SAA-CO2 Flashcards

1
Q

AWS Organizations (units)

A

Consolidated Billing, Root -> OU (organizational unit) -> Accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

SAML

A

Security Assertion Markup Language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Storage Gateway

A

Hybrid cloud storage service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

File Gateway

A

(NFS/SMB) on premise backs up to cloud, low latency access for on premises applications to in cloud data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Tape Gateway

A

replace physical tapes with virtual tapes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

volume gateway

A

cloud backed block storage volumes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Macie

A

machine learning & NLP to discover, classify, protect sensitive data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

NAT Gateway

A

connect to the internet from instances within a private subnet. prevents internet from initiating a connection. do not support ipv6 connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Max number of Internet Gateways per VPC

A

1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Internet Gateway

A

VPC and internet connection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

egress only igw

A

like NAT gateway but for ipv6, outbound traffic only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

elastic IP address

A

static ipv4 address

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

direct connect

A

direct connection to AWS using colocation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

global accelerator

A

directs customer traffic to optimal endpoints over the global network. provided two static IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

privatelink

A

private connectivity between VPCs, aws services, on prem networks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ENI

A

elastic network interface: networking component in a VPC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

gp2

A

general purpose ssd EBS storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Io1

A

provisioned IOPS EBS storage (databases)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

St1

A

throughput optimized HDD (big data and Warehouses)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Sc1

A

cold hdd (file servers)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Standard

A

ebs magnetic (hdd for infrequent access)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

ebs backed ami

A

ebs storage backed ami, by default root volume is deleted on termination (can set to not do this)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

instance store backed ami

A

ephemeral storage, lost on stop

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

ec2 hypervisors

A

zen -> nitro

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
customer gateway
customer side vpn to allow connection to vpc
26
vpc endpoints
allows privately connect VPC to supported services interface endpoint: private endpoint to many services gateway endpoints: nat gateway for s3 and dynamodb
27
customer gateway
customer side connection to private vpc through vpn
28
cluster placement group
place ec2 near another in a datacenter, can't span availability zones
29
partition placement group
place ec2 across logical partitions; maximum 7 partitions
30
spread placement group
spread your ec2s out, max 7 per availability zone
31
VPC network costs
free traffic in, costs across AZ, inter region costs across vpcs, always use private connection over public
32
ACL
access control list, a firewall for a subnet. all traffic entering or exiting is checked against these rules. first rule that matches. default allowing all traffic. These are stateless. Allow and deny rules
33
Route Table
direct traffic into or out of a subnet. routes traffic to the correct destination. traffic sent to smallest CIDR range that matches
34
Security Groups
stateful (traffic out is allowed back in). virtual firewall for your instance. up to 5 allowed for an instance. automatically assigned default security group if not assigned. Allow rules only
35
subnets
part of a VPC in a specific availability zone
36
glacier deep archive
cheapest form, can be restored in 12 hours
37
S3 Tiers
Standard (9 9's, 99.99 availability), IA (99.9 availability), One zone IA (99.5 availability) intelligent tiering (pay per object), glacier, glacier deep archive
38
S3 object lock and glacier vault lock
write once, read many. Governance mode: certain users can overwrite, compliance mode: no one can overwrite, legal holds: must actively delete holds
39
S3 Performance
first byte within 100-200ms, 3500 PUT/COPY, 5500 Get/Head requests/second/prefix
40
S3 multipart upload
recommended for 100MB, required for 5GB
41
S3 Byte Range Fetches
parallelize downloads, pull part of an object
42
S3 Transfer acceleration
use EDGE network to accelerate uploads
43
AWS datasync
move large amounts of data to AWS s3, syncs on prem to AWS
44
S3 cross accounts
create a cross account iam role
45
IAM root sign in url
different than user sign in url
46
AWS RAM
resource access manager, share resources across accounts
47
AWS Shield
sits on edge, protects against DDOS attacks. Standard: included with WAF (free). Advanced: enhanced protection for ec2, cloudfront, route53, etc. 24x7 response
48
Cloud HSM
hardware security modules. manage your own keys. Fips 140-2 level 3 service
49
WAF
web application firewall. monitor web requests and protect against bad actors. can inspect http traffic
50
KMS
key management service. regional. pay per api call. Fips 140-2 level 2 service. CMK=customer master key, AES-256. single tenant, multi-az cluster. must provision across az's
51
secrets manager
cost per secret stored, automatically rotates keys. generate random secrets. shared across accounts
52
RDS Backups
automated backups, db snapshots (1-35 days). automated backups enabled by default. may have higher latency during backups. snapshots are retained. restored is a new RDS instance with new endpoint
53
RDS Multi AZ
automatic failover, ip address stays the same. during maintenance it fails over. synchronous replication. data charge is free for AZ
54
RDS Read Replicas
each read replica has its own endpoint. can promote to be their own database. asynchronous replication
55
redshift
BI / data warehousing. OLAP (online analytics processing). only one AZ. one day retention period default backup, max 35 days
56
OLTP
Online transaction processing
57
Aurora
AWS's own high end database. - starts 10GB, scales in 10GB increments to 64TB. - two copies of data in each AZ, min 3 (6 copies) - self healing storage - automated backups always enabled (snapshots no impact on performance) - can be serverless (for unpredictable loads)
58
elasticache
caching, memcached and redis memcached: simple, horizontal scaled key-value store redis: different types, multiple az, backup restore
59
AWS Directory Service
Active Directory (Microsoft) for aws. SSO to ec2 instances - AD trust to go on prem AD Connector Simple AD
60
cloud directory
directory based store for developers
61
load balancers
``` application load balancer: most features network load balancer: high performance classic load balancer: legacy x-forwarded-for: users public ip address load balancers exist in an az listeners: check for http requests target groups: instance targets ```
62
sticky sessions
bind users session to specific instance
63
cross zone load balancing
make sure to balance across az's, number of instances can differ in each az
64
path patterns
path based routing using load balancers
65
auto scaling
auto scaling group: group of instances configuration templates: instructions on what to launch scaling options: how you scale your group
66
auto scaling options
``` maintain current instance levels manually on a schedule based on demand (reactive) based on predictions (proactive) ```
67
HA Architecture
plan for failure
68
server migration service
can be used on premises. migrate on prem workloads to aws
69
application discovery service
gathers information about on premises data centers
70
sqs
maximum visibility timeout 12 hours. long polling returns a response until messages arrive in the queue