Practice Test Notable Questions

Question 1

What is an application streaming service that can provide users instant access to desktop applications from any device?

Answer 1

Amazon AppStream 2.0

Question 1

What service quickly and securely lets you transfer hundreds of petabytes of data to AWS?

Answer 1

AWS Snowmobile lets you transfer 100PB per snowmobile, a 45-foot long shipping container pulled by a truck.

Snowball edge accelerates moving TB data in and out of AWS using physical appliances but is not the best to transfer exabyte-scale data.

Question 2

What service allows you the same hardware infrastructure, services, APIs, and tools to build/run applications on-prem and in the cloud?

Answer 2

AWS Outposts lets you do this. It’s a fully managed service that extends infrastructure, services, APIs, and tools to any data center, co-location space, or on-prem facility for a hybrid experience. Ideal for workloads that require low-latency access.

Question 3

What lets you organize and consolidate information based on criteria into specific tags or resources in AWS?

Answer 3

AWS resource groups let you organize resources using criteria defined as tags. A resource group is a collection of resources that match resource types specified in a query and share 1+ tags or a portion of tags.

Groups can be created based on roles in cloud infrastructure, lifecycle stages, regions, applications layers or anything else.

Question 4

What can be used to find insights an relationships in article submissions via NLP?

Answer 4

Amazon Comprehend is a NLP service to let you find meaning insights in text and can extract:

1. Phrases
2. Sentiment
3. Syntax
4. Brand/date/location/person
5. Language

Textract is incorrect because it is used to extract printed text, handwriting, and data from any document, not NLP.

Question 5

What does AWS Firewall Manager do?

Answer 5

Security management service allows us to centrally configure and manage firewall rules across accounts and applications. Can enforce a common set of security rules and is a signal service to build firewall rules, create security policies and enforce them in a hierarchical manner.

Question 6

If a developer needs to access a Linux EC2 instance to modify a Wordpress configuration file, what would he use to connect directly to the instance’s Linux terminal?

Answer 6

EC2 Instance Connect is a browser-based client letting you connect to Linux instances.

Session Manager is a fully managed AWS systems manager capability that lets you manage instances, on-prem instances, and virtual machines through one browser-based shell or through the AWS CLI.

Secure Shell (SSH) is the most common tool to connect to Linux servers.

Question 7

What is AWS Direct Connect used for?

Answer 7

Networking service to establish private connectivity between AWS and your data center, office, or colocation environment.

Question 8

What does Basic Support provide?

Answer 8

1. Customer service and communities
2. 7 core checks of the AWS Trusted Advisor
3. AWS personal health dashboard

Discussion forums can also be used to get assistance from the AWS community.

Question 9

What is an availability zone?

Answer 9

1+ discrete data centers with redundant power, networking, and connectivity in an AWS region. They give customers ability to operate production applications and databases that are more highly available, fault-tolerant, and scalable than would be possible from a single data center.

Question 10

What are AWS Local Zones?

Answer 10

They are managed and supported by AWS and are an extension of an AWS region where latency-sensitive applications can be run using AWS services like elastic COmpute Cloud, Virtual Private Cloud, Elastic Block Store, File Storage, and Elastic Load Balancing in geographic proximity to end users.

Question 11

What are AWS Regions?

Answer 11

Separate geographical area with multiple isolated and physically separate AZs

Question 12

What are Edge locations?

Answer 12

Delivers cached content to closest location to reduce latency for users

Question 13

What is the AWS Global Accelerator?

Answer 13

A service that improves the availability and performance of applications with local or global users. Has static IP addresses provided as a fixed entry point to applications hosted in 1+ AWS regions. These are anycast from AWS edge locations and are announced from multiple locations at the same time. This enables traffic to ingress onto the AWS global network as close to your users as possible.

Question 14

What is Amazon CloudFront?

Answer 14

It is a content delivery network service with low latency and high transfer speeds.

Usecases:

1. Static asset caching
2. Live video streaming
3. Integrates with AWS Shield and AWS WAF
4. Customizes delivery with Lambda@Edge
5. Dynamic content and API acceleration
6. Scale as globally distributed clients download software updates.

