Review Flashcards
S3 offers 256-bit encryption for data-at-rest.
S3 offers 256-bit encryption for data-at-rest, which is an option you an turn on/off. AWS manages the keys and will decrypt the data when you request to download it.
What feature should you utilize for redundancy if auto scaling and load balancing are not available?
Setting up an Elastic IP address and having it ready for failover is a great solution when other services that provide high availability and fault tolerance are not available.
The AMI ID used in an Auto Scaling policy is configured in the
Launch configuration
Which of the following is not a benefit of a decoupled architecture using EC2, Auto Scaling, and SQS?
An application does not become unavailable due to the deletion of a single SQS queue
Deletion of an SQS queue used in an application will cause the application to fail.
you recently purchased and deployed four reserved EC2 instances in the US-East-1 region’s Availability Zone 1 for a new project. Your supervisor just informed you that this project only requires two EC2 instances. Rather than selling the reserved instances, she asked you to terminate the extra instances and convert two of the on-demand instances already running in Availability Zone 1 to reserved instances. Can this be done?
Yes, you can terminate the reserved instances and AWS will automatically begin billing the two on-demand instances as reserved instances
Data stored on EBS volumes are automatically and redundantly stored in multiple physical volumes in the same Availability Zone as part of the normal operations of the EBS service and at no additional charge.
true
Which of the following AWS services allow you access to the underlying operating system?
Amazon EMR, Amazon EC2
You are building a system to distribute confidential training videos to employees. Using CloudFront, what method would be used to serve content that is stored in S3 but not publicly accessible from S3 directly?
Create an Origin Access Identify (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI
You have 8 instances running on your VPC and all 10 of your users (5 production and 5 development) currently have access to all the instances. However, you have been told that because 4 of the instances are used for production and 4 are used for development, you will need to set up access so that the 5 production people can only access the production server and the 5 development people can only access the development server. Using policies, which of the following would be the best way to accomplish this?
Define the tags on the test and production servers, and add a condition to the IAM policy which allows access to specific tags
Amazon Auto Scaling is not meant to handle instant load spikes but is built to grow with a gradual increase in usage over a short time period.
true
You recently purchased hardware to run a decoupled application in your on-premises datacenter. The application is working great but has seen an increased workload in recent weeks that makes you concerned that your hardware cannot handle the load. Your supervisor asks you to analyze the possibility of expanding the application using cloud resources. You cannot completely migrate the application to AWS because of the investment you have already made in on-premises hardware. What items will most likely be included in your analysis?
You can leverage SQS to utilize both on-premises servers and EC2 instances for your decoupled application, You can leverage SWF to utilize both on-premises servers and EC2 instances for your decoupled application
When designing an application architecture utilizing EC2 instances and the ELB, to determine the instance size required for your application, what questions might be important?
Determining the minimum memory requirements for an application, Determining the required I/O operations
Stripping Options
Raid 0 and 1(common type); Raid 5 and 6(not recommended because of the extended stipe
Raid 0 Disadvantage
Performance of the stripe is limited to the worst performing volume in the set.. Loss of a single volume results in a complete data loss of the array
Raid 1 Disadvantage
Does not provide a write performance improvement; requires more Amazon EC2 to Amazon EBS bandwidth than non-RAID configurations because the data is written to multiple volumes simultaneously.
Raid 5 and Raid 6
are not recommedned for amazon EBS because the parity write operations of these RAID modes consume some of the IOPS available to your volumes.. Increased cost.
Is creating a Read replica of another read replica supported?
only with MySQL based RDS
If I want my instance to run on a single-tenant hardware, which value do I have to set the instance’s tenancy attribute to?
Dedicated
maximum response time for a Business level Premium Support case?
1 hour
Sharding
Sharding embodies the “share-nothing” architecture and essentially just involves breaking a
larger database up into smaller databases. Common ways to split a database are:
Splitting tables that are not joined in the same query onto different hosts Duplicating a table across multiple hosts and then splitting where a row goes.
Enhanced Networking – launch HVM AMI in VPC.
