SA - Associate - Exam prep

Question 1

Which RDS databases support IAM auth?

Answer 1

MySQL, Postgres, Aurora

Question 2

What are the default and enhanced aggregation times in CW for EC2?

Answer 2

5 minutes and 1 minutes

Question 3

What metrics are not supported for CW/EC2 by default?

Answer 3

Disk space and memory utilisation

Question 4

What is the most specific IP range you can bring to AWS?

Answer 4

/24

Question 5

What are the steps for bringing IP address ranges to AWS?

Answer 5

Create an ROA (route origin authorization) through your RIR (regional internet registry)

Publish self-signed X.509 cert in the RDAP remarks for the address range, so AWS can validate that it’s you

Question 6

Summarise the data transfer charges

Answer 6

Data in is free

Data out between regions or services costs

Data out to internet costs

Data out to another AZ in same region is charged (but at a lower cost compared to regional transfers)

Data transfer inter-AZ, but using a private IP address, is free

Question 7

What does AWS AD Connector do?

Answer 7

Redirects AD requests to an on-prem AD, without storing any directory information in the cloud

Question 8

What is the default retention period for RDS enhanced monitoring?

Answer 8

30 days

Question 9

What are the two default query queues created in RDS?

Answer 9

Superuser queue (for system tasks, e.g. cancelling a user’s long-running query)

Default user queue (concurrency = 5)

Question 10

What is POSIX?

Answer 10

Portable operating system interface - family of standards for maintaining compatibility between OSs. EFS is POSIX compliant

Question 11

What is the difference between WAF and Shield?

Answer 11

Shield is for DDoS attack protection, WAF is for stuff like SQL injection protection

Question 12

What is the difference between S3 Select and Athena?

Answer 12

S3 select allows apps to use simple SQL-like queries to filter data in S3.

Athena is very similar - perhaps more powerful - and it’s interactive.

Select is probably more intended for app use

Question 13

What is Redshift enhanced routing

Answer 13

Redshift enhanced routing: forces all COPY and UNLOAD between your cluster and data repositories through your VPC, meaning you can use features like security groups (COPY puts data in, UNLOAD gets the result of a query)

Question 14

Describe Aurora endpoints

Answer 14

Aurora abstracts connections to DB cluster with endpoints. Can configure custom endpoints to go to primary instance (handles all DDL queries), or to specific subnets of instances (including specific instances). Can also direct traffic to the reader endpoint and Aurora will automatically load balance across read-only replicas

Question 15

What is special about port 25 for EC2?

Answer 15

EC2 throttles all traffic to port 25 (SMTP) by default - you can request for this to be removed

Question 16

What are the default resources you get when creating a new VPC?

Answer 16

Security group

Routing table

Question 17

Where can S3 events be published?

Answer 17

SNS, SQS and Lambda

Question 18

What is the default ASG cooldown period?

Answer 18

300 seconds

Question 19

What are the snowball capacities?

Answer 19

Snowball - 50TB

Snowball edge - 80TB

Snowmobile - 100PB

Question 20

Do application and classic LBs support SNI?

Answer 20

ALB does, classic doesn’t

Question 21

Summarise the AWS storage gateway options

Answer 21

File gateway - on-prem adapter for NFS and SMB access to S3

Volume gateway - ISCSI access to S3

(Cached - frequently accessed data stored locally
Stored - all data locally, async snapshots sent to S3)

Tape gateway

Question 22

In DR, what is RPO and RTO?

Answer 22

Recovery point objective - point in time in past to which you will recover

Recovery time objective - point in time in future when recovery is complete

Question 23

Describe SQS retention periods

Answer 23

1 minute to 14 days.

Default: 4 days

Question 24

Describe the SWF components

Answer 24

Domains contain workflows that can interact

SWF informs decider of workflow history and state of workflow

Decider coordinates workflow

Activity worker does stuff

Deciders and activity workers work on tasks

Actors - anything that interacts with SWF

Question 25

What is heartbeat timeout in EC2?

