Practice Test Notable Questions Flashcards
(129 cards)
1
Q
What is an application streaming service that can provide users instant access to desktop applications from any device?
A
Amazon AppStream 2.0
1
Q
What service quickly and securely lets you transfer hundreds of petabytes of data to AWS?
A
AWS Snowmobile lets you transfer 100PB per snowmobile, a 45-foot long shipping container pulled by a truck.
Snowball edge accelerates moving TB data in and out of AWS using physical appliances but is not the best to transfer exabyte-scale data.
2
Q
What service allows you the same hardware infrastructure, services, APIs, and tools to build/run applications on-prem and in the cloud?
A
AWS Outposts lets you do this. It’s a fully managed service that extends infrastructure, services, APIs, and tools to any data center, co-location space, or on-prem facility for a hybrid experience. Ideal for workloads that require low-latency access.
3
Q
What lets you organize and consolidate information based on criteria into specific tags or resources in AWS?
A
AWS resource groups let you organize resources using criteria defined as tags. A resource group is a collection of resources that match resource types specified in a query and share 1+ tags or a portion of tags.
Groups can be created based on roles in cloud infrastructure, lifecycle stages, regions, applications layers or anything else.
4
Q
What can be used to find insights an relationships in article submissions via NLP?
A
Amazon Comprehend is a NLP service to let you find meaning insights in text and can extract:
- Phrases
- Sentiment
- Syntax
- Brand/date/location/person
- Language
Textract is incorrect because it is used to extract printed text, handwriting, and data from any document, not NLP.
5
Q
What does AWS Firewall Manager do?
A
Security management service allows us to centrally configure and manage firewall rules across accounts and applications. Can enforce a common set of security rules and is a signal service to build firewall rules, create security policies and enforce them in a hierarchical manner.
6
Q
If a developer needs to access a Linux EC2 instance to modify a Wordpress configuration file, what would he use to connect directly to the instance’s Linux terminal?
A
EC2 Instance Connect is a browser-based client letting you connect to Linux instances.
Session Manager is a fully managed AWS systems manager capability that lets you manage instances, on-prem instances, and virtual machines through one browser-based shell or through the AWS CLI.
Secure Shell (SSH) is the most common tool to connect to Linux servers.
7
Q
What is AWS Direct Connect used for?
A
Networking service to establish private connectivity between AWS and your data center, office, or colocation environment.
8
Q
What does Basic Support provide?
A
- Customer service and communities
- 7 core checks of the AWS Trusted Advisor
- AWS personal health dashboard
Discussion forums can also be used to get assistance from the AWS community.
9
Q
What is an availability zone?
A
1+ discrete data centers with redundant power, networking, and connectivity in an AWS region. They give customers ability to operate production applications and databases that are more highly available, fault-tolerant, and scalable than would be possible from a single data center.
10
Q
What are AWS Local Zones?
A
They are managed and supported by AWS and are an extension of an AWS region where latency-sensitive applications can be run using AWS services like elastic COmpute Cloud, Virtual Private Cloud, Elastic Block Store, File Storage, and Elastic Load Balancing in geographic proximity to end users.
11
Q
What are AWS Regions?
A
Separate geographical area with multiple isolated and physically separate AZs
12
Q
What are Edge locations?
A
Delivers cached content to closest location to reduce latency for users
13
Q
What is the AWS Global Accelerator?
A
A service that improves the availability and performance of applications with local or global users. Has static IP addresses provided as a fixed entry point to applications hosted in 1+ AWS regions. These are anycast from AWS edge locations and are announced from multiple locations at the same time. This enables traffic to ingress onto the AWS global network as close to your users as possible.
14
Q
What is Amazon CloudFront?
A
It is a content delivery network service with low latency and high transfer speeds.
Usecases:
- Static asset caching
- Live video streaming
- Integrates with AWS Shield and AWS WAF
- Customizes delivery with Lambda@Edge
- Dynamic content and API acceleration
- Scale as globally distributed clients download software updates.
Used for HTTP use cases and securing access over endpoints. Edge locations are used to cache content as opposed to finding an optimal pathway to the nearest regional endpoint (like global accelerator). Not capable of providing static anycast IP address.
15
Q
What would company use to migrate on-premise VMs to AWS?
A
Use AWS Server Migration Service to migrate on-premise workloads to AWS.
