Practitioner Flashcards
When you launch an instance using Amazon EC2, you must specify a geographic region in which to launch the instance, and a corresponding ____, which is an isolated location in that region where the physical hardware on which the instance will be launched is located.
availability zone
sub-region
subnet
sector
availability zone
Amazon EC2 is hosted in multiple locations worldwide. These locations are composed of regions and Availability Zones. Each region is a separate geographic area. Each region has multiple, isolated locations known as Availability Zones. Each region is completely independent. Each Availability Zone is isolated, but the Availability Zones in a region are connected through low-latency links.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
A company has recently migrated its operations to AWS and wants to run its non-interruptable application workloads for three years. Which pricing model would provide the MOST savings?
Amazon EC2 Dedicated Instances
Amazon EC2 Spot Instances
Amazon EC2 On-Demand Instances
Amazon EC2 Reserved Instances
Amazon EC2 Reserved Instances
Amazon EC2 Reserved Instances provide up to 72% savings for a 1-3 year term. This is a greater cost saving per reserved capacity than the expense of a dedicated instance. Reserved Instance pricing represents up to 72% savings compared to On-Demand instance pricing, and while Spot Instances can provide the highest cost savings overall of all the instance types, they are not a good choice for regular workloads that need to run without interruption for a longer durations.
https://aws.amazon.com/ec2/pricing/reserved-instances/pricing/
Which of the following is AWS Glacier best used for?
A durable storage for data archives and backup
An alternative to Amazon S3
An alternative to EBS
None of these are correct
A durable storage for data archives and backup
The AWS Glacier service is a great and durable storage for data archives and backup. It is primarily used for backups and archives or files that do not require realtime retrieval.
http://aws.amazon.com/glacier/
What principles does AWS recommend to remove single points of failure from your design? (Choose 2 answers.)
Remove redundancy
Data replication
Detect failure
Single data center resilience
Data replication
Detect failure
There are several types of data replication that can help reduce single points of failure: synchronous, asynchronous, and quorum-based. In addition, AWS systems should be set up to detect and repair issues that could potentially cause failures automatically.
The remaining choices could increase the single points of failure in a system’s design. While redundancy requires additional resource costs, it helps maintain service in the event of outages. Multi-datacenter resilience (not single) is a recommended design approach in the event of larger failures, such as a natural disaster, that could affect multiple availability zones.
https://docs.aws.amazon.com/wellarchitected/latest/framework/a-failure-management.html
Your company wants you to ensure that AWS provides infrastructure reviews as part of its support plan. Which of the following support levels should you choose to make sure that this is included?
Developer-level Support
Enterprise-level Support
Customer-level Support
Business-level Support
Enterprise-level Support
Enterprise-level Support customers have access to the following features:
White-glove case routing
Management business reviews
Application architecture guidance
Infrastructure event management
AWS Concierge
Technical account manager
http://docs.aws.amazon.com/awssupport/latest/user/getting-started.html
A company is deciding whether to migrate its applications to a VPC on AWS. Which of the following services or features will help the business compare the costs of on-premises data centers and AWS?
Detailed billing report
AWS Cost Explorer
AWS Pricing Calculator
Consolidated billing
AWS Pricing Calculator
AWS Pricing Calculator is a web-based planning tool that you can use to create estimates for your AWS use cases. You can use it to model your solutions before building them, explore the AWS service price points, and review the calculations behind your estimates. You can use it to help you plan how you spend, find cost saving opportunities, and make informed decisions when using Amazon Web Services.
https://aws.amazon.com/tco-calculator/
Which statement about AWS Direct Connect is correct?
AWS Direct Connect establishes encrypted network connectivity between your intranet and Amazon VPC over the Internet.
AWS Direct Connect is a good solution if you have low to modest bandwidth requirements.
AWS Direct Connect does not involve the Internet and uses dedicated, private network connections between your intranet and Amazon VPC.
AWS Direct Connect is a good solution if you can tolerate the inherent variability in Internet-based connectivity.
