Other Flashcards
What is an anycast IP address
Many cloud based nodes or instances running a program have the same IP address and the rooting infrastructure sends packages to the topologically nearest node
What is a CIDR block?
A designated range of IP address space on the web
What is POSIX compliant operating system?
“Portable Operating System Interface
Can nativly run UNIX programs”
What is a Byte-Range fetch?
“a header in usually used in a GET Object request
used for improving performace by using concurrent connections to get an object and peice it together on the client side”
What is a distribution key?
The concept of a variable given to designate the partitions in a set of data
“Concept
Placement strategies”
“Cluster in one AZ
Spread across different racks(large replicated)
Partition’s have there own racks”
“Concept(not sure about this one yet)
Enhanced network performance”
“EC2s either use
ENA(elastic Network Adapter)
or
VF(Intel 82599 Virtual Function) interface”
“Concept
fast data integrety checks”
disable initial verification & enable verification post data transfer
“Concept
IAM roles vs credentials”
assign roles don’t store credentials
What instance type is supported in the EC2 instance Savings Plan?
all c5 instances
What is the benifit of using origin fetch vs other routes?
“origin fetch is integrated with AWS services and is free
insentivises use of multiple AWS services”
What is the cache-control header?
Used to control how long an object stay in the CloudFront cache
In CloudFormation what is the OnDemandPercentageAboveBaseCapacity propery?
“Determine the number of On-demand instances that could be spun up if needed
setting to 0 will use Spot instances instead of On-demand instances (greate for non-development)”
“CloudFormation stack
Retain vs Snapshot vs Delete”
“Retain - keeps the resource in the event of a stack deletion
Snapshot - creates a snapshot of the resource before the resource is deleted
Delete - deletes the resource with the stack”
Common use cases for elastic beanstalk
create web server environments and worker environment
What is drift detection
Drift detection can be used to detect changes made to resources outside of cloud formation
How to properly set up CloudTrail in every region
“CloudTrail has a feature that allows it to be automatically enabled in evey region, including any new region expanded to within the account
Logs are delivered to an S3 bucket and an optional CloudWatch Logs group that you specify”
Storage Gateway Cached volume vs Stored volume
“Cached will temporarily contain the most recently accessed responses
Stored volumes are asynchronously synced with the origin”
Placement strategies and racks
“Cluster - puts instances together in an AZ, essentially the same rack
Spread - places instaces across different racks, not grouping the instnaces
Partition - instances in a partition have their own set of racks “
Cognito User pool vs Identity pool
“Two separate ways to gain authorization, they are not necessarily interchangeable
User is individual based
identity is/can be group based”
What do federation protocols authenticate?
“Federations are for user authentication
IAM policies can be for either user or service authentication”
in what ways can KMS encrypt data?
“only at rest
use SSL for encryption in transit”
To what scope are KMS master keys bound?
KMS master keys are region-specific
Service Control Policies
“Organizations feature
policies are applied to all users within the member accounts including root accounts
if explicit permissions are granted from other policies, they may bypass the SCP”
PCI compliant workloads on cloudfront
“log CloudFront usage data for 365 days
enable CloudFront access logs
capture requests that are sent to the CloudFront API”