It is an agentless service making it easier to migrate thousands of on-prem workloads to AWS. SMS lets you automate, schedule, and track incremental replicas of live server volumes via an intuitive UI.
Note that AWS Migration Hub only tracks application migrations, not server migrations.
16
Q
What is concierge support used for in the enterprise plan?
A
Assisting with billing and account inquiries and works with customers to implement billing and account best practices.
17
Q
What is a AWS Disaster Recovery solution for their on-premise bare metal servers and SQL databases that is fast and easy to use?
A
CloudEndure. It minimizes downtime and data loss by providing fast, reliable recovery. Can protect critical SQL databases via continuous replication of machines into a low-cast staging area.
In case of disaster, CloudEndure Disaster Recovery can launch machines in their fully provisioned state in minutes.
Note that Server Migration service cannot migrate bare metal servers.
18
Q
What are the type of AWS Elastic Load Balancers?
A
- Application Load Balancer - best suited for load balancing HTTP/HTTPS traffic targeted at modern application architectures like microservers and containers. Operates at the individual request level and routes traffic to targets within VPC.
- Network Load Balancer - used to balance TCP, UDP, and TLS traffic where extreme performance is required. Operates at the connection level and routes traffic to targets within the AWS VPC. Capable of handling millions of requests/second while maintaining low latencies. Can handle volatile and sudden traffic patterns.
- Class load balancer - balances across multiple EC2 instances and operates at both request level and connection level.
- Gateway load balancer - provides layer 3 gateway and layer 4 load balancing capabilities and is a bump-in-the-wire device that does not change any part of the packet. Meant to handle millions of requests/second, volatile traffic patterns, and introduces extremely low latency
19
Q
What IAM identities are associated with access keys used in managing cloud resources via the AWS CLI?
A
IAM User get access keys as long-term credentials.
They consist of 2 parts:
1. Access key ID
2. Secret access key
Need to get both to authenticate requests. Use temporary security creds (IAM roles) instead of access keys and disable root user access.
20
Q
What is used as a virtual firewall for EC2 instances to control inbound and outbound traffic?
A
Security Group
21
Q
Which is true regarding the developer support plan?
A
- No access to the AWS Support API
- Limited access to the 7 core Trusted Advisor checks
- General architectural guidance
- Unlimited cases and 1 primary contact
22
Q
What does the business support plan offer?
A
- Full set of trusted advisor checks
- Recommended for production workloads
- Contextual architectural guidance
- AWS Support API access
- Unlimited cases and unlimited contacts
- Cloud Support Engineer access
- Interoperability & configuration guidance and troubleshooting
- Can access Infrastructure Event Management for additional fee
23
Q
What does the enterprise plan offer?
A
- Recommended for mission-critical workloads
- Full trusted advisor
- Consultative review and guidance based on applications
- Designated TAM
- Access to online labs
- COncierge Support Team
- Cloud Support Engineer access
- Support API
- Interoperability & configuration guidance
- Infrastructure Event Management
- Well-Architected Reviews
- Operations Reviews
- TAM coordinates access to programs and other AWS experts
24
What type of Elastic Load Balancer offers path-based routing, host-based routing, and bi-directional communication channels using WebSockets?
Application Load Balancer (not Network Load Balancer).
ALB lets you configure rules for listeners that forward requests based on the URL in the request (path based).
ALB also lets you configure rules for listener that forwards requests based on the host field in the HTTP reader (host based)
25
What services would help speed up testing a new mobile app on multiple devices at once in a coordinated fashion using AWS?
AWS Mobile Hub and AWS Device Farm.
Mobile Hub enables a novice to deploy and configure mobile app backend features using a range of AWS Services.
Device Farm is an application testing service that lets you improve the quality of web/mobile apps by testing them across a range of desktop browsers and mobile devices without having to provision/manage any testing infrastructure.
26
What can you use to resolve the connection between your on-premise VPN and AWS virtual private cloud (VPC)?
Virtual Private Gateway and Amazon Route 53.
A customer gateway is an anchor on the client-side of the connection. The anchor on the AWS side of the VPN connection is a virtual private gateway. There are 2 tunnels available so that one can be disabled as the other is maintained.
Route 53 is a DNS web service designed to give a reliable and cost-effective way to route end users to applications by translating names into the IP addresses that computers use to connect to each other. The Route 53 Resolver provides recursive DNS for the amazon VPC and on-prem networks over AWS Direct Connect or a VPN solution.
