Notes

Question 1

What is Durability?

Answer 1

Durability can be described as the probability that you will eventually be able to get your object back from the storage system from one of the stores and archives

Question 2

What is Availability?

Answer 2

Availability is the probability that you will be able to get an object back the moment that you ask for it (the object might be persistent but you might not be able to read it all the time)

Question 3

What are the 5 pillars of the Well-Architected Framework?

Answer 3

• Operational Excellence
• Security
• Reliability
• Performance Efficiency
• Cost Optimization

Question 4

What are the 4 available plans for AWS Support?

Answer 4

• Basic
• Developer
• Business
• Enterprise

Question 5

How can you access AWS resources without an AWS Account?

Answer 5

You can authenticate using a corporate portal (SSO) which generates a SAML authentication response. This response is redirected to an AWS console endpoint which gives users account or IAM role access depending on the setup

Question 6

What type of consistency do new files have in S3?

Answer 6

Read after Write Consistency

Question 7

What type of consistency do updates to existing files in S3 have?

Answer 7

Eventual consistency

Question 8

What type of consistency does deletions in S3 have?

Answer 8

Eventual consistency

Question 9

If you update a file in S3, can you receive the file in a partially updated or corrupted state?

Answer 9

No, changes are atomic meaning that you will either receive the old version or the new version.

Question 10

What are the 5 storage classes for data?

Answer 10

• Standard
• Reduced Redundancy
• Standard Infrequently Accessed
• One Zone IA
• Archived (Glacier)

Question 11

If you have data that is highly reproducible and are willing to lose some of it, what is the best storage option without losing availability?

Answer 11

Reduced Redundancy

Question 12

If you have data that needs strong durability, but does not need to be read often, what is the best storage option without losing availability?

Answer 12

Standard Infrequently Accessed

Question 13

What is the most cost effective data storage option for data that almost never has to be accessed and does not require immediate access?

Answer 13

Archive in Glacier

Question 14

What are the 3 encryption options for S3 data at rest?

Answer 14

• SSE-S3 : Fully managed encryption
• SSE-C: Encryption at rest with custom keys that are not stored by AWS
• SSE-KMS : Encryption at rest using keys managed by Amazon Key Management Service (KMS)

Question 15

What is a way to ensure greater security to protect against deletes in S3?

Answer 15

You can enable multi factor authentication to be able to delete a file

Question 16

How can you optimize data transfer if latency is an issue (ex. uploading a lot of files)?

Answer 16

S3 Transfer Acceleration

Question 17

How can you optimize data transfer if transfer speed is an issue (ex. uploading a large file)?

Answer 17

Multi-Part Upload

Question 18

What AWS service should you use to transfer massive amounts of data into AWS?

Answer 18

Snowball

Question 19

If you need a hybrid storage solution (both in the cloud and on premises), what service should you use?

Answer 19

Storage Gateway

Question 20

What are the four gateway types for Storage Gateway?

Answer 20

• File Gateway: For flat files, stored directly in S3
• Cached Volumes Gateway: stores files in the cloud and keeps a local cache to speed up reads. Block based storage for things like Virtual Hard Disks
• Stored Volumes Gateway: optimized for low latency, storing files locally and asynchronously sends a back up point-in-time snapshot to S3. Block based storage for things like Virtual Hard Disks
• Gateway Virtual Tape Library:
  Used for backup and uses popular backup applications like NetBackup

Question 21

What are the requirements to enable Cross Region Replication (CRR) on an S3 bucket?

Answer 21

• Both source and destination bucket must have versioning enabled

Question 22

What is the default url for a bucket named MYBUCKET with a resource named MYRESOURCE

Answer 22

https://MYBUCKET.s3.amazonaws.com/MYRESOURCE

Question 23

What is the default url for a static web page hosted in an S3 bucket named MYBUCKET in us-east-1?

Answer 23

https://MYBUCKET.s3-website-us-east-1.amazonaws.com

Question 24

What is Amazon SQS

Answer 24

A message based queue system. The system is a pull based system meaning that consumers of the queue have to read from the queue instead of having the data pushed to them.

Question 25

What are the 2 types of queues for SQS?

Answer 25

• Standard : Higher throughput, messages delivered at least once, best effort ordering
• FIFO: Lower throughput, messages processed exactly once, guarantees order

Question 26

What is the visibility timeout in connection with Amazon SQS?

Answer 26

The visibility timeout is the time it takes for a message to become visible again within the queue. If the consumer takes too long to process the data, then the message will become visible again and can be consumed again. The default is 30s and it can be set as high as 12 hours.

Question 27

What are delay seconds in connection with Amazon SQS?

Answer 27

Delay seconds is the amount of time it takes for a message to become visible within the queue. The default is 0 seconds and it can be set as high as 15 minutes.

Question 28

What is Long Polling in connection with Amazon SQS?

Answer 28

Long polling reduces the number of polls to the queue from the consumer. It does this by not responding to the consumer until a message is found or a set amount of time has passed.

Question 29

What is the maximum retention period for Messages in SQS?

Answer 29

14 days

Question 30

What are the two types of virtual machine images

Answer 30

• HVM (Hardware Virtual Machine): fully virtualized hardware and boot, best performance.
• PV (Paravirtual) : uses a special boot loader that runs on hardware that doesn’t have support for virtualization. Recommended for older generation instances.

Question 31

What is the Metadata API endpoint?

Answer 31

https://169.254.169.254/latest/meta-data

Question 32

If you are planning on running EC2 instances for several years and want to reduce costs and ensure compliance, what should you use?

Answer 32

Dedicated Hosts or Dedicated Instances

Question 33

What is the difference between Dedicated Hosts and Dedicated Instances

Answer 33

Dedicated hosts gives you additional visibility and control over the number of instances on your physical server which allows for the use of server bound licenses.

Dedicated Instances are less configurable and don’t allow added capacity.

Question 34

What is an EBS Volume?

Answer 34

An EBS volume is a block level storage devices that you can attach to a SINGLE ec2 instance. That can be used as primary storage for data that requires frequent updates such as storage for a database application.

