One Flashcards

1
Q

What is the shared responsibility model?

A

AWS is responsible for security AT the cloud

Customer is responsible for security IN the cloud

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the zero trust model?

A

Defense in depth approach: applies security controls at all layers of customer’s network.
Three levels of security: network level (VPC, firewall), data encryption, IAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is IAM (name and def)

A

Identity and access management

Tracks, identifies and access in a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are IAM policies composed of?

A

the principals: specifies who permissions are given to,
the actions: specifies what’s being performed,
the resources: specifies which properties are being accessed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What can an IAM policy be applied to?

A

a principal (identity-based) or a resource (resource-based)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Only some services have resource-based policies. Which are they?

A

S3, SES, KMS (key mgmt service)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What can be used in addition to VPC to restrict traffic into my network?

A

Amazon WAF (web application firewall)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What can you use for resource-level security?

A

security group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What can a security group be attached to?

A

EC2 instances, RDS instances, Lambda

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How many AZ’s does a region contain?

A

Three or more

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Rt 53?

A

a scalable DNS service that translates names into IP addresses (internet protocol) that computers can read, and can route traffic between regions.
Cust can also buy and register domain names here.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Steps to determine the service you need.

A
  1. compute service: Do you want VM-based (EC2, Lightsail, Elastic Beanstalk) container-based (ECS, EKS, ?EC2), or serverless (Lambda)?
  2. Storage service: Do you want block storage (EBS), file system (EFS), object stores (S3), or archival storage (S3 Glacier)?
  3. Database service: Do you need relational db (RDS or Aurora), non-rel db (DynamoDB), data warehouse (Redshift - for lg scale analysis), data indexing searching?
  4. Config service
  5. Cost: Only pay for what you use
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Talk about EC2

A

Elastic Compute Cloud,
flexible, cost effective. AWS manages the physical host machine. Instance can have either Linux or Windows OS. Are scalable.
When cust spins up EC2 instance, they share a host with other instances (multi-tenancy).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is responsible for sharing the resources between EC2 instances?

A

hypervisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What are the EC2 instance types?

A
  1. general purpose: a balance of compute, memory, networking
  2. compute-optimized: high-perf processor for batch processing
  3. memory-optimized: for high-perf db’s
  4. accelerated computing: for floating pt # cals, graphics processing, game streaming
  5. storage-optimized: for high-sequential read/write
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Which EC2 instance is best for application servers?

A

general purpose

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which EC2 instance preloads data and is good for high performance db’s?

A

memory-optimized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which EC2 instance is best for apps that have a high IOPS requirement (input/output ops per sec)

A

storage-optimized

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What factors should you consider when choosing a region?

A
  1. compliance
  2. proximity to users
  3. feature availability
  4. pricing
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

How do you prevent downtime?

A

Run instances in different availability zones in one region.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is CloudFront?

A

A CDN (global content delivery network). It pushes cached copies of content from regions to edge locations to get content close to custs quickly, no matter where they are in world. Runs Rt 53 DNS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What is an AWS Outpost?

A

mini-region at a cust bldg run and owned by AWS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What is used in AWS for services to interact?

A

API calls (application programming interface)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What service do you use to create requests to send to AWS API’s to manage resources?

A

AWS Mgmt Console (browser based) or CLI (use this to script the API calls since it makes the cmd repeatable) or SDKs (software devlopment kits) or Beanstalk or Cloud Formation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What does Rt 53 use to direct traffic to endpoints?

A

Different routing policies:

  • latency-based routing
  • geolocation DNS (based on where cust is located)
  • geoproximity routing
  • weighted round robin
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Which service minimizes the effect of DoS and DDos on your apps?

(denial of service and distributed denial of service)

A

AWS Shield

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

How many AWS support plans are there, and what are they?

A

Four:

  • basic: free for all AWS custs. No trusted advisor check
  • developer: No trusted advisor check
  • business: Trusted advisor checks at the lowest cost.
  • enterprise: Get TAM (technical acct mgr) and Trusted advisor checks
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is the name for the digital catalog of software?