27
What can Amazon CloudWatch logs accomplish?
1. Adjust log retention policy for each group
2. Monitor application logs from EC2 instances.
In addition:
1. Can centralize logs from all systems, apps, AWS services into one service.
2. All logs can be viewed as a consistent flow of events ordered by time
3. Can monitor AWS CloudTrail logged events
4. Can archive log data to store in highly durable storage
5. Can log Route 53 DNS queries
28
What is DynamoDB?
A scalable, fast, and flexible non-relational database service.
It is a fully managed NoSQL database service with seamless scalability.
No need to worry about hardware provisioning, setup, configuration, replication, patching, or cluster scaling.
Encryption at rest is offered
29
Which of the following options is a shared control between AWS and the customer?
Awareness and training.
30
What are the different controls specified in the shared responsibility model?
Inherited controls: physical and environmental controls
Shared controls: Apply to both the infra and customer layers. Customer must provide their own control implementation within their use of service. Examples: patch management, configuration management, awareness, and training.
Customer-specific controls: service and communications protection, zone security
31
If a customer wants to assume responsibility and management of the guest operating system, including updates and security patches, and wants to launch a new database, what would they use?
EC2 gives you control over the instance and any database needed can be installed and managed. An AMI can be used with a pre-installed database to save time.
32
What can developers use to interact with AWS services?
1. AWS SDKs
2. AWS Command Line Interface
3. Aws-shell
33
If a company is planning to launch a new system in AWS and they need someone to design, architect, build, migrate, and manage workloads/applications on AWS, what would they use?
AWS Partner Network Consulting Partners
| Note that technology partners are providing software solutions that are hosted on or integrated with the AWS platform
34
In the AWS Trusted Adviser, what is among the five categories considered to analyze your AWS environment and provide best practice recommendations?
1. Cost Optimization
2. Performance
3. Security
4. Fault Tolerance
5. Service Limits
35
When choosing a suitable AWS region, what should a company consider?
1. Enhance customer experience by reducing latency to users
| 2. Support country-specific compliance
36
What is true on how AWS lessons time to provision IT resources?
There are many different ways to programmatically provision IT resources:
1. AWS CLI
2. AWS API
3. Web-based AWS Management Console
37
What AWS services should be used to store rapidly changing data with low read/write latencies?
Amazon EBS (Elastic Block Storage) and Amazon RDS (Relational Database Service)
38
What are some of the anti-patterns of Amazon S3?
1. Amazon S3 uses a flat namespace and isn't meant to serve as a standalone file system. But by using the delimiters, keys can be constructed to emulate hierarchical folder structure.
2. Retrieving S3 objects require you to know the bucket name and key and therefore can't be used as a traditional database by itself.
3. Data that is updated very frequently is probably better served by a solution with lower read/write latencies like EBS volumes, RDS, or DynamoDB
39
What can be used to host a new MSSQL database in AWS for an urgent project?
1. Amazon Relational Database Service (RDS)
2. Amazon EC2
SQL Server on CEC2 and Elastic Block Store (EBS) can give complete control over every setting as it would if installed on-premise. RDS can then take care of all maintenance, backups, and patching.
40
What describes S3?
1. Highly durable object storage infrastructure
2. Virtually unlimited space
3. Versioning feature to have a means of recovery
41
What is the minimum number of AZs that should be set up for the Application Load Balancer?
2. The load balancer is the single point of contact, clients send request to it and then the balancer sends them to targets. If you have 2 AZs from your VPC, the load balancer will have some targets to actually choose from.
42
What service should be used to launch a customized self-hosted database which requires a scheduled shutdown every night to save on cost?
Amazon EBS can be used as a primary storage device that needs frequent and granular updates and is the recommended storage option when running database on an instance.
Therefore in this case, an EC2 Instance with an EBS volume would be best.
43
How does EBS volume behave?
It's like a raw, unformatted, external block device that can be attached to 1 or more instances. EBS volume can be detached from one instance and attached to another.
The configuration of a volume can also be dynamically changed.
EBS volumes can also be created as encrypted volumes using the Amazon EBS encryption feature.
44
What are the lowest-cost S3 storage classes?
S3 Glacier and S3 Glacier Deep Archive.
Large amounts of data can be archived at very low cost and be used for data lakes, analytics, IoT, machine learning, compliance, and media asset archiving.
