Services

Question 2

EBS

Answer 2

Network drive you can attach to your EC2 instance
Data remains even EC2 instance is terminated
Mounted on 1 instance at a time
Bound to an AZ
Move data from 1 instance to another

Question 3

AMI

Answer 3

Amazon Machine Image
Launch EC2 instances from an AMI
You can add your s/w, configurations, OS, monitoring into an AMI
Build for a specific region
AMUI also creates an EC2 instance

Question 4

EFS

Answer 4

Network file system (NFS) attached to EC2
It can be attached to more than 1 EC2 instance unlike EBS
EFS works only with your Linux EC2 instances
It works across multiple AZs.
Pay per use and not by capacity
EFS IA = Storage class is going to be cost-optimized for files that you don’t access very often

Question 5

Amazon FSx

Answer 5

Third party high performance (HPC) file system on AWS
Fully managed service
Build on windows file server
Supports SMB and windows NTFS
Integrated with windows active directory
Accessed from AWS or on Premise

Question 6

ELB

Answer 6

Spread load across more than 1 instance based on incoming traffic
TYPES
1. Application Load Balancer (Layer 7)(HTTP/HTTPS, uses DNS or URL)
2. Network Load Balancer (Layer 4) (TCP/UDP, users Static IP)
3. Gateway Load Balancer (Layer 3, GENEVA, used for intrusion detection and routes to third party security virtual appliances before sending it to EC2)

Question 7

Snow Family

Answer 7

SnowCone - 8 and 14 TB, Migrate upto 24TB online and offline
SnowBall Edge - 80 TB, Migrate upto PB offline
SnowMobile - < 100 PB, Migrate upto Exabytes offline

Question 8

Storage Gateway

Answer 8

Exposing S3 data on premises

Question 9

OpsHub

Answer 9

Software you install on your computer to manage snow family device

Question 10

ElastiCache

Answer 10

In Memory DB for faster read/write for all databases

Question 11

DynamoDB

Answer 11

No SQL DB Managed DB
Serverless
Standard and IA Table Class

Question 12

RedShift

Answer 12

Serverless(Pay for what you use) and based on Postgre SQL
Only for OLAP and not OLTP
Used for Data warehousing
Uses Massively Paraller Processing Query (MPP)
Integrate with BI tools like AWS QuickSight or Tableau

Question 13

EMR (Elastic Map Reduce)

Answer 13

Helps create Hadoop clusters(Big Data)
Clusters are many EC2 instances
Autoscaling and integrated with spot instances
ML, Data Processing, Web Indexng, Big data

Question 14

Athena

Answer 14

Serverless and perform anaytics on S3
Uses SQL
Used for BI, Analytics, Anaylze VPC Flow Logs, CloudTrail, ELB Logs

Question 15

QuickSight

Answer 15

Serverless to create interactive dashboards
Integrated with all DBs

Question 16

DocumentDB

Answer 16

Aurora for MongoDB
No SQL DB

Question 17

Neptune

Answer 17

Fully Managed Graph DB
Social Media data

Question 18

QLDB

Answer 18

Quantum Ledger DB
Recording Financial Transactions
To review history of all the changes made to your application data over time
Central authority

Question 19

Managed Blockchain

Answer 19

Joins public blockchains like hyperledger fabric or Ethereum
No central authority

Question 20

Glue

Answer 20

Serverless and does ETL
Take data from S3 or RDS, Transform and load into RedShift

Question 21

DMS

Answer 21

Data Migration

Question 22

DynamoDB Accelerator(DAX)

Answer 22

In Memory Cache for faster read/write for Dynamo DB

Question 23

DynamoDB Global Tables

Answer 23

It’s a way for you to make DynamoDB table accessible with low latency in multiple regions

Question 24

Docker

Answer 24

Software development platform to deploy apps
Apps are packaged into containers that can run on any OS
Docker images are stored in docker respositories
-Public docker respository
-Private in Amazon ECS (Elastic container repository)

Question 25

ECS

Answer 25

Launch docker container on AWS
Provision EC2 instances in advance

Question 26

Fargate

Answer 26

Launch docker container on AWS
No need to provision EC2 instances in advance (serverless)

Question 27

ESR

Answer 27

Container registry to store docker images that can be run by ECS or Fargate

Question 28

Lambda

Answer 28

Virtual functions with unlimited CPU and RAM
Time limit of 15 mins
Limited to some programming languages

Question 29

API Gateway

Answer 29

To create, publish, maintain, monitor and secure API on AWS
e.g. Serverless HTTP API
supports RESTFul API and WebSocket API

