Module 2: Technology

Question 1

What should you consider when choosing a region?

Answer 1

• Available services and features, not every region has all services.
• Cost of the service varies per region.
• Latency, proximity to users.
• Disaster recovery (multiple regions)
• Security & Compliance

Question 2

What are availability zones?

Answer 2

There are multiple availability zones per region, these are physically separate locations that are connected via private fiber for low latency between data centers. This is useful because they’re on separate power grids and flood plains so you get resiliency by spreading across an availability zone.

Question 3

What is an Edge Location?

Answer 3

We don’t have direct control over them, and they exist outside of the normal region infrastructure.

An example use is a CDN hosted in the US. UK users might be getting the content delivered via a cached CDN in the UK to improve the experience.

Question 4

An Amazon VPC spans a single ______.

Answer 4

Region, so it spans multiple availability zones.

Question 5

When launching a VPC against several AZs, what needs to be assigned to every single AZ?

Answer 5

A Subnet, the structure is

VPC -> Subnet -> Instance

So everything is technically stored in a Subnet, which is placed on an AZ

Question 6

Explain the Three-Tier Architecture.

Answer 6

1. Load Balancing Tier
2. Application Tier
3. Database Tier

Each tier is within a single VPC that spans multiple AZs. Each tier on each AZ gets its own subnet. Load balancing tier handles routing to what’s available in the AZs.

Question 7

How does traffic go from a VPC to another network? What tools do we need to get this to work?

Answer 7

Routing to an Internet Gateway.

We need to create an Internet Gateway and a Routing Table that has an IP range that directs traffic to the Internet Gateway. We then assign this routing table to a subnet.

Question 8

How does the Network Access Control Lists (NACL) help us?

Answer 8

Allows us to set a subnet level firewall for services. Example we can have a subnet that only accepts traffic on port 80 from anyone but port 3306 is also accepted if originating from within the VPC.

Question 9

How do Security Groups help us?

Answer 9

They’re firewalls for individual instances, so we can go to the level of saying this EC2 instance only accepts requests on port 80.

Question 10

Network security, what are our layers of security? Explain a little about each one.

Answer 10

1. Routing - Restricts traffic coming into/out of the VPC entirely.
2. Network Access Control List (NACL) - Firewall for a subnet. Restricts ports in/out of a given subnet
3. Security Groups - Firewall for an instance. Restricts ports in/out of a given application.

Question 11

What benefits does Amazon Route 53 provide us?

Answer 11

• Register Domains, use AWS nameservers
• Public & private DNS Zones (Use within private VPC)
• Automated VIA API
• Healthchecks
• Different Routing methods

Question 12

What are the different Routing Methods that Route 53 provides us? How are they useful?

Answer 12

• Latency - Connect a user to the server that has best experience
• Geographic - Provide user with connection to application specific to their location.
• Failover - If an endpoint fails, we can automatically push users to the working application
• Weighted Sets - Allows A/B testing on applications.

Question 13

What is an AMI? What purpose does it serve?

Answer 13

Amazon Machine Image, it’s a bit for bit copy of root for a given machine. We can use these as containers. So we can boot up an EC2 instance, install software we need, create another image then duplicate the machine easily.

Question 14

Explain Block Storage vs Object Storage.

Answer 14

Block storage we can update small “blocks” of data making it best for random IO. It can also be mounted.

Object Storage in contrast needs to update the entire object if anything changes and cannot be mounted.

Question 15

How long are logs stored in Cloud Watch? Can we extend this time? How?

Answer 15

2 Weeks, we can automatically move logs to an S3 bucket for indefinate storage if needed.

Question 16

Which AWS Service would simplify the migration of a database to AWS?

Answer 16

AWS Database Migration Service (AWS DMS)

Question 17

Which AWS offering enables users to find, buy, and immediately start using software solutions in their AWS environment?

Answer 17

AWS Marketplace

Question 18

Which service can identify the user that made the API call when an EC2 instance is terminated?

Answer 18

AWS CloudTrail

Question 19

What is AWS CloudTrail?

Answer 19

Service that helps with governance by logging events. Actions taken by user, role, or service are recorded as events

Question 20

Which services would be used to send alerts based on Amazon CloudWatch alarms?

Answer 20

Amazon Simple Notification Service (SNS)

Question 21

Where can users find information about prohibited actions on AWS infrastructure?

Answer 21

AWS Acceptable Use Policy

Question 22

A company has moved to AWS recently. Which of the following AWS Services will help ensure that they have the proper security settings?

Answer 22

Amazon Inspector – Automated security assessments of deployed applications

AWS Trusted Advisor – Provides recommendations based on AWS best practices. Evaluates account and gives you recommendations on demand.

Question 23

AWS Trusted Advisor gives recommendations in 5 categories, what are they?

Answer 23

Cost Optimization
Security
Fault Tolerance
Performance
Service Limits

Question 24

What is the Concierge Support Team?

Answer 24

Specialized offering with an Enterprise Support subscription. They assist with billing and account inquiries.

Question 25

What are the benefits of consolidated billing in AWS?

Answer 25

Multiple accounts rollup to a single billing, also can gain cost benefits of reserved instances used by others when consolidating.

Question 26

What is Amazon Elastic MapReduce (EMR)?

Answer 26

Used for processing big data.

Question 27

Which S3 storage class is best for data with unpredictable access patterns?

Answer 27

Amazon S3 Standard

Question 28

Regarding EC2 instances, what’s the minimum time you can use a Reserved Instance?

Answer 28

1 year, anything less than that you want a On-Demand Instance.

Question 29

According to the AWS Acceptable Use Policy, which of the following statements is true regarding penetration testing of EC2 instances?

Answer 29

Penetration testing can be performed by the customer on their own instance.

Question 30

What are the two types of Reserved Instances and what’s the difference between them?

Answer 30

Convertible RI – Exchange one or more for another RI with a different configuration as long as it’s equal or higher value.

Standard RI – Can only adjust AZ and size within the same family. Highest discount on this, but only for consistent usage.

Question 31

What is Infrastructure Event Management?

Answer 31

Short-term engagement with AWS support that’s included in enterprise-level support and an additional purchase for business-level. Provides with architectural and scaling guidance.

Question 32

What’s AWS Personal Health Dashboard used for?

Answer 32

Alerts and remediation guidance when AWS is experiencing an event that might impact you.

Question 33

What does AWS Quick Start Reference Deployments help with?

Answer 33

They outline architectures for popular enterprise solutions on AWS… like IBM MQ

Question 34

What was AWS Snowball provide?

Answer 34

Large data transfer by physically moving a computer. Also provides access to the compute power of AWS Cloud locally and cost-effective places where connecting to the internet is impossible.

Question 35

Regarding setting alarms for budgets, what’s the difference between CloudWatch and AWS Budgets?

Answer 35

CloudWatch can send an alert when your actual cost exceeds an amount. AWS Budgets can send alarms when your projected cost exceeds a certain amount.