Used for HTTP use cases and securing access over endpoints. Edge locations are used to cache content as opposed to finding an optimal pathway to the nearest regional endpoint (like global accelerator). Not capable of providing static anycast IP address.

Question 15

What would company use to migrate on-premise VMs to AWS?

Answer 15

Use AWS Server Migration Service to migrate on-premise workloads to AWS.

It is an agentless service making it easier to migrate thousands of on-prem workloads to AWS. SMS lets you automate, schedule, and track incremental replicas of live server volumes via an intuitive UI.

Note that AWS Migration Hub only tracks application migrations, not server migrations.

Question 16

What is concierge support used for in the enterprise plan?

Answer 16

Assisting with billing and account inquiries and works with customers to implement billing and account best practices.

Question 17

What is a AWS Disaster Recovery solution for their on-premise bare metal servers and SQL databases that is fast and easy to use?

Answer 17

CloudEndure. It minimizes downtime and data loss by providing fast, reliable recovery. Can protect critical SQL databases via continuous replication of machines into a low-cast staging area.

In case of disaster, CloudEndure Disaster Recovery can launch machines in their fully provisioned state in minutes.

Note that Server Migration service cannot migrate bare metal servers.

Question 18

What are the type of AWS Elastic Load Balancers?

Answer 18

1. Application Load Balancer - best suited for load balancing HTTP/HTTPS traffic targeted at modern application architectures like microservers and containers. Operates at the individual request level and routes traffic to targets within VPC.
2. Network Load Balancer - used to balance TCP, UDP, and TLS traffic where extreme performance is required. Operates at the connection level and routes traffic to targets within the AWS VPC. Capable of handling millions of requests/second while maintaining low latencies. Can handle volatile and sudden traffic patterns.
3. Class load balancer - balances across multiple EC2 instances and operates at both request level and connection level.
4. Gateway load balancer - provides layer 3 gateway and layer 4 load balancing capabilities and is a bump-in-the-wire device that does not change any part of the packet. Meant to handle millions of requests/second, volatile traffic patterns, and introduces extremely low latency

Question 19

What IAM identities are associated with access keys used in managing cloud resources via the AWS CLI?

Answer 19

IAM User get access keys as long-term credentials.
They consist of 2 parts:
1. Access key ID
2. Secret access key

Need to get both to authenticate requests. Use temporary security creds (IAM roles) instead of access keys and disable root user access.

Question 20

What is used as a virtual firewall for EC2 instances to control inbound and outbound traffic?

Answer 20

Security Group

Question 21

Which is true regarding the developer support plan?

Answer 21

1. No access to the AWS Support API
2. Limited access to the 7 core Trusted Advisor checks
3. General architectural guidance
4. Unlimited cases and 1 primary contact

Question 22

What does the business support plan offer?

Answer 22

1. Full set of trusted advisor checks
2. Recommended for production workloads
3. Contextual architectural guidance
4. AWS Support API access
5. Unlimited cases and unlimited contacts
6. Cloud Support Engineer access
7. Interoperability & configuration guidance and troubleshooting
8. Can access Infrastructure Event Management for additional fee

Question 23

What does the enterprise plan offer?

Answer 23

1. Recommended for mission-critical workloads
2. Full trusted advisor
3. Consultative review and guidance based on applications
4. Designated TAM
5. Access to online labs
6. COncierge Support Team
7. Cloud Support Engineer access
8. Support API
9. Interoperability & configuration guidance
10. Infrastructure Event Management
11. Well-Architected Reviews
12. Operations Reviews
13. TAM coordinates access to programs and other AWS experts

Question 24

What type of Elastic Load Balancer offers path-based routing, host-based routing, and bi-directional communication channels using WebSockets?

Answer 24

Application Load Balancer (not Network Load Balancer).

ALB lets you configure rules for listeners that forward requests based on the URL in the request (path based).

ALB also lets you configure rules for listener that forwards requests based on the host field in the HTTP reader (host based)

Question 25

What services would help speed up testing a new mobile app on multiple devices at once in a coordinated fashion using AWS?

Answer 25

AWS Mobile Hub and AWS Device Farm.

Mobile Hub enables a novice to deploy and configure mobile app backend features using a range of AWS Services.

