Q Gotten Wrong Flashcards
How are NACL rules evaluated?
From the lowest numbered rule to the highest. Once a match is found, it is applied immediately regardless of what higher numbered rules say
When can you change the security group of an instance?
When it is in the running or stopped state
What is S3 notifications?
A feature that enables you to receive notifications when certain events happen in your bucket
Where should you store certification certificates?
AWS Artifact
Where should you store SSL Certificates?
AWS Certificate Manager
What service can provide temporary security credentials?
AWS Security Token Service (STS)
What is Amazon MSK?
A service meant for applications that currently use or are going to use Apache Kafka for messaging
What is the most efficient way to automate EC2 instance monitoring and maintenance when the instances report health check failures?
Create an Amazon Cloudwatch alarm that monitors an Amazon EC2 instance and automatically reboots the instance if a health check fails.
What is a cron job?
It allows users to schedule a task or command to run automatically at a specified time and interval, without the need for user interaction.
What is Amazon’s immutable and cryptographically verifiable database solution?
Amazon Quantum Ledger Database
What is Amazon Neptune?
a fully managed graph database service offered by Amazon Web Services (AWS). It is designed to store and query highly connected data, such as social networking, recommendation engines, and knowledge graphs, using graph theory.
What is Amazon AppFlow?
a fully managed service for easily automating the exchange of data between SaaS vendors and AWS services like Amazon S3. You can transfer up to 100 gibibytes per flow
What is Amazon EKS?
Elastic Kubernetes Service is a fully managed service offered by Amazon Web Services (AWS) for deploying, scaling, and managing Kubernetes clusters. Kubernetes is an open-source container orchestration platform used for automating the deployment, scaling, and management of containerized applications.
What can you append to a URL to review scripts used to bootstrap instances at runtime?
user-data/
If you need synchronous data replication for a RDS database, what should you do?
RDS Multi-AZ
Should OLAP workloads or OLTP workloads go in DynamoDB?
OLTP; OLAP workloads usually need a relational database
What is AWS Step Functions?
Using AWS Step Functions, developers can create workflows that coordinate the execution of AWS Lambda functions, EC2 instances, Fargate containers, and other AWS services, as well as custom applications and services running on-premises or in other clouds.
What is AWS Step Functions?
Using AWS Step Functions, developers can create workflows that coordinate the execution of AWS Lambda functions, EC2 instances, Fargate containers, and other AWS services, as well as custom applications and services running on-premises or in other clouds.
If you want a low stress way to deploy and manage applications in the AWS Cloud, what should you use?
Elastic Beanstalk
If you want a low stress way to deploy and manage applications in the AWS Cloud, what should you use?
Elastic Beanstalk
When an auto-scaling group begins to scale in, what instance does it terminate first?
The instance launched from the oldest launch configuration
What type of load balancer best handles very very high traffic and can maintain high throughput at low latency?
Network Load Balancer
Can AWS Cost and Usage Reports automatically store updated reports in S3?
Yes
If you need to stop instances that have been idle for long periods of time, what service should you use?
CloudWatch
Can you delete the default security group? Can you change the group’s rules?
No, Yes
What service can help ensure all your firewall rules across multiple accounts and regions are consistent?
AWS Firewall Manager
Is each subnet associated with one security group?
No
Must each subnet reside entirely within one AZ?
Yes
How many subnets that you create get associated with the main route table for the VPC?
Every
What is the best way you speed up the transfer of data to an S3 bucket?
Use Transfer Acceleration
How many security groups can be attached to an EC2 instance?
5
What is Amazon Macie?
a fully managed data security and data privacy service that utilizes machine learning and pattern matching
What service can help store data in a secure manner and analyze said data and send alerts depending on whether the data is improperly stored?
Amazon Macie
if you want to identify the root cause of potential security issues, what should you use?
Amazon Detective
Can you modify or delete the * All Traffic Deny rule in NACL’S?
No
What is the best way to grant permissions to AWS services?
Create an IAM Role that you attach
Can you change the rules on the default network ACL?
Yes
if you need multiple versions of a launch template or configuration, which service should you use?
launch templates
if you need multiple versions of a launch template or configuration, which service should you use?
launch templates
Do private IP addresses need to be globally unique?
No
What step can you take with your database to configure high-availability and ensure minimal downtime?
Enable Multi-AZ failover
Your EC2 workloads need low-latency network performance, high network throughput, and a tightly-coupled node-to-node communication. What’s the best measure you can do to ensure this throughput?
Launch your instances in a cluster placement group
It’s important that each request is processed only 1 time, should you use SQS FIFO or SQS Standard?
SQS FIFO
What is the SQS FIFO batch limit?
3000
What is the SQS FIFO batch limit?
3000
If high-speed querying is very important, what database should you use?
DynamoDB
How long is the default Auto Scaling Group cooldown?
5 minutes
What is AWS Athena?
a serverless query service provided by Amazon Web Services (AWS). It allows you to analyze and query data that is stored in Amazon S3 using SQL (Structured Query Language), without the need to manage any infrastructure or servers.
