MUST KNOW TOPICS Flashcards
VERY IMPORT TOPICS FOR EXAM
_____ CAN BE USED TO STORE THE PENDING DATABASE WRITES, AND THESE WRITES CAN THEN BE ADDED TO THE DATABASE
SQS FIFO
___ALLOWS YOU TO SCALE YOUR APP IN RESPONSE TO PREDICTABLE LOAD CHANGES
SCHEDULE SCALING
____USED FOR APPLICATIONS THAT REQUIRE HIGH I INPUT/OUTPUTS OPEREATIONS PER SEC AND IS MAINLY USED FOR RDS
EBS PROVISIONED IOPS SSD
____SUPPORTS THE DEPLOYMENT OF WEB APPLICATIONS FROM DOCKER CONTAINERS
ELASTIC BEANSTALK
____INSTANCES ARE NORMALLY USED IN BATCH PROCESSING JOBS
SPOT INSTANCES
____HELPS IN HORIZONTAL SCALING OF AWS RESOURCES
SQS
_____ROUTING LETS YOU CHOOSE THE RESOURCES THAT SERVE YOUR TRAFFIC BASED ON THE GEOGRAPHIC LOCATION OF YOUR USERS
GEOLOCATION ROUTING
_____ESTABLISHES COMMUNICATION ACROSS BOTH ENVIRONMENTS OVER THE INTERNET
VIRTUAL PRIVATE CONNECTION
_____SERVERLESS COMPONENT FOR MANAGING ACCESS TO APIs
API GATEWAY
____CAN BE USED TO MANAGE CONTAINERS
ECS
PROVIDE CONTENT ACCESS TO CERTAIN USERS WHO PAID A FEE
CLOUDFRONT SIGNED URLS
STORING S3 BUCKETS IN A DIFFERENT GEO LOCATION IS KNOWN AS
CROSS REGION REPLICATION
S3 __________ TO HIGH REQUEST RATES
AUTOMATICALLY SCALES
USED TO DECOUPLE SYSTEMS, CAN STORE REQUESTS TO PROCESS VIDEOS TO BE PICKED UP BY THE WORKER PROCESSES
AMAZON SQS
______ VOLUMES PROVIDE LOW-COST MAGNETIC STORAGE THAT DEFINES PERFORMANCES IN TERMS OF THROUGHPUT
COLD HDD
____ENABLES CUSTOMERS TO IMPORT VIRUTAL MACHINE IMAGES IN ORDER TO CREATE AMAZON EC2 INSTANCES
VM IMPORT/EXPORT
______DATABASES ARE BETTER FOR PRODUCTION ENVIRONMENTS RATHER THAN DEVELOPMENT ENVIRONMENTS
MUTLI-AZ DATABASES
{TERM LINK} HIGH AVAILABILITY
REPLICATE INTO ANOTHER AVAILABILITY ZONE
____MONITORS THE HEALTH AND PERFORMANCE OF YOUR WEB APPLICATION, WEB SERVERS AND OTHER RESOURCES.
ROUTE 53 HEALTH CHECKS
HEALTH CHECK MONITORS:
- HEALTH OF SPECIFIED RESOURCE
- STATUS OF OTHER HEALTH CHECKS
- STATUS OF AN AMAZON CLOUDWATCH ALARM
PREREQUISITE FOR INSTANCES TO BE ACCESSED FROM THE INTERNET
INTERNET GATEWAY MUST BE ATTACHED TO THE VPC
BOTH ______ AND ______ ARE COMPLETE SERVERLESS OFFERINGS FROM AWS WHICH YOU DONT NEED TO MAINTAIN SERVERS AND APPLICATIONS HAVE AUTOMATED HIGH AVAILABILITY
S3 AND DYNAMODB
____data encryption at rest—that is, Amazon S3 encrypts your data at the object level as it writes it to disks in its data centers and decrypts it for you when you access it.
