ST's Question Bank Flashcards
What prevents groups of EC2 nodes from sharing the same underlying hardware?
Dedicated tenancy
Ensures hw dedicate to a single customer
esp. important for workloads that requires high levels of security or compliance
What allows you to reserve capacity ensuring that you have the capacity available when needed especially useful for DR situations where it’s in another AZ/Region?
Capacity reservation
what Acts as a managed service to create, publish, and secure APIs at scale. Allows the creation of API endpoints that can be integrated with other web applications?
Amazon API Gateway:
what is Used to capture and upload streaming data to other AWS services. In this case, you can store the information in an Amazon S3 bucket.
Amazon Kinesis Data Firehose
what Provides a way to control access to your APIs using Lambda functions. Allows you to implement custom authorization logic. This solution offers scalability, the ability to handle unpredictable surges in activity, and integration capabilities. Using a Lambda API Gateway authorizer ensures that the authorization step is performed securely.
API Gateway Lambda Authorizer:
what is a common and effective solution for maintaining user session state in a web application, providing high availability and preventing loss of session state during web server outages?
Amazon ElastiCache for Redis
Amazon ElastiCache for Redis: Redis is an in-memory data store that can be used to store session data. It offers high availability and persistence options, making it suitable for maintaining session state. Sticky sessions and auto-scaling group: Using ElastiCache for Redis enables centralized storage of session state, ensuring that sticky sessions can still be maintained even if an EC2 instance is unavailable or replaced due to scaling automatic.
what is an in-memory data store that can be used to store session data. It offers high availability and persistence options, making it suitable for maintaining session state.
Amazon ElastiCache for Redis: Redis
What should you use to enable centralized storage of session state, ensuring that sticky sessions can still be maintained even if an EC2 instance is unavailable or replaced due to scaling automatic. It is commonly used for Sticky sessions and with auto-scaling groups.
Use ElastiCache for Redis
Compare how Application Load Balancer and API Gateway charges differ?
You are charged for each hour or partial hour that an application load balancer is running, and the number of load balancer capacity units (LCUs) used per hour. With Amazon API Gateway, you only pay when your APIs are in use.
What are the advantages of using CloudFront?
CloudFront for content delivery: CloudFront is used as a content delivery network (CDN) to distribute images globally. This reduces latency and ensures fast access for customers around the world.
Geo Restrictions in CloudFront: CloudFront supports geo restrictions, allowing the company to deny access to users from specific countries. This satisfies the requirement of controlling access based on the user’s location.
CloudFront is a cost-effective solution for content delivery, and can significantly reduce data transfer costs by serving content from edge locations close to end users.
What ElastiCache feature supports allowing the creation of replication groups that span multiple availability zones (AZs) within a region. This guarantees high availability at a regional level.
Multi-AZ Redis Replication Groups
There are a number of instances where ElastiCache for Redis may need to replace a primary node; these include certain types of planned maintenance and the unlikely event of a primary node or Availability Zone failure. If Multi-AZ is enabled, the downtime is minimized. The role of primary node will automatically fail over to one of the read replicas. There is no need to create and provision a new primary node, because ElastiCache will handle this transparently. This failover and replica promotion ensure that you can resume writing to the new primary as soon as promotion is complete.
What feature within an ElastiCache set up allows replication groups to contain multiple nodes, providing scalability and redundancy at the node level? This contributes to high availability and performance.
Shards with Multi-node
A shard (API/CLI: node group) is a collection of one to six Redis nodes. A Redis (cluster mode disabled) cluster will never have more than one shard. With shards, you can separate large databases into smaller, faster, and more easily managed parts called data shards. This can increase database efficiency by distributing operations across multiple separate sections. Using shards can offer many benefits including improved performance, scalability, and cost efficiency.
What feature allows EC2 instances to persist their in-memory state to Amazon EBS? When active, an instance can quickly resume with its previous memory state intact.
EC2 On-Demand Instances with Hibernation: Hibernation allows EC2 instances to persist their in-memory state to Amazon EBS. When an instance is hibernated, it can quickly resume with its previous memory state intact. This is particularly useful for reducing startup time and loading memory quickly.
What EC2 feature allows you to keep a specific number of instances running even when demand is low?
EC2 Auto Scaling Warm Pools
Warm pools keep instances in a state where they can respond quickly to increased demand. This helps reduce the time it takes for an instance to become fully productive.
What feature in auto scaling adjusts the size of the Auto Scaling group in response to changing demand that is unpredictable or sudden?
Dynamic Scaling: Dynamic scaling
Allows the Auto Scaling group to automatically increase or decrease the number of instances based on defined policies. This is well suited for handling surges in traffic as the group enters or exits as needed.