Glacier provides 3 options for access to archives that can take a few minutes to several hours.
Glacier Deep Archive provides access options ranging from 12 to 48 hours.
45
What is Amazon Aurora?
A MySQL and PostgreSQL compatible relational database built for the cloud.
It is 5x faster than MySQL and 3x faster than PostgreSQL. It is fully managed by RDS and is 1/10th cost of commercial databases.
Features a distributed, fault-tolerant, self-healing storage system that scales up to 128TB per database instance. 15 low-latency read replicas, point-in-time memory, continuous backup to S3, and replication across 3 AZs are available.
46
What is Route 53 used for?
It connects user requests to infrastructure running in AWS (EC2, ELB, S3) and can also route users to infrastructure outside of AWS.
Traffic can be managed globally through a variety of routing types like latency-based routing, Geo DNS, Geoproximity, and weighted round robin.
Route 53 has a simple visual editor to manage how end-users are routed to application endpoints. Also it offers domain name registration.
47
What are the benefits of consolidated billing?
1. 1 bill
2. Volume discounts by combining usage
3. Easy tracking
4. No extra fee
48
What does AWS CloudTrail provide?
Can log, continuously monitor, and retain account activity related to actions across the AWS infrastructure.
It shows the event history of actions taken during AWS management console, AWS SDKs, command-line tools, and other AWS services. It simplifies security analysis, resource change tracking, and troubleshooting.
CloudTrail can be integrated with CloudWatch to read everything
49
What are regional services in AWS?
Amazon EFS and AWS Batch.
AWS Batch is a regional service that simplifies running batch jobs across AZs in a region. Can create within a new or existing VPC. Can define job definitions that specify which Docker container images to run jobs.
Amazon EFS is a regional service storing data across multiple AZs for high availability and durability. Can access file systems across AZs, regions, VPCs, while on-prem servers can access using AWS Direct Connect or AWS VPN.
50
If a company has a hybrid cloud architecture where the on-premise data center interacts with their cloud resources in AWS, what of the following services should be used to deploy a web application to the servers running on-premise?
AWS OpsWorks and AWS Code Deploy.
OpsWorks - config management both on-premise and in the cloud using Chef and Puppet.
CodeDeploy - automates code deployments to any instances including Ec2 and instances running on-prem.
Note that CloudFormation and Elastic Beanstalk are incorrect because they can only deploy applications to AWS servers, not on-prem.
51
What is true regarding Amazon RDS?
Makes it easy to set up, operate, and scale a relational db in the cloud. It provides cost-efficient and resizable capacity.
However, it does not scale up instance size itself but can scale storage capacity if enabled. Read replicas are available but are manual.
RDS is not fully managed since the customer has some control over the RDS instance.
52
WHat is an advantage of using managed services like RDS, elasticache, and cloudsearch?
Simplifies all of the OS patching and backup activities to keep resources current and secure
For RDS, cost-efficient and resizable capacity while automating time-consuming tasks like provisioning, setup, patching, and backups. Maintenance is also done to the underlying hardware and operating system.
53
What are benefits of using Edge locations in AWS?
They improve application performance by delivering content closer to the users.
They provide caching which reduces load on origin servers.
An edge location is just a site that CloudFront uses to cache copies of content for faster delivery.
An individual point of presence (POP) will then retrieve data from the edge location instead of having to go back to the origin server.
54
What is the AWS IoT Greengrass service?
It seamlessly extends AWS to edge devices so they can act locally on the data they generate while still using the cloud for management, analytics, and durable storage.
55
A customer in North Virginia, USA is doing some drone work and collecting environmental data. Which of the following services allows him to easily obtain terabytes of data storage for use in a space-constrained environment and allows him to transfer these data to AWS?
AWS Snowcone
The smallest member of the Snow family and is 4.5 lbs with 8 TB of usable storage.
It can be used in backpacks, compute applications at the edge or offline data transfer with AWS, or was datasync with edge.
56
What are best practices in using IAM service?
Lock away AWS Account Root User Access keys
Create individual IAM users
Use groups to assign permissions to IAM users
Grant Least Privilege
Get started using permissions with AWS Managed Policies
Use Customer Managed Policies instead of Inline policies
Use Access levels to review IAM permissions
Configure a strong password policy
Enable MFA
Use roles for applications that run on Amazon EC2 instances
Use roles to delegate permissions
Do not share access keys
Rotate creds regularly
Remove unnecessary creds
Use policy conditions for extra security
Monitor AWS account activity
57
What will AWS charge you for?