A

AWS Marketplace

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Which service tracks the metrics of an EC2 instance?

A

CloudWatch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is CloudFormation?

A

AWS CloudFormation is a service that helps you model and set up your AWS resources. You must build the architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is Elastic BeanStalk?

A

A deployment tool. You do NOT build the architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

If you are an RDS customer, who is responsible for the EC2 instance?

A

AWS since RDS is a managed service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Are groups, users, and roles authenticated in IAM?

A

Groups are NOT authenticated but user and role can be.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

In IAM, what can a policy be attached to?

A

user, group, or role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

How far apart are availability zones from each other?

A

62 miles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What are some services at edge locations?

A

Rt 53 (DNS), CloudFront (caching), Shield, WAF (firewall)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What are the EBS volume types?

A
  • General Purpose SSD: balances price and perf. Good for most workloads.
  • Provisioned IOPS SSD (solid state drive): good for transactional workloads involving frequent read/write ops with small I/O size (IOPS)
  • Throughput-optimized HDD (hard disk drive): good for large streaming workloads where the dominant performance attribute is throughput.
  • Previous generation: HDD for workloads with small dataset, accessed infrequently and perf is not of primary importance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is an EBS snapshot?

A

A backup of the EBS volume.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Are EBS volumes and EC2 instances stored on the same hardware?

A

NO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Describe how to name an S3 bucket.

A

DNS naming convention:

3-63 chars, no uppercase, must start with letter or number, globally unique.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is the durability of S3?

A

11 9’s (99.99999999999%)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Is there an S3 storage limit?

A

No. But an object can only be up to 5TB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What is S3 versioning?

A

When versioning is enabled on a bucket, each time an object is uploaded it gets a new, unique version ID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What is S3 lifecycle policy?

A

automatic moving of objects from tier to tier (from S3 to IA tier if not used in 30 days)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Which storage service allow reading of a single block of data?

A

EBS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Which storage service is good for db files?

A

EBS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What is a stateful security group?

A

It remembers, so traffic that is allowed in, is also allowed out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What is an NACL?

A

network access control list.
Your VPC automatically comes with a modifiable default network ACL. By default, it allows all inbound and outbound IPv4 traffic and, if applicable, IPv6 traffic.
You can create a custom network ACL and associate it with a subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What is CloudWatch?

A

A service for monitoring resources and apps, logging, alerting and can trigger automation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What is CloudTrail?

A

Records API calls to your account. Good for security and compliance auditing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What does ELB do?

A

Distributes traffic to healthy EC2 instances ensuring traffic is evenly balanced between the instances.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What are the types of ELB?

A
  1. ALB (application load balancer): good for complex traffic routing, operate on layer 7 of the OSI model and directs traffic based on the content of the URL. This is called path-based routing.
  2. NLB (network load balancer): good for high volume spiky traffic patterns, operate on layer 4 of the OSI model and directs traffic based on the port number.
  3. CLB (classic load balancer): outdated.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

How do you grant access to S3 bucket?

A

By S3 bucket policies or IAM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What are the engine choices for RDS?

A

MS SQL server, Oracle, MySQL, PostgreSQL, MariaDB, Amazon Aurora

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Which are the noSQL db’s?

A

DynamoDB, DocumentDB (json docs), Neptune (graph db, retail websites)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

How do you query DynamoDB?

A

With API calls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Do IAM users, roles and policies are permanent keys?

A

Users have permanent keys. Roles do not.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What is ARN?

A

Amazon Resource Name. Everything created in your acct gets an ARN, and is unique.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What is cloud computing?

A

The on-demand delivery of compute power, db, storage, apps, and other IT resources through a cloud services platform (like AWS) via the internet with pay-as-you-go pricing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

How do you access and manage AWS services?

A

Through the AWS Mgmt Console

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

How can you control multiple AWS services with one tool?

A

Use the AWS CLI (command line interface)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What does serverless mean?

