Review Flashcards

Question 1

Q

Monthly billing for lambda is based on what?

Answer

A

Execution request and the time is rounded to the nearest 100 ms.

Question 2

Q

which is a compulsory section in CFT

Answer

A

resources

Question 3

Q

Maximum size of an item in DynamoDB table

Question 4

Q

AWS service supports infrastructure as a code?

Answer

A

CloudFormation

Question 5

Q

a Load balancer can span across?

Answer

A

Multiple AZs

Question 6

Q

What can be used to provide internet connectivity to the resources residing in a private subnet?

Answer

A

Internet gateway.

Question 7

Q

CloudWatch

Answer

A

can not manually deleted.

Question 8

Q

DATA STORED IN A S3 CAN BE ACCESSED FROM?

Answer

A

anywhere across the internet.

Question 9

Q

By default, which of the following metrics are not supported by CLoudWatch?

Answer

A

Memory free/used.

Question 10

Q

which Services is used along with S3 to enable S3 Transfer Acceleration?

Answer

A

CloudFront

Question 11

Q

MySQL RDS instance

Answer

A

CAN NOT be stopped or paused. TO SAVE MONEY, the user needs to take the final snapshot, terminate the instance and launch a new instance in the future from that snapshot.

Question 12

Q

Elastic Load Balancing

Answer

A

use SSL certificate in order to improve your system security. use AWS identity and Access Management to upload your certificate to your load balancer.

Question 13

Q

SQS Time to live

Answer

A

1 minute to 2 weeks

Question 14

Q

SQS data size in a message

Question 15

Q

EBS Volume

Answer

A

it is required to mount the device when a user creates an EBS volume and attaches it as a device.

Question 16

Q

DynamoDb access

Answer

A

Amazon DynamoDB integrates with AWS Identity and Access Management(IAM). You can use AWS IAM to grant access to Amazon DynamoDB resources and API actions. To do this, you first write an AWS IAM policy, which is a document that explicitly lists the permissions you want to grant. you then attach that policy to an AWS IAM user or role.

Question 17

Q

Best suitable options to allow access to the log bucket.

Answer

A

Provide ACL for the logging group.

Question 18

Q

CloudFormation

Answer

A

gives developers and systems administrators an easy way to create and manage collections of AWS resources. you can now set ReadReplicas for your databases with RDS when you create a new cloudFormation template.

Question 19

Q

AWS RDS with multi AZ feature

Answer

A

the user can not provision the availability zone. RDS is launched automatically instead.
user need to specify whether it is multi AZ or not.

Question 20

Q

AWS Elastic Beanstalk

Answer

A

support multiple running environment.

Question 21

Q

Ec2-classic

Answer

A

AWS does not provide a fixed MAC address to the instances launched in ECs-classic. If the instance is launched as apart of EC2-VPC, it ca have an ENI which can have a fixed MAC. However, with EC2-CLassic, every time the instance is started or stopped it will have a new MAC address. To get this MAC, the orgAMzation can run a script on boot which can fetch the instance metadata and get the MAC address from that instance metadata.

Question 22

Q

IAM User

Answer

A

IAM users by default cannot change their password. the root owner or IAM administrator needs to set the policy in the password policy page, which should allow the user to change their password. Once it is enabled, the IAM user can always change heir passwords from the AWS console or CLI.

Question 23

Q

EBS volume

Answer

A

provides persistent data storage. the user cam attacj a volume to any instance provided they are both in the same AZ.

Question 24

Q

ReceiveMessageWaitTimeSeconds

Answer

A

when set to greater than zero enables long polling. Long polling allows the Amazon SQS service to wait until a message is available in the queue before sending a response.

Question 25

Q

S3 bucket policies

Answer

A

require a Principal be defined.

Question 26

Q

If you do not ensure that DNS is re-resolved or use multiple test clients to simulate increased load, the test may continue to hit a single IP address when Elastic Load Balancing has actually allocated many more IP addresses. Because your end users will not all be resolving to that single IP address, your test will not be a realistic sampling of real-world behavior.

Answer

A

Use a third party load-testing service to send requests from globally distributed clients, Force the software-based load tester to re-resolve DNS before every request

Question 27

Q

MissingSecurityHeader

Answer

A

400 bad request would be the HTTP response code for Missing SecurityHeader.

