Services

Question 1

SQS

Answer 1

Simple Queue Service
Messages in the queue, can be polled by multiple consumers. Serverless. 4 day retention with maximum 14 days. Deleted once read. Allows decoupling of applications

Question 2

SNS

Answer 2

Simple Notification Service
Create topics with multiple subscribers. Subscribers get all messages. Subscribers can be HTTP/HTTPS, email, SMS, Mobile Notifications, SQS queues, Lambda

Question 3

Kinesis

Answer 3

Realtime Data Streaming

Collect, process and analyze real-time streaming data

Question 4

Amazon MQ

Answer 4

Managed Apache MQ

Used when an existing message service is needs to migrate to the cloud. Runs on dedicated machine. Doesn’t scale as well

Question 5

Service Health Dashboard

Answer 5

Shows status of AWS Services, present and historical for each region. Can subscribe to an RSS feed to get notifications

Question 6

Personal Health Dashboard

Answer 6

Provides alerts and remediation guidance when AWS experiencing events that impact you and your services. Warns about scheduled activities via notifications. Can see historical issues as well.

Question 7

IAM MFA

Answer 7

Multi-Factor Authentication
Virtual MFA (google authenticator or Authy)
U2F Universal Second Factory (USB)
Hardware MFA (device with number)

Question 8

Organisations

Answer 8

Manages multiple AWS accounts
Consolidated Billing
Pricing benefits 
Pooled EC2 reserved instances
API for automated account creation
Restrict privileges using Service Control Policy (SCP)

Best Practices
Multi Account vs One Account Multi VPC
Use tagging for billing purposes
Enable cloudtrail on all accounts, send logs to central S3
Cloudwatch Logs to central logging account

Question 9

Acceptable use policy

Answer 9

No illegal harmful, offensive or abusive use. AWS Trust & Safety team can be contacted when you think AWS is being abused

Question 10

Trusted Advisor

Answer 10

Analyze your AWS accounts and provides recommendations.
Cost Optimization
Performance
Security (Some things are free)
Fault Tolerance 
Service Limits

For most stuff you need Business or Enterprise Support

Find underutilized/overutilized resources, security problems or service limit information

Question 11

AWS Control Tower

Answer 11

Easy set up of multiple accounts with best practices

Question 12

Config

Answer 12

Record all resources configurations and compliance over time

Question 13

CloudFormation

Answer 13

Infrastructure as code

Question 14

Logging

Answer 14

Service Logs and Access Logs to S3 or CloudWatch Logs

Question 15

CloudTrail

Answer 15

Records API calls made within your account

Question 16

TCO Calculator

Answer 16

Calculates the cost and savings of moving to the cloud

Question 17

Simple Monthly Calculator/Pricing Calculator

Answer 17

Tells you the estimated cost of services before you use them. SMC is being depreciated in favour of PC

Question 18

Billing Dashboard

Answer 18

Overview of costs in AWS. Breaks down per service

Question 19

Cost and Usage Reports

Answer 19

Most comprehensive cost reports. Can be integrated in with Athena, Redshift or QuickSight

Question 20

Cost Explorer

Answer 20

Visualise and manage AWS costs and usage. Create custom reports at a high level across accounts. Choose optimal savings plan. Forecast usage up to 12 months based on previous usage.

Question 21

Billing Alarms

Answer 21

Billing data is stored in us-east-1, but is for worldwide cost. Actual cost, not projected. Simple alarm, not as powerful as budgets

Question 22

Budgets

Answer 22

Create budget and send alarms when costs exceed budgets.
3 types of budgets: Usage, Cost, Reservation
For reserved instances:
track utilisation
Supports EC2, RDS, Redshift
5 SNS notifications per budget
Lots of filters

Question 23

Athena

Answer 23

Fully Serverless database with SQL capabilities. Query S3. Pay per query. Output to S3.

Question 24

Redshift

Answer 24

Based on postgres. OLAP (data warehousing). Columnar.

Question 25

QuickSight

Answer 25

Dashboarding tool.

Question 26

CloudWatch Metrics

Answer 26

Variable monitor. Create dashboards.

Question 27

CloudWatch Alarms

Answer 27

Alarms for when metrics go above expected levels. Can also create Billing alarms

Question 28

CloudWatch Logs

Answer 28

Collect log files from various applications such as beanstalk, ECS, Lambda, On-Premises, DNS. Real-time monitoring of logs.

Question 29

CloudWatch Events

Answer 29

React to events on AWS. Cron Jobs etc. Send SNS, SQS messages.

