Study Flashcards
1
Q
a piece of software that makes itself available over the internet and uses standardized format for request and response of an API interaction
A
web service
2
Q
what are three ways to interact with AWS?
A
AWS Management Console
Command Line Interface
Software Development Kits (SDKs)
3
Q
six perspectives of AWS Cloud Adoption Framework (AWS CAF)
A
business, people, governance, platform, security, operations
4
Q
describe compute pricing
A
charged per hour/second (Linux only); varies by instance type
5
Q
describe Storage pricing
A
charged per GB
6
Q
describe Data Transfer pricing
A
outbound is aggregated and charged; inbound usually has no charge; usually charged per GB
7
Q
how long does free tier stay free?
A
1 year
8
Q
what are 5 free AWS services?
A
- Amazon VPC
- Elastic Beanstalk
- Auto Scaling
- AWS CloudFormation
- AWS Identity and Access Management (IAM)
9
Q
what are 4 considerations when determining Total Cost of Ownership (TCO)?
A
- server costs
- storage costs
- network costs
- IT labor costs
10
Q
AWS tool that lets you estimate monthly costs, identify opportunities to reduce costs, model solutions, explore price points, find available instance types, name estimates and create name groups of services
A
AWS Pricing Calculator
11
Q
AWS feature that consolidates different accounts into a tree
A
AWS Organizations
12
Q
rules that allow or deny access to AWS services for individuals in an organization unit (OU)
A
SCP (Service Control Policies)
13
Q
true or false: there is no limit on the number of OU (organization units) you can have
A
false
14
Q
tech support service for proactive guidance
A
Technical Account Manager (TAM)
15
Q
tech support service for best practices
A
AWS Trusted Advisor
16
Q
tech support service for account assistance
A
AWS Support Concierge
17
Q
list the 4 tech support plans and the case severity they support
A
Basic - NO case support
Developer - normal and low
Business - urgent, high, normal, low
Enterprise - critical, urgent, high, normal, low (all)
18
Q
what 3 elements can AWS infrastructure be broken into?
A
regions, availability zones, and points of presence
19
Q
what are the 4 steps to securing a new account?
A
- Stop using root (and delete root user access keys)
- Enable MFA
- Use AWS CloudTrail to track user activity
- Enable a billing report
20
Q
service that provides managed DDoS protection
A
AWS Shield
21
Q
a resource for compliance related info, where you can access security and compliance reports through the management console
A
Artifact
22
Q
3 steps for making your VPC architecture secure
A
- isolate subnets if possible
- choose appropriate gateway device or VPN connection for your needs
- use firewalls
23
Q
a highly available and scalable DNS web service
A
Route 53
24
Q
globally distributed system of caching servers
A
Content Delivery Network (CDN)
25
9 key decisions when creating an EC2 instance
1. Select an AMI
2. Select an instance type
3. Specify network settings
4. Specify IAM role
5. Specify user data script (optional)
6. Specify storage
7. Add tags
8. Specify security group settings
9. Identify or create the key pair
26
software platform that lets you run containers created from an image
Docker
27
AWS service for container management
EC2
28
open source software for container orchestration that complements Docker
Kubernetes
29
Amazon service that enables running Kubernetes on AWS
Amazon Elastic Kubernetes Service (EKS)
30
fully managed Docker container registry where you can store, manage, and deploy Docker container images
Amazon Elastic Container Registry (ECR)
31
AWS service for serverless, event-driven computing
Lambda
32
max memory allocation for a single Lambda function
3,008 MB
33
max execution time for a Lambda function
15 minutes
34
AWS service for easy deployment of web applications
Elastic Beanstalk
35
a file storage service for use with Amazon EC2. It provides a file system interface, file system access semantics, and concurrently-accessible storage for up to thousands of Amazon EC2 instances
EFS (Elastic File System)
36
what do you need to access AWS resources programmatically?
Access Key ID and Secret Access Key
37
instance type that lets you take advantage of unused EC2 capacity in the AWS cloud, available at up to a 90% discount compared to On-Demand prices. You can use them for various stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, CI/CD, web servers, high-performance computing (HPC), and other test & development workloads
Spot Instances
38
support type where you have production workloads on AWS and want 24x7 phone, email and chat access to technical support and architectural guidance in the context of your specific use-cases. You get full access to AWS Trusted Advisor Best Practice Checks. Also, you get access to Infrastructure Event Management for an additional fee
Business Support
39
Which two AWS services can be used to decouple components of a microservices based application on AWS Cloud
SNS and SQS
40
what AWS service adds user sign-up, sign-in access control to web and mobile apps?
