Must know 2 Flashcards
What is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account by allowing logging, continuous monitoring, and retention of account activity related to actions across your infrastructure, including those done by AWS accts?
AWS CloudTrail
What is AWS CloudTrail?
It is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account by allowing logging, continuous monitoring, and retention of account activity related to actions across your infrastructure, including those done by AWS accts?
What is a fully managed application streaming service which you can use to centrally manage your desktop applications?
Amazon AppStream 2.0
What service is primarily used to collect monitoring and operational data in the form of logs, metrics, and events, providing you with a unified view of AWS resources, applications, and services that run on AWS and on-premises servers?
Amazon CloudWatch
What is AWS Trusted Advisor?
An application that draws upon best practices learned from AWS’ aggregated operational history of serving hundreds of thousands of AWS customers. Trusted Advisor inspects your AWS environment and makes recommendations for saving money, improving system performance, or closing security gaps.
What accounts support full trusted advisor? What about Developer?
Business & Enterprise; Developer provides 7 core checks
How does AWS Trusted Advisor compare to Amazon CloudWatch?
TA provides best practices while CloudWatch collects monitoring and operation data in a unified view and gives you actionable insights to monitor
What is the main benefit of serverless?
It eliminates infrastructure management tasks such as server or cluster provisioning, patching, operating system maintenance, and capacity provisioning, allowing you to increase your agility and innovation
What is Amazon SQS used for?
To transmit any volume of data, at any level of throughput, without losing messages or requiring other services to be available
How does Amazon SQS increase overall fault tolerance?
By decoupling application components so that they fail and run independently, and storing multiple copies of every message are stored redundantly across multiple availability zones so that they are available whenever needed?
How do you automatically get Amazon EC2, Amazon RDS, ElastiCache, Amazon ES, and Amazon Redshift Reserved Instance (RI) purchase recommendations that could help you reduce your costs?
By enabling Cost Explorer
What provides a simple, scalable, fully managed elastic NFS file system for use with AWS Cloud services and on-premises resources; and is built to scale on-demand to petabytes without disrupting applications, growing and shrinking automatically as you add and remove files, eliminating the need to provision and manage capacity to accommodate growth?
Amazon Elastic File System (EFS)
If you cannot reach one of your EC2 web servers behind an ELB whenever you enter the DNS name of your load balancer. Which of the following should you first check to gain more insight on the issue?
ELB Health Check
What continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations?
AWS Config
What services allow you to mask downtime of your application by rerouting your traffic to healthy instances?
Amazon Route 53 & ELB
What services allows you to store Docker images and orchestrate Docker containers in a simple and cost-effective manner?
Elastic Container Service & Registry (ECS & ECR)
What allows you to create workflow tasks that will simplify and automate operations for you. You can configure automatic retry to allow SWF to retry failed activity or workflow tasks along with your given conditions. If your app’s steps take more than 500 milliseconds to complete, you need to track the state of processing, and you need to recover or retry if a task fails, Amazon SWF can help you?
AWS Simple Workflow
What service has an easy-to-use interface that lets you visualize, understand, and manage your AWS costs and usage over time, including custom reports (including charts and tabular data) that analyze cost and usage data, both at a high level and for highly-specific requests, allowing you to dive deeper into your cost and usage data to identify trends, pinpoint cost drivers, and detect anomalies?
Cost Explorer
What service lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily, allowing scale to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0?
Amazon Cognito
What is Amazon WorkSpaces?
A managed, secure Desktop-as-a-Service (DaaS) solution where you provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe
What is a cloud-based integrated development environment (IDE) that lets you write, run, and debug your code with just a browser, which includes a code editor, debugger, and terminal?
Cloud9
What is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and your existing Business Intelligence (BI) tools that allows you to run complex analytic queries against petabytes of structured data, using sophisticated query optimization, columnar storage on high-performance local disks, and massively parallel query execution?
Amazon Redshift
What provides serverless orchestration for modern applications to centrally manage a workflow by breaking it into multiple steps, adding flow logic, and tracking the inputs and outputs between the steps?
AWS Step Functions
What is a web service that enables businesses, researchers, data analysts, and developers to easily and cost-effectively process vast amounts of data using a hosted Apache Hadoop framework running on the web-scale infrastructure of Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Simple Storage Service (Amazon S3)?
