A

a) yes but only dedicated placement option which is seperately billable

Answer 93

A

VPC peering is simply a connection between two VPCs that enables you to route traffic between them using private IP addresses.

Answer 94

A

…as if they are within the same network.

Answer 95

A

between your own VPCs, or with a VPC in another AWS account within a single region

Answer 96

A

AWS uses the existing infrastructure of a VPC

Answer 97

A

False; VPC peering must occur between VPCs within a single region.

Answer 98

A

It will not work since VPCs with matching or overlapping CIDRs cannot be peered.

Answer 99

A

…is NOT supported!

Answer 100

A

Create VPC, which creates a main route table, default security group, and default network ACL.
Create 2 subnets.
Create and attach an IGW to the VPC.
Create another route table.
Associate the IGW and one of the subnets to the custom route table.
Launch instance in the public subnet with a security group allowing HTTP, HTTPS, SSH.
Launch instance in the private subnet with a security group allowing SSH, ICMP, .
Launch NAT instance or create NAT gateway or Bastion.
Create Network ACL mirroring security groups

Answer 101

A

Specifies IP address ranges

Answer 102

A

Between /16 and /28

Answer 103

A

Determines whether VPC and its assets are deployed onto shared hardware or dedicated hardware. Default is shared hardware.

Answer 104

A

Security concerns, e.g. regulatory requirements

Answer 105

A

Main route table, default security group, default network ACL

Answer 106

A

Subnets, Internet Gateway

Answer 107

A

1 Availability Zone

Answer 108

A

…create and attach an Internet Gateway, associate it with a route table, and associate the subnet with that route table. Additionally, enable auto-assign IP on that subnet.

Answer 109

A

Yes, it will be associated with the main route table by default

Answer 110

A

If there is a route out to the Internet from the main route table, all subnets in that route table will automatically be public, which is a security risk.

Answer 111

A

…when you launch an EC2 instance you can enable auto-assign there.

Answer 112

A

…you can allocate an Elastic IP address to it

Answer 113

A

…traffic will be sourced from the public subnet.

Answer 114

A

…you need to copy/paste your keypair into the public instance and chmod 600

Answer 115

A

…allow ICMP on the private instance and ping the private IP from the public instance

Answer 116

A

…you need a way for that instance to access the Internet (NAT instance or NAT gateway)

Answer 117

A

…use a NAT instance or a NAT gateway and allow a route out from the private route table > NAT > Internet.

Answer 118

A

…search “nat” in the Community AMIs

Answer 119

A

…disable Source/Dest check

Answer 120

A

Public subnet

Answer 121

A

You create an Elastic IP since it is required to create one or use an existing one. In addition, a message pops up that explains that you need to edit your main route table to include a route with a target = NAT gatway.

Answer 122

A

By default, EC2 instances are either the source or destination of any traffic, and traffic does not go through an EC2 instance.

Answer 123

A

The NAT instance is a single point of failure, so you will lose any internet access to everything in the private subnet.

Answer 124

A

…set it behind an Auto Scaling group, set min number = 1, or use multiple public subnets and deploy NAT instances in each

Answer 125

A

Increase the instance size, change instance family so you can support more traffic

Answer 126

A

…use Auto Scaling Groups, multiple subnets in different AZs, and a script to automate failover.

Answer 127

A

No, but the reverse is possible.

Answer 128

A

All traffic inbound and outbound.

Answer 129

A

No traffic inbound or outbound.

Answer 130

A

You will need another rule that opens up ephemeral ports in order to cover the different types of clients that might initiate traffic to the public-facing instances in your VPC

Answer 131

A

…the subnet is automatically associated with the default network ACL

Answer 132

A

…the previous association is removed.

Answer 133

A

Numerical order starting with the lowest number

Answer 134

A

…use network ACLs not security groups

Answer 135

A

If there’s no peering needed

Answer 136

A

You can assign and unassign IPv4 and IPv6 IP addresses on each network interface. Leave the IP address field blank and an available address will be assigned or enter an IP address that you want to assign. To add or edit an IPv4 public IP Allocate an Elastic IP to this instance or network interface.Yes I think so ! Elastic IP’s can be allocate to an Private Instance through the Manage IP section even after the Instance is up and running

Answer 137

A

There is a better way indeed. If you connect to the first host with -A, it enables SSH Key forwarding, and your local ssh key will be used to connect to the second host

