SAA-C02

Question 1

EC2

Answer 1

ENI Cold Attach = while instance is being launched
ENI Warm Attach = while instance is stopped
ENI Hot Attach = while instance is running

Question 2

ALB - Application Load Balancer

Answer 2

path-based routing = forward requests based on the URL in the request
host-based routing = forward requests based on the host field in the HTTP header
Failed health check event = ALB stops sending traffic to the instance

Question 3

RDS

Answer 3

Multi-AZ DB Failover = CNAME is switched from the primary db instance to the secondary
Multi-AZ DB Failover RTO = 1 minute

Multi-AZ DB = Amazon RDS automatically creates a primary DB Instance and synchronously replicates the data to a standby instance in a different Availability Zone (AZ)

Keywords: multi-region = cross-region read replica not Multi-AZ option

Question 4

Security groups

Answer 4

stateful
specify allow rules, but not deny rules
act at the instance level, not the subnet level
can specify separate rules for inbound and outbound traffic
default includes an outbound rule that allows all outbound traffic
You can change the security groups for an instance when the instance is in the running or stopped state.

Question 5

EKS

Answer 5

Open source

On-premise and in cloud

Question 6

DynamoDB

Answer 6

Storing metadata for S3 objects

Managing web session data

Question 7

ECS

Question 8

Fargate

Question 9

NACL

Answer 9

stateless
default configuration of the default NACL is Allow
default configuration of a custom NACL is Deny
NACL rules are evaluated by rule number from lowest to highest and executed immediately when a matching rule is found.

Question 10

CloudTrail

Answer 10

Does not optimize resource utilization

Question 11

Spot

Answer 11

Flexible start and end times

Question 12

EBS Volume

Answer 12

Not encrypted by default
Automatically scales the volume size based on usage
volumes will always be in same AZ as EC2
can be used normally while the snapshot is in progress
point-in-time snapshots = back up the data to Amazon S3 + available on short notice

Types:
	SSD
		For exam: general purpose = boot OS data
		(gp2) = general purpose, 3 IOPS per GiB up to max of 16,000 IOPS per volume
		(gp3) = general purpose = 4x faster than gp2
		(io1) = faster performance up to 64k IOPS (large database OLTP, latency sensitive)
		(io2) = io2 is same price as io1 + higher durability than io1 (database) (OLTP)
	 HDD (Magnetic storage)
		Low-cost HDD volume
		(st1) "Throughput Optimized" Cannot be used to boot (big data, data warehouses, ETL)
		(sc1) Cold hard disk, lowest cost option (cold data fewer scans and low performance. Static images) Cannot be used to boot
If talking about big data, warehouses = Throughput = st1 If talking about transactions/transactional DB = (gp2) for lower cost, performance = (io2)

Question 13

SNS

Question 14

CloudWatch/EventBridge

Answer 14

automate monitoring and repair - The reboot alarm action is recommended for Instance Health Check failures
When you reboot an instance, it remains on the same physical host, so your instance keeps its public DNS name, private IP address, and any data on its instance store volumes

Question 15

Trusted Advisor

Question 16

NLB

Question 17

EFS

Answer 17

Keywords:
Concurrent read/write
Linux

Question 18

Subnets

Question 19

CloudFormation

Answer 19

Templates have version control

Question 20

Elastic Beanstalk

Answer 20

Easy mode

Question 21

DAX

Answer 21

DynamoDB cache

DynamoDB milliseconds to microseconds

Question 22

SQS

Answer 22

Pull model

Standard = Best effort ordering and you might get a message twice
FIFO = max 300 messages per second, no duplicates
FIFO costs more
FIFO is only option for message ordering or message duplication

Keywords:
lengthy processing time = Measure using SQS queue depth metric
backlog per instance metric

Events:
visibility timeout on a message in an SQS queue expires = message will again be available in the queue for processing

Links:

https: //docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-visibility-timeout.html
https: //docs.aws.amazon.com/autoscaling/ec2/userguide/as-using-sqs-queue.html

Question 23

SNS

Answer 23

Push model

No visibility timeouts
No timings
Uses Topics for who and where it goes to
Subscribers = Kinesis Data Firehose, SQS, Lambda, email, HTTPS, SMS (fanout), platform application endpoints
Message size limit = 256 KB
Dead letter queue support, only HTTP get retried
FIFO or Standard
	Only SQS subscriber supports FIFO
Encryption at rest is option
Access Policies support

Keyword: Multiple things need to see events = Add Topic + subscription in the topic

Question 24

ASG - Auto Scaling groups

Answer 24

On-Demand Instance limits
Lifecycle hooks = run lambda on (startup, before termination, scale out, scale in events)
Scheduled scaling

Events:
Scale in = Selects the Availability Zone with two instances, and terminates the instance that was launched from the oldest launch template or launch configuration

default health checks for an Auto Scaling group are EC2 status checks only. If an instance fails these status checks, the Auto Scaling group considers the instance unhealthy and replaces

Links:

https: //docs.aws.amazon.com/autoscaling/ec2/userguide/lifecycle-hooks.html
https: //docs.aws.amazon.com/AWSEC2/latest/UserGuide/spot-fleet-scheduled-scaling.html

Question 25

Reshift

Answer 25

Peta data
BI
RDS
complex analytic queries
structured data
parallel query execution

Question 26

STS - Security Token Service

Answer 26

temporary, limited-privilege credentials for AWS Identity and Access Management (IAM) users

