SA Professional Exam Flashcards
How long does it take to get data out of Glacier?
It can take AT LEAST 3 hours
What storage type provides the ability to create point-in-time snapshots of data volumes?
EBs
Which three services have automated backups?
RDS
Elasticache (Redis only)
Redshift
Which service does not have automated backups?
EC2
In Read Replicas vs Multi-AZ;
Which is used for scaling?
Read Replicas
In Read Replicas vs Multi-AZ;
Which is used for DR/MultiAZ?
Multi-AZ
How many read replicas can you have?
Up to 5
Can you have read replicas in different regions?
Yes - With the exception of SQL Server and Oracle
Are read replicas synchronous or asynchronous?
Asynchronous
[T/F] Read Replicas can be made off of Multi-AZ’s database
True
[T/F] Read Replicas can be in Multi-AZ.
True
Can you have a read replica of a read replica? Will this increase latency?
Yes, but only for MySQL and this will increase latency
DB Snapshots and Automated backups [can/cannot] be taken of read replicas.
Can - but are not enabled by default
If you application does not require transaction support, Atomicity, Consistency, Isolation, Durability (ACID) compliance, joins & SQL… What should you consider using instead of RDS?
DynamoDB
What are the 4 different Storage Gateway Types?
File Gateway
Gateway-Cached Volumes
Gateway-Stored Volumes
Gateway-Virtual Tape Library
How long does it take to access virtual tapes in your virtual tape library?
Instantaneous
How long does it take to access your virtual tapes from your virtual tape shelf?
It can take 24 hours
How is Storage Gateway encrypted?
Encrypted using SSL for transit
Encrypted at rest in S3 using AES-256
How are Gateway-Stored Volumes stored?
Stored data as Amazon EBS Snapshots in S3.
Gateway Storage snapshots [can/cannot] be scheduled.
Gateway Storage Volumes can be scheduled.
Gateway Storage bandwidth [can/cannot] be throttled.
Gateway storage can be throttled - which is great for remote sites
AWS Snowball _______ and _________ from S3.
Import; Export
AWS Import Export can only _______ to S3.
Import
_______ make it easy to group your resources using the tags that are assigned to them. You can group resources that share one or more tags.
Resource groups
_________ allows you to get volume discounts on all your accounts.
Consolidated billing
With consolidated billing, _____ is on a per account and per region basis but can be aggregated into a single bucket in the paying account.
CloudTrail
The contract length for Reserved Instances is between __ and __ years.
1 & 3
What are the 3 types of RIs?
Standard, Convertible, Scheduled
Which of the RIs offers the largest discount?
All Upfront RIs
Standard RIs for EC2 can be modified, but only if they are in the same _______ and only if the ______ factors are equal and only for the Linux operating system.
Family; Normalization;
You can switch EC2 RIs between ______, but not between ______.
AZs; Regions
EC2 RIs [can/cannot] be sold on the marketplace.
can
Can you have reserved RDS instances?
Yes
With RDS reserved instances, you can move ______ but not _______.
AZ’s but not regions.
Elastic Beanstalk [can/cannot] provision RDS instances.
can
Elastic Beanstalk [does/does not] support IAM.
does
You have ___ access to the resources under Elastic Beanstalk.
full
Elastic Beanstalk code is stored in ___.
S3
With Elastic Beanstalk, ________ environments are allowed to support version control.
multiple
Elastic Beanstalk [can/cannot] roll back changes.
can
With Elastic Beanstalk, ______ the changes from ____ repositories are replicated.
Only the changes from Git repositories
Amazon Elastic Beanstalk supports which AMIs?
Linux AMI & Windows 2012 R2
OpsWork consists of ________ and ________.
Stacks; Layers
OpsWorks runs on _____.
Chef
In OpsWork, layers contain AWS resources such as…
EC2
ELB
RDS
In OpsWork, layers are like _____, ______, and _______ layer.
Web; Application; Database
In OpsWork, each stack will have how many layers?
1 or more
What happens to any EC2 instance added outside of the OpsWork stack in ELB?
OpsWork will remove
CloudFormation uses ________ to resolve dependency between resource creation.
wait condition
What is mandatory for a CloudFormation template?
Resources
With CloudFormation, you can create multiple ____ inside of one template.