Question 28

Q

S3:ReducedRedundancyLostObject

Answer

A

S3 provides the S3:ReducedRedundancyLostObject for objects that are using the Reduce Redundancy Storage class on Amazon S3. This notification is used with SNS and sends a JSON object notification to the subscribed SNS topics if an object is lost by Amazon S3. This allows you to create automation and be informed with RRS (99.9% durability storage) has an object data loss from one of your buckets. AWS now supports event notifications for object creation as well.

Question 29

Q

API call to attach an EBS volume to an EC2 instance

Answer

A

AttachVolume

Question 30

Q

necessary steps to set up a static website on S3.

Answer

A

Upload an index document to your S3 bucket, Enable static website hosting in your S3 bucket properties, Select the “Make Public” permission for your bucket’s objects

Question 31

Q

What is the API call used when authenticating users against a Web Identity Provider like Facebook, Google, Amazon, etc.)?

Answer

A

AssumeRoleWithWebIdentity API call while passing the provider’s token and specifying the ARN (Amazon Resource Number) for the IAM Role.

Question 32

Q

What is the default timeout of Temporary Security Credentials issued by AWS after a user has authenticated with a third-party Identity Provider?

Answer

A

1 hour – minimum is 15 minutes

Question 33

Q

In what order are Atomic Counters written to a DynamoDB?

Answer

A

All write requests are applied in the order in which they are received.

Question 34

Q

ec2-net-utils

Answer

A

For AWS Linus, it is a package that configures additional network interfaces that the user can attach while the instance is running, refreshes secondary IP addresses during DHCP lease renewal, and updates the related routing rules.

Question 35

Q

send push notifications to mobile devices using SNS and ADM

Answer

A

need to obtain RegistrationID and Client secret. you do not need Device token.

Question 36

Q

MS SQL RDS

Answer

A

does not support multi AZ

Question 37

Q

HOW TO CONFIGURE TERMINATION POLICIES?

Answer

A

either specify any one of the policies as a standalone policy or list multiple policies in an ordered list.

Question 38

Q

S3 Bucket ACL

Answer

A

can grant permission to S3 Log Delivery group to write access log objects to the user’s bucket.

Question 39

Q

Elastic Beanstalk

Answer

A

support multiple environments

Question 40

Q

ec2-share-image-attribute

Answer

A

share image

Question 41

Q

IAM role

Answer

A

– IAM roles are based on temporary security tokens, so they are rotated automatically. Keys in the source
code cannot be rotated (and are a very bad idea). It’s impossible to retrieve credentials from an S3 bucket if you
don’t already have credentials for that bucket. Active Directory authorization will not grant access to AWS
resources.

Question 42

Q

Which relational database engines does Amazon RDS support?

Answer

A

Amazon RDS supports Amazon Aurora, MySQL, MariaDB, Oracle, SQL Server, and PostgreSQL database engines.

Question 43

Q

the default interval for CloudWatch metrics

Answer

A

1 minutes?

Question 44

Q

how to attach volume to an EC2 instance from different AZ?

Answer

A

take a snapshot of the volume and create a new volume in the instance’s AZ, then attach.

Question 45

Q

multiple IAM group policies

Answer

A

always aggregated.

Question 46

Q

Connect to RDS(MYSQL)

Answer

A

open port 3306 in the security group for MYSQL.

Question 47

Q

Can user create a larger EBS volume from an existing snapshot with lower size?

Answer

A

Yes, user need to change the size of the device with resize…

Question 48

Q

AWS ELB with custom domain

Answer

A

by creating CNAME with the existing domain name service provider;
by creating a record with Route 53.

Question 49

Q

can be used to bootstrap both the chef Server and chef Client software

Answer

A

CloudFormation

Question 50

Q

Amazon RDS DB instance back up

Answer

A

automated backups and DB snapshots.

Question 51

Q

CLI commands for EC2 instances

Answer

A

ec2-accept-vpc-peering-connection;
ec2-allocate-address;
ec2-assign-private-ip-address;
ec2-associate-address;
ec2-associate-dbcp-options;
ec2-associate-route-table;
ec2-attach-internet-gateway;
ec2-attach-network-interface(not ec2-allocate-interface).

Question 52

Q

SQS security

Answer

A

SQS uses either your Access Key ID or an X.509 certificate to authenticate your identity.

Question 53

Q

x-Forwarded-Port

Answer

A

identify the port used by the client while requesting ELB.

Question 54

Q

Tag limits

Answer

A

10 tags er load balancer;
max key length 127;
max value length 255;
keys and values are case sensitive.

Question 55

Q

DB parameter group

Answer

A

contains engine configuration values that can be applied to one or more DB instances of the same instance type.