AWS Direct Connect is different from IPSec VPN Connection. A VPC VPN Connection utilizes IPSec to establish encrypted network connectivity between your intranet and Amazon VPC over the Internet. VPN Connections can be configured in minutes and are a good solution if you have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity. AWS Direct Connect does not involve the Internet; instead, it uses dedicated, private network connections between your intranet and Amazon VPC.
http://docs.aws.amazon.com/directconnect/latest/UserGuide/Welcome.html
What choice below accurately describes the ‘pilot light’ disaster recovery method?
A scaled-down version of your entire system in another region that can be scaled with minimal recovery time.
Backing up data to tape and to be sent offsite regularly, from which all data can be restored in the event of a disaster.
A very small replica of only your business-critical systems that is always running in another region, in case you need to divert your workloads there in the event of a disaster.
A complete duplicate of your entire system in another region, to which all traffic can be directed in the event of a disaster.
A very small replica of only your business-critical systems that is always running in another region, in case you need to divert your workloads there in the event of a disaster.
The idea of the pilot light is an analogy that comes from gas heating. In that scenario, a small flame that’s always on can quickly ignite the entire furnace to heat up a house. In this DR approach, you simply replicate part of your IT structure for a limited set of core services so that the AWS cloud environment seamlessly takes over in the event of a disaster. A small part of your infrastructure is always running simultaneously syncing mutable data (as databases or documents), while other parts of your infrastructure are switched off and used only during testing. Unlike a backup and recovery approach, you must ensure that your most critical core elements are already configured and running in AWS (the pilot light). When the time comes for recovery, you can rapidly provision a full-scale production environment around the critical core.
https://aws.amazon.com/blogs/publicsector/rapidly-recover-mission-critical-systems-in-a-disaster/
What is Amazon CloudFront?
A global content delivery network
A web service to schedule regular data movement
A development front-end to Amazon Web Services
An encrypted endpoint to upload files to the cloud
A global content delivery network
Amazon CloudFront is a global content delivery network (CDN) service that accelerates delivery of your websites, APIs, video content or other web assets through CDN caching. It integrates with other Amazon Web Services products to give developers and businesses an easy way to accelerate content to end users with no minimum usage commitments.
https://aws.amazon.com/cloudfront/
Which statements below regarding AWS pricing are true? (Choose 2 answers)
You can pay less for a service when you reserve it in advance.
Discounted rates are available for high volume service usage.
Reserved payment options are available for all AWS services
In general, payments are a set rate per month regardless of usage
You can pay less for a service when you reserve it in advance.
Discounted rates are available for high volume service usage.
Discounts are available for service reservations, and you can pay less per unit by using a higher ‘volume’ of the service. However, reserved services are only available for certain services, and payments are not a set rate. They are generally based on usage, or ‘on demand.’
https://d0.awsstatic.com/whitepapers/aws_pricing_overview.pdf
Auto Scaling provides which of the following benefits for your application?
Your application gains better fault tolerance.
Your application and IT staff are held to compliance requirements you have set.
Your application reduces its latency in delivering content to a global market.
You acquire clarity on prototypes in your application.
Your application gains better fault tolerance.
When you use Auto Scaling, your applications gain better fault tolerance. Auto Scaling can detect when an instance is unhealthy, terminate it, and launch an instance to replace it. You can also configure Auto Scaling to use multiple Availability Zones. If one Availability Zone becomes unavailable, Auto Scaling can launch instances in another one to compensate.
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/how-as-works.html
What is the purpose of the Elastic Load Balancing service?
Deny incoming or outgoing requests that fail to meet a set of provided rules
Transmit network messages outside of the VPC without the use of the public internet
Improve system fault tolerance by distributing traffic across multiple AWS resources
Connect external clients to the correct resource based upon the assigned domain or subdomain
Improve system fault tolerance by distributing traffic across multiple AWS resources
Elastic Load Balancing is a network service that distributes application traffic across multiple EC2 instances and availability zones. It provides network fault tolerance by automatically scaling up or down based on network traffic requirements.
https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html
Key Management Service (KMS) is used to manage encryption keys in your AWS environment. How can you audit the changes made on KMS?