SERVER SIDE ENCRYPTION
SERVER SIDE ENCRYPTION THAT PROVIDES YOU WITH AN AUDIT TRAIL OF KEYS USED AND BY WHOM
SSE-KMS
YOU, THE CUSTOMER, MANAGE THE ENCRYPTION KEYS
SSE-C
THE KEY IS ENCRYPTED WITH A MASTER KEY THAT IS REGULARLY ROTATED, USES 256-BIT AES TO ENCRYPT DATA
SSE-S3
BY DEFAULT_______ OF AN EC2 INSTANCE IS RELEASED AFTER THE INSTANCE IS STOPPED AND STARTED
PUBLIC IP ADDRESS
_______ IS A PERFECT STORAGE SOLUTION FOR AUDIO AND TEXT FILES
AMAZON S3
WHAT AWS FEATURE ALLOWS YOU TO MODEL YOUR APPLICATION AS A STACK
AWS OPWORKS
____ PROVIDE ENHANCED PERFORMANCE AND DURABILITY FOR DATABASE INSTANCES
AWS RDS READ REPLICA
WHICH SSD WORKS WITH DATABASES SUCH AS MONGODB, CASSANDRA, MYSQL, MICROSOFTSQLSERVER, MYSQL
PROVISIONED IOPS SSD
ARE READ REPLICAS REPLICATED “ASYNCHRONOUSLY” OR “SYNCHRONOUSLY”?
ASYNCHRONOUSLY
READ REPLICAS HAVE TWO CAVEATS
SUBJECT TO REPLICATION LAG AND MIGHT BE MISSING SOME OF THE LATEST TRANSACTIONS
____WEB SERVICE THAT MAKES IT EASY TO SET UP MANAGE AND SCALE A DISTRIBUTED IN-MEMORY DATA STORE OR CACHE ENVIRONMENT IN THE CLOUD
ELASTICACHE
S3 FOLLOW AN ___ ____ MODEL. HENCE, FOR OBJECT UPDATES MADE TO THE SAME KEY, THERE CAN BE A SLIGHT DELAY WHEN THE UPDATED OBJECT IS PROVIDED BACK TO THE USER
EVENTUAL CONSISTENT MODEL
_____ USES MULTI-FACTOR AUTHENTICATION, CAN BE USED TO PROVIDE AN ADDITIONAL LAYER OF SECURITY.
,MFA DELETE CAPABILITY
MANUAL SNAPSHOTS ACCRUE STORAGE CHARGES, SO YOU SHOULD DELETE THEM IF….
YOU NO LONGER NEED THEM
SNAPSHOTS ARE DEFINED AS
INCREMENTAL BACKUPS
______IS A DROP-IN REPLACEMENT FOR MYSQL AND POSTGRESQL
AURORA
APPS > ______ > INTERNET, AWS, VPCs
API GATEWAY
USED TO ROUTE TRAFFIC TO MULTIPLE RESOURCES IN PROPORTIONS THAT YOU SPECIFY
WEIGHTED ROUTING POLICY
USE WHEN YOU WANT TO ROUTE TRAFFIC BASED ON THE LOCATION OF YOUR USERS
GEOLOCATION
USE WHEN YOU WANT TO CONFIGURE ACTIVE-PASSIVE FAIL OVER
FAIL OVER ROUTING POLICY
IS USED TO CREATE AND PROVIDE TRUSTED USERS WITH TEMPORARY SECURITY CREDENTIALS THAT CAN CONTROL ACCESS TO YOUR AWS RESOURCES
AWS STS
SSD USED FOR MISSION CRITICAL LOW LATENCY OR HIGH THROUGHPUT WORKLOADS?
PROVISIONED IOPS SSD
ALL OBJECTS BY DEFAULT ARE PUBLIC OR PRIVATE?
PRIVATE
THREE WAYS AN OBJECT OWNER CAN SHARE OBJECTS
- CREATING A PRE-SIGNED URL
- USING SECURITY CREDENTIALS
- GRANT TIME-LIMITED PERMISSION TO DOWNLOAD OBJECTS
YOU CAN LAUNCH UP TO HOW MANY NUMBER OF SECURITY GROUPS TO AN INSTANCE?