Question 56

Q

RDS charge

Answer

A

on a pay as you go basis. It charges the user based on the instance type, number of hours that the instance is running, data transfer, storage cost as well for I/O request. the monitoring is free of cost.

Question 57

Q

SQS free tier message limit

Answer

A

1 million

Question 58

Q

SQS allow anonymous access queue

Question 59

Q

Can an AMI launch EC2 instance within same region?

Question 60

Q

AWS console for DynamoDB

Answer

A

can setup alarms to monitor your table’s capacity usage;
create, update, and delete tables;
View your table’s top monitoring metrics on real-time graphs from CloudWatch.
can not import data from other databases or from files.

Question 61

Q

Shared responsibility

Answer

A

Customer’s responsibility:
Life-cycle management of IAM credentials;
Security group and ACL settings
Encryption of EBS volumes
Patch management on the EC2 instance’s OS;
AWS responsibility:
Decommissioning storage devices?;
controlling physical access to compute resources;

Question 62

Q

manual auto scalling

Answer

A

modify the desired capacity. if the user is trying to CLI, use command as-set-desired-capacity – desired-capacity

Question 63

Q

account alias

Answer

A

has to be unique so different account can not have the same alias.

Question 64

Q

EBS-Optimized instance

Answer

A

the Provisioned IOPS volumes are designed to deliver within 10% of the provisioned IOPS performance 99.9% of the time in a given year.

Answer 61

A

one subnet must be associated with exactly one Route Table, However, multiple subnets can be associated with the same Routed table.

Answer 62

A

enable you to record information in the workflow execution history that you can use for any custom or scenario-specific purpose.

Answer 63

A

The cost of an IAM user or groups can never be tracked separately for the purpose of billing. usage a tracking is only at account level.

Answer 64

A

30 seconds.

Answer 65

A

user can attach multiple volumes to the same instance and stripe them together to in crease the I/O, can take a snapshot from the existing volume but can not create an AMI from the volume. the user can create an AMI froma snapshot.

Answer 66

A

user can attach multiple volumes to the same instance and stripe them together to in crease the I/O, can take a snapshot from the existing volume but can not create an AMI from the volume. the user can create an AMI from a snapshot.

Answer 67

A

reserved for the root device for Linux instance.

Answer 68

A

Vault and Archives are core data model concepts;
job is required to initiate download of archive.
notification configuration is required to send user notification when archive is available for download.

Answer 69

A

HTTP, SMS, not UDP.

Answer 70

A

PeekMessage action has been removed from Amazon SQS. was mainly for debug. to do this, you can log the message ID and the receipt handle for your messages and correlate them to confirm when a message has been received and delated.

Answer 71

A

An object ACL is the only way to manage access to objects not owned by the bucket owner
Permissions vary by object and you need to manage permissions at the object level
(an object ACL is also limited to a maximum of 100 grants);
Object ACLs control only object-level permissions

Answer 72

A

is to grant write permission to the Amazon S3 Log Delivery group to write access log objects to your bucket.

Answer 73

A

You want to manage cross-account permissions for all Amazon S3 permissions

Answer 74

A

SSH – prot 22
RDP – port 3389
TCP,UDP – port 3306 – MYSQL

Answer 75

A

a configuration management service uses chef, an automation platform that treats server configurations as code.
has 2 offerings, AWS Opsworks for Chef Automate, and AWS OpsWorks Stacks.

Answer 76

A

AWS Global infrastructure: AZs, regions, edge locations;

compute, storage, database, networking

Answer 77

A

Platform, Applications, IAM; OS, Network & Firewall configuration; client-side data encryption, server-side data encryption, Network Traffic Protection

Answer 78

A

EC2; EC2 auto scaling; Elastic Container Service;
Elastic Container Service for Kubernetes;
Elastic Container Registry;
Amazon Lightsail;
AES Batch;
Elastic Beanstalk;
AWS Fargate;
Lambda;
severless Application Repository;
VMware Cloud on AWS.

Answer 79

A

S3, EBS, Elastic File system, Glacier, Storage gateway; snowball; snowball Edge; snowmobile;

Answer 80

A

Aurora; RDS; DynamoDB; ElastiCache; Reshift; Neptune; Database Migration Service;

Answer 81

A

Application Discovery Service;
database migration service;
Migration Hub;
server migration service;
snowball
snowball edge;
snowmobile;

Answer 82

A

VPC;
cloudFront;
Route 53;
API gateway;
direct connect;
Elastic load Balancing;

Answer 83

A

HTTP(s);
Email;
Email-JSON;
SQS;
Application;
AWS Lambda;
SMS(short Message Service)

Answer 84

A

100 capacity units

Answer 85

A

Yes. by define deletion policy. you can specify snapshots be created before it is delected. you can also specify a resource should be preserved and not deleted when the stack is deleted.