Answer 138

A

…you need two public subnets to make it highly available

Answer 139

A

NAT: routes traffic from Internet to EC2 instances in private subnets and is Linux, so can SSH but cannot RDP

Bastion: used to securely administer EC2 instances using SSH/RDP in private subnets

Answer 140

A

Administration only

Answer 141

A

Need multiple public subnets. can have a bastion in each public subnet. implement Autoscaling groups

Answer 142

A

Think of the webserver created in the lab, where we ssh into public and then private instance

Answer 143

A

NAT gateways take a while to delete and they are a dependency

Answer 144

A

…a logical datacenter in AWS

Answer 145

A

…stateful

Answer 146

A

…stateless

Answer 147

A

…disable Source/Destination Check on the instance

Answer 148

A

…must have elastic IP address, must be a route out of the private subnet to the NAT instance

Answer 149

A

Depends on the instance size. If bottlenecking, increase the instance size

Answer 150

A

…AutoScaling Groups, multiple subnets in different AZs, a script to automate failover

Answer 151

A

…scale automatically up to 10 Gbps, no need to patch, not associated with security groups, automatically assigned a public IP, do not need to disable source/dest check

Answer 152

A

…automatically created with a VPC and by default it allows all inbound and outbound traffic

Answer 153

A

…denies all inbound and outbound traffic until you add rules

Answer 154

A

…the subnet is automatically associated w/ default network ACL

Answer 155

A

Yes, but a subnet can only be associated with one NACL at a time

Answer 156

A

…the previous association is removed

Answer 157

A

…evaluated in order, starting with the lowest numbered rule

Answer 158

A

…separate. Each rule can either allow or deny traffic

Answer 159

A

…responses to allowed inbound traffic are subject to the rules of outbound traffic (and vice versa)

Answer 160

A

…NACLs not Security Groups

Answer 161

A

…provide internet traffic to EC2 instances in private subnets

Answer 162

A

…securely administer EC2 instances using SSH or RDP in private subnets

Answer 163

A

…always have 2 public subnets and 2 private subnets. Make sure each subnet is in different AZs

Answer 164

A

…they are in 2 public subnets in 2 different AZs

Answer 165

A

…put them behind an autoscaling group w/ a minimum size of 2. Use Route53 (round robin or health check) to automatically fail over

Answer 166

A

…need one in each public subnet, each with their own public IP, and you need to write a script to fail between the two. Instead, where possible, use NAT gateways

Answer 167

A

…you’ve used DNS

Answer 168

A

…human friendly domain names into an IP address

Answer 169

A

…computers to identify each other on the network

Answer 170

A

IPv4, IPv6

Answer 171

A

…we were running out of IPv4 addresses

Answer 172

A

“.com” in google.com

Answer 173

A

second level domain name

Answer 174

A

…Internet Assigned Numbers Authority (IANA) in a root zone database (DB of all available top level domains)

Answer 175

A

ensure that domain names aren’t duplicated. Each domain name becomes registered in a central database known as the WhoIS database

Answer 176

A

Start of Authority Records

Answer 177

A

the name of the server that supplied the data for the zone
the administrator of the zone (contact details, owner name)
current version of the data file-number of seconds a secondary name server should wait before checking for updates
the number of seconds a secondary name server should wait before retrying a failed zone transfer
the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire
the default number of seconds for the time-to-live file on resource records

Answer 178

A

stands for Name Server records, used by Top Level Domain servers to direct traffic to the Content DNS server which contains the authoritative DNS records

Answer 179

A

Address Record. A record used by computer to translate the name of the domain to the IP address

Answer 180

A

No, they have just a DNS name.

Answer 181

A

No, use an Alias Record

Answer 182

A

The length that a DNS record is cached on either the Resolving Server or the user’s own local PC is equal to the value of the Time To Live in seconds.