A

Customer does NOT manage the infrastructure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What are the five pillars of a well-architected framework?

A
  • cost optimization
  • reliability
  • operational excellence
  • performance efficiency
  • security
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

What are the three types of cloud computing?

A
  • IaaS (infrastructure as a service)
  • PaaS (platform as a service)
  • SaaS (software as a service)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

What are the five pillars of security?

A

=detective controls

  • IAM
  • infrastructure protection
  • data protection
  • incident response
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

What are the three common types of charges that you can incur in AWS?

A

compute (usually pay per hour)
storage (usually pay per GB of data)
data out

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

What are the four support tiers?

A
  • basic: free, no tech support
  • developer: during bus hour via em, only one person,
  • business: 24-7, unlimited people, one hr response for urgent cases
  • enterprise: 15 min response for critical case
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

What does Trusted Advisor check?

A
  • cost optimization
  • security
  • fault tolerance
  • performance
  • service limits
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

You need to implement an automated service that will scan your AWS environment with the goal of improving security and reducing costs. What service should you use?

A

Trusted Advisor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Name three key components of Glacier.

A

Vault, archive, access policy. Buckets are NOT part of glacier. Data is auto encrypted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

For a subnet to be public and send non-local traffic to the internet, you must update the route table of the public subnet and attach what to the VPC that contains the subnet?

A

internet gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Which service provides a view of the performance and availability of your AWS services based upon your requirements?

A

Personal Health Dashboard

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

What is the AWS event-driven, serverless compute service?

A

Lambda

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
74
Q

You need a virtual hard disk for your EC2 instance. What should you use?

A

EBS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
75
Q

What is the URL structure for objects in S3?

A

https - bucket name - dot - the S3 regional endpoint - / - object name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
76
Q

What service can tell you when you have crossed a billing threshold?

A

CloudWatch

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
77
Q

What is the name for a series of edge locations plus info about how you want content managed as part of a CDN?

A

a distribution

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
78
Q

What service would you use for predictable monthly pricing and allowing for burst above baseline of CPU perf?

A

Lightsail

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
79
Q

Which service provides consistently high CPU perf and costs varying by usage?

A

EC2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
80
Q

Which is a managed db service that’s 5X faster that a MySQL db?

A

Aurora

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
81
Q

How do you recreate an EBS volume?

A

recreate the volume from a snapshot.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
82
Q

What are edge locations responsible for?

A

hosting CloudFront (CDN)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
83
Q

You have a variable workload and only want to pay for the compute time when your code isn’t running. Which service should you use?

A

Lambda

84
Q

What allows you to restrict access to individual objects in an S3 bucket?

A

access control lists

85
Q

Which type of load balancer uses listeners, targets and target groups?

A

Application load balancer

86
Q

Which ELB would be best suited to help you host a website?

A

ALB

87
Q

Are S3 buckets private by default?

A

Yes

88
Q

You need to allow resources in a private subnet to access the internet. What must be present to enable this access?

A

NAT Gateway

89
Q

What allows you to make entire buckets public?

A

Bucket policy

90
Q

Your S3 buckets are missing. What should you check?

A

CloudTrail logs

91
Q

Which languages can be used to author CloudFormation templates?

A

JSON and YAML

92
Q

Are DynamoDB and RDS managed db’s?

A

Yes
Dynamo DB is noSQL
RDS is SQL

93
Q

Is Lightsail a PaaS?

A

yes

94
Q

Both ALB and Classic use Round Robin strategy to select a node.

A

True

95
Q

Which service is best for storing sales data?

A

Redshift

96
Q

Which service is bet for providing audit info on your AWS account?

A

CloudTrail

97
Q

What is diff between vertical and horiz scaling?

A

Vertical adds more resources and horiz adds more instances.

98
Q

How improve perf of online banking portal?

A
  • Use of SSL acceleration and
  • Relieve computational overhead on the web erver by offloading https session processes to hardware security modules in an AWS CloudHSM cluster.
99
Q

A developer wants to automate updating a set of apps. Which service use?

