Practice 3

Question 1

AWS AppSync

Answer 1

> simplifies application development by letting you create a flexible API to securely access, manipulate, and combine data from one or more data sources.
managed service that uses GraphQL to make it easy for applications to get exactly the data they need.

Question 2

workflow in SWF

Answer 2

defines all the activities in the workflow.

Question 3

purpose of a decision task

Answer 3

tells the decider the state of the workflow execution

Question 4

activity task

Answer 4

tells the worker to perform a function

Question 5

SWF task

Answer 5

represents a single task in the workflow

Question 6

Kinesis data stream stores records from(duration)

Answer 6

24 hours by defaultto a maximum of 168 hours.

Question 7

Server-Side Encryption

Answer 7

You request Amazon S3 to encrypt your object before saving it on disks in its data centers and decrypt it when you download the objects

Question 8

Client-Side Encryption

Answer 8

You can encrypt data client-side and upload the encrypted data to Amazon S3. In this case, you manage the encryption process, the encryption keys, and related tools.

Question 9

2 Client-Side Encryptions

Answer 9

1. Client-Side Encryption with AWS KMS–Managed Customer Master Key (CMK)
2. Client-Side Encryption Using a Client-Side Master Key

Question 10

CloudFront Origin Access Identity

Answer 10

feature which ensures that only CloudFront can serve S3 content

Question 11

Glacier retrieval options

Answer 11

1. Standard - 3 - 5 hours
2. Expedited - 1 - 5 mins
3. Bulk - 5 - 12 hours

Question 12

Glacier Select

Answer 12

you can run queries and custom analytics on your data that is stored in Glacier, without having to restore your data to a hotter tier like Amazon S3

Question 13

Glacier Provisioned Capacity

Answer 13

> ensures that your retrieval capacity for expedited retrievals is available when you need it.
Each unit of capacity provides that at least three expedited retrievals can be performed every five minutes and provides up to 150 MB/s of retrieval throughput.

Question 14

Why purchase Glacier Provisioned Capacity

Answer 14

You should purchase provisioned retrieval capacity if your workload requires highly reliable and predictable access to a subset of your data in minutes

Question 15

Ranged Archive Retrievals

Answer 15

retrieve an archive from Glacier, you can optionally specify a range, or portion, of the archive to retrieve:
> Manage your data downloads
> Retrieve a targeted part of a large archive

Question 16

Amazon S3 now provides increased performance to support at least ? requests per second to add data and ? requests per second to retrieve data

Answer 16

at least 3,500 requests per second to add data and 5,500 requests per second to retrieve data

Question 17

Lambda automatically monitors functions on your behalf and reports metrics through Amazon CloudWatch:

Answer 17

2. Duration – The average, minimum, and maximum execution times.
3. Invocations – The number of times that the function was invoked in each 5-minute period.
4. Error count and success rate (%) – The number of errors and the percentage of executions that completed without error.
5. DeadLetterErrors – The number of events that Lambda attempted to write to a dead-letter queue, but failed.
6. IteratorAge – For stream event sources, the age of the last item in the batch when Lambda received it and invoked the function.
7. Throttles – The number of times that execution failed due to concurrency limits.

Question 18

The following VPC peering connection configurations are not supported.

Answer 18

1. Overlapping CIDR Blocks
2. Transitive Peering
3. Edge to Edge Routing Through a Gateway or Private Connection

Question 19

Therevoke-security-group-ingresscommand

Answer 19

removes one or more ingress rules from a security group

Question 20

revoke-security-group-egress

Answer 20

Removes one or more egress rules from a security group

Question 21

When connecting to your EC2 instance via SSH, you need to ensure that

Answer 21

port 22 is allowed on the security group of your EC2 instance.

Question 22

Network ACL is much suitable to control the traffic that goes in and out of your entire VPC and not just on one EC2 instance.- T or F

Answer 22

true

Question 23

You can modify a launch configuration after creating it - T or F

Answer 23

false; you can’t modify

Question 24

When you create a launch configuration, you specify information for the instances such as the:

Answer 24

1. block device mapping.
2. Amazon Machine Image (AMI) ID
3. key pair,
4. instance type,
5. Security groups

Question 25

Active-Active Failover

Answer 25

Use this failover configuration when you want all of your resources to be available the majority of the time. When a resource becomes unavailable, Route 53 can detect that it’s unhealthy and stop including it when responding to queries.

Question 26

Active-Passive Failover

Answer 26

Use an active-passive failover configuration when you want a primary resource or group of resources to be available the majority of the time and you want a secondary resource or group of resources to be on standby in case all the primary resources become unavailable. When responding to queries, Route 53 includes only the healthy primary resources. If all the primary resources are unhealthy, Route 53 begins to include only the healthy secondary resources in response to DNS queries.

Question 27

How does Amazon ElastiCache improve database performance?

Answer 27

By caching database query results.

Question 28

Lambda error EC2ThrottledException

Answer 28

1. You only specified one subnet in your Lambda function configuration. That single subnet runs out of available IP addresses and there is no other subnet or Availability Zone which can handle the peak load.
2. Your VPC does not have sufficient subnet ENIs or subnet IPs.

Question 29

allowed block size in VPC is between

Answer 29

a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses) and not/27 netmask

Question 30

Billed EC2 instance states

Answer 30

1. running
2. stopping - billed if preparing to hibernate
3. terminated - reserved instances are billed until the end of their term according to their payment option

Question 31

Unbilled Ec2 instance states

Answer 31

1. Pending
2. stopping - if preparing to stop
3. stopped
4. shutting down
5. terminated

Question 32

The presigned URLs are useful if

Answer 32

you want your user/customer to be able to upload a specific object to your bucket, but you don’t require them to have AWS security credentials or permissions.

Question 33

origin access identity (OAI)

Answer 33

prevents users from viewing your s3 files by simply using the direct URL for the file..instead they would need to access it using a cloudfront URL

Question 34

Signed URLS vs signed cookies

Answer 34

Signed URLS:
1. RMTP distribution (streaming) - signed cookies aren’t supported for RMTP
2. Restrict access to individual files (ex: installation download for your application)
3. client using custom HTTP that don’t support cookies
signed cookies:
1. provide access to multiple restricted files
2. you don’t want to change current urls