Answer 183

A

…the faster changes to DNS records take to propagate throughout the internet

Answer 184

A

…DNS change required, will take time to propagate to all end users. Decrease TTL to 300 seconds

Answer 185

A

resolve one domain name to another

Answer 186

A

map record resource sets in your hosted zone to ELBs, CloudFront distributions, or S3 buckets that are configured as websites

Answer 187

A

CNAME can’t be used for naked domain names (zone apex). A records or Alias Records can

Answer 188

A

…Route53 automatically recognizes changes in the record sets that the alias resource record set refers to

Answer 189

A

Alias resource record set for example.com points to an ELB at lb1-1234.us-east-1.elb.amazonaws.com. If IP of ELB changes, Route53 will reflect those changes in the DNS answers for example.com w/o any changes to the hosted zone that contains resource record sets for example.com

Answer 190

A

No, you resolve to them using a DNS name

Answer 191

A

…will be associated w/ a charge. On the other hand, Alias Records won’t

Answer 192

A

Domains > Registered Domains > Register Domain
Enter a domain name and click “Check” Note: Prices!
Click “Add to Cart”
Fill out contact details
Review and Purchase

Answer 193

A

A hosted zone, NS records, SOA records

Answer 194

A

Simple, Weighted, Latency, Failover, Geolocation

Answer 195

A

This is the default routing policy when you create a new record set.

Answer 196

A

When you have a single resource that performs a given function for your domain. For example, one web serves content for the http://acloud.guru website

Answer 197

A

User makes DNS request > Request hits Route53 > Route53 forwards request to EC2 instances in your region

Answer 198

A

For redundancy

Answer 199

A

…create a record set in Route53, specify whether you want an alias record. If you specify an alias record, select an endpoint (either ELB, S3 bucket, or CloudFront distribution). Select routing policy

Answer 200

A

A (IPv4), AAAA (IPv6)

Answer 201

A

User makes DNS request > request hits Route53 > send a percentage of traffic to one region, send another percentage of traffic to another

Answer 202

A

Business in California. 80% of orders come from California, so route 80% of traffic to US-WEST-1. However, some orders are mail order throughout the US, so maybe send 20% of traffic to US-EAST-1.Performing A and B testing for a website, ie flip production website to a new site. Continue to send most of users to new site, while send some to the new site for testing

Answer 203

A

No, it is Global

Answer 204

A

…you actually need to create 2 record sets, set separate endpoints, and assign weights to each.

Answer 205

A

…the lowest network latency for your end user (ie which region will give them the fastest response time)

Answer 206

A

…create a latency resource record set for the EC2 or ELB resource in each region that hosts your website

Answer 207

A

…it selects the latency resource record set for the region that vies the user the lowest latency. Route53 then responds with the value associated with that record set.

Answer 208

A

User makes request to Route53 > Route53 determines that there is a latency of 50 ms to one region and 300 ms to another region. User then routed to region with lowest latency

Answer 209

A

…you want to create an active/passive set up. For example, you may want your primary site to be in EU-WEST-2 and your secondary DR site in AP-SOUTHEAST-2

Answer 210

A

Monitor the health using a health check, which monitors the health of your end points

Answer 211

A

User makes request > primary site health check passes so request routed to primary site> if fails, switches to secondary site

Answer 212

A

configure health check for primary load balancer
configure health check for entire website
when you create a record set, specify failover
primary or secondary
evaluate target health = yes
associate w/ existing health check = yes, select health check
repeat for secondary but don’t associate it with health check

Answer 213

A

…lets you choose where your traffic will be sent based on the geographic location of your users (ie the location from which the DNS queries originate)

Answer 214

A

all queries from Europe to be routed to a fleet of EC2 instances that are specifically configured for your European customers. These servers may have the local language of your European customers and all prices are displayed in Euros

Answer 215

A

No, they do not have pre-defined IPv4 addresses, you resolve to them using a DNS name

Answer 216

A

Alias: can resolve to individual AWS Resources, accept naked domain names
Given choice, choose Alias Record over CNAME

Answer 217

A

Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS

Answer 218

A

…you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections

Answer 219

A

reduced costs when using large volumes of traffic, increased reliability, increased bandwidth

Answer 220

A

VPN connections can be configured in minutes and are a good solution if you have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity.
Direct Connect does not involve the Internet; instead it uses dedicated, private network connections between your intranet and Amazon VPC. Direct Connect takes longer to set up.

Answer 221

A

…a system of distributed servers (network) that deliver web pages and other web content to a user based on the geographic locations of the user, the origin of the webpage and a content delivery server

Answer 222

A

location where content will be cached. separate to a region/AZ

Answer 223

A

origin of all the files that the CDN will distribute. can either be an S3 bucket, an EC2 instance, an ELB or Route53

Answer 224

A

name given to the CDN which consists of a collection of edge locations

Answer 225

A

…request goes to edge location first. if desired object is not cached, the request goes to the origin and then pulled down/cached at the edge location

Answer 226

A

…deliver your entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations.