Device Farm is an application testing service that lets you improve the quality of web/mobile apps by testing them across a range of desktop browsers and mobile devices without having to provision/manage any testing infrastructure.

Question 26

What can you use to resolve the connection between your on-premise VPN and AWS virtual private cloud (VPC)?

Answer 26

Virtual Private Gateway and Amazon Route 53.

A customer gateway is an anchor on the client-side of the connection. The anchor on the AWS side of the VPN connection is a virtual private gateway. There are 2 tunnels available so that one can be disabled as the other is maintained.

Route 53 is a DNS web service designed to give a reliable and cost-effective way to route end users to applications by translating names into the IP addresses that computers use to connect to each other. The Route 53 Resolver provides recursive DNS for the amazon VPC and on-prem networks over AWS Direct Connect or a VPN solution.

Question 27

What can Amazon CloudWatch logs accomplish?

Answer 27

1. Adjust log retention policy for each group
2. Monitor application logs from EC2 instances.

In addition:

1. Can centralize logs from all systems, apps, AWS services into one service.
2. All logs can be viewed as a consistent flow of events ordered by time
3. Can monitor AWS CloudTrail logged events
4. Can archive log data to store in highly durable storage
5. Can log Route 53 DNS queries

Question 28

What is DynamoDB?

Answer 28

A scalable, fast, and flexible non-relational database service.

It is a fully managed NoSQL database service with seamless scalability.

No need to worry about hardware provisioning, setup, configuration, replication, patching, or cluster scaling.

Encryption at rest is offered

Question 29

Which of the following options is a shared control between AWS and the customer?

Answer 29

Awareness and training.

Question 30

What are the different controls specified in the shared responsibility model?

Answer 30

Inherited controls: physical and environmental controls

Shared controls: Apply to both the infra and customer layers. Customer must provide their own control implementation within their use of service. Examples: patch management, configuration management, awareness, and training.

Customer-specific controls: service and communications protection, zone security

Question 31

If a customer wants to assume responsibility and management of the guest operating system, including updates and security patches, and wants to launch a new database, what would they use?

Answer 31

EC2 gives you control over the instance and any database needed can be installed and managed. An AMI can be used with a pre-installed database to save time.

Question 32

What can developers use to interact with AWS services?

Answer 32

1. AWS SDKs
2. AWS Command Line Interface
3. Aws-shell

Question 33

If a company is planning to launch a new system in AWS and they need someone to design, architect, build, migrate, and manage workloads/applications on AWS, what would they use?

Answer 33

AWS Partner Network Consulting Partners

Note that technology partners are providing software solutions that are hosted on or integrated with the AWS platform

Question 34

In the AWS Trusted Adviser, what is among the five categories considered to analyze your AWS environment and provide best practice recommendations?

Answer 34

1. Cost Optimization
2. Performance
3. Security
4. Fault Tolerance
5. Service Limits

Question 35

When choosing a suitable AWS region, what should a company consider?

Answer 35

1. Enhance customer experience by reducing latency to users

2. Support country-specific compliance

Question 36

What is true on how AWS lessons time to provision IT resources?

Answer 36

There are many different ways to programmatically provision IT resources:

1. AWS CLI
2. AWS API
3. Web-based AWS Management Console

Question 37

What AWS services should be used to store rapidly changing data with low read/write latencies?

Answer 37

Amazon EBS (Elastic Block Storage) and Amazon RDS (Relational Database Service)

Question 38

What are some of the anti-patterns of Amazon S3?

Answer 38

1. Amazon S3 uses a flat namespace and isn’t meant to serve as a standalone file system. But by using the delimiters, keys can be constructed to emulate hierarchical folder structure.
2. Retrieving S3 objects require you to know the bucket name and key and therefore can’t be used as a traditional database by itself.
3. Data that is updated very frequently is probably better served by a solution with lower read/write latencies like EBS volumes, RDS, or DynamoDB

Question 39

What can be used to host a new MSSQL database in AWS for an urgent project?

Answer 39

1. Amazon Relational Database Service (RDS)
2. Amazon EC2

SQL Server on CEC2 and Elastic Block Store (EBS) can give complete control over every setting as it would if installed on-premise. RDS can then take care of all maintenance, backups, and patching.