Question 35

How can you back up an EBS volume?

Answer 35

AWS Snapshots. These are point in time, incremental backups of your data. Each snapshot saves the disk changes since the last snapshot.

Question 36

(T/F) A snapshot is by default available to all regions?

Answer 36

False, a snapshot is only available in the region it was created and must be copied to another region before using it to create new volumes

Question 37

How can you take application consistent snapshots of your data?

Answer 37

Shut down your EC2 instance and detach the EBS volume. Then take a snapshot

Question 38

How can you encrypt an EBS volume?

Answer 38

Take a snapshot, encrypt the snapshot, and then create a volume using the encrypted snapshot.

Question 39

What is Amazon ECS?

Answer 39

AWS Container Service: This is a container management service that can be used to manage and deploy docker containers across clusters of EC2 instances.

Question 40

What is Dynamo DB?

Answer 40

AWS NoSQL database service

Question 41

How do you control the performance of a Dynamo DB instance?

Answer 41

Dynamo DB performance is defined using read capacity units and write capacity units.

Question 42

What is the capacity of a read capacity unit in Dynamo DB?

Answer 42

A read capacity unit means one strongly consistent read per second or two eventually consistent reads per second for up to 4KB in size.

Question 43

What is the capacity of a write capacity unit in Dynamo DB?

Answer 43

A write capacity unit means one write per second for an item up to 1KB in size.

Question 44

What is Amazon Redshift?

Answer 44

AWS analytics database. This is often used to do columnar operations on databases (ex. find total number of units sold across all stores). Redshift is commonly used with OLAP (online analytics processing)

Question 45

What types of databases does Amazon RDS Support?

Answer 45

• Oracle
• Sql Server
• MySQL
• MariaDB
• PostgreSQL
• Amazon Aurora

Question 46

If you want duplicate a Relational Database for read operations what should you use

Answer 46

Read Replicas

Question 47

What consistency do Read Replicas of DB’s have

Answer 47

Eventual Consistency

Question 48

What types of Databases are Read Replicas supported for?

Answer 48

• MySQL
• MariaDB
• PostgreSQL
• Amazon Aurora

Question 49

Can you encrypt an unencrypted database directly?

Answer 49

No, you have to create a new database that is encrypted and then manually copy over your data.

Question 50

What can you do to protect the availability of your database against outages or failures?

Answer 50

Use Multi-AZ deployment which will automatically route traffic to the replica upon failure.

Question 51

What is AWS VPC?

Answer 51

Amazon’s Virtual Private Cloud which allows you to create complex private networks in the cloud.

Question 52

What is AWS Cloudwatch?

Answer 52

Cloudwatch is a service that allows you to collect metrics, logs, and monitor provisioned resources such as EC2 instances. You can also create dashboards and alerts around these metrics (stored for 15 months by default)

Question 53

What is AWS SWF?

Answer 53

Amazons Simple Workflow Service allows you to define and run workflows with parallel or sequential steps. This is a push based system than can allow for manual (human) steps.

Question 54

What are AWS Organizations?

Answer 54

Organizations allow policy based managements for multiple aws accounts, creation of groups of accounts, and a centralized billing location for multiple accounts with consolidated billing.

Question 55

(T/F) When using consolidated billing, the payment account should only be used for billing purposes?

Answer 55

True

Question 56

What is the benefit of consolidated billing?

Answer 56

Volume based pricing can reduce costs for large volumes of use.

Question 57

What are the benefits of tagging resources in AWS?

Answer 57

Tags can be used for Cost Allocation and Conditional Access Control Policies which define permission based on tags

Question 58

What is a resource group?

Answer 58

A collection of resources that share one or more tags

Question 59

What are some ways you can mitigate against a DDOS attack?

Answer 59

• Distribute the load (ELB)
• Scale to absorb the attack (auto scaling)
• Use CloudWatch to analyze expected traffic
• Safeguard resources by using aliases to hide IPs
• Use CloudFront geo restriction
• NACLs

Question 60

T/F IAM is restricted to the region it was created in?

Answer 60

False. IAM roles are global

Question 61

What is RTO?

Answer 61

Recovery Time Objective: The time it takes after a disruption to restore a business process to its service level.

Question 62

What is RPO?

Answer 62

Recovery Point Objective: Acceptable amount of data loss measured in time before the disaster occurs

Question 63

What are the four techniques for disaster recovery from the Disaster Recovery White paper

Answer 63

• Backup & Restore: Data is backed up and restored. Nothing is running in the meantime
• Pilot light: Only minimal critical services while the rest are recreated and scaled
• Warm Standby: Fully functional site with minimal configuration is available and can be scaled during recovery
• Multi-site: Fully functional site with identical configuration is available and picks up the load

Question 64

You need to monitor the performance of your EC2 instances (including metrics such as CPU Utilization, Disk IO, etc.) Which service would best meet this requirement?

a) Cloudaudit
b) CloudWatch
c) CloudTrail
d) CloudMonitor

Answer 64

b) Cloudwatch

Question 65

Which AWS service is used for collating large amounts of data streamed from multiple sources?

a) Kinesis
b) SQS
c) Cloudcapture
d) CloudFront

Answer 65

a) Kinesis

Question 66

Which AWS service is a Content Delivery Network?

a) CloudFront
b) CloudStream
c) CloudPush
d) CloudFormation

Answer 66

a) CloudFront

Question 67

Which of the following is a petabyte scale data transfer solution?

a) Snowball
b) SQS
c) SWF
d) Avalanche

Answer 67

a) Snowball

Question 68

You need a service that will aggregate your data from multiple sources (S3, DynamoDB, RDS, etc.) and provide business intelligence based on this data. Which AWS service should you use?

a) Spice
b) CloudViewer
c) Quick Sight
d) CloudOracle

Answer 68

c) Quick Sight
- Quick Sight is a fast cloud powered business analytic service that makes it easy to build visualizations, perform analysis, and quickly get business insight from your data.