Answer 227

A

…automatically routed to the nearest edge location, so content is delivered with the best possible performance

Answer 228

A

used for websites

Answer 229

A

used for media streaming

Answer 230

A

False; they are not just read only, you can write to them too

Answer 231

A

life of the TTL

Answer 232

A

Speed up distribution of static and dynamic content, for example, .html, .css, .php, and graphics files.
Distribute media files using HTTP or HTTPS.
Add, update, or delete objects, and submit data from web forms.
Use live streaming to stream an event in real time.

Answer 233

A

…to speed up distribution of your streaming media files using Adobe Flash Media Server’s RTMP protocol

Answer 234

A

either an Amazon S3 bucket or a web server

Answer 235

A

an Amazon S3 bucket

Answer 236

A

…create a web distribution

Answer 237

A

name of the bucket or webserver

Answer 238

A

way of adding multiple subfolders in the origin (pictures, videos, etc)

Answer 239

A

name of the origion

Answer 240

A

Yes or No, example: stop people from using s3 bucket url so that they use CloudFront instead

Answer 241

A

…you need to create an Origin Access Identity (OAI)

Answer 242

A

a user. can add permissions to that user

Answer 243

A

…you will have to manually update the permissions yourself

Answer 244

A

allows us to set different origin servers

Answer 245

A

GET, HEAD

Answer 246

A

…decrease the TTL

Answer 247

A

Viewers have to use signed URLs or signed cookies

Answer 248

A

If you have content you want to restrict to a certain audience, e.g. A Cloud Guru, it checks to make sure users have signed URLs or cookies (ie if users paid)

Answer 249

A

…private

Answer 250

A

Always use signed URLs or signed cookies

Answer 251

A

…Layer 7 protection, so WAF operates at the application layer. Protects against SQL injection, cross-site scripting

Answer 252

A

Choose this option if you want your users to use HTTPS or HTTP to access your content with the CloudFront domain name (such as https://d111111abcdef8.cloudfront.net/logo.jpg).

Answer 253

A

Choose this option if you want your users to access your content by using an alternate domain name, such as https://www.example.com/logo.jpg.

Answer 254

A

…you can specify either a whitelist (countries where they can access your content) or a blacklist (countries where they cannot)

Answer 255

A

… removes them from CloudFront edge caches. there is a charge

Answer 256

A

…a web service that provides resizable compute capacity in the cloud

Answer 257

A

…minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change

Answer 258

A

…allowing you to pay only for the capacity that you actually use

Answer 259

A

…build failure resilient apps and isolate themselves from common failure scenarios

Answer 260

A

On Demand, Reserved, Spot, Dedicated Hosts

Answer 261

A

allow you to pay a fixed rate by the hour with no commitment.

Answer 262

A

If you’re a startup, you can pay for instances by the hour with no long term commitment for experimentation, terminate instances when you are complete.

Answer 263

A

provide you with a capacity reservation, and offer a significant discount on the hourly charge for an instance. 1-year or 3-year terms

Answer 264

A

If you need a minimum of 2 webservers to serve your customers

Answer 265

A

enable you to bid whatever price you want for instance capacity, providing for even greater savings if your apps have flexible start and end times. engineering, pharma companies use these

Answer 266

A

…instances can be provisioned

Answer 267

A

…instances will be terminated

Answer 268

A

physical EC2 server dedicated for your use (hourly rate). Dedicated hosts can help you reduce costs by allowing you to use your existing server-bound software licenses

Answer 269

A

Users that want the low cost and flexibility of EC2 without any up-front payment or long-term commitmentApps with short term, spiky, or unpredictable workloads that cannot be interruptedApps being developed or tested on EC2 for the first time

Answer 270

A

Apps with steady state or predictable usageApps that require reserved capacityusers able to make upfront payments to reduce their total computing costs even further

Answer 271

A

2 webservers = reserved. Need more for Black Friday = on demand

Answer 272

A

Apps that have flexible start and end timesApps that are only feasible at very low compute pricesUsers with urgent computing needs for large amounts of additional capacity

Answer 273

A

Large pharma company saves money by using compute capacity during very low demand timesLarge world events, e.g. Brexit, analysts need to find solutions really quickly