Transfering EC2 files between 2 regions
58
What are some actions AWS will not charge you for?
Setting up additional VPCs
Provisioning elastic IPs and attaching them to running EC2 instances (if not attached, they're charged)
Network charges for data coming into S3 via a VPN is not charged
59
How would you grant S3 permissions?
Decide who is getting them, which S3 resources they're getting permissions for, and actions you want to allow on the resources.
60
If a customer needs a standard SQL Server license but isn't sure how much CPU and memory to allocate to her database, what's the most convenient and flexible option while being cost effective? No need for a fully managed database.
An EC2 instance with a windows AMI and a bundled MS SQL Server Standard will be best since licenses won't need to be purchased from Microsoft.
ALso, since it's an EC2 instance, can resize it to a different instance type or class with no long-term commitments.
61
What is Amazon Macie?
Security service that uses ML to protect sensitive data. Recognizes PII data and gives alerts on how data is being interacted with. Also monitors for anomalies and alerts if unauthorized access or data leaks.
Can use Macie for incident response and CLoudWatch Events to take action to protect data.
62
Is an IAM Group an identity?
No because it cannot be identified as a Principal in a permissions policy. It only lets policies be attached to multiple users at a time.
63
What are Developer case severity and response times?
General guidance, < 24 hours.
| System impaired, < 12 hours
64
What are business severity and response times?
General guidance, < 24 hours
System impaired, < 12 hours
Production system impaired, < 4 hours
Production system down, < 1 hour
65
What are Enterprise severity and response times?
```
General guidance, < 24 hours
System impaired, < 12 hours
Production system impaired, < 4 hours
Production system down, < 1 hour
Business-critical system down, < 15 minutes
```
66
Agility is one of the benefits of cloud computing that provides customers with what advantage?
Focus valuable IT resources on developing applications that differentiate business rather than managing infrastructure and data centers.
67
What are the benefits of cloud computing?
Agility - innovate faster by focusing resources.
Deploy globally in minutes
Elasticity - provision what you need and scale
Cost savings - capex for opex
68
What advantage does AWS provide over data centers when it comes to handling traffic load?
Elasticity, because it's the ability to acquire resources as you need them and also release them when you don't need them automatically.
69
Can groups be nested?
Not allowed
70
Can a group contain many users and can users also belong in many groups?
Yes
71
Is there a default group that includes all users?
No
72
Is there a limit to the number of groups and number of groups a user can be in?
Yes
73
What are global services in AWS?
```
Amazon CloudFront
IAM
STS
Route 53
WAF
```
A global service means that it covers all regions across the globe while a regional service means that a resource is applicable only to 1 region at a time.
74
What is the multipart upload API?
Can upload a single object as parts in any order. Can retransmit if it fails.
S3 assembles these parts and creates object after uploaded. If object size reaches 100MB, consider this API.
```
Advantages:
Improved throughput
Quick recovery from network
Pause/resume
Begin upload before knowing final size
```
75
What does MFA delete do?
Helps prevent accidental bucket deletions in S3. Only bucket owner can enable MFA delete.
76
What is DMS?
DMS helps migrate databases to AWS (MySQL to RDS for example).
Supports homogenous migration and heterogenous migration. Can replicate with high availability as well.
77
What is an internet gateway?
Provides target in VPC route tables for routable traffic and performs network address translation (NAT) for instances have been assigned public IPV4 addresses.
78
What services allow you to conduct security assessments and penetration testing on them without prior approval?
```
Amazon RDS
Amazon Aurora
EC2
NAT Gateways
ELB
API Gateways
Lambda / Lambda Edge
Lightsail
Elastic Beanstalk
```
79
What activities are prohibited when carrying out security assessments?
```
DNS zone walking via Route 53 hosted zones
Denial of service (DOS) variations
Port flooding
Protocol flooding
Request flooding
```
80
What is AWS Direct Connect used for?
Establishing a dedicated connection between on-prem network and AWS.
81
What is used to secure VPC subnets?
Network Access Control Lists - optional layer of security acting like firewall for controlling traffic in/out of 1+ subnets.
Can set up NACLs similar to security groups to add additional layer of security to VPC.
