Other

Question 1

What is an anycast IP address

Answer 1

Many cloud based nodes or instances running a program have the same IP address and the rooting infrastructure sends packages to the topologically nearest node

Question 2

What is a CIDR block?

Answer 2

A designated range of IP address space on the web

Question 3

What is POSIX compliant operating system?

Answer 3

“Portable Operating System Interface

Can nativly run UNIX programs”

Question 4

What is a Byte-Range fetch?

Answer 4

“a header in usually used in a GET Object request

used for improving performace by using concurrent connections to get an object and peice it together on the client side”

Question 5

What is a distribution key?

Answer 5

The concept of a variable given to designate the partitions in a set of data

Question 6

“Concept

Placement strategies”

Answer 6

“Cluster in one AZ
Spread across different racks(large replicated)
Partition’s have there own racks”

Question 7

“Concept(not sure about this one yet)

Enhanced network performance”

Answer 7

“EC2s either use
ENA(elastic Network Adapter)
or
VF(Intel 82599 Virtual Function) interface”

Question 8

“Concept

fast data integrety checks”

Answer 8

disable initial verification & enable verification post data transfer

Question 9

“Concept

IAM roles vs credentials”

Answer 9

assign roles don’t store credentials

Question 10

What instance type is supported in the EC2 instance Savings Plan?

Answer 10

all c5 instances

Question 11

What is the benifit of using origin fetch vs other routes?

Answer 11

“origin fetch is integrated with AWS services and is free

insentivises use of multiple AWS services”

Question 12

What is the cache-control header?

Answer 12

Used to control how long an object stay in the CloudFront cache

Question 13

In CloudFormation what is the OnDemandPercentageAboveBaseCapacity propery?

Answer 13

“Determine the number of On-demand instances that could be spun up if needed
setting to 0 will use Spot instances instead of On-demand instances (greate for non-development)”

Question 14

“CloudFormation stack

Retain vs Snapshot vs Delete”

Answer 14

“Retain - keeps the resource in the event of a stack deletion
Snapshot - creates a snapshot of the resource before the resource is deleted
Delete - deletes the resource with the stack”

Question 15

Common use cases for elastic beanstalk

Answer 15

create web server environments and worker environment

Question 16

What is drift detection

Answer 16

Drift detection can be used to detect changes made to resources outside of cloud formation

Question 17

How to properly set up CloudTrail in every region

Answer 17

“CloudTrail has a feature that allows it to be automatically enabled in evey region, including any new region expanded to within the account
Logs are delivered to an S3 bucket and an optional CloudWatch Logs group that you specify”

Question 18

Storage Gateway Cached volume vs Stored volume

Answer 18

“Cached will temporarily contain the most recently accessed responses
Stored volumes are asynchronously synced with the origin”

Question 19

Placement strategies and racks

Answer 19

“Cluster - puts instances together in an AZ, essentially the same rack
Spread - places instaces across different racks, not grouping the instnaces
Partition - instances in a partition have their own set of racks “

Question 20

Cognito User pool vs Identity pool

Answer 20

“Two separate ways to gain authorization, they are not necessarily interchangeable
User is individual based
identity is/can be group based”

Question 21

What do federation protocols authenticate?

Answer 21

“Federations are for user authentication

IAM policies can be for either user or service authentication”

Question 22

in what ways can KMS encrypt data?

Answer 22

“only at rest

use SSL for encryption in transit”

Question 23

To what scope are KMS master keys bound?

Answer 23

KMS master keys are region-specific

Question 24

Service Control Policies

Answer 24

“Organizations feature
policies are applied to all users within the member accounts including root accounts
if explicit permissions are granted from other policies, they may bypass the SCP”

Question 25

PCI compliant workloads on cloudfront

Answer 25

“log CloudFront usage data for 365 days
enable CloudFront access logs
capture requests that are sent to the CloudFront API”