Question 69

Your system administrators need to receive notification of specified events affecting your AWS environment such as alarms. Which service should you enable?

a) Mobile Hub
b) Device Farm
c) SNS
d) Cognito

Answer 69

c) SNS

Question 70

What AWS Service would you use primarily for data warehousing?

a) Redshift
b) DynamoDB
c) DMS
d) RDS

Answer 70

Redshift

Question 71

Which AWS service would you use to migrate a database from Oracle to MySQL?

a) Redshift
b) DMS
c) RDS
d) Elasticache

Answer 71

c) DMS - AWS Database Migration Service

Question 72

Which AWS service allows you to run code without having to worry about provisioning any underlying resources (such as VMs, databases, etc.)

a) Lambda
b) EC2 Container Service
c) DynamoDB
d) EC2

Answer 72

a) Lambda

Question 73

You need to implement an automated service that will scan your AWS environment with the goal of both improving security and reducing costs

a) Service Catalog
b) Config Rules
c) CloudTrail
d) Trusted Advisor

Answer 73

d) Trusted Advisor

Question 74

An AWS VPC is a component of which group of AWS services?

a) Networking Services
b) Global Infrastructure
c) Compute Services
d) Database Services

Answer 74

a) Networking Services

Question 75

You need a configuration management service that will allow your system administrators to use Chef to configure and operate your web applications. Which AWS service would best suit your needs?

a) CloudTrail
b) OpsWorks
c) CloudWatch
d) Trusted Advisor

Answer 75

b) OpsWorks

Question 76

Your company is interested in implementing a VDI solution to replace their local desktop environment. Which AWS service should you consider?

a) ioT
b) WorkMail
c) WorkDocs
d) WorkSpaces

Answer 76

WorkSpaces

Question 77

What is the fundamental difference between Elastic BeanStalk and CloudFormation?

Answer 77

Elastic Beanstalk automatically handles the deployment of your code – from capacity provisioning, load balancing, auto-scaling to application health monitoring – based on the code you upload to it, whereas CloudFormation is an automated provisioning engine designed to deploy entire cloud environments via a JSON script.

Question 78

What does an AWS Region consist of?

Answer 78

A distinct location within a geographic area designed to provide high availability to a specific geography.

Question 79

Which AWS service is specifically designed to automatically provision the resources required to host the code a developer uploads during the Development process?

a) CloudFormer
b) Elastic Beanstalk
c) CloudFormation
d) CloudTrail

Answer 79

b) Elastic Beanstalk

Question 80

Which AWS service is specifically designed to assist you in processing large data sets?

a) Elasticache
b) Big data Processing
c) EMR
d) EC2

Answer 80

c) EMR - a service that makes it easy to process large amounts of data efficiently

Question 81

Which AWS service is effectively a NAS in the cloud, allowing you to connect it to multiple EC2 instances at once?

a) SQS
b) SNS
c) EBS
d) EFS

Answer 81

d) EFS

Question 82

You need to add new users to your AWS account and set password rotation policies for these new users. Which AWS service should you use to do so?

a) IAM
b) Inspector
c) Directory Service
d) Key Management Service

Answer 82

a) IAM

Question 83

Which of the following services connects an on-premise software appliance (or virtual machine) with cloud based storage?

a) S3
b) Snowball
c) Storage Gateway
d) Glacier

Answer 83

c) Storage Gateway

Question 84

Your digital media agency needs to convert its media files to formats that can be viewed on a variety of devices. Which AWS service should you use to meet this need?

a) SQS
b) SWF
c) Appstream
d) Elastic Transcoder

Answer 84

d) Elastic Transcoder

Question 85

Amazon’s highly scalable DNS service is known as

a) Directory Service
b) Route 53
c) CloudTrail
d) Elastic Map Reduce

Answer 85

b) Route53

Question 86

Describe Availability Zones

Answer 86

Distinct locations from within an AWS region that are engineered to be isolated from failures.

Question 87

You need to supply auditors with logs showing which Users provisioned given resources on your AWS infrastructure. Which service would best satisfy this need?

a) CloudFormation
b) OpsWorks
c) CloudTrail
d) CloudWatch

Answer 87

c) CloudTrail - a service that enables governance, compliance, operational auditing, and risk auditing of you AWS account.

Question 88

(T/F) Using SAML (Security Assertion Markup Language 2.0), you can give your federated users single sign-on (SSO) access to the AWS Management Console.

Answer 88

True

Question 89

Power User Access allows ________.

Answer 89

Access to all AWS services except the management of groups and users within IAM

Question 90

You have created a new AWS account for your company and are about to create your new users. What is a good strategy to consider in order to ensure that there is good security on these accounts?

Answer 90

Enact a strong password policy: user passwords must be changed every 45 days, with each password containing a combination of capital letters, lower case letters, numbers, and special symbols.

Question 91

T/F You only need to set up Users AND Policy documents only once, as these are applied globally?

Answer 91

True

Question 92

What is the default level of access a newly created IAM User is granted?

Answer 92

No access to any AWS services

Question 93

T/F IAM allows you to setup biometric authentication, so that no passwords are required?

Answer 93

False

Question 94

What is a Policy?

Answer 94

A document that provides a formal statement of one or more permissions

Question 95

What language are policy documents written in?

Answer 95

JSON

Question 96

What are 3 ways to allow users to have secure access to private files located in S3?

Answer 96

• Cloudfront Origin Access Identity
• CloudFront Signed URLs
• CloudFront Signed Cookies

Question 97

How many S3 buckets can I have per account by default?

a) 10
b) 20
c) 50
d) 100

Answer 97

d) 100

Question 98

S3 has eventual consistency for which HTTP Methods?

Answer 98

overwrite PUTS and DELETES

Question 99

What is AWS Storage Gateway?

Answer 99

It is a virtual appliance that can be used to cache S3 locally at the customers site.

Question 100

You run a popular photo sharing website that depends on S3 to store content. Paid advertising is your primary source of revenue. However, you have discovered that other websites are linking directly to the images in your buckets, not to the HTML pages that serve the content. This means that people are not seeing the paid advertising, and you are paying AWS unnecessarily to serve content directly from S3. How might you resolve this issue?