5
COMPUTE SERVICE THAT RUNS BACKEND CODE
AWS LAMBDA
AWS LAMBDA RUNS BACKEND CODE TO RESPOND TO EVENTS SUCH AS:
- OBJECT UPLOADS TO AMAZON S3
- UPDATES TO DYNAMO DB TABLES
- DATA IN KINESES STREAMS
- IN-APP ACTIVITY
AWS LAMBDA PROVIDES REAL TIME METRICS AND LOG TO….
AMAZON CLOUDWATCH
THIS STORAGE CLASS IS USED FOR LONG-TERM STORAGE, BACKUPS, AND AS A DATA STORE FOR DISASTER RECOVERY FILES. ALSO, USED FOR DATA THAT IS ACCESSED LESS FREQUENTLY
S3 INFREQUENT ACCESS
MANAGED SERVICE THAT MAKES IT EASY FOR YOU TO RUN KUBERNETES ON AWS WITHOUT NEEDING TO INSTALL AND OPERATE YOUR OWN KUBERNETES CLUSTERS
AWS EKS (ELASTIC CONTAINER SERVICE FOR KUBERNETES)
BY DEFAULT EBS VOLUMES ARE REPLICATED WITHIN THEIR
AZ
____IS A FEATURE THAT ENABLES YOU TO CAPTURE INFORMATION ABOUT THE IP TRAFFIC GOING TO AND FROM NETWORK INTERFACES IN YOUR VPC
VPC FLOW LOGS
TO ENABLE ACCESS TO CLUSTERS FROM SQL CLIENT TOOLS YOU MODIFY
VPC SECURITY GROUPS
____ _____ ENABLES INSTANCES IN A PRIVAET SUBNET TO CONNECT TO THE INTERNET OR OTHER AWS SERVICES, BUT IT PREVENTS THE INTERNET FROM INITIATING CONNECTIONS WITH THOSE INSTANCES
NAT GATEWAY
YOU CAN ONLY USE _______ TO CONTROL THE TRAFFIC TO AND FROM THE SUBNET IN WHICH THE NAT GATEWAY IS LOCATED
NACL
WHAT ARE THE SOURCE PORTS FOR NAT GATEWAY
PORTS 1024 - 65535
___ ___ ENABLES YOU TO PRIVATELY CONNECT YOUR VPC TO SUPPORTED AWS SERVICES.
VPC ENDPOINT
USING THIS FEATURE, TRAFFIC BETWEEN YOUR VP AND OTHER SERVICES DOES NOT LEAVE THE AMAZON NETWORK
VPC ENDPOINT
_____ ARE DESIGNED IN SUCH A WAY SO THAT YOUR APPLICATIONS CAN SECURELY MAKE API REQUESTS FROM YOUR INSTANCES
IAM ROLES
CLOUD FORMATION MAPPING:
MAPS KEY VALUE PAIRS
CLOUDBASED HARDWARE SECURITY MODULE USED FOR ENCRYPTION OF DATA AT REST ON EBS VOLUMES
HSM MODULES
NOSQL DB, FULLY MANAGED BY AWS, SCALES BASED ON DEMAND
DYNAMODB
MYSQL DATABASE
AURORA
IF YOU DISABLE AUTOMATED BACKUPS FOR RDS YOU ARE DISABLING
POINT-IN-TIME RECOVERY
INFRASTRUCTURE AS CODE
CLOUDFORMATION
RECOMMENDED FOR APPLICATIONS THAT BENEFIT FROM LOW NETWORK LATENCY, HIGH NETWORK THROUGHPUT AND IF MAJORITY OF TRAFFIC IS BETWEEN THE INSTANCES IN THE GROUP
CLUSTER PLACEMENT GROUPS
THE______ FEATURE MAKES IT EASY TO ELASTICALLY SCALE OUT BEYOND THE CAPACITY CONSTRAINTS OF A SINGLE DB INSTANCE FOR READ-HEAVY DATABASE WORKLOADS, CREATE A _______ TO INCREASE AGGREGATE READ THROUGHPUT
READ REPLICA