What auto scaling feature uses machine learning algorithms to predict future demand and adjust pool size accordingly, it could be overkill for sudden, unpredictable spikes in traffic?
Predictive Scaling: While predictive scaling uses machine learning algorithms to predict future demand and adjust pool size accordingly, it could be overkill for sudden, unpredictable spikes in traffic. Dynamic scaling can respond quickly without the need for extensive predictive analysis.
Predictive scaling works by analyzing historical load data to detect daily or weekly patterns in traffic flows. It uses this information to forecast future capacity needs so Amazon EC2 Auto Scaling can proactively increase the capacity of your Auto Scaling group to match the anticipated load.
Predictive scaling is well suited for situations where you have:
Cyclical traffic, such as high use of resources during regular business hours and low use of resources during evenings and weekends
Recurring on-and-off workload patterns, such as batch processing, testing, or periodic data analysis
Applications that take a long time to initialize, causing a noticeable latency impact on application performance during scale-out events
In general, if you have regular patterns of traffic increases and applications that take a long time to initialize, you should consider using predictive scaling. Predictive scaling can help you scale faster by launching capacity in advance of forecasted load, compared to using only dynamic scaling, which is reactive in nature. Predictive scaling can also potentially save you money on your EC2 bill by helping you avoid the need to over provision capacity.
What is Redshift used for?
Data warehouses
What is the scheduled scaling feature in Lambda used for?
Scheduled scaling for provisioned concurrency: ensures that a specified number of function instances are available and hot to handle requests. By configuring scheduled scaling to increase provisioned concurrency ahead of anticipated maximum usage each day, you ensure that there are enough warm instances to handle incoming requests, reducing cold starts and latency.
What is Athena used for?
Amazon Athena to Query Data in Amazon S3: Amazon Athena is a serverless query service that allows analysts to run SQL queries directly on data stored in Amazon S3. It’s cost-effective because you charge per query, and there’s no need to provision or manage infrastructure.
Used to build interactive, advance analytics application using data stored in cloud stores (e.g., S3), data lakes, or on-premise. Athena provides a simplified, flexible way to analyze petabytes of data where it lives
What is a visual workflow service that helps developers use AWS services to build distributed applications, automate processes, orchestrate microservices, and create data and machine learning (ML) pipelines?
AWS Step Functions
With Step Functions, you can orchestrate large-scale parallel workloads to perform tasks, such as on-demand processing of semi-structured data. These parallel workloads let you concurrently process large-scale data sources stored in Amazon S3.
Use cases:
* Automate extract, transform, and load (ETL) processes:
Ensure that multiple long-running ETL jobs run in order and complete successfully, without the need for manual orchestration.
- Orchestrate large-scale parallel workloads:
Iterate over and process large data-sets such as security logs, transaction data, or image and video files. - Orchestrate microservices:
Combine multiple AWS Lambda functions into responsive serverless applications and microservices. - Automate security and IT functions
Create automated workflows, including manual approval steps, for security incident response.
Learn more about creating a security incident response
NOTE: useful for large-scale parallel on-demand processing of a semistructured dataset
What is the map state in distributed mode within step functions used for?
To set up a large-scale parallel workload in your workflows, include a Map state in Distributed mode. The Map state processes items in a dataset concurrently. A Map state set to Distributed is known as a Distributed Map state. In Distributed mode, the Map state allows high-concurrency processing. In Distributed mode, the Map state processes the items in the dataset in iterations called child workflow executions.
Distributed mode
A processing mode of the Map state. In this mode, each iteration of the Map state runs as a child workflow execution that enables high concurrency. Each child workflow execution has its own execution history, which is separate from the parent workflow’s execution history. This mode supports reading input from large-scale Amazon S3 data sources.
What is the map state in inline (the default) mode within step functions used for?
By default, Map states runs in Inline mode. In Inline mode, the Map state accepts only a JSON array as input. It receives this array from a previous step in the workflow. In this mode, each iteration of the Map state runs in the context of the workflow that contains the Map state. Step Functions adds the execution history of these iterations to the parent workflow’s execution history.
A Map state set to Inline is known as an Inline Map state. Use the Map state in Inline mode if your workflow’s execution history won’t exceed 25,000 entries, or if you don’t require more than 40 concurrent iterations.
What is a hybrid cloud storage service that provides seamless, secure integration between on-premises IT environments and AWS storage services?
AWS Storage Gateway: AWS Storage Gateway is a hybrid cloud storage service that provides seamless, secure integration between on-premises IT environments and AWS storage services. Supports different gateway configurations, including volume gateways.
Volume Gateway Types:
* Stored Volumes: Entire data sets are stored on-premises, and the entire data set is backed up to Amazon S3.
* Cached volumes: Only frequently accessed data is stored on-premises, while the entire data set is backed up to Amazon S3.