Question 30

Batch

Answer 30

Fully managed Batch Processing at any scale
Dynamically launch EC2 instances or Spot instances
Run as docker images on ECS
No limit of programming languages

Question 31

Lightsail

Answer 31

Standalone services to get virtual storage, db and networking in one place

Question 32

CloudFormation

Answer 32

Reusable template for defining AWS infrastructure
Infrastructure as Code (IaaS)

Question 33

CDK

Answer 33

Define cloud infratuture using familiar programming languages like Java, Python, .Net, etc.
Code is finally compiled into JSON/YAML (CloudFormation) format
Deploy infrature and runtime together

Question 34

Beanstalk

Answer 34

Developer centric view of deploying application on AWS
Platform as a service (PaaS)

Question 35

CodeDeploy

Answer 35

Hybrid service to automatically deply your code

Question 36

CodeCommit

Answer 36

Hosts Git respository in AWS to store your code

Question 37

CodeBuild

Answer 37

Compiles source code, run tests, produces packages ready to be deployed by Code Build

Question 38

CodePipeline

Answer 38

Code=>Build=>Test=>Provision=>Deploy=>EBS
It orchestrate the steps from code to deployment

Question 39

CodeArtifact

Answer 39

Store code artifacts like dependecies

Question 40

CodeStar

Answer 40

All code related services under one roof with unified UI

Question 41

Cloud9

Answer 41

IDE on Browser

Question 42

SSM

Answer 42

Manage EC2 instances and On premise systems at scale(Hybrid service)
-Automatic patching of all your instances
-Run commands across entire fleet of services
-Store parameter configuration with SSM parameter store

Question 43

SSM Session Manager

Answer 43

Allows to start a secure shell on EC2 instances and on premise servers without SSH access or port 22 access

Question 44

SSM Parameter Store

Answer 44

Store API keys, passwords, configurations (Serverless)

Question 45

OpsWork

Answer 45

Gives managed Chef and Puppet in the cloud
Chef and Puppet performs server configurations automatically

Question 46

DNS Route 53

Answer 46

Route users, to the closer to deployment with the least latency
Disaster recovery strategies
DNS, Health Checks, Routing Policy, Domain Registration

Question 47

CDN CloudFront

Answer 47

Replicate part of our application data into some AWS Edge Locations
Cache the common request in CloudFront
Uses WAF and Shield to protect from web attacks

Question 48

S3 transfer acceleration

Answer 48

Global uploads and downloads into Amazon S3
Leverages the Edge Locations of AWS.

Question 49

AWS Global Accelerator

Answer 49

Improved global application availability and performance using AWS global network

Question 50

Outposts

Answer 50

Deploy Racks on premise data centre to extend AWS services

Question 51

Wavelength

Answer 51

AWS service within 5G networks

Question 52

Local Zones

Answer 52

Local access closer to users locations
Extend VPC to local zones

Question 53

SQS

Answer 53

Serverless service to decouple applications
Stores messages from 4 to 14 days
FIFO and Standard Queue

Question 54

Kinesis

Answer 54

Real time big data streaming
Kinesis data streams, Kinesis fire hose, Kinesis data analytics and Kinesis video streams

Question 55

SNS

Answer 55

Pub Sub integration
Sending 1 message to many applications
Send message notifications using publish and subscribe model

Question 56

MQ

Answer 56

Managed Brocker Service for Rabbit MQ and Active MQ

Question 57

CloudWatch

Answer 57

Provides metrics of each AWS service
Set Alarms at each service reaching a certain threshold

Question 58

CloudWatch logs

Answer 58

Logs are not on by default for AWS service
Once on, you can see logs generated by each service here

Question 59

EventBridge

Answer 59

To create a two types of events, cron job or rules to react to a service doing something like EC2 terminate, user logging into AWS console, etc.
The output from EventBridge can be sent to trigger a lambda function or SNS/SQS, etc

Question 60

EventBus

Answer 60

Default Event Bus - Events happening inside AWS sent here
Partner Event Bus - Events happening outside AWS like zendesk, datadog, etc. sent here
Custome Event Bus - Events happening in custom apps sent here

Question 61

CloudTrail

Answer 61

Provides governance, compliance and audit for your AWS accounts
This is user action logging and user actions like Console login, using SDK, using CLI, etc.
Output is sent to CloudWatch Logs or S3

Question 62

AWS X-Ray

Answer 62

TroubleShooting, Distributed Tracing, Service Graph for distributed applications on AWS