Answer 86

A

Perform SQL injection for application testing;
Penetration testing – as performed by attackers to find any vulnerability.
hardening test – to find if there are any unnecessary ports open perform SQL injection to find any DB security issues.
Not this one – Code memory checks are generally useful when the organization wants to improve the application performance.

Answer 87

A

For a tabe with a local secondary index, a group of items with the same partition key value has exceeded the maximum size limit of 10 GB.

Answer 88

A

Bundles an Amazon Instance store-backed Windows instance. During bundling, only the root device volume is bundled. Data on other instance store volumes is not preserved.
This action is not applicable for Linus instances, or windows instances taht are backed by Amazon EBS.

Answer 89

A

can retrieve a max 100 items total size <16MB.

Answer 90

A

allows organizations to do complex analysis on large volumes of data.

Answer 91

A

Android, IOS, JavaScript, 
Java,
.Net,
Node.js
PHP
Python
Ruby
Go
C++

Answer 92

A

Restricting access to the data centers;
proper destruction of decommissioned disks;
Patching of firmware for the hardware on which your AWS resources reside.

Answer 93

A

can communicate with each other, across availability zones.

Answer 94

A

auto scaling;
elastic bean stalk;
VPC;
cloudconformation;

Answer 95

A

AssumeRoleWithSAML

Answer 96

A

The user navigates to ADFS webserver. The user enter in their single sign on credentials. The user’s web browser receives a SAML assertion from the AD server. The user’s browser then posts the SAML assertion to the AWS SAML end point for SAML and the GiveUserSAMLAccess API request is used to request temporary security credentials. 5) The user is then able to access the AWS Console.

Answer 97

A

The user navigates to ADFS webserver. The user enter in their single sign on credentials. The user’s web browser receives a SAML assertion from the AD server. The user’s browser then posts the SAML assertion to the AWS SAML end point for SAML and the AssumeRoleWithSAML API request is used to request temporary security credentials. 5) The user is then able to access the AWS Console.

Answer 98

A

CIA are the fundamentals of Information Security. Confidentiality (generally encryption), Integrity (the accuracy of a message or server…i.e. hash value), Availability (availability of a service)
AAA is authentication, authorization, and accounting. Who you are (identification), what are you allowed to do (privileges), and audit

Answer 99

A

set this parameter to SIZE to monitor item collection size.

Answer 100

A

400 – IncompleteSignature; MissingAction
InvalidParameterValue; Missing Parameter; InvalidDigest; InvalidBuckeName; IncompleteBody;
403 – OptInRequired; InvalidClientToken; MalformedQueryString; InvalidObjectState;

Answer 101

A

Sort key – 1024

partition key –2048

Answer 102

A

Elastic Beanstalk provides platforms for programming languages (Java, PHP, Python, Ruby, Go), web containers (Tomcat, Passenger, Puma) and Docker containers, with multiple configurations of each.

Answer 103

A

via SSL endpoints using the HTTPS protocol.

Answer 104

A

To obtain a list of all your tables, use the ListTables operation. A single ListTables call can return a maximum of 100 table names; if you have more than 100 tables, you can request that ListTables return paginated results, so that you can retrieve all of the table names.

Answer 105

A

The BatchWriteItem operation puts or deletes multiple items in one or more tables. When called in a loop, it also checks for unprocessed items and submits a new BatchWriteItem request with those unprocessed items until all items have been processed.

Answer 106

A

automated backup. automated failure detection and recovery;
automated software patching;
scaling is not automated and the user needs to plan it with a few clicks.

Answer 107

A

remove all the rules set for the other requests and open the port only for ELB source security group. meaning configure the security group of EC2, which allows access to the ELB source security group.

Answer 108

A

Use an encrypted file system on top of the EBS volume.?

Answer 109

A

is an isolated DB environment provided by AWS in which the user can create more than one database, The maximum size of the instance should be between 5GB–3TB. the size of each DB can be anything in this range.

Answer 110

A

can be used to bootstrap both the Chef Server and Chef Client software.

Answer 111

A

provide: name, version, and timeout values based on how long you expect the activity to take. you do not need to provide domain.

