Practice Exam Answer Explanations Flashcards
Loose Coupling
- Loose Coupling helps reduce the risk of cascading failures between components.
- Loosely coupled components are connected but not dependent on each other.
IaC
Infrastructure as Code (IaC) is a key implementation of automation in cloud – using Infrastructure as Code allows you to deploy and manage your environment without reliance on humans to complete all the tasks quickly and easily.
Application Code
Application code is a form of programmatic access. Programmatic access provides access to your AWS resources through an application or tool like the CLI.
AWS CLI
The AWS CLI allows you to access your AWS account through a terminal or command window.
AWS Management Console
The AWS Management Console allows you to access your AWS account and manage applications running in your account from a web browser.
AWS Person Health Dashboard
AWS Personal Health Dashboard provides alerts and guidance for AWS events that might affect your environment.
Shared Controls
Shared controls are elements of the shared responsibility model where both AWS and the customer have shared responsibilities within their own contexts. Patch management is a shared control, since AWS is responsible for patching and fixing flaws within the infrastructure, including managed services like RDS, but customers are responsible for patching their guest OS and applications.
Amazon WorkSpaces
Amazon WorkSpaces is a managed, secure Desktop-as-a-Service (DaaS) solution. You can use Amazon WorkSpaces to provision either Windows or Linux desktops in just a few minutes and quickly scale to provide thousands of desktops to workers across the globe.
Amazon Inspector
You will need to turn to Amazon Inspector for security assessment. Not only does it identify vulnerabilities in your application, it will also spot deviations from security best practices. AWS Shield and WAF protect the application from attacks that exploit vulnerabilities, rather than identify them. Trusted Advisor only provides recommendations on how to improve security.
Authentication
Authentication defines the “who” in regard to access. Authentication is where you present your identity (username) and provide verification (password).
Access Keys
Access keys provide programmatic access to AWS and should not be embedded in code or shared with other users.
Root User
- You should not use the root user for daily tasks.
- You should enable multi-factor authentication (MFA) for the root user and other administrative users.
Least Privilege
You should only grant the least privilege needed to perform a task.
SSH Client
An SSH client is a program that allows establishing a secure connection from your local laptop to an EC2 instance.
Key Pair
A key pair, consisting of a private key and a public key, is a set of security credentials you use to prove your identity when connecting to an instance. Amazon EC2 stores the public key. You store the private key locally typically as a pem file.
S3 Glacier
Glacier offers extremely inexpensive data archival but requires a 3- to 5-hour data-retrieval window for standard retrievals – though this time can be reduced for a price.
CloudFront
CloudFront is a CDN that delivers data and applications globally with low latency.
EBS
EBS volumes are “virtual hard disks” for your EC2 instance.
Athena
Athena allows the company to query data in S3 using standard SQL.
ElastiCache
ElastiCache is an in-memory cache service used to improve database performance. This means that it saves your most common queries for quicker data retrieval rather than retrieving directly from your database. As a result, it is classified as an AWS database service.
Edge Locations
Edge locations consist of over 200+ points of presence around the world that provide fast entry into Amazon’s global network. Because of how widespread they are, users can connect to their nearest edge location and have their traffic sent through amazon’s fast global network to reach the resources it needs sooner. This is how CloudFront’s caching mechanism works. There are far less Availability Zones and Regions than edge locations, which is why CloudFront does not use them for caching content.
Types of Access to AWS
The two types of access are AWS Management Console access and programmatic access. Programmatic access is available via the AWS API, the CLI and the SDKs – and an IAM user can use all these methods.
RedShift
Redshift is a scalable data warehouse solution that supports querying, reporting, analytics and business intelligence. It can be used when you need to consolidate multiple data sources for reporting and don’t require real-time transaction processing (Insert, update, and delete).
SDKs
Software development kits (or SDKs) provide everything you need to develop and manage applications in AWS, including the programming language of your choice.
Organizations
Organizations allows you to centrally manage multiple AWS accounts under 1 umbrella. You can allocate resources and apply policies across accounts.
Control Tower
Control tower helps you ensure your accounts conform to company-wide policies. Control Tower actually sits on top of Organizations.
AWS Basic Support
The AWS Support Basic tier is the free support given to all AWS accounts. All accounts receive billing support, because every customer needs an avenue to lodge disputes or make requests around their billing.
AWS Business Support
Business Support is the minimum plan that provides access to support via telephone.
AWS Enterprise Support
Only the Enterprise Support plan provides a designated Technical Account Manager (TAM) for your AWS account.
Standard Reserved Instance
Standard Reserved Instances provide you with a significant discount (up to 72%) compared to On-Demand Instance pricing and can be purchased for a 1-year or 3-year term.
CloudFront
Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency and high transfer speeds, all within a developer-friendly environment.
APN Consulting Partners
APN Consulting Partners include professional services organizations like system integrators, strategic consultancies, agencies, managed service providers (MSPs), and value-added resellers. In this case, we would engage a Consulting Partner to help us deploy out new system to the AWS Cloud.
Highly Available System
A highly available system is always online – without the need for human intervention. Although fault tolerance is closely related to high availability, fault tolerance usually implies a degradation of service without human intervention, unlike high availability which is like-for-like.
Regional Deployment
You are free to deploy your applications to new Regions. Don’t forget: CloudFormation can make the process of provisioning resources easier and repeatable.
Systems Manager
Systems Manager allows you to manage RDS instances. You can even use it to auto-patch and run commands on multiple EC2 instances.
Authentication
Authentication identifies who is accessing the system and passes that information to the authorization process, which in turn determines what permissions the user has in AWS.
Config
Config specifically focuses on listing the resources in your AWS account and presenting their configuration change history.
Aurora
Aurora is a relational database compatible with MySQL and PostgreSQL that was created by AWS.
RedShift
Redshift allows you to run complex analytic queries against petabytes of structured data, using sophisticated query optimization, columnar storage on high-performance local disks, and massively parallel query execution.
Elastic MapReduce (EMR)
Elastic MapReduce (EMR) helps you process large amounts of data using big data frameworks like Hadoop.
Reserved Instance
- Reserved Instances are a great way of reducing costs on long running applications with predictable workloads. Even if the money is not available to make upfront payments, using Reserved Instances over longer periods can still be useful for cost savings.
- Reserved Instances have 3 main pricing models: Standard, Convertible and Scheduled. Each model is targeted with a specific use case and benefits from its own level of discounted price.
AWS Support Levels
AWS Support has 4 levels. Basic is their free entitlement for all AWS Customers. The 3 paid support plans in order of ascending cost are Developer, Business and Enterprise.
EC2 On-Demand
EC2 On-Demand is best for applications with short-term, spiky, or unpredictable workloads.
SNS
SNS allows you to send emails and text messages from your distributed applications.
SES
SES is an email service that can send HTML formatted messages from applications.
Dedicated Hosts
Dedicated Hosts allow you to use your existing per-socket, per-core or per-VM software licenses to help maintain license compliance. This is similar to Dedicated Instances, but Dedicated Hosts provide more restrictive control over the server.
Dedicated Instances
Dedicated Instances ensure your instance will run on a dedicated physical server due to licensing restrictions that don’t allow for software to run on a shared tenancy model.
Elastic File System (EFS)
Amazon Elastic File System (EFS) is an elastic file system for Linux-based workloads.