Answer 100

Remove the ability for images to be served publicly to the site and then use signed URLs with expiry dates.

Question 101

You work for manufacturing company who operate a hybrid infrastructure with systems located both in a local Datacentre and in AWS, connected via Direct Connect. Currently, all on premise servers are backed up to a local NAS, but your CTO wants you decide on the best way to store copies of these backups in AWS. He has asked you to propose a solution which; maintains maximum durability, on-demand access to the files, but minimizes cost. Choose the best option from the following which meets the brief.

a) S3 One Zone IA
b) S3 Standard
c) S3 Reduced Redundancy
d) Copy thee files to an EC2 instance with a large EBS volume attached

Answer 101

a) S3 One Zone IA

Question 102

What is the minimum file size I can store on S3?

Answer 102

0 bytes

Question 103

(T/F) I can move a reserved instance from one region to another?

Answer 103

False

Question 104

What is the underlying HyperVisor for EC2 (choose 2)

a) Hyper-V
b) Xen
c) Nitro
d) OVM
e) ESX

Answer 104

b) and c)

Xen and Nitro

Question 105

(T/F) I can change the permission on a role, even if that role is already assigned to an existing EC2 instance, and these changes will take effect immediately.

Answer 105

True

Question 106

The use of a placement group is ideal _____

a) Your fleet of EC2 instances requires high network throughput and low latency within a single availability zone.
b) When you need to distribute content on a CDN network.
c) When you need to deploy EC2 instances that require high disk IO.
d) Your fleet of EC2 Instances requires low latency and high network throughput across multiple availability zones.

Answer 106

a) Your fleet of EC2 instances requires high network throughput and low latency within a single availability zone.

Question 107

(T/F) You can add multiple volumes to an EC2 instance and then create your own RAID 5/RAID 10/RAID 0 configurations using those volumes.

Answer 107

True

Question 108

What is RAID?

Answer 108

RAID, short for redundant array of independent disks, is a disk subsystem that stores your data across multiple disks to either increase the performance or provide fault tolerance to your system (some levels provide both).

Question 109

(T/F) You can delete a snapshot of an EBS Volume that is used as the root device of a registered AMI?

Answer 109

False. The emphasis is if the snapshot is of a volume that is still registered.

Question 110

If you need to know both the private IP address and public IP address of your EC2 instance you should ____

a) Run IPCONFIG (Windows) or IFCONFIG (Linux)
b) Retrieve the instance metadata from http://169.254.169.254/latest/meta-data
c) Use the following command: AWS EC2 DisplayIP
d) b) Retrieve the instance Userdata from http://169.254.169.254/latest/meta-data

Answer 110

b) Retrieve the instance metadata from http://169.254.169.254/latest/meta-data

Question 111

Will an Amazon EBS root volume persist independently from the life of the terminated EC2 instance to which it was previously attached? In other words, if I terminated an EC2 instance, would that EBS root volume persist?

a) Only if I specify that it should do so
b) yes
c) no
d) It depends on the region in which the EC2 instance is provisioned

Answer 111

a) Only if I specify that it should do so

Question 112

You want to ensure that traffic from Asia is directed to the India Region. What two routing policies would allow you to accomplish that?

Answer 112

Route 53: Geoproximity and Geolocation routing policies

Question 113

(T/F) Route 53 supports naked domain names (zone apex records)

Answer 113

True. This is done using Alias or “A” records as opposed to CNAMES which are not able to support naked domain names.

Question 114

Which Route53 policy allows you to route data to a second resource if the first is unhealthy?

Answer 114

Failover Routing

Question 115

Which Route53 policy allows you to route data to resources that have better performance?

Answer 115

Latency-based Routing

Question 116

(T/F) I can “force” a failover for any RDS instance that has Multi-AZ configured?

Answer 116

True

Question 117

(T/F) You can SSH into an RDS instance to see what is going on with the operating system?

Answer 117

False

Question 118

(T/F) With new RDS DB instances, automated backups are enables by default?

Answer 118

True

Question 119

How many copies of my data does RDS Aurora store by default?

Answer 119

6

Question 120

MySQL installations default to what port number?

Answer 120

3306

Question 121

With RDS Multi AZ deployment can the secondary database be used as an independent read node?

Answer 121

No, Multi AZ deployment only uses the secondary database in failover events

Question 122

What is Amazon Athena?

Answer 122

An interactive query service that makes it easy to analyze data in S3 using SQL commands.

Question 123

(T/F) you can only have one internet gateway per VPC

Answer 123

True

Question 124

(T/F) An application Load Balancer must be deployed into at least 2 subnets

Answer 124

True

Question 125

What is a Bastion Host?

Answer 125

A Bastion host allows you to securely administer via SSH or RDP an EC2 instance located in a private subnet.

Question 126

What is the chief advantage of using VPC endpoints to connect your VPC to services such as S3?

Answer 126

Traffic between your VPC and the other service does not leave the Amazon network.

Question 127

Security groups act like a firewall at the instance level, whereas _________ are an additional layer of security that act at the subnet level?

Answer 127

Network Access Control Lists

Question 128

(T/F) Security Groups are Stateful

Answer 128

True, they automatically allow outbound traffic to an IP if the inbound traffic was allowed

Question 129

(T/F) Network Access Control Lists are Stateful

Answer 129

False. All outbound traffic must be explicitly allowed.

Question 130

By default how many VPCs am I allowed in each AWS region?

Answer 130

5

Question 131

(T/F) Security Groups Operate at the Instance Level

Answer 131

True

Question 132

(T/F) When I create a new security group, all outbound traffic is allowed by default

Answer 132

True

Question 133

(T/F) A Subnet can span multiple availability zones

Answer 133

False

Question 134

(T/F) You can peer VPCs in different AWS accounts

Answer 134

True

Question 135

In SWF, what does a “domain” refer to?

Answer 135

A collection of related workflows

Question 136

What is Amazon SES?