Low latency access with cached volumes: Cached volumes provide low latency access to frequently used data because frequently accessed data is stored locally on premises. The entire dataset is backed up on Amazon S3, ensuring durability and accessibility.
Using a cached volume gateway minimizes the need for significant changes to existing infrastructure. It allows the company to keep frequently accessed data on-premises while taking advantage of the scalability and durability of Amazon S3.
What are the differences between AWS Storage Gateway volume gateway with stored volumes and AWS Storage Gateway volume gateway with cached volumes?
Volume Gateway Types:
* Stored Volumes: Entire data sets are stored on-premises, and the entire data set is backed up to Amazon S3.
* Cached volumes: Only frequently accessed data is stored on-premises, while the entire data set is backed up to Amazon S3.
Low latency access with cached volumes: Cached volumes provide low latency access to frequently used data because frequently accessed data is stored locally on premises. The entire dataset is backed up on Amazon S3, ensuring durability and accessibility.
Using a cached volume gateway minimizes the need for significant changes to existing infrastructure. It allows the company to keep frequently accessed data on-premises while taking advantage of the scalability and durability of Amazon S3.
AWS Storage Gateway volume gateway with stored volumes: Stored volumes keep the entire data set on-premises, and may not be best suited for low-latency access to frequently used data. Therefore, option D, which uses an AWS Storage Gateway volume gateway with cached volumes, is the most appropriate option for the given requirements.
T/F: it’s a best practice to deploy AWS Firewall Manager to manage ALB.
F
AWS Firewall Manager is best suited for managing security policies at an organizational level rather than specific to individual applications. While AWS Firewall Manager can manage WAF policies, using WAF directly with ALB is a simpler and more common approach.
T/F: When it comes to granular access control at the data level (row level or cell level), IAM roles are sufficient enough to provide the needed security control.
F
IAM roles are typically used for authentication and authorization at the AWS service level. However, when it comes to granular access control at the data level (row level or cell level), IAM roles alone might not be enough.
What is used in Lake Formation to implement column-level, row-level, and cell-level security?
Data Filters
What is the recommended design for handling near real-time streaming data at scale? The aim is to Provide the scalability and resilience needed to process large volumes of data.
Amazon Kinesis Data Streams, for ingesting data and processing it with AWS Lambda functions
The keyword is “real time”. Kinesis data streams are meant for real time data processing.
T or F: Amazon EKS offers the option to encrypt Kubernetes secrets at rest using AWS Key Management Service (AWS KMS). This is a native and managed solution within the EKS service, reducing operational overhead. Kubernetes secrets are automatically encrypted using the default AWS KMS key for the EKS cluster. However, to ensure that sensitive information stored in Kubernetes secrets is encrypted, you will need a third party encryption feature.
F
Amazon EKS offers the option to encrypt Kubernetes secrets at rest using AWS Key Management Service (AWS KMS). This is a native and managed solution within the EKS service, reducing operational overhead. Kubernetes secrets are automatically encrypted using the default AWS KMS key for the EKS cluster. This ensures that sensitive information stored in Kubernetes secrets is encrypted, providing security.
_______________ provides a comprehensive solution for monitoring and analyzing containerized applications, including those running on Amazon Elastic Kubernetes Service (Amazon EKS). It collects performance metrics, logs, and events from EKS clusters and containerized applications, allowing you to gain insight into their performance and health.
Amazon CloudWatch Container Insights
_______________ is a threat detection service that continuously monitors malicious activity and unauthorized behavior in AWS accounts. It analyzes VPC flow logs, AWS CloudTrail event logs, and DNS logs for potential threats. Its findings can be sent to AWS Security Hub, which acts as a central hub for monitoring security alerts and compliance status across all AWS accounts.
Amazon GuardDuty
__________ consolidates and prioritizes findings from multiple AWS services, including GuardDuty, and provides a unified view of security alerts. It integrates with third-party security tools and allows the creation of custom actions to remediate security findings. This solution provides continuous monitoring, detection, and reporting of malicious activities in your AWS account, including S3 bucket access patterns.
AWS Security Hub
________ is a service that focuses on discovering, classifying, and protecting sensitive data.
Amazon Macie
__________ is a data transfer service that simplifies and accelerates data migration between on-premises storage systems and AWS. By installing this service’s agent in your on-premises data center, you can use its tasks to efficiently transfer data to Amazon EFS. This approach helps minimize downtime and ensure a smooth migration.
AWS DataSync
_____________ is an optional feature of a backup vault, which can be helpful in giving you additional security and control over your backup vaults. When it is active in Compliance mode and the grace time is over, the vault configuration cannot be altered or deleted by a customer, account/data owner, or AWS. Each vault can have one in place.
AWS Backup Vault Lock