Enhanced Networking enables you to get significantly higher packet per second (PPS) performance, lower network jitter and lower latencies. This feature uses a new network virtualization stack that provides higher I/O performance and lower CPU utilization compared to traditional implementations. In order to take advantage of Enhanced Networking, you should launch an HVM AMI in VPC, and install the appropriate driver.
Improve Application Throughput
You can run and scale applications such as stateless web services, image rendering, big data analytics and massively parallel computations on Spot instances. Since it costs less , you can increase your compute capacity by 2-10x within the same budget.
I2
Optimized to deliver tens of thousands of low-latency, randon I.O operations per second to applications.
NoSQl, Clustered databases, Online transaction processing(OLTP) systems
Billing dashboard elements
Bills; cost Explorer; Budgets; Reports; Cost Allocation Tags; Payment Methods; Payment History; Consolidated Billing; Preferences; Credits; Tax Settings; DevPay
Read replicas
MySQL, MariaDB, PostgreSQL, Amazon Aurora.
VM Import/Export
VM Import/Export enables customers to import Virtual Machine (VM) images in order to create Amazon EC2 instances. Customers can also export previously imported EC2 instances to create VMs. Customers can use VM Import/Export to leverage their previous investments in building VMs by migrating their VMs to Amazon EC2
What is the service used by AWS to segregate control over the various AWS services ?
AWS Identity and Access Management (IAM).
Instance Family
T2/M4/C4 – HVM EBS-Backed;
M3/C3– HVM and PV; EBS and Instance store;
Maximum ratio of IOPS to Volume size
50:1
http://169.254.169.254/latest/meta-data/public-ipv4
latest, then meta-data
Routed 53 features
- Register domain names – Your website needs a name, such as example.com. Amazon Route 53 lets you register a name for your website or web application, known as a domain name.
- Route internet traffic to the resources for your domain – When a user opens a web browser and enters your domain name in the address bar, Amazon Route 53 helps the Domain Name System (DNS) connect the browser with your website or web application.
- Check the health of your resources – Amazon Route 53 sends automated requests over the internet to a resource, such as a web server, to verify that it’s reachable, available, and functional. You also can choose to receive notifications when a resource becomes unavailable and choose to route internet traffic away from unhealthy resources.
Golden Image
an AMI that has been constructed from a customized image.
if DNS hostnames option of the VPC is not set to “YES”
then instances launched in the subnet will not get DNS Names.
Requirement for cross-region replication
• The source and destination buckets must be versioning-enabled.
• The source and destination buckets must be in different AWS regions.
• You can replicate objects from a source bucket to only one destination bucket.
• Amazon S3 must have permission to replicate objects from that source bucket to the destination bucket on your behalf.
• If the source bucket owner also owns the object, the bucket owner has full permissions to replicate the object. If not, the source bucket owner must have permission for the Amazon S3 actions s3:GetObjectVersion and s3:GetObjectVersionACL to read the object and object ACL.
• If you are setting up cross-region replication in a cross-account scenario (where the source and destination buckets are owned by different AWS accounts), the source bucket owner must have permission to replicate objects in the destination bucket.
The destination bucket needs to grant these permissions via a bucket policy.
Lambda Resource Limits per Invocation limit
512 MB temp space; payload size -- 6MB/128k number of file descriptors -- 1024 number of processes and threads -- 1024 memory allocation range -- 128MB -- 3008 MB max execution time per request -- 15 min
VPC and Subnet Sizing for IPv4
When you create a VPC, you must specify an IPv4 CIDR block for the VPC. The allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses).
Redshift’s columnar storage size
1MB(1024KB)
Server access log
In order to track requests for access to your bucket, you can enable access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. Access log information can be useful in security and access audits.
snapshot for EBS Volumes in a RAID configuration
it is critical that there is no data I/O to or from the volumes when the snapshots are created. RAID arrays introduce data interdependencies and a level of complexity not present in a single EBS volume configuration.
1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Wait for snapshots to complete, 4. Resume disk