Answer 136

AWS Simple Email Service

Question 137

With which AWS orchestration service can you implement Chef recipes?

a) Opsworks
b) CloudFormation
c) Lambda
d) Elastic Beanstalk

Answer 137

a) Opsworks

Question 138

For which of the following metrics would you need to design a custom cloudwatch metric?

a) Disk reads
b) CPU usage
c) Network in
d) Memory Usage

Answer 138

d) Memory Usage

The default metrics include things like:

• CPU utilization
• Disk Read/Write
• Network In/Out

Question 139

(T/F) Once enabled, Versioning cannot be disabled

Answer 139

True

Question 140

S3 Cross Region Replication requires what?

Answer 140

Versioning on

Question 141

What is S3 Lifecycle Mangement

Answer 141

A system of transferring data over time from standard S3 to infrequently accessed (after 30 days) to Glacier (30 days after IA, if relevant)

Question 142

What are the two types of distribution for Content Delivery Networks

Answer 142

• Web distribution : typically used for websites

- RTMP - Used for media streaming

Question 143

(T/F) You can write to CloudFront Edge locations

Answer 143

True

Question 144

(T/F) By default all newly created S3 Buckets are Public

Answer 144

False

Question 145

What are the three types of snowball?

Answer 145

• Standard
• Snowball Edge: storage plus compute capabilities
• Snowmobile: 100 Petabytes worth of storage

Question 146

What are the different pricing models for EC2

Answer 146

• On demand : pay by the hour
• Spot : big a certain price and only turns on when the price is below that threshold
• Reserved: reserve capacity for 12-36 months
• Dedicated hosts: Typically used for licensing or regulations that don’t allow for multi tenanted hardware.

Question 147

What are the 11 EC2 instance Types?

Answer 147

F - Field Programmable Gate Array 
I - IOPS
G - Graphics
H - High Disk Throughput
T - cheap general purpose
D - Density
R - RAM
M - main choice for general purpose apps
C - Compute
P - Graphics (Pictures)
X - Extreme Memory

Question 148

What are the 5 disc types for EBS?

Answer 148

Bootable:

• General Purpose - SSD
• Provisioned IOPS - SSD
• Magnetic - cheap, infrequently accessed

Not Bootable:

• Throughput Optimized - HDD
• Cold - HDD (less frequently accessed)

Question 149

(T/F) You can share encrypted snapshots

Answer 149

False

Question 150

Whats the main difference between Instance Store Volumes and EBS

Answer 150

Instance Store Volumes can’t be stopped

Question 151

(T/F) You have to pay up front for storage on EFS?

Answer 151

False, you only pay for what you use.

Question 152

What are the two types of placement groups:

Answer 152

• Cluster Placement groups (also called placement groups) only in one availability zone
• Spread Placement Groups: You have critical EC2 instances that you don’t want on the same hardware.

Question 153

What are Placement Groups?

Answer 153

A series of EC2 instances that make up an application. It’s used to either decrease latency between instances or to spread out instances across different pieces of hardware.

Question 154

What are the 7 different types of Routing available on AWS?

Answer 154

• Simple Routing
• Weighted Routing
• Latency-based routing
• Failover routing
• Geolocation Routing
• Geoproximity Routing
• Multivalue Answer Routing

Question 155

What is Elasticache?

Answer 155

In Memory Caching of frequently accessed data in the web. Improves performance of web applications by allowing you to retrieve information from fast caches. Supports two open source engines:

• Memcached
• Redis

Question 156

What should you do if a data block in your aurora db has an error?

Answer 156

Nothing, aurora is self healing and continually scans data block and disks for errors which it repairs automatically.

Question 157

How does scaling differ between dynamo db and RDS

Answer 157

Dynamo has push button scaling meaning that you can scale with no downtime

RDS typically involves downtime by using a bigger instance or adding read replicas

Question 158

What are the two types of configurations for Redshift?

Answer 158

• Single Node (160Gb)
• Multi Node: Made up of leader node which manages client connections and queries and compute nodes which store data and perform the computations.

Question 159

When created a NAT instance make sure to ____ ?

Answer 159

Disable Source/Destination Check

By default the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/destination checks on the NAT instance.

Question 160

(T/F) NAT instance must be in a private subnet

Answer 160

False. A NAT instance must be in the public subnet so that it can route traffic FROM the private subnet to the internet.

Question 161

What route do you need to get NAT instances to work?

Answer 161

A route out of the private subnet to the NAT instance

Question 162

If traffic is slow with your NAT instance what should you do to increase throughput?

Answer 162

Increase the instance size

Question 163

What are NAT Gateways?

Answer 163

The preferred enterprise solution to giving private instances access to the internet. Unlike NAT instance they are automatically scalable, you don’t have to patch, they aren’t associated with a security group and they are automatically assigned a public ip address.

Question 164

(T/F) A subnet can be associated with only one network ACL?

Answer 164

True

Question 165

(T/F) NACLs list of rules are evaluated in a random order

Answer 165

False, they evaluate sequentially.

As soon as a rule matches traffic, it’s applied regardless of any higher-numbered rule that may contradict it.

Question 166

If you want to block IP addresses you need to use

a) NACLS
b) Security Groups

Answer 166

a) NACLs

Question 167

What are VPC Flow Logs?

Answer 167

Logs that enable monitoring of all traffic across our elastic network interfaces

Question 168

What traffic do VPC Flow Logs not monitor?

Answer 168

• Traffic from instances contacted Amazon’s DNS server
• Traffic generated by a windows instance
• Traffic from the metadata IP
• DHCP traffic
• Traffic to the reserved IP address for the default VPC router

Question 169

If you want to communicate with a service such as S3 from a private subnet without going over the internet what should you do?

Answer 169

Create an S3 endpoint/gateway in your private subnet that can communicate with S3 without using the public internet.

Question 170

What are the 3 actors in SWF

Answer 170

• Workflow Starters: An application that initiates the workflow
• Deciders: Control the flow of activity tasks in a workflow execution. Deciders choose what to do next
• Activity Workers: Carry out the tasks (can be humans or programs)

Question 171

What are all the different types of subscribers to SNS topics?