82
What is required when launching EC2 instance?
Security group, EBS Root Volume, VPC and subnet specification.
Not required to provide elastic IP address however.
83
What is X-ray used for?
Can see how apps and services are performing for troubleshooting. Gives a view of requests as they travel through the application.
Works with EC2, ECS, Lambda, and Elastic Beanstalk.
84
What is Cost Explorer?
Lets you view data for the past 13 months and forecast based on usage.
85
What is a Service oriented architecture design principle?
The more loosely coupled components are, the bigger and better it scales.
86
How to create asynchronous components that are independent of each other?
SQS to isolate components and act as buffer
Design every component to expose service interface and responsible for its own scalability
Bundle construct into an AMI to be deployed more often
Make applications stateless
87
What does Amazon SQS let you do?
It's a fully managed queuing service enabling you to send, store, receive messages at any volume without losing messages or requiring other services to be available.
2 queues:
Standard
FIFO
88
What is Amazon SWF?
Fully-managed state tracker and task coordinator in the cloud
89
What pricing construct adjusts price based on supply/demand of EC2 instances?
Spot instances. Can bid a price and amazon fulfills it when available.
Specify the number of instances, type, AZ, and max price.
90
What is Cognito Identity Pool used for?
Provide temp AWS creds to someone authenticated via social media logins.
Can also be these types of users:
users in Amazon Cognito user pool
Users authenticated via SAML
Users authenticated by an existing process
91
What can be used for severless computing?
Lambda
Lambda@Edge
AWS Fargate
API Gateway service
92
What is the AWS Personal Health Dashboard used for?
Personalized view into performance and availability of AWS services underlying AWS resources
93
What is AWS Service Health Dashboard used for?
Shows Status and historical data about each service. Can subscribe to RSS feed.
Is not used to get notified about system-impactful issues.
94
In shared responsibility model, whose responsibility to patch host operating system of EC2 instance?
AWS's responsibility since its a managed service.
95
To run an EC2 instance for 3 months, what instance option is best?
On-demand if job is uninterruptible, spot if not.
96
What can be used to create highly available and scalable web app in the cloud?
EC2 Auto Scaling and Elastic Load Balancer
Route 53 -> CloudFront -> Load Balancer -> Auto scaling
Only the last 2 parts of it make sure it's highly available and scalable.
97
What do you have to pay for in S3?
Storing objects, size of object (in GB), length of storage, and storage class.
98
What type of caching is available in Amazon Elasticache?
Redis - in-memory used as db, cache, and message broker. Multi AZ with auto-failover available.
Redis Global Database - Have Redis in one and replicate it across multiple regions.
Memcached - distributed memory object caching system to speed up dynamic web applications
99
Where can ElastiCache clusters be?
Amazon Cloud or On-premise via AWS Outposts
100
What is Amazon Neptune?
Graph Database service for highly connected datasets.
Used for recommendation engines, fraud detection, knowledge graphs, drug discovery, and network security.
Not used for complex analytic queries.
101
What is Amazon Redshift Spectrum?
Can query and retrieve structured and semistructured data from S3 without loading into Redshift.
Multiple clusters can query the same dataset in S3 without needing to make copies for each.
102
What provides automated reference deployments for key workloads in AWS via CloudFOrmation templates?
AWS Quick Starts. Built by SAs and partners and can accelerate manual procedures into a few steps to build production environments quickly.
Each Quick Start launches, configures and runs compute, network, storage, and other services required to deploy specific workload on AWS.
103
What service eliminates need to manage containers manually?
AWS Fargate. You just specify and pay for resources per application. Then define application content, networking, storage, and scaling requirements.
No need to provision, patch, manage cluster capacity or infrastructure.
Note that ECS still needs the EC2 instances to be managed.
104
What are the 3 types of solutions offered by OpsWorks?
1. Chef Automate: Fully managed config management for Chef
2. Puppet Enterprise: fully managed for Puppet, used for infrastructure and application management.
3. Stacks - app and server management service. Can model app as a stack with different layers.
105
What is Amazon SES?
Simple Email Service. Can use SMTP or Aws SDKs to integrate into existing applications. Can work with S3, Lambda, and mail server to send emails.
106
What is Amazon MQ?
Message broker service with standard APIs and protocols. Can switch from any standards-based message broker to MQ.
107
What are the different stages for EC2 and EBS?