Question 63

CodeGuru

Answer 63

ML powered service for Automated code reviews (Code Guru Reviewer) and Application performance recommendations (Code Guru Profiler)
Code Guru Profiler - Checks the runtime code in production and identifies code inefficiences and recommends the performance, memory and cost optimization

Question 64

AWS Health Dashboard

Answer 64

Service History - All regions, all services status
Personal Health Dashboard (PHD) - If any AWS events that impact your account (performance and availability of the services), shows up here

Question 65

ElasticIP

Answer 65

It costs even if its not attached to an EC2 instance or EC2 instance is stopped

Question 66

VPC

Answer 66

VPC is linked to a region
Withing VPC we have subnets

Question 67

Subnet

Answer 67

Subnet is linked to an AZ
Used to partition your VPC
Define public and private subnets

Question 68

Route Table

Answer 68

Define access to internet and between subnets

Question 69

CIDR Range

Answer 69

Range of IP addresses allowed in the VPC

Question 70

Internet Gateway

Answer 70

Helps to connect VPC to internet
Public subnet routes to internet gateway which connect to internet

Question 71

NAT Gateway & NAT Instances

Answer 71

NAT Gateway (AWS managed)
NAT Instances (Self Managed)
Allows instances in private subnet to access internet but still remain private

Question 72

Network ACL

Answer 72

Firewall that controls traffic from and to a subnet
Define Allow & Deny rules and rules include only IP addresses

Question 73

Security Groups

Answer 73

Firewall that controls traffic from and to a ENI/EC2 instance
Define Allow rules only and rules include IP addresses or other SGs

Question 74

VPC Peering

Answer 74

To connect two VPC privately using the network from AWS
IP addresses range should not overlap

Question 75

VPC Endpoints

Answer 75

To access AWS services by a private subnet in a private network
VPC Endpoint Gateway - Connect to S3 or DynamoDB
VPN Endpoint Interface - Connect to all other AWS services

Question 76

AWS PrivateLink

Answer 76

Allows services running in your VPC in AWS to other VPCs privately
Add Network Load Balances on premise
Add Elastic Network Interface on AWS VPC

Question 77

Site to Site VPN

Answer 77

Connect on premise DC with VPC on AWS over public internet but enctypted
Add a Customer Gateway on premise
Add Virtual Private Gateway at VPC
Connect both using site to site VPN

Question 78

Direct Connect (DX)

Answer 78

Connect on premise DC with VPC on AWS over private network using physical connection

Question 79

Client VPN

Answer 79

Connect your computer to private subnet in VPC on AWS
Add AWS client VPN (OpenVPN) on the computer

Question 80

Transit Gateway

Answer 80

To connect different VPCs, client, On premise with one solution

Question 81

AWS Shield Standard

Answer 81

Free and enabled for all customers against DDoS attack
Provides Layer 3 and 4 attacks and reflection attacks

Question 82

AWS Shield Advanced

Answer 82

Paid and 24/7 DDoS protection and support

Question 83

AWS WAF(Web Application Firewall)

Answer 83

Filter requests based on rules and placed on Layer 7 like Application Load Balancer, API Gateway and CloudFront.
Protection against web exploits
Define Web ACL - filter based on IP addresses, HTTP header, body and URI strings, geo matching, rate based rules
Protects against SQL Injection and Cross Site Scripting (XSS)

Question 84

CloudFront and Route 53

Answer 84

Provide protection at Edge location when used along with Shield

Architecture:
Route 53 is protected by shield and routes the requests to CloudFront.

CloudFront is also protected by shield and it caches the content on edge location

Use AWS WAF at CloudFront to filter the requests based on rules

Use Load Balancer on public subnet to scale the load at network level

Then behind load balancer user EC2 instances with ASG

Question 85

AWS Network Firewall

Answer 85

Protect VPC overall from Layer 3 to 7.
This operates at VPC level unlike Web ACL that operates at subnet level

Question 86

KMS

Answer 86

Key Management Service is the AWS encryption service and keys are managed by AWS

Question 87

CloudHSM(Hardware security module)

Answer 87

AWS only provisions encryption hardware and encryption keys are managed by customer

Question 88

CMK

Answer 88

Customer Master Keys
1. Customer managed CMK
2. AWS managed CMK
3. AWS owned CMK
4. Cloud HSM keys(found under custom key store)
For CloudTrail and Glacier S3 encryption is enabled by default

Question 89

Secrets Manager

Answer 89

Store and Rotate passwords (Rotation using custom Lambda function)
Integrated with Amazon RDS
Encrypted using KMS