Answer 171

• HTTP
• HTTPS
• Email
• Email-JSON
• SQS
• Application
• Lambda

Question 172

What are the 3 kinesis services?

Answer 172

• Kinesis Streams: Producers stream data to shards which pipe data to consumers (fleet of ec2 instances)
• Kinesis Firehose: Doesn’t store data and sends straight to s3.
• Kinesis Analytics: sits on top of kinesis and allows you to do sql queries of data and process the data before it is sent to other applications.

Question 173

What is AWS Direct Connect?

Answer 173

An easy way to establish a dedicated network connection from your premises to AWS that doesn’t go over the internet. This can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience.

Question 174

What is AWS Budgets?

Answer 174

AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.

Question 175

What is the default time period that AWS CloudWatch recieves and aggregates from EC2 by default? And With Detailed Monitoring enabled?

Answer 175

5 minutes and 1 minute

Question 176

(T/F) EBS volumes are not resizable?

Answer 176

False, you can change the size of the volume even when it is attached to an instance.

Question 177

What is AWS Elastic Map Reduce?

Answer 177

Amazon EMR provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances. Users also have full admin access to the underlying hardware.

Question 178

How many IP addresses are available if you set up a subnet with the following CIDR block:
172.0.0.0/27

Answer 178

1. Subtract 32 with the mask number :

(32 - 27) = 5

2. Raise the number 2 to the power of the answer in Step #1 :

2^ 5 = (2 * 2 * 2 * 2 * 2)

= 32

The answer to Step #2 is the total number of IP addresses available in the given CIDR netmask. Don’t forget that in AWS, the first 4 IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance.

Question 179

The allowed block size for a subnet is between ____ and ____

Answer 179

/28 netmask and /16 netmask

Question 180

What services can Kinesis Firehose stream to?

Answer 180

S3, Redshift, Elasticsearch service, and splunk

Question 181

Which AWS service can you use to reduce DynamoDB response times from milliseconds to microseconds?

Answer 181

Amazon DynamoDB Accelerator (DAX)

Question 182

What is the protocol used for SSH connections?

Answer 182

TCP

Question 183

What is Redshift WLM?

Answer 183

In Amazon Redshift, you use workload management (WLM) to define the number of query queues that are available, and how queries are routed to those queues for processing

Question 184

What are the two things required to enable “Sticky Sessions”, meaning a requests during a specific users session will route to the same instance?

Answer 184

1. A HTTP/HTTPS load balancer

2. At least one healthy instance in each availability zone

Question 185

What is AWS Cognito?

Answer 185

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.

Question 186

What is an elastic IP address (EIP)?

Answer 186

A static IPv4 address designed fro dynamic cloud computing. The IP address is associated with your account and you can use it to mask a failure of an instance by rapidly remapping the address to another instance in your account.

Question 187

(T/F) If you are associating an elastic IP address with an instance and want to connect with the internet, it must also be in a public subnet.

Answer 187

True

Question 188

(T/F) If you stop an instance it is disassociated with its elastic IP address.

Answer 188

False, though you are charged a small hourly fee for associated it with a stopped instance.

Question 189

Which database service is most suitable for simple mobile apps?

Answer 189

DynamoDB, since the application does not have complicated data relationships compared to enterprise web applications.

Question 190

(T/F) The default subnet of your VPC is a public subnet

Answer 190

True. To make the subnet private you have to remove the route to the internet gateway.

Question 191

In SWF, what is the purpose of a decision task?

Answer 191

It tells the decider the state of the workflow execution

Question 192

(T/F) When you stop and start an ec2 instance, the underlying host for the instance is possibly changed

Answer 192

True

Question 193

If you need to be able to retrieve data from Glacier quickly, what can you do?

Answer 193

Use expedited retrieval and purchase provisioned retrieval capacity.

Question 194

What is AWS Shield?

Answer 194

A managed DDoS protection service that safeguards applications running on AWS.

Question 195

What is the largest object size that can be sent in a single PUT operation in S3?

Answer 195

5 Gb

Question 196

(T/F) The total volume of data and number of objects you can store in S3 is unlimited.

Answer 196

True

Question 197

What is Active-Active Failover?

Answer 197

This failover configuration when you want all of your resources to be available the majority of the time.

Question 198

What is Active-Passive Failover?

Answer 198

This failover configuration when you want a primary resources/group of resources to be available the majority of the time with secondary resources available in case the primary becomes unavailable.

Question 199

Which database service allows you to not worry about database management tasks such as hardware/software provisioning, setup, configuration, scaling, and backups?

Answer 199

DynamoDB

Question 200

If you want more detailed information about S3 requests such as the requestor, what should you use?

Answer 200

S3 server access logging

Question 201

(T/F) EC2 Classic instances retain their private IP addresses when they are stopped?

Answer 201

False, they are returned to EC2 when the instances are stopped or terminated

Question 202

What are the 5 things that AWS Trusted Advisor provides recommendations on?

Answer 202

Cost Optimization
Performance
Fault Tolerance
Security
Service Limits

Question 203

(T/F) You can’t modify a launch configuration after you’ve created it?

Answer 203

True

Question 204

What are AWS Step Functions?

Answer 204

A service that provides serverless orchestration for applications. It centrally manages a workflow by breaking it into multiple steps, adding flow logic, and tracking the inputs and outputs between steps.

Question 205

(T/F) You can tag every resource in AWS?

Answer 205

False, you cant tag egress only internet gateways, VPC flow logs, VPC endpoints, and many others.

Question 206

What are ARNs?

Answer 206

Amazon Resource Names. They uniquely identify AWS resources. They are required when you have to specify a resource unambiguously across all of AWS such as in IAM policies, RDS tags, and API calls.

Question 207

Where does CloudTrail store all of the logs it creates?