1. Launch the instance, goes to pending state.
2. Enters "Running" state when ready
3. Billed for each second with 1 minute minimums to keep instance running.
4. When "Stopping" instance, AWS does charge for storage of EBS Volumes.
Note that in the "Running" state, you are billed for compute, memory, storage and network. However, you are not billed for the EBS storage specifically yet.
In the "Terminated" state, EBS storage and instance are deleted by default.
108
What is Amazon ECR?
Fully managed docker container registry to store, manage, deploy docker container images.
Not a serverless computing service, need to use AWS Fargate for that.
109
If building a serverless application with a key-value database, what services can be used to fulfill this?
AWS Lambda and Amazon Dynamo DB
Lambda - runs on servers but AWS does serverless management.
Dynamo DB - great for auto scaling and no servers to manage. Useful for serverless applications in AWS.
110
What is an AWS Savings plan?
Saves up to 72% on EC2, Fargate, Lambda usage. Provides lower prices in exchange for commitment to a consistent usage amount for 1 or 3 year term.
111
Why are RDS and ECS considered Platform as a service?
No need to set up servers, storage, or network. Only need to manage the application and the data.
112
What is Amazon FSx?
Can launch and run popular file systems. It provides cost-efficient capacity and integrates with other services.
2 file systems available:
1. Windows File Server
2. Lustre
Note that EFS is a file system storage, but only supports Linux workloads.
113
How can an EBS volume be accessed by multiple EC2 instances?
If it's a provisioned IOPS EBS volume
114
What is the AWS Architecture Center?
Provides collection of technical resources to build more effectively in the cloud.
Can use the well-architected tool to review state of workloads.
115
What is CodeBuild?
Fully managed continuous integration service. Compiles source code, runs tests, and produces software packages ready to deploy.
116
What is AWS Secrets Manager?
Protects secrets needed to access applications, services, and IT resources. Can rotate, manage, and retrieve database credentials, API keys, other secrets.
117
What can AWS Organizations do?
```
Centrally manage policies
Automate account creation and management
Consolidate billing
Govern access to services and regions
Configure services across accounts
```
118
What are the policies that can be set in AWS organizations?
AI Services opt-out
Backup policies
Service control policies
Tag policies
119
What is AWS CloudHSM?
It lets companies encrypt and manage its own encryption keys. Useful for when companies need exclusive control over how its keys are used.
It is standards-compliant and provides a FIPS 140-2 Level 3 overall validated single-tenant HSM cluster in the VPC to store and use keys. Can interact with keys similar to interacting with applications on EC2.
Can use this for digital rights management, public key infrastructure, document signing, and cryptographic functions
120
What AWS team can help when systems are impacted by phishing, malware, spam, and DoS attacks?
AWS Trust and Safety.
121
What is S3 Transfer acceleration?
It can speed up content transfers from 50-500% for long distance transfer. It uses CloudFront's edge locations and an optimized network parth.
122
What is Amazon Connect?
Seamless experience for customers and agents. It simplifies contact center operations.
123
What is AWS Storage Gateway?
Hybrid storage service that lets you connect on-prem data storage to S3. Can reduce costs for key hybrid cloud storage use-cases like backups, on-prem file share, low latency data access.
124
Difference between Personal Health and Service Health dashboard?
Former only gives personalized view of specific services being used vs. all available services.
125
When can IAM be used as a certificate manager?
Can be done only if it's a region not supported by AWS Certificate Manager. It encrypts private keys and stores encrypted version in IAM SSL certificate storage.
126
What can be used to restrict access to content served from an S3 bucket in cloud front?
Origin Access Identity. It is used to share private content through CloudFront.
Content from S3 buckets can be restricted by doing the following:
1. Create special CloudFront user called an origin access identity
2. Configure S3 bucket to only use this OAI to access files
After this is set up, users can only access files through CloudFront and not from the S3 bucket.
127
What lets you filter web based traffic based on conditions including IP addresses, HTTP headers, or custom URIs?
AWS Web Application Firewall (WAF). Can set up rules to block common attack patterns. Conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting.
128
What connects VPCs and on-prem networks through a central hub?
AWS Transit Gateway. Acts as a cloud router where each new connection is made only once.
Otherwise, need a routing table in each VPC.
Note that Direct Connect is just a dedicated network connection and doesn't support peering between VPCs unless associated with Transit Gateway.