Question 90

AWS Artifacts

Answer 90

Portal that provides AWS compliance and AWS agreement documents

Question 91

Amazon GuardDuty

Answer 91

Threat Detective Service
Detects anomalies in AWS account
Input is from CloudTrail logs, VPC flow logs, DNS logs, S3 logs, EBS logs, Lambda network activity, RDS and Aurora login logs, EKS audit logs and output can be sent to EventBridge to generate SNS or Lambda function

Question 92

Amazon Inspector

Answer 92

Run automated security assessments only on running EC2 instances, Lambda functions and Container images on ECR

Check for OS, S/w vulnerabilities and network reachability on EC2
Reports its findings into AWS Security Hub and Amazon Event Bridge

Question 93

AWS Config

Answer 93

Helps auditing and recording compliance of the AWS resources
It records the configurations and their changes over time

Question 94

AWS Macie

Answer 94

Fully managed data security and data privacy service uses ML
Alert agains PII

Question 95

AWS Security Hub

Answer 95

Dashboard to manage security across several AWS accounts and automate security checks
Aggregates alerts from Config, Guard Duty, Inspector, Macie, iAM Access Analyzer, Systems Manager, Firewall, Health, Partnet Network Solutions

Question 96

Amazon Detective

Answer 96

To analyze the root cause of security issues using ML and graphs

Question 97

AWS Abuse

Answer 97

Report suspected AWS resources used for abuse or illegal purpose

Question 98

CloudTrail

Answer 98

Track API calls made by users within the account

Question 99

iAM Access Analyzer

Answer 99

To identify which resources are shared externally outside your zone of trust

Question 100

Amazon Rekognition

Answer 100

To recognize objects, people, text and scene in images and videos
using machine learning

Question 101

Amazon Transcribe

Answer 101

Convert Speech To Text

Question 102

Polly

Answer 102

Convert Text to Speech

Question 103

Amazon Translate

Answer 103

Translate text to other language

Question 104

Amazon Lex

Answer 104

Same tech as Alexa. Uses ASR. Speech to Text and natural language understanding (NLU) to recognize the intent of the text

Helps to build ChatBots

Works with Amazon Connect (Call centre solution)

Question 105

Amazon Comprehend

Answer 105

NLP
Analyze customer emails

Question 106

Amazon SageMaker

Answer 106

Fully managed service for developers/data scientists to build machine learning models

Question 107

Amazon Forecast

Answer 107

Fully managed service uses ML to forcast

Question 108

Amazon Kendra

Answer 108

Fully managed document search service uses ML

Question 109

Amazon Personlize

Answer 109

Build apps with real time personlized recommendations

Question 110

Amazon Textracts

Answer 110

Extract text, handwriting, or data from any scanned document
and behind the scenes

Question 111

SCP (Service control policies)

Answer 111

Centrally manage all users and roles permissions in your organization
Whitelist or Blacklist iAM actions
Apply at OU(Org unit) or account level and not at Master Account level
You can allow or deny access to your AWS account services to the OU or Account

Question 112

AWS Control Tower

Answer 112

Set up and govern a secure multi-account AWS environment with best practices for your organization
Automate the setup of accounts
Automate ongoing policy management using guardrails
Detect the policy violations and remediate them
Monitor your compliance through an interactive dashboard

Question 113

AWS RAM (Resource access manager)

Answer 113

Share resources(owned by your account) with other accounts

Question 114

AWS Service Catalog

Answer 114

Self Service Portal to launch AWS services (pre configured by cloudformation templates) by the users
To use pre-defined tracks defined by admins

Question 115

AWS Compute optimizer

Answer 115

Supported resources to suggest cost optimization
EC2, EC2 ASG, EBS Volumes and Lambda Fx

Question 116

Pricing Calculator

Answer 116

To estimate cost in AWS and can be used by who does not have AWS account

Question 117

Cost usage report

Answer 117

Used for tracking cost. Shows when, why and how much the cost was incurred
Can be integrated with Athena, QuickSight or RedShift

Question 118

Cost Explorer

Answer 118

High level tracking compred to Cost usage report
Forcast the bill upto 12 months based on past usage
Can suggest Savings plan for reserved instances

Question 119

AWS Budgets

Answer 119

Alarm when cost exceeds the budget or forcast exceeds the budget

Question 120

AWS cost anomaly detection

Answer 120

Uses ML to detect cost anaomaly
Monitor cost->Get Alerted->RCA

Question 121

AWS Service Quotas

Answer 121

Notify when you are close to your service quota value threashold
Create CloudWatch Alarms
Request to increase service quota