Answer 112

A

specify an IP range in RDS security group. recommends using the private IP address of the Amazon EC2 instance. this provides more direct network route from the amazon EC2 instance to the RDS DB instance. and does not incur network charges for the data sent outside of the amazon network.

Answer 113

A

as-describe-account-limits/ calling DescribeAccountLimits action

Answer 114

A

RDS provides an automated backup feature, PIOPS is available with both RDS and EBS. HA is not available with MS SQL.

Answer 115

A

IP address.

Answer 116

A

IP address.

Answer 117

A

RDS charges the user on a pay as you go basis. it charges the user based on the instance type, number of hours that the instance is running, data transfer, storage cost as well for the IO requests. the monitoring is free of cost.

Answer 118

A

Yes. based on EC2 Windows AMIs and provides you with the ability to install software, to use remote desktop to access your stack, and to update and configure your stack.

Answer 119

A

Yes if configured with the auto scaling group.

Answer 120

A

EC2; cloudwatch will be used to monitor the resources and based on the scaling need it will trigger policies.

Answer 121

A

low request pricing; serve high-scal request workloads; low-latency response time; high IO performance of SSD.(not WebApp)

Answer 122

A

yes. assign EIP.

Answer 123

A

automated backup. automated failure detection and recovery;
automated software patching;
scaling is not automated and the user nneds to plan it with a few clicks.

Answer 124

A

set an S3 Bucket policy;

set an S3 ACL on the bucket or the object.

Answer 125

A

use policy generator;
use custom policy;
assign no permission;
policy simulator is not available int eh console;

Answer 126

A

auto scaling groups;
elastic Load Balancers;
RDS instance;

Answer 127

A

set up alarms to monitor table capacity usage;
create, … delete table;
View your table’s top monitoring metrics on real-time graphs from cloudwatch.

Answer 128

A

You can have a maximum of 10,000 workflow and activity types (in total) that are either registered or deprecated in each domain. You can have a maximum of 100 Amazon SWF domains (including registered and deprecated domains) in your AWS account.

Answer 129

A

At any given time, you can have a maximum of 100,000 open executions in a domain.

Answer 130

A

AWS CloudFormation allows you to define deletion policies for resources in the template. You can specify that snapshots be created for Amazon EBS volumes or AmazonRDS database instances before they are deleted. You can also specify that a resource should be preserved and not deleted when the stack is deleted. This is useful for preserving Amazon S3 buckets when the stack is deleted.

Answer 131

A

Returns descriptions of all resources of the specified stack.

For deleted stacks, list-stack-resources returns resource information for up to 90 days after the stack has been deleted

Answer 132

A

AWS OpsWorks is a configuration management service that uses Chef, an automation platform that treats server configurations as code. OpsWorks uses Chef to automate how servers are configured, deployed, and managed across your Amazon Elastic Compute Cloud (Amazon EC2) instances or on-premises compute environments. OpsWorks has two offerings, AWS Opsworks for Chef Automate, and AWS OpsWorks Stacks.

Answer 133

A

creates an endpoint for a device and mobile app on one of the supported push notification services, such as GCM and APNS. CreatePlatformEndpoint requires the PlatformApplicationArn that is returned from CreatePlatformApplication. The EndpointArn that is returned when using CreatePlatformEndpointcan then be used by the Publish action to send a message to a mobile app or by the Subscribe action for subscription to a topic.

Answer 134

A

EC2, RDS, ELB, auto scaling, S3, SNS

Answer 135

A

CreateTopic – Create a new topic.
DeleteTopic – Delete a previously created topic.
ListTopics – List of topics owned by a particular user (AWS ID).
ListSubscriptionsByTopic – List of subscriptions for a particular topic
SetTopicAttributes – Set/modify topic attributes, including setting and modifying publisher/subscriber permissions, transports supported, etc.
GetTopicAttributes – Get/view existing attributes of a topic
AddPermission – Grant access to selected users for the specified actions
RemovePermission – Remove permissions for selected users for the specified actions

Answer 136

A

10 million subscriptions per topic;

100,000 topics per account;

Answer 137

A

100 domains per account;

10,000 workflow and activity types in each domain.

Answer 138

A

returns instance public IP

Answer 139

A

enables you to develop amazon SWF-based applications quickly and easily.

Answer 140

A

manage your workflow execution history and other details of your workflows across 3 availability zones.

Answer 141

A

time out value – 1 second to 1 hour; default 5 minutes.

Brainscape's Knowledge GenomeTM

Review Flashcards

Brainscape's Knowledge Genome^TM