Amazon EMR
What is a substitutes for an account ID in the web address for your account, which can be created and managed by AWS Management Console, AWS CLI, or AWS API?
Account Alias
Which drive is better for small/random vs. large/sequential workloads?
Solid State Drive: Small & Random
Hard Disk Drive: Large & Sequential
What is a fast, scalable NoSQL database service of AWS?
Amazon DynamoDB
What is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL?
Amazon Athena
What do security groups accept as inbound and/or outbound rules?
Security groups accept IP address, IP address range, and security group ID as either source or destination of inbound or outbound rules.
You can manage your instances, images, and other Amazon EC2 resources, you can optionally assign your own _______ to each resource in the form of ___.
Metadata, Instance tags
What is AWS’s Digital User Engagement Service that enables AWS customers to effectively communicate with their end-users and measure user engagement across multiple channels including email, Text Messaging (SMS) and Mobile Push Notifications?
Amazon Pinpoint
Chef or Puppet is needed?
AWS OpsWorks
What is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS by providing always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection?
AWS Shield
Aside from EC2, what others are reservation models available for?
Amazon Relational Database Service (Amazon RDS), Amazon ElastiCache, Amazon Redshift, and Amazon DynamoDB.
What a self-healing relational database engine (where data blocks and disks are continuously scanned for errors and repaired automatically) that combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases, and designed to transparently handle the loss of up to two copies of data without affecting database write availability and up to three copies without affecting read availability?
Amazon Aurora
Which AWS storage service offers faster disk read and write performance and provides temporary block-level storage for your instance?
Instance Store
What is the lowest support plan that allows an unlimited number of technical support cases to be opened?
Developer
As an AWS customer, what offering do you naturally inherit from AWS after you sign up?
AWS customers inherit all of the benefits of their security controls, including best practices for security policies, architecture, and operational processes validated against external assurance frameworks.
What AWS service can monitor the compliance status of your AWS resources against a set of compliance guidelines?
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources.
What type of EBS volume is recommended for most workloads and is also usable as a boot volume?
General Purpose SSD
What are the 5 aspects of Trusted Advisor checks?
Cost Optimization – recommendations that can potentially save you money by highlighting unused resources and opportunities to reduce your bill.
Security – identification of security settings that could make your AWS solution less secure.
Fault Tolerance – recommendations that help increase the resiliency of your AWS solution by highlighting redundancy shortfalls, current service limits, and over-utilized resources.
Performance – recommendations that can help to improve the speed and responsiveness of your applications.
Service Limits – recommendations that will tell you when service usage is more than 80% of the service limit.
What is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage?
AWS Storage Gateway
What is used in order for you to establish private connectivity between AWS and your datacenter, office, or colocation environment?
AWS Direct Connect
What is an edge computing and data transfer device provided by the AWS Snowball service?
AWS Snowball Edge
Which of the following RDS engines allows you to bring your own license (BYOL)?
Oracle
Which control does the customer fully inherit from AWS based on the Shared Responsibility Model?
All the physical and environmental controls on their data centers, network cables, servers, and other equipment
What is a curated digital catalog that makes it easy for customers to find, buy, deploy, and manage third-party software and services that customers need to build solutions and run their businesses?
AWS Marketplace
In implementing continuous integration and continuous delivery (CI/CD) in your cloud architecture, which service will make it easy for you to set up your entire development and continuous delivery toolchain for coding, building, testing, and deploying your application code?
CodeStar
What are the benefits of using Amazon DynamoDB as your database?
- DB size scales automatically so you don’t have to worry about capacity
- You can store different kinds of unstructgured data that would normally not be suitable for relational databases
A customer has a popular website that has millions of viewers from all over the world and has read-heavy database workloads. Which of the following is the best option to use to increase the read throughput on their database?
Enable Amazon RDS Read Replicas
What connects VPCs and on-premises networks through a central hub to simplify your network and puts an end to complex peering relationships as a cloud router?
AWS Transit Gateway
What handles the complexity of creating, storing, and renewing public SSL/TLS X.509 certificates and keys that protect your AWS websites and applications, allowing you to provide certificates for supported AWS services either by issuing them directly with ACM or by importing third-party certificates into the ACM management system, so that this AWS service can secure multiple domain names and multiple names within a domain?
AWS Certificate Manager (ACM)
What should you use when you must support HTTPS connections in a region not supported by ACM?