Answer 274

A

Useful for regulatory requirements that may not support multi-tenant virtualizationGreat for licensing which does not support multi-tenancy or cloud deployments (e.g. Microsoft, SQL, Oracle)Can be purchased on demand (hourly)can be purchased as a reservation for up to 70% off the on-demand price

Answer 275

A

If the spot instance is terminated by Amazon EC2, you will not be charged for a partial hour of usage. However, if you terminate the instance yourself, you will be charged for any hour in which the instance ran

Answer 276

A

D = Dense
R = Memory-optimized (RAM)
M = General Purpose (main choice)
C = Compute-optimized
G = Graphics-IntensiveI = High Speed Storage (I/O)
F = Field Programmable Gate Array
T = Lowest Cost, General Purpose (t2 micro)
P = Graphics/General Purpose CPU (pics)
X = Memory-optimized (extreme RAM)

Answer 277

A

Fileservers/Data Warehousing/Hadoop

Answer 278

A

Memory Intensive apps/DBs

Answer 279

A

Application Servers

Answer 280

A

CPU Intensive apps/DBs

Answer 281

A

Video Encoding/3D application streaming

Answer 282

A

Hardware acceleration for your code

Answer 283

A

Web Servers/small DBs

Answer 284

A

Machine Learning, Bit Coin Mining, etc

Answer 285

A

SAP HANA, Apache Spark, etc

Answer 286

A

EBS allows you to create storage volumes and attach them to EC2 instances.

Answer 287

A

…you can create a file system on top of these volumes, run a database, or use them in any other way you would use a block device

Answer 288

A

…in a specific AZ, where they are automatically replicated to protect you from the failure of a single component

Answer 289

A

storage array

Answer 290

A

General Purpose SSD (GP2)
Provisioned IOPS SSD (IO1)
Throughput Optimized HDD (ST1)
Cold HDD (SC1)
Magnetic (Standard)

Answer 291

A

General purpose, balances both price and performance
Ratio of 3 IOPS per GB with up to 10K IOPS and the ability to burst up to 3000 IOPS for extended periods of time for volumes under 1 Gib

Answer 292

A

Designed for I/O intensive apps such as large relational or NoSQL databasesUse if you need more than 10K IOPSCan provision up to 20K IOPS per volumeHighest-performance SSD volume designed for mission-critical applications

Answer 293

A

Big data
Data warehousing
Log processing
Sequential data
Cannot be a boot volume

Answer 294

A

Lowest cost storage for infrequently accessed workloadsFile ServerCannot be boot volumes

Answer 295

A

Lowest cost per GB of all EBS volumes types that is bootable.Ideal for workloads where data is accessed infrequently, and apps where the lowest storage cost is important

Answer 296

A

No, use EFS instead

Answer 297

A

-Recommended for most workloads-System boot volumes-Virtual desktops-Low-latency interactive apps-Development and test environments

Answer 298

A

Critical business applications that require sustained IOPS performance, or more than 10,000 IOPS or 160 MiB/s of throughput per volume
Large database workloads, such as:

MongoDB
Cassandra
Microsoft SQL Server
MySQL
PostgreSQL
Oracle

Answer 299

A

-Streaming workloads requiring consistent, fast throughput at a low price-Big data-Data warehouses-Log processing-Cannot be a boot volume

Answer 300

A

-Throughput-oriented storage for large volumes of data that is infrequently accessed-Scenarios where the lowest storage cost is important-Cannot be a boot volume

Answer 301

A

The volume will be deleted since “Delete on Termination” is checked by default

Answer 302

A

…User Data under “Advanced Details”

Answer 303

A

Tag everything!

Answer 304

A

Purchasing Option in Configure Instance Details

Answer 305

A

Tenancy in Configure Instance Details

Answer 306

A

Reserved Instances > Purchased Reserved Instances, add instances to cart

Answer 307

A

Root volumes cannot be encrypted by default. Other EBS volumes can be encrypted if you check Encrypted

Answer 308

A

…is turned off by default. You must turn it on yourself if you want it.

Answer 309

A

The root EBS volume is deleted.