VPCs
If you wanted to connect VPCs in your CloudFormation template. You can enable _____________ using CloudFormation, but only within the same AWS account.
VPC Peering
CloudFormation supports _____, ________, and _____ scripts.
Chef; Puppet; Bootstrap
With CloudFormation, you can use ________ to output data.
Fn:GetAtt
By default, the _______________ feature is enabled in CloudFormation.
“automatic rollback on error”
CloudFormation itself costs what?
Nothing
_______ is completely supported with CloudFormation. This includes creating new hosted zones or updating existing ones.
Route53
If you are accessing services using HTTPs endpoints (think DynamoDB, S3) use public ____.
VIFs
If you are accessing VPCs using private IP address ranges, use private ______.
VIFs
In the US, you need ___ direct connect connection(s) to connect to all 4 US regions.
1
Does data transferred between regions go over public internet?
No
Layer 2 connections [are/are not] supported by direct connect.
Are not
What is the difference between a Customer Gateway and a Virtual Private Gateway?
Customer Gateway - Customer side
Virtual Private Gateway - AWS Side
Which ports does EC2-VPC ELB support?
1-65536
What ports does the EC2-Class ELB support?
25 80/443 465 587 1024-65535
Can you assign an Elastic IP to an Elastic Load Balancer?
No
You can load balance to the _________ of your domain name with ELBs.
Zone Apex
If you have multiple SSL certifications you should use ________ Elastic Load Balancers, unless you have a wildcard certificate.
Multiple
A placement group [can/cannot] span availability zones but it [can/cannot] span subnets, provided that they are in the same VPC.
cannot; can
You [can/cannot] move existing instances to placement groups.
cannot
How can you reduce bottlenecks with NATs?
Scale up and Scale out;
If you scale out, add an additional NAT & subnet and migrate half your workload to the new subnet.
Can you peer VPCs from different regions?
Nope
If you peer two VPCs, what needs to be updated?
Security groups & make sure that a route table has been created in both VPCs to allow traffic.
If your application is more oriented toward indexing and querying data, it may be better to use this Amazon DB for your needs.
DyanmoDB
If your application has number BLOB data (binary large objects) then what would be a good choice for storage?
S3
If you need fully automated scaling, which DB is best?
DynamoDB
If you’re looking to scale your database up you should use ________, if you’re looking to scale out use ________.
RDS; DynamoDB
Databases that require Joins and/or complex transactions should look to utilize what database options with AWS?
Amazon RDS or Amazon EC2 with self-managed database
If you plan to store very large amounts of data that are infrequently accessed (Low I/O rates) where should you store that data?
S3
Use _______ to optimize both GETs & PUTs with S3.
Parallelization
S3 stores data in __________ order so you have to __________ the data.
Lexicographical; randomize
You can secure S3 by doing what 3 things?
- Using Bucket policies
- Using MFA Delete
- Backing your Bucket Up to Another S3 Bucket Owned by a separate account
CloudHSM is _____ tenanted.
Single Tenanted (1 physical device, for you only)
CloudHSM must be used in _____.
a VPC
You can use ___________ to connect o a CloudHSM from another VPC.
VPC Peering
IF you need fault tolerance with your CloudHSM, you need to build a ________.
Cluster
CloudHSM can integrate with the following databases & warehouses:
RDS (Oracle & SQL)
Redshift
You monitor CloudHSM via ______.
Syslog
The two types of directory services are ____ and ________.
AD Connector; Simple AD
By default, CloudWatch Logs will store your log data for how long?
Indefinitely
The default CloudWatch Alarm History is only how many days?
14
Step 1 of 3 for developing an Identity Broker is:
Develop an Identity Broker to communicate with LDAP & AWS STS
Step 2 of 3 for developing an Identity Broker is:
Identity Broker always communicates with LDAP first, THEN with AWS STS
Step 3 of 3 for developing an Identity Broker is:
Application then gets temporary access to AWS resources.
AWS Security Token Service returns which four values upon request for a federated token?
A Token
A Secret Access Key
Access Key ID
A Duration
True or False: To minimize the attack surface area, servers can be placed behind a bastion host, through which all traffic must pass.
False
If you want Intrusion Prevention AND Intrusion Detection you should use what?
A IPS tool