Question 40

What describes S3?

Answer 40

1. Highly durable object storage infrastructure
2. Virtually unlimited space
3. Versioning feature to have a means of recovery

Question 41

What is the minimum number of AZs that should be set up for the Application Load Balancer?

Answer 41

2. The load balancer is the single point of contact, clients send request to it and then the balancer sends them to targets. If you have 2 AZs from your VPC, the load balancer will have some targets to actually choose from.

Question 42

What service should be used to launch a customized self-hosted database which requires a scheduled shutdown every night to save on cost?

Answer 42

Amazon EBS can be used as a primary storage device that needs frequent and granular updates and is the recommended storage option when running database on an instance.

Therefore in this case, an EC2 Instance with an EBS volume would be best.

Question 43

How does EBS volume behave?

Answer 43

It’s like a raw, unformatted, external block device that can be attached to 1 or more instances. EBS volume can be detached from one instance and attached to another.

The configuration of a volume can also be dynamically changed.

EBS volumes can also be created as encrypted volumes using the Amazon EBS encryption feature.

Question 44

What are the lowest-cost S3 storage classes?

Answer 44

S3 Glacier and S3 Glacier Deep Archive.

Large amounts of data can be archived at very low cost and be used for data lakes, analytics, IoT, machine learning, compliance, and media asset archiving.

Glacier provides 3 options for access to archives that can take a few minutes to several hours.

Glacier Deep Archive provides access options ranging from 12 to 48 hours.

Question 45

What is Amazon Aurora?

Answer 45

A MySQL and PostgreSQL compatible relational database built for the cloud.

It is 5x faster than MySQL and 3x faster than PostgreSQL. It is fully managed by RDS and is 1/10th cost of commercial databases.

Features a distributed, fault-tolerant, self-healing storage system that scales up to 128TB per database instance. 15 low-latency read replicas, point-in-time memory, continuous backup to S3, and replication across 3 AZs are available.

Question 46

What is Route 53 used for?

Answer 46

It connects user requests to infrastructure running in AWS (EC2, ELB, S3) and can also route users to infrastructure outside of AWS.

Traffic can be managed globally through a variety of routing types like latency-based routing, Geo DNS, Geoproximity, and weighted round robin.

Route 53 has a simple visual editor to manage how end-users are routed to application endpoints. Also it offers domain name registration.

Question 47

What are the benefits of consolidated billing?

Answer 47

1. 1 bill
2. Volume discounts by combining usage
3. Easy tracking
4. No extra fee

Question 48

What does AWS CloudTrail provide?

Answer 48

Can log, continuously monitor, and retain account activity related to actions across the AWS infrastructure.

It shows the event history of actions taken during AWS management console, AWS SDKs, command-line tools, and other AWS services. It simplifies security analysis, resource change tracking, and troubleshooting.

CloudTrail can be integrated with CloudWatch to read everything

Question 49

What are regional services in AWS?

Answer 49

Amazon EFS and AWS Batch.

AWS Batch is a regional service that simplifies running batch jobs across AZs in a region. Can create within a new or existing VPC. Can define job definitions that specify which Docker container images to run jobs.

Amazon EFS is a regional service storing data across multiple AZs for high availability and durability. Can access file systems across AZs, regions, VPCs, while on-prem servers can access using AWS Direct Connect or AWS VPN.

Question 50

If a company has a hybrid cloud architecture where the on-premise data center interacts with their cloud resources in AWS, what of the following services should be used to deploy a web application to the servers running on-premise?

Answer 50

AWS OpsWorks and AWS Code Deploy.

OpsWorks - config management both on-premise and in the cloud using Chef and Puppet.
CodeDeploy - automates code deployments to any instances including Ec2 and instances running on-prem.

Note that CloudFormation and Elastic Beanstalk are incorrect because they can only deploy applications to AWS servers, not on-prem.

Question 51

What is true regarding Amazon RDS?

Answer 51

Makes it easy to set up, operate, and scale a relational db in the cloud. It provides cost-efficient and resizable capacity.