KMS provides full audit details as part of KMS console which can be accessed through web interface and APIs.
KMS provides history to each key changes; you can track the changes done on each key using key history.
KMS will log all changes in a special S3 bucket that is created the first time KMS service is being used.
KMS has full audit and compliance integration with CloudTrail; this is where you can audit all changes performed on KMS.
KMS has full audit and compliance integration with CloudTrail; this is where you can audit all changes performed on KMS.
KMS is fully integrated with CloudTrail which provides audit and compliance features on all actions performed in KMS.
/amazon-web-services/amazon-web-services-key-management-service-kms-course/key-management-service-basics.html
Which tool within Billing and Cost Management allows you to view historical billing information in a graphical format?
AWS Cost Explorer
AWS Budgets
Consolidated Billing
Cost Allocation Tags
AWS Cost Explorer
Cost Explorer is a useful and powerful tool in Billing and Cost Management. It allows you to view historical billing information in a graphical format giving you greater insight into your AWS spending. A valuable tool that can help to identify where you should be focusing your cost optimization efforts. It also can forecast your estimated spending up to two months ahead using existing data as a reference. If you can see that your estimated future bills are becoming too high, you have the time now to identify where you can make and initiate cost reduction mechanisms to help mitigate the risk.
Cost Explorer comes configured with three pre-defined views which are commonly used to analyze spending across your account:
Monthly Spend by Service view - this covers the current and previous two months and is grouped by AWS services
Monthly Spend by Linked Account View - this covers the current and previous two months and is grouped by linked accounts
Daily Spend view - this covers the daily spend over the previous sixty days
http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/cost-explorer-what-is.html
Which two of the four Amazon S3 storage classes listed below charge a per GB retrieval fee? (Choose 2 answers)
Amazon S3 Standard
Amazon S3 Standard-IA
Amazon S3 Glacier Storage
Amazon S3 Reduced Redundancy Storage
Amazon S3 Standard-IA
Amazon S3 Glacier Storage
Amazon Glacier and S3 Standard-IA are both designed for storing infrequently accessed data. This is why the data storage fees are roughly one-half to one-sixth the cost of Standard Storage. Retrieval fees will quickly add up if the data is retrieved too often, so planning or correctly setting your object lifecycle based on how often you or your company will need the data is important.
If the name of the storage class has “Infrequent-Access” “IA” or “Glacier” in the name, there is a retrieval fee because these are the infrequent access and archive classes.
http://docs.aws.amazon.com/AmazonS3/latest/dev/storage-class-intro.html
How does AWS define cloud computing?
The on-demand delivery of IT resources through a cloud services platform via the Internet with pay-as-you-go pricing.
A pool of servers offering compute resources that are designed to be issued exclusively to individual users and organizations.
The term used by cloud architects to describe virtualized technology.
A secure pool of compute, storage, and network resources that are accessible only on-premises.
The on-demand delivery of IT resources through a cloud services platform via the Internet with pay-as-you-go pricing.
AWS cloud computing is described as the on-demand delivery of IT resources through a cloud services platform via the Internet with pay-as-you-go pricing.
https://aws.amazon.com/what-is-cloud-computing/
Important functions of your application are unavailable. You cannot work around the problem, and your business is significantly impacted. You decide that you need support from AWS. Which of the following severity levels do you think would be an appropriate choice for this issue?
Guidance
Production system impaired
Production system down
Business-critical system down
Production system down
In the context of AWS support, if you have a problem that meets any of the following criteria, the severity level will be ‘Production system down’.
You can’t work around the problem, and your business is significantly impacted.
Important functions of your application are unavailable. (Business and Enterprise)
http://docs.aws.amazon.com/awssupport/latest/user/getting-started.html
Which of the following statements is true of an Auto Scaling group?