Answer 25

Timeout before unhealthy instances are terminated so you have time to troubleshoot

Question 26

Other than manually doing it, when are elastic IP addresses dissociated from EC2 instances?

Answer 26

On termination

Question 27

What is Amazon Glacier Select?

Answer 27

Similar to S3 Select

Question 28

What are the GET/PUT limits of S3?

Answer 28

GET: 5,500 per second
PUT: 3,500 per second

Question 29

What are the lambda metrics?

Answer 29

Invocations

Duration

Error count

Dead letter errors

Throttles

Iterator age (stream-based invocations only - DynamoDB and Kinesis). Age of last record for each batch of records processed

Concurrent executions (for functions that have a concurrency limit defined)

Unreserved concurrent executions (for functions that don’t have a concurrency limit defined)

Question 30

Describe API Gateway caching

Answer 30

This can be enabled with a TTL. Max is 3600, default is 300, 0 means caching is disabled

Just over 1MB of data can be cached

Question 31

How many subnets can a network ACL apply to?

Answer 31

Many

Question 32

What are the VPC CIDR ranges?

Answer 32

192. 168/16
193. 16/12

10/8

Question 33

SWF vs step functions

Answer 33

Prefer step functions over SWF. The only advantage with SWF is that you can write decider logic in any language, whereas step functions takes a declarative JSON file, so you have less control with step functions.

Question 34

What is RedShift Spectrum?

Answer 34

Allows use of redshift on data in S3 (data is queried in-place)

Question 35

What is the maximum size ratio for provisioned IOPS?

Answer 35

50:1

Question 36

Describe the properties of general purpose SSDs (ST1)

Answer 36

General purpose SSDs (ST1) have a baseline performance tied to volume size (base + 3 IOPS per gb). They can burst to 3000 IOPS (based on a credit system). Once disks get to a particular size, they have a greater performance baseline than the burst anyway

Question 37

Describe the properties of cold HDDs (SC1)

Answer 37

HDD cold (SC1) has a similar model to general purpose SSDs. There’s a maximum burst of 250 mb/s, and the baseline scales linearly at 6 mb/s per 0.5tb. Burst is always greater than baseline, unlike the general purpose SSDs

Question 38

What is AWS SSM agent?

Answer 38

Installed on machines (EC2 or on-prem) to allow systems manager to manage/update them

Question 39

What is AWS inspector agent?

Answer 39

Gathers information to assess the security of EC2 instances

Question 40

Is Kinesis FIFO?

Answer 40

Yes - all messages have a sequence number

Question 41

AWS Glue vs AWS Data Pipeline

Answer 41

AWS glue is a managed service that runs using Apache Spark. You can only use a couple of languages (Scala or Python) and it takes a data first approach

AWS data pipeline is a managed orchestration service that launches compute resources in your AWS account. Use this if you need more control and direct access to the compute resources handling the data

Question 42

What extra stats does RDS enhanced monitoring give you?

Answer 42

Memory, disk IO, and database and OS processes

Question 43

Certificate manager vs IAM

Answer 43

You can upload certificates to either AWS Certificate Manager or IAM. Certificate manager is recommended, but if it doesn’t support the algorithms or key lengths of the certificate you can use IAM. Some services can use certificates in IAM (e.g. elastic beanstalk and cloudfront)

Question 44

What are the pricing properties of spot instances?

Answer 44

Instances are billed to the nearest second

If AWS terminates the spot instance in the first hour, it’s free

If AWS terminates in any subsequent hour, you pay to the nearest second

If you terminate it at any point, you pay to the nearest second

For Windows, you’ll pay for the whole hour if you terminate it

Question 45

Describe the support plans

Answer 45

Basic - everyone gets this. Forums, whitepapers etc. 2 trusted advisor checks

Developer - As above, and business hours email support, <24h response time for general and <12h for system impaired, one person can open cases

Business - As above, but 24h email, <1h down, <4h prod impaired, <12 system impaired, <24h general guidance

Enterprise - As above, but dedicated TAM, and <15m down prod, <1h down sys, <4h prod impaired, <12h system impaired, <24h general guidance

Question 46

AWS Config vs EC2Config

Answer 46

AWS Config - monitoring and auditing of resource configuration. You can see resource histories etc.