However, it does not scale up instance size itself but can scale storage capacity if enabled. Read replicas are available but are manual.

RDS is not fully managed since the customer has some control over the RDS instance.

Question 52

WHat is an advantage of using managed services like RDS, elasticache, and cloudsearch?

Answer 52

Simplifies all of the OS patching and backup activities to keep resources current and secure

For RDS, cost-efficient and resizable capacity while automating time-consuming tasks like provisioning, setup, patching, and backups. Maintenance is also done to the underlying hardware and operating system.

Question 53

What are benefits of using Edge locations in AWS?

Answer 53

They improve application performance by delivering content closer to the users.

They provide caching which reduces load on origin servers.

An edge location is just a site that CloudFront uses to cache copies of content for faster delivery.

An individual point of presence (POP) will then retrieve data from the edge location instead of having to go back to the origin server.

Question 54

What is the AWS IoT Greengrass service?

Answer 54

It seamlessly extends AWS to edge devices so they can act locally on the data they generate while still using the cloud for management, analytics, and durable storage.

Question 55

A customer in North Virginia, USA is doing some drone work and collecting environmental data. Which of the following services allows him to easily obtain terabytes of data storage for use in a space-constrained environment and allows him to transfer these data to AWS?

Answer 55

AWS Snowcone

The smallest member of the Snow family and is 4.5 lbs with 8 TB of usable storage.

It can be used in backpacks, compute applications at the edge or offline data transfer with AWS, or was datasync with edge.

Question 56

What are best practices in using IAM service?

Answer 56

Lock away AWS Account Root User Access keys
Create individual IAM users
Use groups to assign permissions to IAM users
Grant Least Privilege
Get started using permissions with AWS Managed Policies
Use Customer Managed Policies instead of Inline policies
Use Access levels to review IAM permissions
Configure a strong password policy
Enable MFA
Use roles for applications that run on Amazon EC2 instances
Use roles to delegate permissions
Do not share access keys
Rotate creds regularly
Remove unnecessary creds
Use policy conditions for extra security
Monitor AWS account activity

Question 57

What will AWS charge you for?

Answer 57

Transfering EC2 files between 2 regions

Question 58

What are some actions AWS will not charge you for?

Answer 58

Setting up additional VPCs
Provisioning elastic IPs and attaching them to running EC2 instances (if not attached, they’re charged)
Network charges for data coming into S3 via a VPN is not charged

Question 59

How would you grant S3 permissions?

Answer 59

Decide who is getting them, which S3 resources they’re getting permissions for, and actions you want to allow on the resources.

Question 60

If a customer needs a standard SQL Server license but isn’t sure how much CPU and memory to allocate to her database, what’s the most convenient and flexible option while being cost effective? No need for a fully managed database.

Answer 60

An EC2 instance with a windows AMI and a bundled MS SQL Server Standard will be best since licenses won’t need to be purchased from Microsoft.

ALso, since it’s an EC2 instance, can resize it to a different instance type or class with no long-term commitments.

Question 61

What is Amazon Macie?

Answer 61

Security service that uses ML to protect sensitive data. Recognizes PII data and gives alerts on how data is being interacted with. Also monitors for anomalies and alerts if unauthorized access or data leaks.

Can use Macie for incident response and CLoudWatch Events to take action to protect data.

Question 62

Is an IAM Group an identity?

Answer 62

No because it cannot be identified as a Principal in a permissions policy. It only lets policies be attached to multiple users at a time.

Question 63

What are Developer case severity and response times?

Answer 63

General guidance, < 24 hours.

System impaired, < 12 hours

Question 64

What are business severity and response times?

Answer 64

General guidance, < 24 hours
System impaired, < 12 hours
Production system impaired, < 4 hours
Production system down, < 1 hour

Question 65

What are Enterprise severity and response times?

Answer 65

General guidance, < 24 hours
System impaired, < 12 hours
Production system impaired, < 4 hours
Production system down, < 1 hour
Business-critical system down,  < 15 minutes

Question 66

Agility is one of the benefits of cloud computing that provides customers with what advantage?

Answer 66

Focus valuable IT resources on developing applications that differentiate business rather than managing infrastructure and data centers.