IAM
Which is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy?
CodeBuild
An organization is mandated to secure its Amazon S3 bucket and ensure that it cannot have any public objects to satisfy the compliance requirements.
What S3 feature should be used to easily accomplish this?
Block Public Access
What is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage in S3, giving customers way to to simplify storage management and reduce costs for key hybrid cloud storage use cases, including moving backups to the cloud, using on-premises file shares backed by cloud storage, and providing low latency access to data in AWS for on-premises applications?
AWS Storage Gateway
What establishes a dedicated connection between your on-premises data center and your AWS cloud resources?
AWS Direct Connect
What is a VPC endpoint for Amazon S3 that enables AWS services in your VPC to use private IP addresses to access Amazon S3 with no exposure to the public Internet?
Amazon S3 Gateway Endpoint
What is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL that is serverless, so there is no infrastructure to set up or manage, and you can start analyzing data immediately, without the need to load your data as it works directly with data stored in S3?
Amazon Athena
What allows you to query and retrieve structured and semi-structured data from files in Amazon S3 without having to load the data?
Amazon Redshift Spectrum
What is a set of batch management capabilities that enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS, which dynamically provisions the optimal quantity and type of compute resources based on the volume and specific resource requirements of the batch jobs submitted?
AWS Batch
What is a service that improves the availability and performance of your applications with local or global users by providing you with static IP addresses that serve as a fixed entry point to your applications hosted in one or more AWS Regions, which then are anycast from AWS edge locations, so they’re announced from multiple AWS edge locations at the same time, allowing traffic to ingress onto the AWS global network as close to your users as possible?
AWS Global Accelerator
The security team needs to automate security vulnerability assessments throughout their development and production environments. Which service should they use to comply with this requirement?
Amazon Inspector
What is a managed Distributed Denial of Service (DDoS) protection service that safeguards applications running on AWS that is mainly used to protect web applications, TCP-based applications, and UDP-based game servers against a DDoS attack?
AWS Shield
What is is a web application firewall that helps protect your web applications from common web exploits such as XSS and SQL injection, and not for automated security vulnerability assessments that you can use AWS WAF to create custom rules that block common attack patterns and rules that are designed for your specific application?
AWS WAF
What is used for sharing private content through CloudFront in the form of a virtual user identity that will be used to give your CloudFront distribution permission to fetch a private object from your origin server, restrict access to content that you serve from Amazon S3 buckets by configuring 1) create special CloudFront user, 2) configure S3 bucket permissions, and only allow users to access files through CloudFront not directly from the S3 bucket?
Origin Access Identity
Which AWS service provides tracing and monitoring capabilities for your Lambda function?
AWS X-ray
What does AWS X-ray make it easy for you to do?
Create service map, identify errors and bugs, and build your own analysis and visualization apps
What are the basic support included for all AWS customers?
Customer Service & Communities - 24x7 access to customer service, documentation, whitepapers, and support forums.
AWS Trusted Advisor - Access to the 7 core Trusted Advisor checks and guidance to provision your resources following best practices to increase performance and improve security.
AWS Personal Health Dashboard - A personalized view of the health of AWS services, and alerts when your resources are impacted.
Hence, the correct answer is: Basic, Developer, Business, and Enterprise support plans.
What are the benefits of AWS organizations?
- Centrally Manage Policies across Multiple AWS Accounts
- Automate AWS Account Creation and Management
- Consolidate Billing across Multiple AWS Accounts
- Govern Access to AWS Services, Resources, and Regions
- Configure AWS Services Across Multiple Accounts
What is a massively scalable and durable real-time data streaming service that can continuously capture gigabytes of data per second from hundreds of thousands of sources such as website clickstreams, database event streams, financial transactions, social media feeds, IT logs, and location-tracking events? The data collected is available in milliseconds to enable real-time analytics use cases such as real-time dashboards, real-time anomaly detection, dynamic pricing, and more.
Amazon Kinesis Data Streams
What is a managed service that easily enables you to create and control the keys used for cryptographic operations. The service provides a highly available key generation, storage, management, and auditing solution for you to encrypt or digitally sign data within your own applications or control the encryption of data across AWS services?
AWS KMS
What is S3 pricing based on?
The rate you are charged depends on your objects’ size, how long you stored the objects and the storage class.