Can AWS Redshift hold session state data?
No
Should you assign roles or hard code credentials in to give access to resources?
assign roles
Which AWS service allows you to kick off the collection of metrics and generate recommendations for incorrectly sized EC2 instances?
AWS Compute Optimizer
How can you communicate with DynamoDB or S3 without traversing the internet or leaving the Amazon Network?
Use VPC endpoints
You need to ensure that your RDS database can only be accessed using the profile credentials specific to your EC2 instances (via an authentication token). How can you achieve this?
Using IAM database authentication
You need to ensure that your RDS database can only be accessed using the profile credentials specific to your EC2 instances (via an authentication token). How can you achieve this?
Using IAM database authentication
You have been asked to implement a Cloud Security Posture Management (CSPM) service that performs security best practice checks, aggregates alerts, and enables automated remediation. Which AWS service would meet this requirement?
AWS Security Hub
What is AWS’s Cloud Security Posture Management service?
AWS Security Hub
What is port 22 for?
Port 22 is typically used for the Secure Shell (SSH) protocol, which is a network protocol used for secure remote access to a computer system.
What is port 88 for?
Port 88 is a network authentication protocol that provides secure communication between clients and servers.
What is 443 for?
Port 443 is typically used for HTTPS (Hypertext Transfer Protocol Secure)
How can you provide temporary access to the public for your S3 buckets?
Presigned URL’s with expiration dates
You want to have a centralized method of storing AWS CloudTrail logs for all accounts and alert on any notifications regarding compliance violations with AWS services in the member accounts. What solution would be the best fit for this scenario?
AWS Control Tower that utilizes SNS Notifications
What is AWS Service Catalog?
IT administrators can select which AWS services, third-party applications, and IT services they want to make available to their users, define the configuration options for each service, and then publish the catalog to their users.
What is AWS Control Tower?
allows you to implement account governance and compliance enforcement for an AWS organization.
If you need to attach a volume to multiple instances, what should you use?
Amazon EBS Multi-Attach
Can Lambda be used to automatically handle bursts in traffic?
Yes as Lambda can be invoked many times simultaneously
What is CloudFront Origin Access Indentity?
This is used for authentication internally between S3 and CloudFront
You need to provide access to hundreds of private files served by your CloudFront distribution. What should you use?
CloudFront signed cookies
If you need a fixed IP address, what should you create?
An elastic IP Address
If you need to store and retireve objects in Amazon S3 using industry standard-file protocols such as Network File System and Server Message Block, what service should you use?
AWS File Gateway
Does SQS scale automatically?
Yes
What AWS service would you recommend to use for MongoDB?
Amazon DocumentDB
What EBS Volume type gives you the highest performance in terms of IOPS?
EBS Provisioned IOPS SSD (io2 Block Express)
What EBS Volume type gives you the highest performance in terms of IOPS?
EBS Provisioned IOPS SSD (io2 Block Express)
If you need a database that allows constant updates to schemas without any downtime or performance issues, what database should you use?
DynamoDB
What is a Cassandra compatible AWS database?
Amazon Keyspaces
Is Aurora Serverless a cost effective solution?
Yes
Is Lambda a cost effective solution?
Yes
Can Macie scan images for vulnerabilties?
No
Must an S3 bucket name always be the same as the domain name if you are hosting a static website?
Yes
You need a service that support RabbitMQ or Apache ActiveMQ, what should you use?
Amazon MQ
What does AWS Batch Manager do?
Nothing, it isnt a service (AWS Batch is but not Batch Manager)
What can Amazon X-Ray do?
identify and diagnose issues with your applications, such as latency, errors, or other performance bottlenecks.
What can Amazon X-Ray do?
identify and diagnose issues with your applications, such as latency, errors, or other performance bottlenecks.
Can Lambda help provision architecture?
No
Can Lambda help provision architecture?
No
What is Amazon Pinpoint?
allows users to easily engage millions of customers via different communication channels. The service also offers the ability to leverage machine learning models to better understand customer interactions for future engagements
What is DynamoDB streams?
a feature of Amazon Web Services (AWS) DynamoDB that provides a time-ordered sequence of item-level changes made to a DynamoDB table.
If you need a gateway able to interface with iSCSI, what should you use?
Volume Gateway
Can you assign a static IP address to an application load balancer?
No
Can you assign a static IP address to a network load balancer?
Yes
What happens when the primary database in Aurora fails?
Aurora automatically fails over by either promoting an existing Aurora Replica to the new primary instance or creating a new primary instance.
What is the best way to automatically back up EBS volumes?
Use Amazon Data Lifecycle Manager to automate the creation of EBS snapshots.
From least expensive to most expensive, list the AWS Support Service Teirs
Developer, Business, Enterprise
What is the most cost effective EBS volume for sequential I/O operations?
Cold HDD
If you want to use Apache Kafka with AWS, what service should you utilize?
Amazon MSK
What is Amazon Lex?
allows you to build conversational interfaces in your applications using natural-language models.