Question 67

What are the benefits of cloud computing?

Answer 67

Agility - innovate faster by focusing resources.
Deploy globally in minutes
Elasticity - provision what you need and scale
Cost savings - capex for opex

Question 68

What advantage does AWS provide over data centers when it comes to handling traffic load?

Answer 68

Elasticity, because it’s the ability to acquire resources as you need them and also release them when you don’t need them automatically.

Question 69

Can groups be nested?

Answer 69

Not allowed

Question 70

Can a group contain many users and can users also belong in many groups?

Answer 70

Yes

Question 71

Is there a default group that includes all users?

Answer 71

No

Question 72

Is there a limit to the number of groups and number of groups a user can be in?

Answer 72

Yes

Question 73

What are global services in AWS?

Answer 73

Amazon CloudFront
IAM
STS
Route 53
WAF

A global service means that it covers all regions across the globe while a regional service means that a resource is applicable only to 1 region at a time.

Question 74

What is the multipart upload API?

Answer 74

Can upload a single object as parts in any order. Can retransmit if it fails.

S3 assembles these parts and creates object after uploaded. If object size reaches 100MB, consider this API.

Advantages:
Improved throughput
Quick recovery from network
Pause/resume
Begin upload before knowing final size

Question 75

What does MFA delete do?

Answer 75

Helps prevent accidental bucket deletions in S3. Only bucket owner can enable MFA delete.

Question 76

What is DMS?

Answer 76

DMS helps migrate databases to AWS (MySQL to RDS for example).

Supports homogenous migration and heterogenous migration. Can replicate with high availability as well.

Question 77

What is an internet gateway?

Answer 77

Provides target in VPC route tables for routable traffic and performs network address translation (NAT) for instances have been assigned public IPV4 addresses.

Question 78

What services allow you to conduct security assessments and penetration testing on them without prior approval?

Answer 78

Amazon RDS
Amazon Aurora
EC2
NAT Gateways
ELB
API Gateways
Lambda / Lambda Edge
Lightsail
Elastic Beanstalk

Question 79

What activities are prohibited when carrying out security assessments?

Answer 79

DNS zone walking via Route 53 hosted zones
Denial of service (DOS) variations
Port flooding
Protocol flooding
Request flooding

Question 80

What is AWS Direct Connect used for?

Answer 80

Establishing a dedicated connection between on-prem network and AWS.

Question 81

What is used to secure VPC subnets?

Answer 81

Network Access Control Lists - optional layer of security acting like firewall for controlling traffic in/out of 1+ subnets.

Can set up NACLs similar to security groups to add additional layer of security to VPC.

Question 82

What is required when launching EC2 instance?

Answer 82

Security group, EBS Root Volume, VPC and subnet specification.

Not required to provide elastic IP address however.

Question 83

What is X-ray used for?

Answer 83

Can see how apps and services are performing for troubleshooting. Gives a view of requests as they travel through the application.

Works with EC2, ECS, Lambda, and Elastic Beanstalk.

Question 84

What is Cost Explorer?

Answer 84

Lets you view data for the past 13 months and forecast based on usage.

Question 85

What is a Service oriented architecture design principle?

Answer 85

The more loosely coupled components are, the bigger and better it scales.

Question 86

How to create asynchronous components that are independent of each other?

Answer 86

SQS to isolate components and act as buffer
Design every component to expose service interface and responsible for its own scalability
Bundle construct into an AMI to be deployed more often
Make applications stateless

Question 87

What does Amazon SQS let you do?

Answer 87

It’s a fully managed queuing service enabling you to send, store, receive messages at any volume without losing messages or requiring other services to be available.

2 queues:
Standard
FIFO

Question 88

What is Amazon SWF?

Answer 88

Fully-managed state tracker and task coordinator in the cloud

Question 89

What pricing construct adjusts price based on supply/demand of EC2 instances?

Answer 89

Spot instances. Can bid a price and amazon fulfills it when available.

Specify the number of instances, type, AZ, and max price.

Question 90

What is Cognito Identity Pool used for?

Answer 90

Provide temp AWS creds to someone authenticated via social media logins.