Answer 310

A

cannot be encrypted, but you can use a third party tool to encrypt the root volume, or this can be done when creating AMIs using the console or API

Answer 311

A

…a virtual firewall

Answer 312

A

Multiple. Also, multiple instances can be one security group

Answer 313

A

…changes take effect immediately

Answer 314

A

No; since security groups are stateful, the inbound requests will be allowed back out automatically

Answer 315

A

No, only allow rules are allowed

Answer 316

A

…allows all inbound and outbound traffic by default

Answer 317

A

…blocked

Answer 318

A

…allowed

Answer 319

A

…make sure it is in the same AZ as your instance, or you will not be able to attach it to your instance

Answer 320

A

…you need to format and mount it

Answer 321

A

file -s e.g. file -s /dev/xvdf”data” = no data

Answer 322

A

mkfs -t ext4 . ext4 is file format for Linux

Answer 323

A

mount e.g. mount /dev/xvdf /myfileserver

Answer 324

A

lost+found

Answer 325

A

…use Force Detach

Answer 326

A

…only changed data since your last snapshot is sent to S3, since snapshots are incremental

Answer 327

A

a photograph (point in time copies of volumes)

Answer 328

A

…it may take some time to create

Answer 329

A

Redundant Array of Independent Disks (putting together a bunch of disks as one disk)

Answer 330

A

RAID 0, RAID 1, RAID 5, RAID 10

Answer 331

A

Striped, No Redundancy (if one disk fails, the entire volume fails), Good Performance (use: gaming)

Answer 332

A

Mirrored (take one disk, mirror a copy to another disk), Redundancy

Answer 333

A

at least 3 disks, good for reads, bad for writes, AWS does not recommend ever putting RAID 5’s on EBS

Answer 334

A

Striped & Mirrored, good redundancy, good performance

Answer 335

A

If you do not get disk I/O you require, add multiple volumes and create RAID array (usually RAID 0 or RAID 10 on AWS)

Answer 336

A

Create a new keypair for Windows instances, separate from Linux instances

Answer 337

A

User = Administrator
Password = upload private key file into "Retrieve Password" window to obtain password

Answer 338

A

Right-click, Disk Management. Right-click on an unallocated volume and choose volume type you want to create, select drive you want the RAID volume assigned to

Answer 339

A

Problem - Take a snapshot, the snapshot excludes data held in the cache by apps and the OS. This tends not to matter on a single volume; however, using multiple volumes in a RAID array, this can be a problem due to interdependencies of the array.
Solution - Take an application consistent snapshot

Answer 340

A

Stop the application from writing to disk. Flush all caches to the disk.How can we do this? Freeze the file system, unmount the RAID array, shut down the associated EC2 instance (easiest)

Answer 341

A

AMI provides the info required to launch a virtual server in the cloud.
Specify an AMI when you launch an instance, and you can launch as many instances from the AMI you need.
You can also launch instances from as many different AMIs as you need

Answer 342

A

a template for the root volume for the instance
launch permissions that control which AWS accounts can use the AMI to launch instances
a block device mapping that specifies the volumes to attach to the instance when it’s launched

Answer 343

A

Yes, you can only launch an AMI from the region in which it is stored. However, you can copy AMIs to other regions using the console, command line, or EC2 API

Answer 344

A

Region, OS, Architecture, Launch Permissions, Storage for the Root Device

Answer 345

A

Ephemeral Storage

Answer 346

A

Persistent Storage, fast provisioning times, more durability

Answer 347

A

No, but you can attach them before launching

Answer 348

A

No, only reboot or terminate

Answer 349

A

an EBS snapshot

Answer 350

A

a template stored in S3

Answer 351

A

Instance store

Answer 352

A

No, there are limits on instance families

Answer 353

A

instance data is gone

Answer 354

A

You will not lose your data

Answer 355

A

EBS - Yes
Instance store - No

Answer 356

A

Yes. With EBS, you can tell AWS to keep the root volume

Answer 357

A

file to test health check i.e. an html file saying that instance is healthy

Answer 358

A

how long it takes to do a healthcheck

Answer 359

A

how long to wait between healthchecks

Answer 360

A

how many consecutive health checks an instance must pass before becoming healthy

Answer 361

A

how many consecutive health checks an instance must fail before becoming unhealthy

