New Course

Question 1

What is an IAM Role?

Answer 1

A permission/policy assigned to another AWS resource

Question 2

What is an IAM User?

Answer 2

An end user, usually an employee

Question 3

What is an IAM Group?

Answer 3

A collection of users. Each user will inherit the permissions assigned to the group.

Question 4

What is an IAM Policy?

Answer 4

A JSON document detailing what permissions a User/Group/Role has for specific services.

Question 5

Is S3 Block Based or Object Based?

Answer 5

Object Based

Question 6

What is a good way to prevent deleting objects from S3?

Answer 6

Enable Multi Factor Auth Delete in S3

Question 7

What is S3 Intelligent Tiering?

Answer 7

The latest Storage Tier, using Machine Learning to move your data around depending on access frequency.

Question 8

What is S3 Glacier Deep Archive?

Answer 8

The lowest cost data archival with 12 hour retrieval time

Question 9

What are the 6 services S3 charges for?

Answer 9

Storage
Requests
Storage Management
Data Transfer
Transfer Acceleration
Cross Region Replication

Question 10

What is Reduced Redundancy Storage known as?

Answer 10

S3 One Zone IA

Question 11

What is the default security setting for new S3 buckets?

Answer 11

New buckets are private

Question 12

In S3, what level do Access Control Lists operate at?

Answer 12

The object level. Bucket level uses Bucket Policies

Question 13

Are Cloudfront Edge locations Read Only?

Answer 13

No, you can write to them

Question 14

Can I clear the Cloudfront edge location cache?

Answer 14

Yes but you will be charged.

Question 15

What is Storage Gateway?

Answer 15

It is an AWS virtual/physical device that will replicate your data into AWS and can be used to cache S3 locally at a customers site.

Question 16

What are the 3 type of Storage Gateway?

Answer 16

File Gateway
Volume Gateway
Tape Gateway

Question 17

What is a Convertable Instance?

Answer 17

Allows you to change the instance type of the reserved instance.

Question 18

What are the API names for the 5 EBS types?

Answer 18

General Purpose SDD - gp2
Provisioned IOPS SSD - io1
Throughput Optimized HDD - st1 
Cold HDD - sc1
EBS Magnetic - Standard

Question 19

What are the use cases for the 5 EBS types?

Answer 19

General Purpose SDD - Most Workloads
Provisioned IOPS SSD - Databases
Throughput Optimized HDD - Big Data Warehouses
Cold HDD - File Servers
EBS Magnetic - Infrequently accessed

Question 20

What does OLTP stand for?

Answer 20

Online transaction processing

Question 21

What does OLAP stand for?

Answer 21

Online analytical processing?

Question 22

What is Elasticache used for?

Answer 22

To speed up performance of existing databases for frequent identical queries

Question 23

What is the data consistency model in DynamoDB?

Answer 23

Eventual Consistent Reads by default

Strong consistency for less than 1 second

Question 24

How does Aurora store your data?

Answer 24

2 copies of data in each availability zone, with a minimum of 3 availability zones. 6 copies

Question 25

What is the difference between an Alias Record and a CNAME?

Answer 25

An Alias Record will point a naked domain, www.example.com, to an EC2 instance. A CNAME will point an AWS resource to another. Always choose Alias Record.

Question 26

What is Geoproximity Routing Policy?

Answer 26

It allows you to route traffic based on the geolocation of your users AND your resources

Question 27

For High Availability, would you choose a Nat Instance or a NAt Gateway?

Answer 27

Nat Gateway

Question 28

What happens if you do not explicitly associate a subnet with a Network ACL?

Answer 28

It is automatically associated with the default ACL

Question 29

What is the basic requirement when creating an ALB?

Answer 29

At least 2 public subnets

Question 30

What is a VPC Flow Log?

Answer 30

A feature that allows you to capture IP traffic that goes to and from network interfaces in your VPC

Question 31

What is a VPC Endpoint?

Answer 31

Allows you to connect your VPC to supported AWS services without leaving the AWS network.

Question 32

What is scaling out?

Answer 32

When we use auto-scaling groups and add extra ec2 instances

Question 33

What is scaling up?

Answer 33

When we increase the resources inside the ec2 instances, like t2.micro to m1.large

Question 34

Life-cycle management and Infrequent Access storage is available for what services?

Answer 34

S3 and EFS

Question 35

How can you set up a solution that incorporates single sign-on feature from your corporate AD or LDAP directory and also restricts access for each individual user to a designated user folder in an S3 bucket?

Answer 35

• Setup a Federation proxy or Identity provider, and use AWS STS to generate temporary tokens.
• Configure an IAM Role and an IAM Policy to access the bucket

Question 36

How can you monitor all the COPY and UNLOAD traffic of your Redshift cluster that moves in and out of your VPC?

Answer 36

Enable Enhanced VPC routing on your Amazon Redshift cluster

Question 37

Which steps would you take to apply high availability and fault tolerance to an application which requires a static IP address hard-coded into the backend, preventing use of an ALB?

Answer 37

• Assign an Elastic IP address to the instance.
• Write a script that checks the health of the EC2 instance. If the health check fails, the script will switch the elastic IP to a stand-by instance.

Question 38

Images stored in S3 are being distributed using Cloudfront. Paid users have access to certain images. how do you restrict access to these users without changing the current urls?

Answer 38

• Use Signed Cookies to control who can access the private files.
• For paid members, send the “Set-Cookie” header to the viewer which will unlock for them.

Question 39

What service would you use if your database should be highly available and provides you with full control over its underlying operating system?

Answer 39

EC2 instances with data replication between 2 different AZs