Can also be these types of users:
users in Amazon Cognito user pool
Users authenticated via SAML
Users authenticated by an existing process

Question 91

What can be used for severless computing?

Answer 91

Lambda
Lambda@Edge
AWS Fargate
API Gateway service

Question 92

What is the AWS Personal Health Dashboard used for?

Answer 92

Personalized view into performance and availability of AWS services underlying AWS resources

Question 93

What is AWS Service Health Dashboard used for?

Answer 93

Shows Status and historical data about each service. Can subscribe to RSS feed.
Is not used to get notified about system-impactful issues.

Question 94

In shared responsibility model, whose responsibility to patch host operating system of EC2 instance?

Answer 94

AWS’s responsibility since its a managed service.

Question 95

To run an EC2 instance for 3 months, what instance option is best?

Answer 95

On-demand if job is uninterruptible, spot if not.

Question 96

What can be used to create highly available and scalable web app in the cloud?

Answer 96

EC2 Auto Scaling and Elastic Load Balancer

Route 53 -> CloudFront -> Load Balancer -> Auto scaling

Only the last 2 parts of it make sure it’s highly available and scalable.

Question 97

What do you have to pay for in S3?

Answer 97

Storing objects, size of object (in GB), length of storage, and storage class.

Question 98

What type of caching is available in Amazon Elasticache?

Answer 98

Redis - in-memory used as db, cache, and message broker. Multi AZ with auto-failover available.

Redis Global Database - Have Redis in one and replicate it across multiple regions.

Memcached - distributed memory object caching system to speed up dynamic web applications

Question 99

Where can ElastiCache clusters be?

Answer 99

Amazon Cloud or On-premise via AWS Outposts

Question 100

What is Amazon Neptune?

Answer 100

Graph Database service for highly connected datasets.

Used for recommendation engines, fraud detection, knowledge graphs, drug discovery, and network security.

Not used for complex analytic queries.

Question 101

What is Amazon Redshift Spectrum?

Answer 101

Can query and retrieve structured and semistructured data from S3 without loading into Redshift.

Multiple clusters can query the same dataset in S3 without needing to make copies for each.

Question 102

What provides automated reference deployments for key workloads in AWS via CloudFOrmation templates?

Answer 102

AWS Quick Starts. Built by SAs and partners and can accelerate manual procedures into a few steps to build production environments quickly.

Each Quick Start launches, configures and runs compute, network, storage, and other services required to deploy specific workload on AWS.

Question 103

What service eliminates need to manage containers manually?

Answer 103

AWS Fargate. You just specify and pay for resources per application. Then define application content, networking, storage, and scaling requirements.

No need to provision, patch, manage cluster capacity or infrastructure.

Note that ECS still needs the EC2 instances to be managed.

Question 104

What are the 3 types of solutions offered by OpsWorks?

Answer 104

1. Chef Automate: Fully managed config management for Chef
2. Puppet Enterprise: fully managed for Puppet, used for infrastructure and application management.
3. Stacks - app and server management service. Can model app as a stack with different layers.

Question 105

What is Amazon SES?

Answer 105

Simple Email Service. Can use SMTP or Aws SDKs to integrate into existing applications. Can work with S3, Lambda, and mail server to send emails.

Question 106

What is Amazon MQ?

Answer 106

Message broker service with standard APIs and protocols. Can switch from any standards-based message broker to MQ.

Question 107

What are the different stages for EC2 and EBS?

Answer 107

1. Launch the instance, goes to pending state.
2. Enters “Running” state when ready
3. Billed for each second with 1 minute minimums to keep instance running.
4. When “Stopping” instance, AWS does charge for storage of EBS Volumes.

Note that in the “Running” state, you are billed for compute, memory, storage and network. However, you are not billed for the EBS storage specifically yet.

In the “Terminated” state, EBS storage and instance are deleted by default.

Question 108

What is Amazon ECR?

Answer 108

Fully managed docker container registry to store, manage, deploy docker container images.

Not a serverless computing service, need to use AWS Fargate for that.

Question 109

If building a serverless application with a key-value database, what services can be used to fulfill this?

Answer 109

AWS Lambda and Amazon Dynamo DB

Lambda - runs on servers but AWS does serverless management.

