Module 3: AWS Global Infrastructure Flashcards
Which statement best describes an Availability Zone?
A geographical area that contains AWS resources
A single data center or group of data centers within a Region
A data center that an AWS service uses to perform service-specific operations
A service that you can use to run AWS infrastructure within your own on-premises data center in a hybrid approach
A single data center or group of data centers within a Region.
The other response options are incorrect because:
A Region is a geographical area that contains AWS resources.
An edge location is a data center that an AWS service uses to perform service-specific operations. Edge locations are examined in the next section of this module.
AWS Outposts is a service that you can use to run AWS infrastructure, services, and tools in your own on-premises data center in a hybrid approach. AWS Outposts is explored later in this module.
Which statement is TRUE for the AWS global infrastructure?
A Region consists of a single Availability Zone.
An Availability Zone consists of two or more Regions.
A Region consists of two or more Availability Zones.
An Availability Zone consists of a single Region.
A Region consists of two or more Availability Zones.
For example, the South America (São Paulo) Region is sa-east-1. It includes three Availability Zones: sa-east-1a, sa-east-1b, and sa-east-1c.
Which factors should be considered when selecting a Region? (Select TWO.)
Compliance with data governance and legal requirements
Proximity to your customers
Access to 24/7 technical support
Ability to assign custom permissions to different users
Access to the AWS Command Line Interface (AWS CLI)
The correct two response options are:
Compliance with data governance and legal requirements
Proximity to your customers
Two other factors to consider when selecting a Region are pricing and the services that are available in a Region.
The other response options are incorrect because:
The level of support that you choose is not determined by Region. AWS Support plans are explored later in this course.
Assigning custom permissions to different users is a feature that is possible in all AWS Regions.
The AWS Command Line Interface (AWS CLI) is available in all AWS Regions.
Which statement best describes Amazon CloudFront?
A service that enables you to run infrastructure in a hybrid cloud approach
A serverless compute engine for containers
A service that enables you to send and receive messages between software components through a queue
A global content delivery service
A global content delivery service.
Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.
The other response options are incorrect because:
AWS Outposts is a service that enables you to run infrastructure in a hybrid cloud approach.
AWS Fargate is a serverless compute engine for containers.
Amazon Simple Queue Service (Amazon SQS) is a service that enables you to send, store, and receive messages between software components through a queue.
Which site does Amazon CloudFront use to cache copies of content for faster delivery to users at any location?
Region
Availability Zone
Edge location
Origin
The correct response option is Edge location.
The other response options are incorrect because:
A Region is a separate geographical location with multiple locations that are isolated from each other.
An Availability Zone is a fully isolated portion of the AWS global infrastructure.
An origin is the server from which CloudFront gets your files. Examples of CloudFront origins include Amazon Simple Storage Service (Amazon S3) buckets and web servers. Note: Amazon S3 is explored later in this course.
Which action can you perform with AWS Outposts?
Automate actions for AWS services and applications through scripts.
Access wizards and automated workflows to perform tasks in AWS services.
Develop AWS applications in supported programming languages.
Extend AWS infrastructure and services to your on-premises data center.
Extend AWS infrastructure and services to your on-premises data center.
The other response options are incorrect because:
The AWS Command Line Interface (AWS CLI) is used to automate actions for AWS services and applications through scripts.
The AWS Management Console includes wizards and workflows that you can use to complete tasks in AWS services.
Software development kits (SDKs) enable you to develop AWS applications in supported programming languages.
Which statement best describes an AWS account’s default network access control list?
It is stateless and denies all inbound and outbound traffic.
It is stateful and allows all inbound and outbound traffic.
It is stateless and allows all inbound and outbound traffic.
It is stateful and denies all inbound and outbound traffic.
It is stateless and allows all inbound and outbound traffic.
Network access control lists (ACLs) perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound.
Each AWS account includes a default network ACL. When configuring your VPC, you can use your account’s default network ACL or create custom network ACLs.
By default, your account’s default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules. For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic should be allowed. Additionally, all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied.
Which statement best describes DNS resolution?
Launching resources in a virtual network that you define
Storing local copies of content at edge locations around the world
Connecting a VPC to the internet
Translating a domain name to an IP address
Translating a domain name to an IP address.
For example, if you want to visit AnyCompany’s website, you enter the domain name into your PC and this request is sent to a DNS server. Next, the DNS server asks the web server for the IP address that corresponds to
AnyCompany’s website. The web server responds by providing the IP address for AnyCompany’s website, 192.0.2.0.
Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers’ personal information. How should the developer configure the VPC according to best practices?
Place the Amazon EC2 instances in a private subnet and the Amazon RDS database instances in a public subnet.
Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.
Place the Amazon EC2 instances and the Amazon RDS database instances in a public subnet.
Place the Amazon EC2 instances and the Amazon RDS database instances in a private subnet.
Place the Amazon EC2 instances in a public subnet and the Amazon RDS databases instances in a private subnet.
A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private.
Public subnets contain resources that need to be accessible by the public, such as an online store’s website.
Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.
Which component can be used to establish a private dedicated connection between your company’s data center and AWS?
Private subnet
DNS
AWS Direct Connect
Virtual private gateway
AWS Direct Connect.
The other response options are incorrect because:
A private subnet is a section of a VPC in which you can group resources that should be accessed only through your private network. Although it is private, it is not used for establishing a connection between a data center and AWS.
DNS stands for Domain Name System, which is a directory used for matching domain names to IP addresses.
A virtual private gateway enables you to create a VPN connection between your VPC and a private network, such as your company’s data center. Although this connection is private and encrypted, it travels through the public internet, not through a dedicated connection.
Which statement best describes security groups?
They are stateful and deny all inbound traffic by default.
They are stateful and allow all inbound traffic by default.
They are stateless and deny all inbound traffic by default.
They are stateless and allow all inbound traffic by default.
Security groups are stateful and deny all inbound traffic by default.
Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance.
By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs.
Which component is used to connect a VPC to the internet?
Public subnet
Edge location
Security group
Internet gateway
Internet gateway.
The other response options are incorrect because:
A public subnet is a section of a VPC that contains public-facing resources.
An edge location is a site that Amazon CloudFront uses to store cached copies of your content for faster delivery to customers.
A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.
Which service is used to manage the DNS records for domain names?
Amazon Virtual Private Cloud
AWS Direct Connect
Amazon CloudFront
Amazon Route 53
Amazon Route 53.
Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that host in AWS.
Another feature of Route 53 is the ability to manage the DNS records for domain names. You can transfer DNS records for existing domain names managed by other domain registrars. You can also register new domain names directly in Route 53.
The other response options are incorrect because:
Amazon Virtual Private Cloud (Amazon VPC) is a service that enables you to provision an isolated section of the AWS Cloud. In this isolated section, you can launch resources in a virtual network that you define.
AWS Direct Connect is a service that enables you to establish a dedicated private connection between your data center and VPC.
Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world.