Question 27

Cognito

Answer 27

Mobile authentication

Question 28

S3

Answer 28

Supports S3 notifications for restore operations from Glacier

Restricting Access for a time window

1. CloudFront user called an origin access identity (OAI)
2. Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users

Glacier Storage class or tier Expedited Standard Bulk
S3 Glacier Flexible Retrieval or S3 Intelligent-Tiering Archive Access 1–5 minutes 3–5 hours 5–12 hours
S3 Glacier Deep Archive or S3 Intelligent-Tiering Deep Archive Access Not available <=12 hours <=48 hours

Links:

https: //aws.amazon.com/s3/storage-classes/
https: //docs.aws.amazon.com/AmazonS3/latest/userguide/lifecycle-transition-general-considerations.html
https: //docs.aws.amazon.com/AmazonS3/latest/userguide/restoring-objects-retrieval-options.html
https: //docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-restricting-access-to-s3.html

Question 29

Kensis Data Streams

Answer 29

real-time data

Question 30

Reserved

Answer 30

scheduled reserved = Recurring daily, weekly, or monthly, with a specified start time and duration, for a one-year term

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-scheduled-instances.html

Question 31

Budgets

Answer 31

Keywords: budget

Question 32

http://169.254.169.254/latest/meta-data/

Answer 32

instance ID, public keys, and public IP address

Question 33

EMR - Elastic Map Reduce = ETL

Answer 33

Spawns EC2 instance cluster of opensource tools of Spark, Hive, Hbase, Flink, Hudi and Presto that lives inside the VPC

EMR supports:
• Jupyter to analyze data interactively with live code, narrative text, visualizations, and more. Create and attach notebooks to Amazon EMR clusters running Hadoop, Spark, and Livy. Notebooks run free of charge and are saved in Amazon S3 independently of clusters.
• https://docs.aws.amazon.com/emr/latest/ManagementGuide/emr-managed-notebooks.html

Git repositories such as GitHub, GitLab, or Bitbucket to provide version control for notebook code.

Question 34

Multipart upload

Answer 34

API to upload large objects in parts

Question 35

Instance Store Volume

Answer 35

Data persists only during the lifetime of its associated instance
Max performance IO file storage

Data loss events:
The underlying disk drive fails
The instance stops
The instance terminates
Instance is terminated
Hardware disk failure

Data retained events:
Reboot

Question 36

VPN Connection

Answer 36

connection between an on-premises network and a VPC, using a secure and private connection with IPsec and TLS

Question 37

Storage Gateway - Data Migration

Answer 37

Allows on-prem resources to be merged with AWS (lift and shift, or long term pairing)
Backs up data to S3

3 Types of Gateways

1. File Gateway = NFS or SMB mount (keep a local copy of recently backed up files.)
2. Volume Gateway = iSCSI mount (cached or stored mode + create EBS snapshots)
3. Tape Gateway = Physicaly tape provider

Keywords:
Hybrid solution, on-prem
On-prem storage low = cached File Gateway (Storage Gateway)
Cached local data

Question 38

DataSync - Data Migration

Answer 38

Scenario: lift and shift = DataSync
DataSync is agent based
DataSync can sent to S3, EFS, and FS

Keywords:
    Automated
    Accelerated
    One-time migration
    Lift and shift

Question 39

Multi-site

Answer 39

active-active architecture pattern
Highest cost but the quickest failover

Keywords:
very aggressive RTO
cost not being a major factor

Question 40

ElastiCache - DB Data Caching

Answer 40

Memcached or Redis or both = AWS ElastiCache
Internal to AWS

Memcached
    Simple database caching solution
    Not a database
    No failover or Multi-AZ support
    No backups

Redis
    No-SQL / Non-relational DB
    Can functions as a standalone database
    Failover and Multi-AZ support
    Supports backups

Question 41

Snowmobile

Answer 41

Don’t use Snowmobile unless peta bytes are mentioned.

It is ok to order multiple Snowballs to cover 80+ Terabytes.

Question 42

Route 53

Answer 42

Geolocation routing
Route traffic based on location of users

Geoproximity routing
Route traffic based on location of users and resources
Shift traffic to different resources

Weighted routing policy
Route to multiple resources in proportions that you specify

Links:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

Question 43

CloudFront

Answer 43

CloudFront geographic restrictions
Allow your users to access your content only if they’re in one of the approved countries on your allow list.
Prevent your users from accessing your content if they’re in one of the banned countries on your block list.

Caching = CDN to edge locations to reduce costs for hosting S3 static content

Links:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html

Question 44

WAF

Answer 44

Keywords:
ALB
Restrict country access

Links:
https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/distribution-web-awswaf.html

Question 45

Aurora

Answer 45

Does not support SQL Server DB migration

Question 46

FSx

Answer 46

Keyrwords:
Hybrid on-prem migration
SMB
Windows

Question 47

Spot Fleet

Answer 47

Variable workloads

MOST cost-effective solution

Question 48

Placement Group

Answer 48

Reducing network latency in an application
Tight coupling

3 strategies:
Cluster - Grouping of instances within single AZ. Applications that need low latency
Spread - Group of instances on distinct hardware. Critical instances that should be separate.
Partition - Each instance has its own network and powersource. They don’t share the same rack.
Partition is a logic amazon word for dedicate powersource and network.

Links:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/placement-groups.html#placement-groups-cluster

Question 49

IAM Policy

Answer 49

By default, all requests are implicitly denied except root account.

Question 50

Global Accelerator

Answer 50

Network service to increase performance and deals with IP caching in front of ELB
Global accelerator has weighted groups and pools
Endpoint group = where you add load balancers ( where you can do blue green deployments)
Routes users based on physical location to closest resources