A

CodeDeploy

100
Q

Which tool use to forecast AWS spending?

A

Cost Explorer (free)

101
Q

What service can automate the creation of new accounts?

A

Organizations

102
Q

What is the benefit of running an app across two AZ’s?

A

It increase the availability of the app.

103
Q

Describe scalability.

A

It diverts traffic based on demand, and to instances with the least load.

104
Q

What is autoscaling?

A

To scale resources based on demand.

105
Q

Which service gives the user the ability to group resources across diff regions by app and then collectively view their operational data for monitoring purposes?

A

systems manager

106
Q

A company has consistently high throughput and requires no jitter and very low latency between its on-premise and AWC cloud. Which service should it use?

A

DirectConnect

107
Q

A website goes viral for a few days and then rapidly declines in popularity. Which storage class and config should you use?

A

S3 standard and lifecycle policies

108
Q

You want to host a db server for a min of 1 year. Which would cost least?

A

partial upfront costs reserved instances

109
Q

What use for fast, secure img xfers to S3?

A

S3 Transfer Acceleration

110
Q

What is term for a user-defined label that has a key-value pair of variable char length. It is assigned to AWS resources?

A

resource .

These can be edited or removed at any time.

111
Q

What is the purpose of the ELB?

A

To distribute traffic to multiple EC2 instances

112
Q

Which service helps troubleshoot runtime errors?

A

X-Ray

113
Q

Best server for university during exam processing time?

A

serverless Lambda

114
Q

What disaster recovery deployment has the lowest downtime?

A

multi-site then warm standby

115
Q

Use EC2 reserved instance with a spot instance for a predictable workload with brief unpredictable spikes

A

True

116
Q

What purpose of API?

A

It allows developer to work with AWS resources programmatically.

117
Q

What is purpose of leader node in Redshift?

A

To receive queries and manage client connections

118
Q

What is right sizing?

A

cost saving solution that analyzes data over a period of time to determine and recommend the type of EC2 instance appropriate for your workload.

119
Q

What are the trusted advisor checks?

A

cost optimization, performance, security, fault tolerance, service limits

120
Q

One of a blogger’s articles has gone viral sending a lot of traffic to the blog, and causing poor browsing experience for some reader. How can normal service be restored?

A

Set up read replicas on the backend RDS instance where the article resides.

121
Q

What can be done to increase the fault tolerance of an app?

A

Deploy resources across multiple availability zones.

122
Q

What can be used a an additional layer of security to using a user name and password when logging into the AWS Console?

A

MFA (multi-factor authentication)

123
Q

Which support plan provides 24/7 access, and response time of < 1 hour for bus critical event.

A

Enterprise

124
Q

What is name for a geographic location in AWS?

A

Region

125
Q

What are two features of RDS that allow for better availability of databases?

A

Read replicas and Multi-AZ

126
Q

An EC2 instance where utilization is guaranteed to be consistent for a long period of time. How would you get the lowest cost?

A

Use reserved instance.

127
Q

You want to deploy a video-based app. The videos will be accessed by users around the world. Which service should you use to help stream the content in an efficient manner?

A

CloudFront

128
Q

Which service allows you to analyze EC2 instances against pre-defined security templates to check for vulnerabilities?

A

Inspector

129
Q

Which service can help decouple resources?

A

SQS

130
Q

What can you use to spin-up EC2?

A

Amazon Machine Image

131
Q

Which service helps you do a cost benefits analysis?

A

TCO Calculator (total cost of ownership)

132
Q

What does an EC2 instance in your VPC need in order for the Internet Gateway to route its traffic to the Internet?

A

Public IP address

133
Q

Your application needs full-managed storage for OBJECTS. Which service?

A

S3

134
Q

Which service is the virtual hard disk?

A

EBS

135
Q

What are edge locations responsible for?

A

Hosting CloudFront (CDN)

136
Q

Lightsail is an example of PaaS (platform as a service):

True or False

A

True

137
Q

What happens when an RDS Master database in a Multi-AZ deployment goes down?