What is an online tool that provides real-time guidance to help you provision your resources following AWS best practices that provides recommendations for Cost Optimization, Performance, Security, Fault Tolerance, and Service Limit?
AWS Trusted Advisor
Which AWS team can assist you when your AWS resources are impacted by potentially abusive activities such as phishing, malware, spam, and denial of service (DoS) or distributed denial of service (DDoS) incidents?
AWS Abuse
What is aconfiguration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef, and Puppet?
AWS OpsWorks
What service will allow you to safely store and automatically rotate database secrets for services such as Amazon RDS and Amazon Redshift?
AWS Secrets Manager
What AWS services does Amazon EBS use natively for encryption?
AWS KMS
What is a managed service that enables you to create and control the keys used for cryptographic operations easily by providing a highly available key generation, storage, management, and auditing solution for you to encrypt or digitally sign data within your own applications or control the encryption of data across AWS services?
AWS Key Management Service (KMS)
What are the key features of Route 53?
- Resolver - get recursive DNS for your Amazon VPC and on-premises networks.
- Traffic flow - route end users to the best endpoint for your application based on geoproximity, latency, health, and other considerations.
- Latency based routing - route end users to the AWS region that provides the lowest possible latency.
- Geo DNS - route end users to a particular endpoint that you specify based on the end user’s geographic location.
- Private DNS for Amazon VPC - Manage custom domain names for your internal AWS resources without exposing DNS data to the public Internet.
- DNS Failover - automatically route your website visitors to an alternate location to avoid site outages.
- Health Checks and Monitoring - monitor your application’s health and performance, as well as your web servers and other resources.
- Domain Registration - search for and register available domain names or transfer in existing domain names.
What is a software development platform to deploy apps where apps are packaged in containers that can be run on any OS, allowing the apps to run the same regardless of where they run?
Docker
What is a private docker repository, which stores docker images?
Amazon Elastic Container Registry
What can speed up content transfers to and from Amazon S3 by as much as 50% - 500% for long-distance transfer of larger objects. Customers who have either web or mobile applications with widespread users or applications hosted far away from their S3 bucket can experience long and variable upload and download speeds over the Internet?
Amazon S3 Transfer Acceleration
A customer plans to use Amazon S3 to store their less frequently accessed data and reduce their costs. The data is re-creatable and will be used as a secondary backup. Which of the following storage classes is the cheapest and most suitable option?
S3 One Zone -IA
What is built by AWS solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability. These accelerators reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately?
AWS Quick Starts
A company is planning to launch an Amazon EC2 instance with an attached EBS volume in a default configuration. You will be charged only for the EBS storage in which instance state?
Stopped
What is an AWS provisions encryption hardware?
AWS CloudHSM
Which of the following pricing options will automatically reduce your cost on any EC2 instance usage regardless of region, instance family, size, OS, or tenancy?
Savings Plans
What allows you to seamlessly set up, run, and scale popular open-Source compatible in-memory data stores in the cloud. Build data-intensive apps or boost the performance of your existing databases by retrieving data from high throughput and low latency in-memory data stores?
Amazon ElastiCache
What are the different types of ElastiCache services?
ElastiCache for Redis - it is a blazing fast in-memory data store that provides sub-millisecond latency to power internet-scale real-time applications.
ElastiCache for Memcached- a Memcached-compatible in-memory key-value store service that can be used as a cache or a data store.
ElastiCache for Redis Global Database - you can write to your ElastiCache for Redis cluster in one region and have the data available to be read from two other cross-region replica clusters, thereby enabling low-latency reads and disaster recovery across regions.
What is a security service that uses machine learning to automatically discover, classify, and protect sensitive data in AWS that recognizes sensitive data such as personally identifiable information (PII) or intellectual property and provides you with dashboards and alerts that give visibility into how these data are being accessed or moved?
Amazon Macie
What is a highly scalable and cost-effective service for sending and receiving email that eliminates the complexity and expense of building an in-house email solution or licensing, installing, and operating a third-party email solution by allowing use of SMTP interface or one of the AWS SDKs to integrate Amazon SES directly into your existing applications, as well as also embedding the email sending capabilities of Amazon SES into the software you already use, such as ticketing systems and email clients?
Amazon Simple Email Service
Which AWS service is primarily used for software version control?
AWS CodeCommit
What is a fully-managed source control service that hosts secure Git-based repositories, which makes it easy for teams to collaborate on code in a secure and highly scalable ecosystem?