Dynamo DB - great for auto scaling and no servers to manage. Useful for serverless applications in AWS.

Question 110

What is an AWS Savings plan?

Answer 110

Saves up to 72% on EC2, Fargate, Lambda usage. Provides lower prices in exchange for commitment to a consistent usage amount for 1 or 3 year term.

Question 111

Why are RDS and ECS considered Platform as a service?

Answer 111

No need to set up servers, storage, or network. Only need to manage the application and the data.

Question 112

What is Amazon FSx?

Answer 112

Can launch and run popular file systems. It provides cost-efficient capacity and integrates with other services.

2 file systems available:

1. Windows File Server
2. Lustre

Note that EFS is a file system storage, but only supports Linux workloads.

Question 113

How can an EBS volume be accessed by multiple EC2 instances?

Answer 113

If it’s a provisioned IOPS EBS volume

Question 114

What is the AWS Architecture Center?

Answer 114

Provides collection of technical resources to build more effectively in the cloud.

Can use the well-architected tool to review state of workloads.

Question 115

What is CodeBuild?

Answer 115

Fully managed continuous integration service. Compiles source code, runs tests, and produces software packages ready to deploy.

Question 116

What is AWS Secrets Manager?

Answer 116

Protects secrets needed to access applications, services, and IT resources. Can rotate, manage, and retrieve database credentials, API keys, other secrets.

Question 117

What can AWS Organizations do?

Answer 117

Centrally manage policies
Automate account creation and management
Consolidate billing
Govern access to services and regions
Configure services across accounts

Question 118

What are the policies that can be set in AWS organizations?

Answer 118

AI Services opt-out
Backup policies
Service control policies
Tag policies

Question 119

What is AWS CloudHSM?

Answer 119

It lets companies encrypt and manage its own encryption keys. Useful for when companies need exclusive control over how its keys are used.

It is standards-compliant and provides a FIPS 140-2 Level 3 overall validated single-tenant HSM cluster in the VPC to store and use keys. Can interact with keys similar to interacting with applications on EC2.

Can use this for digital rights management, public key infrastructure, document signing, and cryptographic functions

Question 120

What AWS team can help when systems are impacted by phishing, malware, spam, and DoS attacks?

Answer 120

AWS Trust and Safety.

Question 121

What is S3 Transfer acceleration?

Answer 121

It can speed up content transfers from 50-500% for long distance transfer. It uses CloudFront’s edge locations and an optimized network parth.

Question 122

What is Amazon Connect?

Answer 122

Seamless experience for customers and agents. It simplifies contact center operations.

Question 123

What is AWS Storage Gateway?

Answer 123

Hybrid storage service that lets you connect on-prem data storage to S3. Can reduce costs for key hybrid cloud storage use-cases like backups, on-prem file share, low latency data access.

Question 124

Difference between Personal Health and Service Health dashboard?

Answer 124

Former only gives personalized view of specific services being used vs. all available services.

Question 125

When can IAM be used as a certificate manager?

Answer 125

Can be done only if it’s a region not supported by AWS Certificate Manager. It encrypts private keys and stores encrypted version in IAM SSL certificate storage.

Question 126

What can be used to restrict access to content served from an S3 bucket in cloud front?

Answer 126

Origin Access Identity. It is used to share private content through CloudFront.

Content from S3 buckets can be restricted by doing the following:

1. Create special CloudFront user called an origin access identity
2. Configure S3 bucket to only use this OAI to access files

After this is set up, users can only access files through CloudFront and not from the S3 bucket.

Question 127

What lets you filter web based traffic based on conditions including IP addresses, HTTP headers, or custom URIs?

Answer 127

AWS Web Application Firewall (WAF). Can set up rules to block common attack patterns. Conditions include IP addresses, HTTP headers, HTTP body, URI strings, SQL injection and cross-site scripting.

Question 128

What connects VPCs and on-prem networks through a central hub?

Answer 128

AWS Transit Gateway. Acts as a cloud router where each new connection is made only once.

Otherwise, need a routing table in each VPC.

Note that Direct Connect is just a dedicated network connection and doesn’t support peering between VPCs unless associated with Transit Gateway.