A

RDS automatically fails over to the standby AZ, which is promoted to Master.

138
Q

S3 buckets by default are private. T or F?

A

True

139
Q

You want predictable monthly pricing, and the instance must have the ability to burst above baseline CPU when needed. Which service should you use to launch the instance?

A

Lightsail

140
Q

Which compute service is known for consistently high CPU performance and costs that vary by usage?

A

EC2

141
Q

Which service should you use to be notified when you have crossed a billing threshold?

A

CloudWatch

142
Q

For a subnet to be public and send non-local traffic to the Internet, you must update the Route Table of the public subnet and attach what to the VPC that contains the subnet?

A

Internet Gateway

143
Q

What doc do you use to grant permissions to users, groups and roles?

A

policy

144
Q

If you want to see who tampered with your S3 bucket, what should you look at?

A

CloudTrail logs

145
Q

Which is the managed db that is up to 5X faster than traditional MySQL db?

A

Aurora db (SQL)

146
Q

Where do you look for AWS service alerts?

A
  • Service Health Dashboard, and

- Personal Health Dashboard

147
Q

Which load balancer uses listeners, targets, and target groups?

A

ALB

148
Q

What is the name for a series of edge locations plus info about how you want content managed as part of a CDN?

A

a distribution

149
Q

What are valid access types for an IAM user?

A
  • programmatic access via the command line, API, SDK (software dev kit), or
  • Mgmt console access
150
Q

Which is the best load balancer when hosting a website?

A

ALB

151
Q

What allows you to restrict access to an indiv object in an S3 bucket?

A

ACL (access control list)

152
Q

Your boss wants a managed NoSQL database. Which service?

A

DynamoDB

153
Q

Which service can you get that will automatically scan your AWS environment with the goal of improving security and reducing costs?

A

Trusted Advisor

154
Q

Which is an event-driven, serverless compute service?

A

Lambda

155
Q

You want to archive data that needs to be encrypted into Glacier. What do you need to do?

A

Send the data to Glacier. The data is encrypted by default.

156
Q

A software dev team needs to create multiple testing environments each day. Provisioning needs to happen within mins. The number of environments per day varies. What is best way to create these environments?

A

Have CloudFormation provision the stacks and resources needed for the environments.

157
Q

What compute service use when you don’t want to pay when your code is not running?

A

Lambda

158
Q

Which load balancer uses a round-robin distribution strategy?

A
  • Classic LB for TCP listeners only.

- ALB: to select a node.

159
Q

What do you use to allow resources in a private subnet to access the internet?

A

NAT Gateway

160
Q

You are being audited. Where can you get the info to provide to the audit team?

A

CloudTrail

161
Q

You have RDS. Are you responsible for the database backups?

A

NO

162
Q

You have RDS. Are you responsible for the optimization of your app that’s using RDS?

A

Yes

163
Q

You want to re-create an EBS volume. How would you do this?

A

Re-create the volume from a snapshot.

164
Q

You have a mission-critical app that must be globally available at all times. Which deployment strategy should you use?

A

Multi-region

165
Q

Who should you report malicious activities to at AWS?

A

Abuse Team

166
Q

Which services have built-in DDoS protection?

A

Rt 53, CloudFront, WAF, ELB, VPC, Security Groups

167
Q

What is authentication?

A

The first part of the login process: Identifying who is accessing the system

168
Q

First a user is authenticated then authorized. T or F?

A

True

169
Q

What is authorization?

A

The 2nd part of the login process: Evaluating what permissions a user has.

170
Q

Which service controls authentication and authorization within an AWS account?

A

IAM.

Security Groups and ACL’s are tools within IAM.

171
Q

For EC2, what is the cust responsible for?

A
  • maintenance and updating the OS and apps (patching)
  • updating the db software
  • managing access to the db
  • security config.
  • AWS will only take care of the underlying hrdwre to provide the service.
172
Q

Which service is used during the process of encrypting EBS volumes?

