Practice 6 Flashcards
The recommended storage engine for MySQL is
InnoDB and notMyISAM
InnoDB instances can be migrated to Aurora, while MyISAM instances can’t be migrated - T or F
true
Example of ALB path based routing:
URL of /api/android
URL of /api/android
What is host based routing:
host-based routing defines rules that forward requests to different target groups based on the host name in the host header instead of the URL
Example of ALB host based routing:
allows you to send a request for api.example.com and for web.example.com to the same endpoint with the certainty it will be delivered to the correct back-end application
Storage optimized instances are designed for
workloads that require high, sequential read and write access to very large data sets on local storage
Memory optimized instances are designed to
deliver fast performance for workloads that process large data sets in memory
Compute optimized instances are ideal for
compute-bound applications that benefit from high-performance processors, such as batch processing workloads and media transcoding.
General purpose instances are the
most basic type of instances. They provide a balance of compute, memory, and networking resources, and can be used for a variety of workloads
To prevent your Lambda function from running indefinitely, you specify atimeout - t or F
true (default is 3 sec; max 900 sec/15 mins)
if AWS Lambda total concurrent executions limit is exceeded, the function will be ?
throttled but not terminated
Recursive code in your Lambda function directly result to an abrupt termination of the function execution - T or F
FALSE;
recursive code in your Lambda function does not directly result to an abrupt termination of the function execution
if a user assumes a role, temporary security credentials are created dynamically and provided to the user - T or F
true
The ping utility uses the ? protocol
ICMP protocol, so this needs to be set in the Inbound Rules of your security group to ensure that the ping packets can be routed to the EC2 instances
An Elastic IP address doesn’t incur charges as long as the following conditions are true:
- The Elastic IP address is associated with an Amazon EC2 instance.
- The instance associated with the Elastic IP address is running.
- The instance has only one Elastic IP address attached to it.
IAM database authentication works with which databases:
MySQL and PostgreSQL
IAM database authentication provides the following benefits:
- Network traffic to and from the database is encrypted using Secure Sockets Layer (SSL).
- You can use IAM to centrally manage access to your database resources, instead of managing access individually on each DBinstance.
- For applications running on Amazon EC2, you can use profile credentials specific to your EC2 instance to access your database instead of a password, for greater security
Database Backtrack feature
simply “rewinds” the DB cluster to the time you specify.
–ssl-caparameter
can provide SSL connection to your database
Multicast?
network capability that allows one-to-many distribution of data. With multicasting, one or more sources can transmit network packets to subscribers that typically reside within a multicast group
Amazon VPC support multicast or broadcast networking - True or False
false; Amazon VPC does not support multicast or broadcast networking
overlay multicast is a method of
building IP level multicast across a network fabric supporting unicast IP routing, such as Amazon Virtual Private Cloud (Amazon VPC).
TheCache-Control max-agedirective
lets you specify how long (in seconds) you want an object to remain in the cache before CloudFront gets the object again from the origin server
The?? control how long objects stay in the cache
Cache-ControlandExpiresheaders
Cache-Control minimum expiration time
0 seconds for web
3600 seconds for RMTP/1 hr
Public Datasets will not cost anything - T or F
true
Elastic Beanstalk vs ECS in terms of Docker container deployment
Both can do the same thing except that Beanstalk AUTOMATICALLY handles the details of capacity provisioning, load balancing, scaling, and application health monitoring while ECS will have to be manually configured to do all these.
Port for Remote Desktop connection
TCP port 3389 and UDP port 3389
AWS recommends that you primarily use file versioning for the following reasons:
- Versioning enables you to control which file a request returns even when the user has a version cached either locally or behind a corporate caching proxy. If you invalidate the file, the user might continue to see the old version until it expires from those caches.
- CloudFront access logs include the names of your files, so versioning makes it easier to analyze the results of file changes.
- Versioning provides a way to serve different versions of files to different users.
- Versioning simplifies rolling forward and back between file revisions.
- Versioning is less expensive. You still have to pay for CloudFront to transfer new versions of your files to edge locations, but you don’t have to pay for invalidating files.
CodeDeploy is a
deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, or serverless Lambda functions.
In Elastic Beanstalk, where does it store the application files and server log files?
Application files are stored in S3. The server log files can be stored in :
- EBS and
- optionally stored in S3 or in CloudWatch Logs
cross-account access
You can use an IAM role to delegate access to resources that are in different AWS accounts that you own. You share resources in one account with users in a different account. By setting up cross-account access in this way, you don’t need to create individual IAM users in each account
Database Hash Joins are mainly used
if you need to join a large amount of data by using an equijoin and not for improving availability.
Databsase Asynchronous Key Prefetch is mainly used
to improve the performance of queries that join tables across indexes
Blue/Green Deployment
Blue is the current prod; Green is the new environment where the changes are being deployed
For decoupling services, you should use IAM user or role?
IAM role not an IAMuser credential
How to fix ‘insufficient capacity error’ while adding new instances to a new placement group?
Stop and restart the instances in the Placement Group and then try the launch again.
Why do we get ‘insufficient capacity error’ when launching new instances to a new placement group?
If you try to add more instances to the placement group later, or if you try to launch more than one instance type in the placement group, you increase your chances of getting an insufficient capacity error
Do we have a limit in the number of instances in a Placement Group?
No
Enhanced networking advantages:
- provides higher bandwidth,
- higher packet per second (PPS) performance, and
- consistently lower inter-instance latencies.
There is an additional charge for using enhanced networking. True or False
false; There is no additional charge for using enhanced networking.
Can you create a volume out of an EBS snapshot?
Yes, you can create a snapshot of the EBS volume first then create a volume using the snapshot in the other Availability Zone if necessary
URLs to provide for the IAM user to be able to access the AWS Console?
https://YOU.signin.aws.amazon.com/console
By DEFAULT, records of a stream in Amazon Kinesis are accessible for up to
24 hours from the time they are added to the stream. You can raise this limit to up to 7 days by enabling extended data retention
DNSSEC (Domain Name System Security Extensions)
Amazon Route 53’s DNS services does not support DNSSEC at this time
Amazon Route 53 currently supports the following DNS record types:
- -A (address record)
- -AAAA (IPv6 address record)
- -CNAME (canonical name record)
- -CAA (certification authority authorization)
- -MX (mail exchange record)
- -NAPTR (name authority pointer record)
- -NS (name server record)
- -PTR (pointer record)
- -SOA (start of authority record)
- -SPF (sender policy framework)
- -SRV (service locator)
- -TXT (text record)
In cloudformation, what section is required?
Resources
For Microsoft SQL Server, how to implement security of your in-flight data between your web servers and RDS?
- Force all connections to your DB instance to use SSL by setting therds.force_sslparameter to true. Once done, reboot your DB instance.
- Download the Amazon RDS Root CA certificate. Import the certificate to your servers and configure your application to use SSL to encrypt the connection to RDS.
RDS running on Microsoft SQL Server: transparent data encryption (TDE) is primarily used to
encrypt stored data on your DB instances running Microsoft SQL Server, and not the data that is in-transit.