Cognito
41
AWS feature that lets you explore AWS services and create an estimate for the cost of your use cases on AWS
AWS Pricing Calculator
42
support that includes concierge-like service where the main focus is on helping the customer achieve their outcomes and find success in the cloud. You get access to online training with self-paced labs, 24x7 technical support from high-quality engineers, tools and technology to automatically manage the health of your environment, consultative architectural guidance, a designated Technical Account Manager (TAM) to coordinate access to proactive/preventative programs and AWS subject matter experts
Enterprise Support
43
AWS service that lets you run code without provisioning or managing servers. You pay only for the compute time you consume and can run code for virtually any type of application or backend service - all with zero administration
Lambda
44
Fill in the blank: _____ volume can be attached to a single instance in the same Availability Zone whereas ____ file system can be mounted on instances across multiple Availability Zones
EBS Volume
EFS file system
45
a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS
Macie
46
central resource for compliance-related information that matters to your organization. It provides on-demand access to AWS’ security and compliance reports and select online agreements
AWS Artifact
47
professional services firms that help customers of all types and sizes design, architect, build, migrate, and manage their workloads and applications on AWS, accelerating their migration to AWS cloud
APN (Amazon Partner Network) Consulting Partners
48
AWS Web Application Firewall (WAF) offers protection from common web exploits at which layer?
Layer 7 (Application)
49
a fully managed, serverless, key-value NoSQL database designed to run high-performance applications at any scale. offers built-in security, continuous backups, automated multi-region replication, in-memory caching, and data export tools
DynamoDB
50
DynamoDB feature that replicates data automatically across your choice of AWS Regions and automatically scale capacity to accommodate your workloads
global tables
51
Fill in the blank: Each AWS Region consists of _______ Availability Zones
Two or more
52
Fill in the blank: Each Availability Zone (AZ) consists of ___________ discrete data centers
One or more
53
Which two AWS services support VPC Endpoint Gateway for a private connection from a VPC?
S3, DynamoDB
54
a physical server fully dedicated for your use, so you can help address corporate compliance requirements, and allows you to bring your own supported software licenses
EC2 Dedicated Host
55
provides temporary block-level storage for your instance. This storage is located on disks that are physically attached to the host computer. This is a good option when you need storage with very low latency, but you don't need the data to persist when the instance terminates or you can take advantage of fault-tolerant architectures
Instance Store
56
In order for an account to be removed from an Organization, it must be able to ______________
operate as a stand alone account
57
service used to analyze and debug serverless and distributed applications such as those built using a microservices architecture. You can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors.
X-Ray
58
service that recommends optimal AWS resources for your workloads to reduce costs and improve performance by using machine learning to analyze historical utilization metrics
AWS Compute Optimizer
59
what is the minimum time charged for Linux based EC2 instances?
One minute
60
an automated security assessment service that helps improve the security and compliance of applications deployed on your Amazon EC2 instances
Amazon Inspector
61
persistent block storage solution where individual storage volumes are created and attached to EC2 instances, and data is automatically replicated within an Availability Zone
EBS (Elastic Block Storage)
62
object storage solution that uses buckets to store data redundantly in multiple Availability Zones in the same region
S3 (Simple Storage Solution)
63
a simple, scalable, fully managed elastic network file system for use with AWS Cloud services and on-premises resources
EFS (Elastic File System)
64
a secure, durable, and extremely low-cost Amazon S3 cloud storage class for data archiving and long-term backup
S3 Glacier
65
container for storing archives with S3 Glacier
vault
66
use cases for RDS
web/mobile apps, e-commerce, mobile/online games, complex transactions and queries
67
DynamoDB operation to find an item using an attribute other than the primary key
scan
68
a fully-managed petabyte-scale cloud-based data warehouse product designed for large scale data set storage and analysis
Redshift
69
what are use cases for Redshift?
Enterprise Data Warehouses (EDW), big data, SaaS
70
a fully-managed MySQL and PostgreSQL-compatible relational database built for the cloud, which automates time-consuming administration tasks like hardware provisioning, database setup, patching, and backups
Aurora
71
five pillars of AWS Well-Architected Framework
- Operational excellence
- Security
- Reliability
- Performance efficiency
- Cost optimization
72
the probability that your entire system will function as intended for a specified period
reliability
73
normal operation time/total time; percentage of uptime
availability
74
5 categories under Trusted Advisor
- cost optimization
- performance
- security
- fault tolerance
- service limits
75
type of load balancing that is done on HTTP and HTTPS on the application layer
Application Load Balancer
76
type of load balancing done on the transport layer where extreme performance is required
Network Load Balancer
77
type of load balancer done on HTTP, HTTPS, TCP, and SSL traffic, as well as across EC2 instances, on the application and transport layers
Classic Load Balancer
78
a monitoring and observability service built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers. Provides data and actionable insights to monitor applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health
CloudWatch
79
what are the 5 design principles of the Operational Excellence pillar in the Well-Architected Framework?