Answer 362

A

No, a DNS name is given instead since the IP address may change

Answer 363

A

In service or out of service

Answer 364

A

they check the instance health by talking to it

Answer 365

A

Metrics are monitored every 5 minutes

Answer 366

A

Metrics are monitored every 1 minute

Answer 367

A

CPU, Disk, Network, Status Check

Answer 368

A

Instance, host

Answer 369

A

you need to create a custom metric

Answer 370

A

…help you respond to state changes in your AWS resources

Answer 371

A

…you can go into application layer and log different events (as opposed to host layer for dashboards). helps you to aggregate, monitor, and store logs

Answer 372

A

performance monitoring

Answer 373

A

auditing whatever happens with AWS account

Answer 374

A

AWS Service Roles, Role for Cross-Account Access, Role for Identity Provider Access

Answer 375

A

Configure Instance Details (IAM role)

Answer 376

A

You need to configure AWS credentials using access key ID and secret access key, Region

Answer 377

A

Not using console, but can using CLI. You can also modify a role

Answer 378

A

attach a policy

Answer 379

A

The role is gone. You cannot add a new role; you must terminate and launch a new instance with desired role

Answer 380

A

Roles; they are also easier to manage

Answer 381

A

curl http://169.254.169.254/latest/meta-data/

Answer 382

A

No, it throws an error

Answer 383

A

a logical grouping of instances within a single AZ.

Answer 384

A

…enables apps to participate in a low-latency, 10 Gbps network

Answer 385

A

…apps that benefit from low network latency, high network throughput, or both.

Answer 386

A

No, it’s a single point of failure

Answer 387

A

…must be unique within your AWS account.

Answer 388

A

Compute Optimized, GPU, Memory Optimized, Storage Optimized

Answer 389

A

No. Create an AMI from your existing instance, and launch a new instance from the AMI into a placement group

Answer 390

A

SQL Server, Oracle, MySQL Server, PostgreSQL, Aurora, MariaDB

Answer 391

A

Web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud

Answer 392

A

Memcached, Redis

Answer 393

A

If web app constantly requests the top 10 products, cache that information in Elasticache

Answer 394

A

allows you to migrate your production database to AWS

Answer 395

A

AWS manages complexities of the migration processes like data type transformation, compression, and parallel transfer, while ensuring that data changes to the source database that occur during the migration process are automatically replicated to the target

Answer 396

A

automatically converts the source DB schema and a majority of the custom code, including views, stored procedures, and functions, to a format compatible with the target DB.

Answer 397

A

Automated Backups, Database Snapshots

Answer 398

A

allow you to recover your DB to any point in time within a retention period. they will take a full daily snapshot and will store transaction logs throughout the day

Answer 399

A

1-35 days, 7 days by default

Answer 400

A

AWS will choose the most recent daily backup, and then apply transaction logs relevant to that day

Answer 401

A

Automated

Answer 402

A

Free storage space = size of your database

Answer 403

A

within a defined window

Answer 404

A

may be suspended

Answer 405

A

They are deleted.

Answer 406

A

They are stored

Answer 407

A

the restored version of the DB will be a new RDS instance with a new end point.

Answer 408

A

MySQL, Oracle, SQL Server, PostgreSQL, MariaDB

Answer 409

A

No, you will need to create a new DB instance and migrate your data into it.

Answer 410

A

take a snapshot, restore snapshot to larger instance size

Answer 411

A

failover/disaster recovery only.

Answer 412

A

No. You need Read Replicas.

Answer 413

A

If DB has a lot of reads performed to it, you can change the connection of the EC2 instances to read from read replicas instead of the main DB

Answer 414

A

All except Aurora, which has it by default.

Answer 415

A

MySQL Server, PostgreSQL, MariaDB

Answer 416

A

scaling, not DR

Answer 417

A

you must have automatic backups turned on

Answer 418

A

Yes, but watch out for latency

Answer 419

A

asynchronous

Answer 420

A

synchronous

Answer 421

A

No. You can create read replicas of Multi-AZ source dbs though.

Answer 422

A

Yes, but this breaks replication

Answer 423

A

DynamoDB offers push button scaling, so you can scale your DB on the fly, w/o any down time.RDS is not so easy and you usually have to use a bigger instance size or add a read replica

Answer 424

A

fast and flexible NoSQL database service for all apps that need consistent, single-digit millisecond latency at any scale.

Answer 425

A

Document, key-value

Answer 426

A

mobile, web, gaming, ad-tech, IoT

Answer 427

A

SSD Storage

Brainscape's Knowledge GenomeTM

Merge 1 Flashcards

Brainscape's Knowledge Genome^TM