Answer 207

S3

Question 208

(T/F) Redshift and S3 can withstand AWS region outage

Answer 208

False

Question 209

Which of the following services acts as a firewall that controls the traffic allowed to reach one or more EC2 instances?

a) Security Group
b) NACL
c) IAM
d) Private IP Addresses

Answer 209

Security Group

Question 210

Can a standard queue in SQS ever guarantee one time processing?

Answer 210

Nope, consider using SWF instead.

Question 211

What AWS feature allows you to run shell scripts or cloud-init directories at launch of EC2 Instances?

Answer 211

User Data

Question 212

What is AWS X-Ray

Answer 212

A service used to trace and analyze user requests as they travel through your Amazon API Gateway APIs to the underlying services. They give you an end to end view of your entire request.

Question 213

What happens to a spot instance by default if it gets interrupted by EC2 for capacity requirements?

Answer 213

It gets terminated. It can be set to stop or hibernate but not by default.

Question 214

What is S3 Select?

Answer 214

A service that uses SQL statements to filter the contents of S3 objects and retrieve subsets of the data you need.

Question 215

What is an AWS Service that you can use to provide a distributed session management service?

Answer 215

Elasticache. You can manage HTTP session data from the web servers using an in memory key/value store

Question 216

What is AWS Glue?

Answer 216

A fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics.

Question 217

What is the standard retrieval time for AWS Glacier?

Answer 217

3-5 hours

Question 218

If a spot instance is terminated from AWS due to a price increase what will you be charged?

Answer 218

If its within the first hour you wont be charged anything and after the first hour you pay a prorated fee based on the time (ie 90 minutes at $0.04 an hour would cost $0.06)

Question 219

What are the 3 criteria that an Auto Scaling uses to determine which instance to delete?

Answer 219

• The availability zone with the most instances
• The instance with the oldest launch configuration
• The instance that is closest to the next billing hour

Question 220

If you are using a single Aurora Db instance and there is a failover what will Aurora do to react to the failure?

Answer 220

Aurora will attempt to create a new DB instance in the same availability zone and if it is unable to do so it will attempt to create one in a different availability zone.

Question 221

If you are using an Aurora DB instance with a Replica as well and there is a failure, what will Aurora do to react to the failure?

Answer 221

It will flip the CNAME record to point to the healthy replica, which is promoted to become the new primary.

Question 222

(T/F) By default, CloudTrail event log files are encrypted by S3 SSE

Answer 222

True

Question 223

(T/F) IP addresses for Elastic Load Balancers are static?

Answer 223

False, they can change at any time due to scaling or software updates so it is recommended that you use the DNS name and not the IP address.

Question 224

(T/F) Amazon KMS allows you to use BOTH Amazon managed keys and keys that you personally create and manage?

Answer 224

True

Question 225

If you want to analyze traffic patterns on an application load balancer what should you do?

Answer 225

Enable access logs on the application load balancer.

Question 226

What type of protocol will APIs through API Gateway expose?

Answer 226

HTTPS

Question 227

If you no longer need a reserved instance but still have it under contract for a time, what can you do.

Answer 227

Sell it on the AWS Reserved Instance Marketplace

Question 228

How long can Kinesis store data.

Answer 228

The minimum is 24 hours and the maximum is 1 week.

Question 229

What is Redshift Spectrum?

Answer 229

A service of Redshift that allows you to directly query open data formats stored in S3. This eliminates the need for unnecessary data movement.

Question 230

What is AWS Config?

Answer 230

A service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

Question 231

What is EC2Config?

Answer 231

A service for older Windows instances that performs tasks during startup and each time you stop or start an instance. It can also perform tasks on demand.

Question 232

What are DB Parameter Groups?

Answer 232

A tool used for managing DB engine configuration for one or more DB instances.

Question 233

What is AWS CloudHSM

Answer 233

A cloud-based hardware security module that enables you to easily generate and own your own encryption keys on the cloud.

Question 234

What is AWS Systems Manager?

Answer 234

A service that gives you visibility and control of your infrastructure. It provides a unified user interface so you can view operational data from multiple services and allows you to automate operational tasks across your resources.

Question 235

What is AWS Systems Manager Run Command?

Answer 235

A service of Systems Manager that lets you remotely and securely manage the configuration of your managed instances. This enables you to automate common administrative tasks and perform ad hoc configuration changes at scale.

Question 236

What is AWS Neptune?

Answer 236

A fully managed graph database service that makes it easy to build and run applications that run with highly connected datasets. An example use case for this service would be for social networking sites where users and actions are highly linked.

Question 237

(T/F) You can use auto scaling with Amazon RDS

Answer 237

False

Question 238

What happens if you reboot an instance store backed ec2 instance?

Answer 238

The instance will start normally with its data intact. A reboot only restarts the OS.

Question 239

(T/F) When you create a new instance with an EBS snapshot it will read slowly at first

Answer 239

True. Brand new EBS volumes perform well as soon as they are created. However, if they are created from snapshots, reads will be slow the first time a block is read.

Question 240

What is an IAM Role?

Answer 240

A role is something that a user, application or service can “assume” to receive temporary security credentials that provide access to a resource.

Question 241

How can you improve the performance of EFS?

Answer 241

Provision more throughput than is required. You can now provision throughput independently from the amount of data stored.

Question 242

(T/F) Internet Gateways automatically scale and have no bandwidth limit

Answer 242

True

Question 243

What can you use to connect your AWS resources from all regions with your direct connect connection?

Answer 243

Public Virtual Interface. It allows you to connect to all of your public AWS endpoints.

Question 244

What is AWS OpsWorks?

Answer 244

OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. These are automation platforms that allow you to use code to automate how servers are configured, deployed, and managed across your instances or on premise environments.

Question 245

What is the difference between Network Load Balancers, Application Load Balancers, and Classic Load Balancers?

Answer 245

• Network Load Balancers make routing decisions at the transport layer (TCP/SSL) and can handle millions of requests per second.
• Application Load Balancers make routing decisions at the application layer (HTTP/HTTPS), support path-based routing, and can route requests to one or more ports on each container instance.
• Classic Load Balancers support both HTTP/HTTPS and TCP/SSL. They require a fixed relationship between the load balancer port and the instance port meaning instances cannot have different port routes than each other.