A

KMS (key mgmt service)

173
Q

What do you create to give permission to an EC2 app to access other resources?

A

A role

174
Q

What do you give a group of people to assign them a pre-defined set of permissions based on their job role?

A

IAM group

175
Q

You use your corp directory to grant access to users. What is this called?

A

Federated Access

176
Q

What acts as built-in firewalls for your virtual servers?

A

Security Groups

177
Q

What do you use to login to the Mgmt Console?

A

username and password

178
Q

What are you responsible for when using S3?

A

Backing up your data.

179
Q

Which service performs automated network assessments of EC2 instances to check for vulnerabilities?

A

Inspecter.

you create assessment templates to automate security vulnerability assessments.

180
Q

What are factors that contribute to the agility that AWS provides?

A

speed, experimentation, culture of innovation

181
Q

What does elasticity do?

A

It scales resources to the required capacity based on changes in WORKLOAD DEMAND. Scales up or down, so no need to worry about capacity.

182
Q

What are the principles of sound cloud design?

A
  • Assume everything will fail.
  • Infrastructure as code
  • Disposable resources
  • Scalability
183
Q

What are the principles of sound cloud design for performance efficiency?

A
  • Deploy into multiple regions to go global in minutes
  • Use serverless architectures.
  • Democratize advanced technologies.
184
Q

What is scalability?

A

Adding resources to your app as USER DEMAND grows. Expand out.

185
Q

What is agility?

A

Decreasing the time to start new services.

186
Q

T or F? A scalable system diverts traffic based on demand to instances with the least load.

A

True

187
Q

Which AWS service automates infrastructure provisioning and admin tasks for an analytical data warehouse?

A

Redshift

188
Q

What is the best suited file storage option for use when an admin is looking to deploy shared file access, linux-based workloads which will require up to petabytes of data stores?

A

EFS

189
Q

What is the benefit of running an application across two AZs?

A

It increases the availability of an app compared to running in a single AZ.

190
Q

Which service can store code?

A

CodeCommit

191
Q

Which serverless service can run code?

A

Lambda

192
Q

What does an ELB do?

A

Distribute traffic to multiple EC2 instances.

193
Q

What is the best case for RDS?

A

In an org where only a finite number of processes query the db in predictable and well-structured schemas.

194
Q

Which services does the Trusted Advisor Dashboard offer?

A
cost optimization
performance
security
fault tolerance
service limits
195
Q

Which service provides security optimization recommendations?

A

Trusted Advisor

196
Q

In which service can you group resources from different regions and view their operational data for monitoring purposes?

A

Systems Manager

197
Q

What is the value of having AWS Cloud services accessible through an API?

A

It allows developers to work with AWS resources programmatically.

198
Q

A start-up org wants to deploy a web and mobile app devop environment. How can this be achieved efficiently?

A

Use Quickstarts to id and provision the appropriate CloudFormation templates.

199
Q

A department in an org has a monthly expenditure limit on their AWS acct and they are worried about exceeding it. What can they use to help?

A

Budgets, and create an email alert based on the budget parameters.

200
Q

How is Cloud9 diff from Lambda?

A

Cloud9: developers can share in real-time.
Lambda: can be used to create functions that run in Cloud9

201
Q

What is autoscaling?

A

To scale out resources based on demand. It monitors your apps and autom. adjusts capacity to maintain steady, predictable performance at the lowest possible cost.

202
Q

T or F? A resource day can be edited or removed at any time.

A

True. They are a user-defined key-value pair, useful for labeling when running queries.

203
Q

Trusted Advisor: best practices and recommendations

A

True

204
Q

What’s the diff between lifecycle policy and intelligent tiering?

A

LIfecycle policy is pre-configured with a transition rule and not dependant on access patterns like intelligent tiering is.

205
Q

What’s the diff between lifecycle policy and intelligent tiering?

A

LIfecycle policy is pre-configured with a transition rule and not dependent on access patterns like intelligent tiering is.