Question 122

Trusted Advisor

Answer 122

High level AWS account assessment
Recommendation on 5 categories: PCSFS
-Cost Optimizations
-Performance
-Security
-Fault Tolerance
-Service Limits

7 Core checks for basic and developer plans
-S3 bucket permissions - Making sure bucket is not public
-Security group, making sure that some ports are not unrestricted, such as SSH.
-IAM Use so making sure that we have at least one,
-IAM user in our accounts.
-Ensuring we don’t have any EBS public snapshots
-Ensuring we do not have any RDS public snapshots
-Looking at service limits in AWS

Full Checks for business and enterprise plans
- Full checks in all 5 categories above
- Set cloudwatch alarms
- Programatic access to AWS Support API

Question 123

AWS STS

Answer 123

Security token services is only to provide temporary limited credential services to a AWS services to a user

Question 124

Cognito

Answer 124

Identity for web and mobile application users

Question 125

AWS Directory services

Answer 125

AWS Managed Microsoft AD ((AD users both on prem and AWS)
AD Connector (AD Users onpremise)
Simple AD (AD users on AWS only)

Question 126

AWS IAM Identity Center (SSO)

Question 127

Amazon Workspaces

Answer 127

Destop as a Service (DaaS) to provision Windows and Linus desktops

Question 128

AppStream

Answer 128

Desktop application streaming service on your web browser (no need of virtual desktop)

Question 129

IoT Core

Answer 129

To connect IoT devices into AWS cloud

Question 130

Elastic Transcoder

Answer 130

Convert media files on S3 to media files as required by the devices like phones, etc.

Question 131

AppSync

Answer 131

To build a backend for your mobile and web application
To store and synchronize data for mobile and web applications in real time
Makes use of GraphQL

Question 132

Amplify

Answer 132

Helps to develop full stack Web and Mobile applications

Question 133

Device Farm

Answer 133

To test web and mobile apps using real devices and browsers

Question 134

AWS Backup

Answer 134

Automate backups across AWS services into S3
Cross region and cross account backups

Question 135

Disaster recovery strategies

Answer 135

Backup and restore (cheapest)
Pilot light
Warm standby
Multi sites/hot sites

Question 136

AWS Elastic DR

Answer 136

To recover physical, virtual and cloud based servers into AWS
Continuous replication of on premise apps, OS and DBs into AWS low cost staging.
On failover move to higher cost production enviornment on AWS

Question 137

AWS DataSync

Answer 137

Move large amount of data from on premise to AWS using replication
After full load the replication is incremental

Question 138

Application Discovery Service and Migration

Answer 138

Services to migrate on premise to AWS

Question 139

AWS Migration Evaluator

Answer 139

Install Collector on premise to collect all info with regards to data, servers, dependenscies, etc.
Input that into AWS Migration Evaluator
Output is quick insights into cost and business case

Question 140

AWS Migration Hub

Answer 140

Central location where you can collect server and applications inventory data for the assessment, planning and tracking of migrations to AWS
Automate the process of lift and shift
Also use AWS Hub Migration Orchestrator to use pre-bulit templates for SAP, SQL Server, etc.

Question 141

AWS Fault Injection Simulator (FIS)

Answer 141

Generate and run experiment templates to create disruptions to the application like suddeb increase in CPU or RAM, etc to see how the application reacts.
Monitor using CloudWatch or EventBridge

Question 142

Step Functions

Answer 142

Serverless visual workflow to orchestrate Lambda functions

Question 143

Ground Station

Answer 143

Control Satellite communication

Question 144

AWS Pinpoint

Answer 144

2 way marketing communication service

Question 145

6 Pillars

Answer 145

• Operational Excellence
• Security
• Reliability
• Performance Efficiency
• Cost Optimization
• Sustainability

Question 146

AWS CAF (Cloud adoption framework)

Answer 146

• White paper that helps you to build and execute a plan for digital transformation using AWS
• It groups the capabilities under
  Business
• Business
• People
• Governance
  Technical
• Platform
• Security
• Operations

Question 147

AWS CAF Transformation Domains

Answer 147

• Technology
• Process
• Organization
• Product

Question 148

AWS IQ

Answer 148

Help to quickly find a professional to help you with your AWS projects

Question 149

AWS re:Post

Answer 149

Community Forum. AWS managed Q&A service

Question 150

AWS Managed Service

Answer 150

AWS provides a team of AWS exeprts to help you manage and operate your infrastructure for security, reliability and availability