- documentation
- frequent and small changes
- operations as code
- refining procedures quickly
- anticipate system failure
80
the pillar of the well-architected framework that focuses on the stability of AWS systems and their ability to support business value with long uptimes and durable systems
Reliability
81
well-architected framework pillar that supports computing resources to maintain and meet business requirements as technologies change over time within the AWS structure
Performance Efficiency
82
what are the 4 principles of the Performance Efficiency pillar in the well-architected framework?
- going global
- implementing serverless technologies
- experimenting with development
- mechanical sympathy
83
total number of VPCs you can have in one region
5
84
what should you do immediately after logging into root user for the first time?
enable MFA
85
when using the visual editor from the IAM console to create a new IAM policy, what two components will you be prompted to provide?
- choose a service
- select an action
86
EC2 instance purchasing option best for short, uninterrupted workloads for predictable, pay by the second pricing
on-demand
87
EC2 instance purchasing option good for steady-state usage applications (think database), purchased for 1 or 3 years
reserved instance
88
EC2 instance purchasing type good for long workloads where you get a discount based on long term usage and you commit to a certain usage type
savings plan
89
EC2 instance purchasing type for short workloads that are resilient to failure and offer the biggest discount, but less reliability
spot instances
90
EC2 instance purchasing type where you reserve an entire physical server and BYOL (bring your own license) is permitted; most expensive option
dedicated host
91
EC2 instance purchasing option where no other customers will share your hardware
dedicated instance
92
EC2 instance purchasing option good for short term, uninterrupted workloads in a specific AZ, where you can reserve capacity in that AZ for any duration; no time commitment, no billing discount
capacity reservation
93
what instance type is best for the following use cases:
- diverse worloads
- web servers
- code repositories
general purpose
94
what instance type is best for the following use cases:
- batch processing workloads
- media transcoding
- high performance web servers
- high performance computing
- scientific modeling
- machine learning
- dedicated gaming servers
compute optimized
95
what instance type is best for the following use cases:
- high performance databases
- distributed web scale cache stores
- in-memory database optimized for BI
- applications performing real time processing of big unstructured data
memory optimized
96
what instance type is best for the following use cases:
- high frequency online transaction processing (OLTP) systems
- relational and NoSQL databases
- cache for in-memory databases
- data warehouses
- distributed file systems
storage optimized
97
what should be used to ensure regulatory compliance and enforce encryption of data at rest and data in transit?
IAM
98
AWS service that provides information related to compliance in one location
AWS Compliance Center
99
main benefit of Elastic IP address
ability to move network attributes from one instance to another in a single step
100
instance purchasing type used for running processes in the background, batch processing, data aggregation, and non-time sensitive work
spot instances
101
networking connection that links your on premises network to AWS network
AWS Direct Connect
102
a set of virtual servers used in AWS to add resources in processing large amounts of data at reduced cost from within the EC2 infrastructure
fleet
103
instance purchase type for spiky, short term, unpredictable workloads
on demand instances
104
IAM policy type used to control and maintain a strict correlation between the principle entity and the policy itself
inline IAM policy
105
Amazon recommends data in transit be encrypted using which two protocols?
SSL/TLS or IPSec ESP
106
a centralized platform for data science, data analytics, and machine learning within S3
S3 data lake
107
service used to perform hardware checks
Personal Health Dashboard
108
max size of an object in S3
5 TB
109
max number of objects that an S3 bucket can contain
infinite
110
a CDN that caches copies of data around the world near customers using edge locations
CloudFront
111
AWS service that creates a mini Region inside a company's own data center or company building; an example of a hybrid cloud
AWS Outposts
112
service that's good for processing terabytes/petabytes of data, structured or unstructured
RedShift
113
what two services does a Gateway type end point work with?
DynamoDB, S3
114
service that connects several VPCs within an individual region
VPC Peering
115
6 types of database instances offered by RDS
- Microsoft SQL Server
- MySQL
- MariaDB
- Oracle
- Amazon Aurora
- PostgreSQL
116
3 customer support cases you can create with the AWS Management Console
- Account and billing
- Service limit increase
- Technical support