An Auto Scaling group cannot span multiple regions.
An Auto Scaling group delivers log files within 30 minutes of an API call.
Auto Scaling publishes new log files about every 15 minutes.
An Auto Scaling group cannot be configured to scale automatically.
An Auto Scaling group cannot span multiple regions.
An Auto Scaling group can contain EC2 instances that come from one or more Availability Zones within the same region. However, an Auto Scaling group cannot span multiple regions.
http://docs.aws.amazon.com/AutoScaling/latest/DeveloperGuide/US_AddAvailabilityZone.html
What is NOT a feature of Amazon Inspector?
built-in rules library
expandable rules library allowing for custom policy rules
ability to publish findings through SNS
automate via API
expandable rules library allowing for custom policy rules
Amazon Inspector has a fixed built-in library of best practices and rules. Currently it doesn’t support any custom rules beyond this default set.
https://docs.aws.amazon.com/inspector/latest/userguide/inspector_introduction.html
How often does Amazon CloudWatch report metrics for AWS WAF?
AWS maintains all networks
AWS monitors facilities and hardware
AWS monitors platform security
AWS encrypts all data in the cloud
AWS monitors facilities and hardware
When using the AWS cloud, AWS is responsible for monitoring and maintaining the security of facilities and hardware, so that the customer can focus on security within the cloud. Network, platform, and data security within the cloud are all the responsibility of the customer.
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/security-and-compliance.html
How often does Amazon CloudWatch report metrics for AWS WAF?
1 minute
3 minutes
5 minutes
10 minutes
1 minute
WAF integrates well with Amazon CloudWatch allowing you to monitor set metrics for the service. WAF CloudWatch metrics are reported in one minute intervals by default.
http://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/waf-metricscollected.html
Are generators and cooling equipment shared across Availability Zones?
Yes
No
Availability zones share the same data center and so the same equipments
It depends on the region
No
Each Availability Zone is engineered to be isolated from failures in other Availability Zones and to provide inexpensive, low-latency network connectivity to other zones in the same region. By launching instances in separate Availability Zones, you can protect your applications from the failure of a single location.
http://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/RDSFAQ.MultiAZ.html
In regards to disaster recovery, what is a recovery point objective (RPO)?
The time it takes after a disruption to restore a system to its service level.
It is the acceptable amount of data loss measured in time.
The time it takes to scale a functioning resource horizontally to adapt to increased demand.
The time it takes to scale a functioning resource vertically to adapt to increased demand.
It is the acceptable amount of data loss measured in time.
The recovery point objective (RPO) is the amount of acceptable data loss measured in time. For example, a transactional business cannot afford a great deal of data loss, so its RPO is likely less than one hour because an hour is a great expense in terms of data loss. However, for a more isolated website with minimal customer interaction, an RPO of a day may be acceptable because this represents a tolerable amount of data loss.
https://d1.awsstatic.com/whitepapers/Storage/Backup_and_Recovery_Approaches_Using_AWS.pdf
To ensure secure services, AWS offers shared responsibility models for each of the different type of services that they offer which you need to be aware of. Which of the following services are the responsibility of AWS? (Choose 3 answers)
Operating systems
Virtualization infrastructure
Network infrastructure
Physical security of hardware
Virtualization infrastructure
Network infrastructure
Physical security of hardware
Explanation
AWS is responsible for what is known as Security ‘of’ the Cloud. This covers their global infrastructure elements – Regions, Availability Zones, and Edge Locations, and also the foundations of their services covering Compute, Storage, Database, and Network
/blog/aws-shared-responsibility-model-security/
VPC security groups operate at the instance level, whereas _____ are an optional layer of security that operate at the subnet level.
network ACLs
DB security groups
proxy servers
IAM rules
network ACLs
Network ACLs operate at the subnet level (second layer of defense), whereas security groups operate at the instance level (first layer of defense).
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_Security.html#VPC_Security_Comparison
