New Course Flashcards
What is an IAM Role?
A permission/policy assigned to another AWS resource
What is an IAM User?
An end user, usually an employee
What is an IAM Group?
A collection of users. Each user will inherit the permissions assigned to the group.
What is an IAM Policy?
A JSON document detailing what permissions a User/Group/Role has for specific services.
Is S3 Block Based or Object Based?
Object Based
What is a good way to prevent deleting objects from S3?
Enable Multi Factor Auth Delete in S3
What is S3 Intelligent Tiering?
The latest Storage Tier, using Machine Learning to move your data around depending on access frequency.
What is S3 Glacier Deep Archive?
The lowest cost data archival with 12 hour retrieval time
What are the 6 services S3 charges for?
Storage Requests Storage Management Data Transfer Transfer Acceleration Cross Region Replication
What is Reduced Redundancy Storage known as?
S3 One Zone IA
What is the default security setting for new S3 buckets?
New buckets are private
In S3, what level do Access Control Lists operate at?
The object level. Bucket level uses Bucket Policies
Are Cloudfront Edge locations Read Only?
No, you can write to them
Can I clear the Cloudfront edge location cache?
Yes but you will be charged.
What is Storage Gateway?
It is an AWS virtual/physical device that will replicate your data into AWS and can be used to cache S3 locally at a customers site.
What are the 3 type of Storage Gateway?
File Gateway
Volume Gateway
Tape Gateway
What is a Convertable Instance?
Allows you to change the instance type of the reserved instance.
What are the API names for the 5 EBS types?
General Purpose SDD - gp2 Provisioned IOPS SSD - io1 Throughput Optimized HDD - st1 Cold HDD - sc1 EBS Magnetic - Standard
What are the use cases for the 5 EBS types?
General Purpose SDD - Most Workloads Provisioned IOPS SSD - Databases Throughput Optimized HDD - Big Data Warehouses Cold HDD - File Servers EBS Magnetic - Infrequently accessed
What does OLTP stand for?
Online transaction processing
What does OLAP stand for?
Online analytical processing?
What is Elasticache used for?
To speed up performance of existing databases for frequent identical queries
What is the data consistency model in DynamoDB?
Eventual Consistent Reads by default
Strong consistency for less than 1 second
How does Aurora store your data?
2 copies of data in each availability zone, with a minimum of 3 availability zones. 6 copies
What is the difference between an Alias Record and a CNAME?
An Alias Record will point a naked domain, www.example.com, to an EC2 instance. A CNAME will point an AWS resource to another. Always choose Alias Record.
What is Geoproximity Routing Policy?
It allows you to route traffic based on the geolocation of your users AND your resources
For High Availability, would you choose a Nat Instance or a NAt Gateway?
Nat Gateway
What happens if you do not explicitly associate a subnet with a Network ACL?
It is automatically associated with the default ACL
What is the basic requirement when creating an ALB?
At least 2 public subnets
What is a VPC Flow Log?
A feature that allows you to capture IP traffic that goes to and from network interfaces in your VPC
What is a VPC Endpoint?
Allows you to connect your VPC to supported AWS services without leaving the AWS network.
What is scaling out?
When we use auto-scaling groups and add extra ec2 instances
What is scaling up?
When we increase the resources inside the ec2 instances, like t2.micro to m1.large
Life-cycle management and Infrequent Access storage is available for what services?
S3 and EFS
How can you set up a solution that incorporates single sign-on feature from your corporate AD or LDAP directory and also restricts access for each individual user to a designated user folder in an S3 bucket?
- Setup a Federation proxy or Identity provider, and use AWS STS to generate temporary tokens.
- Configure an IAM Role and an IAM Policy to access the bucket
How can you monitor all the COPY and UNLOAD traffic of your Redshift cluster that moves in and out of your VPC?
Enable Enhanced VPC routing on your Amazon Redshift cluster
Which steps would you take to apply high availability and fault tolerance to an application which requires a static IP address hard-coded into the backend, preventing use of an ALB?
- Assign an Elastic IP address to the instance.
- Write a script that checks the health of the EC2 instance. If the health check fails, the script will switch the elastic IP to a stand-by instance.
Images stored in S3 are being distributed using Cloudfront. Paid users have access to certain images. how do you restrict access to these users without changing the current urls?
- Use Signed Cookies to control who can access the private files.
- For paid members, send the “Set-Cookie” header to the viewer which will unlock for them.
What service would you use if your database should be highly available and provides you with full control over its underlying operating system?
EC2 instances with data replication between 2 different AZs
