O'Reilly Missed Questions

Question 1

Security Group

Answer 1

Stateful firewall. By default, allows all outbound traffic. Always permissive. Designed for EC2 Instances.

Question 2

Network Access Control Lists (NACLs)

Answer 2

Stateless firewall. By default, allows all inbound and outbound. Can permit or deny. Designed for entire subnets.

Question 3

Transit Gateway

Answer 3

Connect individual VPCs together via the gateway in a hub-and-spoke model. Simplifies peering networks

Question 4

Glacier standard retrieval

Answer 4

3-5 hours

Question 5

Glacier expedited retrieval

Answer 5

1-5 minutes (up to 250mb)

Question 6

Glacier bulk retrieval

Answer 6

5-12 hours

Question 7

Glacier deep standard retrieval

Answer 7

12 hours

Question 8

Glacier deep bulk retrieval

Answer 8

48 hours

Question 9

Macie

Answer 9

Uses machine learning and pattern matching techniques to detect and alert you to any sensitive data, such as PII, stored in Amazon S3

Question 10

WAF

Answer 10

Protects your content from common web exploits and bots. Control using Web ACLs.

Question 11

CloudHSM

Answer 11

Dedicated hardware security module that allows you to generate and manage keys in the cloud

Question 12

KMS

Answer 12

Create and manage customer master keys (CMKs), which are stored and used to encrypt and decrypt your AWS data

Question 13

SQS standard queue

Answer 13

Supports a nearly unlimited number of API calls per second, and are designed for messages to be delivered at least once

Question 14

SQS FIFO queue

Answer 14

Supports up to 300 API calls designed to preserve the order of your messages, as well as ensuring only one-time delivery with no duplicates

Question 15

IaaS

Answer 15

A service that gives you access to configure underlying virtual compute, storage, and network resources to host your application

Question 16

PaaS

Answer 16

A service that abstracts the underlying infrastructure, allowing you to focus on your application code deployment process

Question 17

SaaS

Answer 17

A service that hosts and delivers a complete application via a public network, with no access to any underlying infrastructure

Question 18

Application load balancer

Answer 18

Acts as a single point of entry for the incoming requests and distributes the traffic among targets in a target group. Can also route based on listener rules. 7th OSI layer

Question 19

Network load balancer

Answer 19

Low latency, TCP or UDP, cannot see content, preserves IP address. Can handle millions of requests per second. 4th OSI layer

Question 20

Gateway load balancer

Answer 20

Used for firewalls and security. 3rd OSI layer,

Question 21

Classic load balancer

Answer 21

Less featured than ALB, less throughput than NLB. Useful for EC2 classic networks. OSI 4 and 7

Question 22

EBS volume gp2

Answer 22

SSD, 1GB - 16TB, baseline 3 IOPS/GB, suitable for general workloads, boot volumes, low latency operations. Default volume.

Question 23

EBS volume gp3

Answer 23

SSD, 1GB - 16TB, baseline 3000 IOPS, suitable for databases and boot volumes. Higher throughput than gp2

Question 24

EBS volume io1

Answer 24

SSD, 4GB - 16TB, max 64000 IOPS, 1000mb/s throughput, suitable for critical database and application workloads. EC2 must be AWS Nitro for peak performance.

Question 25

EBS volume io2

Answer 25

SSD, 4GB - 16TB, max 64000 IOPS, 1000MB/s throughput, suitable for critical database and application workloads. EC2 must be AWS Nitro for peak performance. Higher IOPS/storage ratio than IO1

Question 26

EBS volume io2 block express

Answer 26

SSD, 4GB - 64TB, max 256000 IOPS, 4000MB/s throughput, suitable for critical database and application workloads. EC2 must be AWS Nitro for peak performance. Higher IOPS/storage ratio than IO1

Question 27

EBS volume st1

Answer 27

HDD, 125GB - 16TB, max 500 IOPS, 500mb/s throughput, ideal for frequently accessed, throughput-intensive workloads and capable of working with large datasets and large I/O sizes. Cannot be used as a boot volume

Question 28

EBS volume sc1

Answer 28

HDD, 125GB - 16TB, max 250 IOPS, 250mb/s throughput, ideal for less frequently accessed workloads with large, cold datasets. Sometimes called cold HDD. Cannot be used as a boot volume

Question 29

Basic support plan

Answer 29

Service limit and basic security trusted advisor checks. No technical support. 24/7 customer service.

Question 30

Developer support plan

Answer 30

Aimed at testing. Service limit and limited security trusted advisor checks. Limited email-only technical support in business hours. 24 hours for general guidance, 12 hours for system impaired. 24/7 customer service.

Question 31

Business support plan

Answer 31

Aimed at production workloads. All trusted advisor checks. Phone, email and chat technical support in business hours. 24 hours for general guidance, 12 hours for system impaired, 4 hours for production system impaired, 1 hour for production system down. 24/7 customer service. Includes contextual support for interoperability and 3rd-party software. Access to Infrastructure Event Management, for support for product launch or migration tasks.

Question 32

Enterprise support plan

Answer 32

Aimed at very large organisations. All trusted advisor checks. Phone, email and chat technical support in business hours. 24 hours for general guidance, 12 hours for system impaired, 4 hours for production system impaired, 1 hour for production system down, 15 minutes for business critical system down. 24/7 customer service. Includes contextual support for interoperability and 3rd-party software. Access to Infrastructure Event Management, for support for product launch or migration tasks. Dedicated technical account manager. Access to well-archictacted reviews.

Question 33

Simple routing policy

Answer 33

Map a domain name to a single resource, such as a server or load balancer. No health checks

Question 34

Failover routing policy

Answer 34

In the event of a primary resource failure, all traffic will be redirected to a secondary resource.

Question 35

Geolocation routing policy

Answer 35

Route traffic based on the geographical location of your users.

Question 36

Latency routing policy

Answer 36

Route your users’ traffic to the Region that offers the lowest latency

Question 37

Weighted routing policy

Answer 37

This routing policy enables you to route different ratios of your total traffic to different resources associated with a single domain. This is also particularly useful when you want to perform a gradual migration of your total traffic from one resource to another, such as a new version of your website.

Question 38

S3 Lifecycle Management

Answer 38

Move or delete objects after set time periods

Question 39

Elastic IP address

Answer 39

A static ipv4 address allocated to your account, yours until you release it. Charged if not allocated to an active EC2 instance

Question 40

Landing Zone

Answer 40

Offers a baseline blueprint for a multi-account environment. Deprecated in favour of control tower.

Question 41

Control Tower

Answer 41

Automates the setup of a new account landing zone using the latest recommended blueprints

Question 42

Elasticsearch

Answer 42

Open source text search and analytics engine capable of storing, analyzing, and performing search functions against big volumes of data in near real time. AWS offering is fully managed and can index all types of data, even unstructured

Question 43

Opsworks Chef

Answer 43

Creates a Chef server that is used to manage all your nodes and acts as a central repository for your Chef cookbooks. Chef cookbooks contain recipes that are authored using the Ruby programming language and enable you to define a collection of resources and their attributes that need to be configured.

Question 44

Opsworks Puppet

Answer 44

A fully managed Puppet master server that is used to communicate with, configure, deploy, and manage your nodes – which could be EC2 instances or even on-premises servers. The service also takes care of handling tasks such as software and operating system configurations, package installations, database setups, and more.

Question 45

SWF

Answer 45

Deciders initiate workers to complete tasks in the cloud over EC2. Less managed than step functions