Question 30

EventBridge

Answer 30

Next gen events. Default event bus for AWS services. Partner event bus for third party events. Custom event buses for own applications. Schema Registry

Question 31

CloudTrail

Answer 31

History of events / API calls made within AWS account. Can apply to various regions or all.

Question 32

What is encrypted by default?

Answer 32

s3 Glacier, AWS Storage Gateway

Question 33

Storage Gateway

Answer 33

Bridge to on-premises storage for hybrid storage.

Question 34

SSM

Answer 34

Systems Manager | Manage ECS and On-Premises systems at scale. Hybrid AWS service. Get operational insights of infra.

Question 35

Inspector

Answer 35

Automated Security Assessments for EC2 instances. Install inspector Agent on EC2 instance. Get a report

Question 36

Serverless

Answer 36

Lambda. Gateway. DynamoDB. S3. Kinesis. Aurora. Fargate. SNS. SQS. EFS. RDS Proxy. AppSync. Step Functions. Athena. EventBridge.

Question 37

Elastic Beanstalk

Answer 37

PaaS. Developer centric view of deploying. Control over config, but everything in one view.

Question 38

Lightsail

Answer 38

Easy to get up and running. Simple applications with little cloud experience. No autoscaling.

Question 39

Shared responsibility Model

Answer 39

AWS and user specific responsibilities. Some are shared. Use common sense!

Question 40

AMI

Answer 40

Amazon Machine Image | Customisation of EC2 instance. Specific region! Can buy on Marketplace.

Question 41

Types of computing

Answer 41

``` IaaS Provide building blocks for cloud IT. Infra only EC2 etc. PaaS Don't need to manage infra. Deployment and management of applications Beanstalk SaaS Completed product provided by the service provider Rekognition ```

Question 42

EMR

Answer 42

Elastic MapReduce Hadoop cluster (Big Data) Analyse lots of data

Question 43

QuickSight

Answer 43

Create dashboards for analysing database with machine learning

Question 44

Neptune

Answer 44

Graph database | Social Network usage. Wikipedia

Question 45

QLDB

Answer 45

Quantum Ledger Database | Financial transactions. Immutable. Review changes over time.

Question 46

Managed Blockchain

Answer 46

Blockchain without the need for trusted, central authority

Question 47

DMS

Answer 47

Database Migration Service

Question 48

Glue

Answer 48

ETL service. Exract transform and load | Prepare and transform data sets for analytics

Question 49

1st Pillar: Operational Excellence

Answer 49

``` Run and monitor systems Perform operations as code. Automated documentation. Frequent small reversible changes Refine operations procedures frequently Anticipate Failure ``` ``` Cloudformation config cloudtrail cloudwatch x-ray CI/CD tools ```

Question 50

2nd Pillar: Security

Answer 50

Ability to protest information while delivering business value through risk assessment Strong Identity foundation. IAM. Least Privilege. Traceability. Security at all layers. protect data in transit and at rest Prepare for security events

Question 51

Systems Manager

Answer 51

Centralize operational data from multiple AWS services and automate tasks across your AWS resources.

Question 52

What are the 5 pillars of well architected Framework?

Answer 52

OpSeRePeCo ``` Operational Excellence Security Reliability Performance Efficiency Cost Optimisation ```

Question 53

Operational Excellence

Answer 53

``` 1st Pillar Operations as code Annotate Documentation Frequent and small, reversible changes Refine operations frequently Learn from failures ``` ``` AWS Cloud Formation AWS Config CloudTrail CloudWatch X-Ray CI/CD CodeBuild CodeCommit CodeDeploy CodePipeline ```

Question 54

Reliability

Answer 54

2nd Pillar ``` Strong Identity Foundation Traceability Security at all layers Automate best practices Protect in transfer and at rest Keep people away from data Prepare for security Events ``` ``` IAM STS MFA Organisations Config Cloudtrail CloudWatch CloudFront VPC Shield WAF Inspector KMS S3 ELB EBS RDS CloudFormation CloudWatch Events ```

Question 55

Reliability

Answer 55

3rd Pillar ``` Test Recovery Procedures Automatically Recover from failure Scale Horizontally Stop guessing Capacity Manage change in automation ``` ``` IAM VPC Service Limits AWS trusted advisor Auto Scaling CloudWatch CloudTrail Backups CloudFormation ```

Question 56

What services can you reserve instances on?

Answer 56

EC2, dynamos, elasticache, rds, redshift

Question 57

What are the 5 elements of trusted advisor?

Answer 57

``` Cost Optimisation Performance Security Fault Tolerance Service Limits ```