AWS CodeCommit
Which aspects of security on AWS are customer responsibilities? (Select TWO.)
- Availability of AWS regions
- Physical access controls
- Server-side encryption
- Patching of storage systems
- Setting up account pw policies
- Server-side encryption
- Setting up account pw policies
What makes it easy to add image and video analysis to your applications, allowing it to identify the objects, people, text, scenes, and activities, as well as detect any inappropriate content?
Amazon Rekognition
What is an automatic speech recognition (ASR) service that makes it easy for developers to add speech-to-text capability to their applications?
Amazon Transcribe
What svc identifies the language of the text; extracts key phrases, places, people, brands, or events; understands how positive or negative the text is; analyzes text using tokenization and parts of speech; and automatically organizes a collection of text files by topic?
Amazon Comprehend
Which of the following AWS services are compute services? (Select TWO.)
- Amazon Inspector
- AWS Batch
- AWS CloudTrail
- Amazon EFS
- AWS Elastic Beanstalk
- AWS Elastic Beanstalk
- AWS Batch
What is a PaaS that is a developer centric view of deploying an application on AWS?
AWS Elastic Beanstalk
Which AWS service or feature can be used to restrict the individual API actions that users and roles in each member account can access?
AWS Organizations
How can a user quickly determine if any Amazon EC2 instances have ports that allow unrestricted access?
AWS Trusted Advisor
What scans your AWS infra, compares it to AWS best practices, and provides recommended actions?
AWS Trusted Advisor
What can be used to quickly connect from an office to an Amazon VPC?
AWS managed VPN (via Amazon VPC)
How many regions can ELB span?
1
What helps you protect secrets needed to access your applications, services, and IT resources, and also enables you to easily rotate, manage, and retrieve database credentials, API keys, and other secrets throughout their lifecycle?
Internet gateway
What is used for outbound internet access for instances running in a private SUBNET?
NAT Gateway
What is AWS vs. customer responsible for in using RDS?
AWS manage administration tasks including hardware provisioning, database setup, patching and backups.
Customers are responsible for configuring security groups to control access to the database.
Which AWS service can be used to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PC?
Elastic Transcoder
When storing sensitive company data in Amazon S3, which security best practices should customers follow?
“Enable S3 server-side encryption on the S3 bucket”
AWS recommend enabling encryption of data at rest. One of the options for encrypting data in S3 is to enable server-side encryption on the S3 bucket. With Server-side encryption, Amazon S3 encrypts objects before saving them to disks in the AWS data centers and then decrypts the objects when they are downloaded.
What do AWS Cost Management tools include?
Services, tools, and resources to organize and track cost and usage data, enhance control through consolidated billing and access permissions, enable better planning through budgeting and forecasts, and further lower costs with resources and pricing optimizations.
Which is built by Amazon Web Services (AWS) solutions architects and partners to help you deploy popular technologies on AWS, based on AWS best practices for security and high availability to reduce hundreds of manual procedures into just a few steps, so you can build your production environment quickly and start using it immediately, including AWS CloudFormation templates that automate the deployment and a guide that discusses the architecture and provides step-by-step deployment instructions?
Quick Starts
What are the benefits of CloudFront?
– Cache content at Edge Location for fast distribution to customers.
– Built-in Distributed Denial of Service (DDoS) attack protection.
– Integrates with many AWS services (S3, EC2, ELB, Route 53, Lambda).
Which AWS service or feature can be used to capture information about inbound and outbound IP traffic on network interfaces in a VPC?
VPC Flow Logs
A Cloud Practitioner wants to configure the AWS CLI for programmatic access to AWS services. Which credential components are required?
Access key = access key ID & secret access key
What are the names of two types of AWS Storage Gateway?
Gateway Virtual Tape Library & File Gateway
What service enables hybrid storage between on-premises environments and the AWS Cloud? What are the types?
AW Storage Gateway (file, volume, and tape)
What protects against common exploits that could compromise application availability, compromise security or consume excessive resources?
AWS WAF
What is a managed Distributed Denial of Service (DDoS) protection service?
AWS Shield
A user has limited knowledge of AWS services, but wants to quickly deploy a scalable Node.js application in an Amazon VPC.
Which service should be used to deploy the application?
AWS Elastic Beanstalk