EC2 config and EC2 launch are used on older/newer versions of windows server to process some systems manager commands

Question 47

SQS visibility timeout min/max/default

Answer 47

0 seconds - 12 hours

Default is 30 seconds

Question 48

What is SQS RecieveMessagesWaitTime?

Answer 48

Used to configure long/short polling. Can be set for 0-20s - the amount of time a request will wait for a message to arrive (0 is short polling)

Question 49

Delay queues vs message timers in SQS

Answer 49

Delay queues allow 0-15m delay before ALL new messages available on queue

Message timers allow 0-15m delay for individual messages

Question 50

How can you connect to AWS services without traversing the internet?

Answer 50

Interface - for services with gateways powered by PrivateLink (interface as in ENI - you connect to a private IP address to access some AWS service)

Gateway - you configure a route in the route table to direct traffic going to a particular IP address to an AWS Service

For S3 and DynamoDB, you use a gateway endpoint, NOT an interface endpoint. These are not yet supported by PrivateLink

Question 51

Describe route53 aliases

Answer 51

Any record type can be an alias

For zone apex (naked domain), have to use A record

Question 52

How to Aurora failovers work?

Answer 52

If you have a replica instance, it’ll flip the CNAME record

If not (single instance), it will attempt to recreate in same AZ, or if it can’t, in another AZ

Question 53

Do private IP addresses change on EC2 restart?

Answer 53

For classic EC2, it can change every time as you just get one from the pool.

For EC2-VPC (where the instance is in the default VPC or a custom one) you get a static private IP

Question 54

RDS MySQL - which engine should be used?

Answer 54

For MySQL, it’s recommended that the InnoDB engine is used instead of MyISAM (which you can use, but should only do so if you require intense, full-text search capability)

Question 55

Can ALBs handle multiple SSL certs?

Answer 55

Yes

Question 56

What else needs to be enabled to use CRR?

Answer 56

Versioning, in both source and destination

Question 57

What route table rule allows subnets to communicate?

Answer 57

CIDR block -> local (routes to VPC)

Question 58

How can multicast networking be done in a VPC?

Answer 58

Create an overlay network at the OS level. This works as it’s actually using unicast IP routing (supported in the VPC)

Question 59

How can CloudFront retention be configured?

Answer 59

To control how long files remain in a CloudFront cache, you can set min/max/default TTL settings. For individual files, you can also set “Cache-control: max-age: 5” header on the file from the origin

Question 60

Describe partition groups

Answer 60

Spread - spread all instances so they don’t share underlying hardware (can use multiple AZs) - fewest instances

Cluster - pack close together in a single AZ

Partition - spread across non-overlapping logical partitions that don’t share underlying hardware (can use multiple AZs)

Question 61

What is the conflict resolution model of DynamoDB global tables?

Answer 61

Last writer wins

Question 62

Which RDS instances DON’T support read replicas?

Answer 62

Oracle and SQL Server

Question 63

What is the maximum provisioned IOPS in RDS?

Answer 63

40k, apart from SQL Server that has 32k

Question 64

What is the max storage in RDS?

Answer 64

32TB, apart from SQL server that has 16TB

Question 65

What are the 3 DB instance types in RDS?

Answer 65

Standard
Memory optimized
Burstable performance

Question 66

When can’t you stop RDS instances?

Answer 66

SQL server using multi-AZ (uses SQL mirroring instead of Amazon tech)

Instances that have or are read replicas

Question 67

What is the retention period range for RDS snapshots?

Answer 67

1-7 days

Question 68

What instance states are billed in RDS?

Answer 68

All apart from creating, deleting and failed. Stopping and stopped only billed for storage.