Question 246

What type of flexibility do regional reserved instances provide?

Answer 246

They can be in different availability zones and can be resized

Question 247

What allows you to give users from other AWS accounts access to resources that your accounts own?

Answer 247

Trust policies

Question 248

What is Enhanced Networking?

Answer 248

It allows supported instance types to provide high-performance networking capabilities. It provides higher I/O performance and lower CPU utilization when compared to traditional virtualized network interfaces.

Question 249

What are Target Groups?

Answer 249

The Load Balancers targets which will be available to handle requests. Target groups can contain instances with any kind of characteristics.

Question 250

What does TTL mean in the context of CloudFront?

Answer 250

TTL is the time to live in the cache for CloudFront, meaning that a resources will remain cached for the duration of the TTL before hitting the server again for the resource. High TTL times can cause lags to files that are updated frequently

Question 251

How does a Hardware VPN connection work?

Answer 251

A device is installed in the client on premise servers (customer gateway) that will connect to a device on the AWS side (Virtual Private Gateway) over the internet. This connection is authenticated on both side and encrypted to ensure a private connection. The connection is used to communicate privately between on premise resources and AWS resources.

Question 252

(T/F) An EC2 Classic instance will retain its private IP when it is stopped and started.

Answer 252

False

Question 253

If you want to evenly distribute the load across instances in multiple availability zones, what should you enable?

Answer 253

Cross-zone load balancing. Without cross zone load balancing a load balancer will distribute the load at an availability zone record. So if you had 10 ec2 instances in one AZ and 3 instances in another, the 3 instances would get as much load as the 10 instances, without cross-zone load balancing.

Question 254

If you want to cheaply and immediately update a file that is cached using CloudFront, what should you do?

Answer 254

Enable versioning on the file so the request will ask for the new version and not receive the old version.

Question 255

What is AWS CodeDeploy?

Answer 255

CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, or serverless Lambda functions. It allows you to rapidly release new features, update Lambda function versions, avoid downtime during application deployment, and handle the complexity of updating your applications, without many of the risks associated with error-prone manual deployments.

Question 256

When creating a user using the AWS CLI, what are the default credentials?

Answer 256

There are no default credentials, you have to create them specifically.

Question 257

(T/F) You cannot use Auto Scaling without an ELB

Answer 257

True

Question 258

What can you do to help API Gateway handle large bursts of network traffic?

Answer 258

Enable throttling limits

Question 259

What are Access Keys used for?

Answer 259

API calls to AWS services

Question 260

(T/F) CloudWatch Alarms can be used to stop and start instances based on health checks

Answer 260

True

Question 261

(T/F) All data from any gateway appliance is encrypted by default?

Answer 261

True. This includes storage gateways and customer gateways used for hardware VPN connections.

Question 262

What are the two types of rules for Security Groups?

Answer 262

Inbound and Outbound

Question 263

What is an ENI?

Answer 263

An Elastic Network Interface that represents a network card. This can be used to add private or public IP addresses to an instance, as well as security groups and mac addresses

Question 264

What are the different ways you can attach an ENI

Answer 264

• Hot attach when the instance is running
• Warm attach when the instance is stopped
• Cold attach when the instance is being launched

Question 265

How can you automate snapshots of EBS volumes?

Answer 265

Use AWS Data Lifecycle Manager

Question 266

(T/F) EBS volumes are backed up in multiple availability zones

Answer 266

False

Question 267

What is a MX record set used for

Answer 267

Primarily for mail servers

Question 268

What is an AAAA record set used for

Answer 268

It is similar to an A record in that it makes an IP address to a DNS name, but AAAA is used for ipv6

Question 269

What is an A record set used for

Answer 269

Mapping an ipv4 address to a DNS name.

Question 270

If you want to safely import and store SSL/TLS certificates on AWS what two services can you use?

Answer 270

AWS Certificate Manager or IAM certificate store

Question 271

How can you connect 2 ec2 instances in different VPCs together?

Answer 271

Configure an inter region VPC peer between the VPCs and communicate using the private IP addresses

Question 272

What is iSCSI storage?

Answer 272

Internet Small Computer Systems Interface. It is an IP based storage networking standard for linking data storage facilities. Storage Gateway uses iSCSI to connect to on premise datacenters.

Question 273

(T/F) NAT Gateways are located at the subnet level

Answer 273

True, which makes them not resistant to AZ outages

Question 274

How can you use IAM to restrict access based on IP.

Answer 274

Add a condition to the policies specifying the IP address registered for each user.

Question 275

What ports do SSH use?

Answer 275

Port 22 for the request and a dynamic port for the response in the high ephemeral port range (1024-65535)

Question 276

How do you access objects that have been moved from S3 to Glacier?

Answer 276

The S3 console

Question 277

What all can CloudWatch events target?

Answer 277

• ec2 instances
• lambda functions
• kinesis streams
• ecs tasks
• systems manager
• sns topics
• sqs queues
• built in api calls like rebooting instances

Question 278

(T/F) Internet Gateways are attached at the subnet level?

Answer 278

False, they are attached at the VPC level and therefore are resilient to AZ outages

Question 279

When should you use Simple AD vs AD connector?

Answer 279

Simple AD is used when you require an inexpensive AD service running in AWS.

AD connector is used when you want to connect an existing AD database to AWS

Question 280

What is Amazon MQ

Answer 280

A managed ActiveMQ that involves topics and consumers. Similar to Apache Kafka consumers read messages off the topic. This is not a serverless architecture however like SQS and doesn’t guarantee deliver of messages.

Question 281

What is AWS AppSync

Answer 281

A serverless back end for mobile, web, and enterprise applications. AppSync manages data management takes like data access, data synchronization, and data manipulation across multiple sources. It uses GraphQL.

Question 282

How can you encrypt communication between an ec2 instance and an rds instance?

Answer 282

Use SSL