Study Concepts

Question 1

What are characteristics of EBS volumes?

Answer 1

• When you create an EBS volume in an Availability Zone, it is automatically replicated within that zone to prevent data loss due to a failure of any single hardware component.
• An EBS volume can only be attached to one EC2 instance at a time.
• After you create a volume, you can attach it to any EC2 instance in the same Availability Zone
• An EBS volume is off-instance storage that can persist independently from the life of an instance. You can specify not to terminate the EBS volume when you terminate the EC2 instance during instance creation.
• EBS volumes support live configuration changes while in production which means that you can modify the volume type, volume size, and IOPS capacity without service interruptions.
• Amazon EBS encryption uses 256-bit Advanced Encryption Standard algorithms (AES-256)
• EBS Volumes offer 99.999% SLA.

Question 2

What type of workloads are best for SSD or HDD volumes?

Answer 2

• Small, random I/O operations - SSD
• Large, sequential I/O operations - HDD

Question 3

What are the needs for Standard-IA OneZone storage?

Answer 3

Non-critical, easily reproducible and infrequently accessed

Question 4

Where can S3 send event notifications to?

Answer 4

• SNS Topic
• SQS Queue
• Lambda

Question 5

What are the different Auto Scaling Policy types?

Answer 5

1. Simple scaling - Increase or decrease the current capacity of the group based on a single scaling adjustment
2. Step Scaling - Increase or decrease the current capacity of the group based on a set of scaling adjustments, known as step adjustments, that vary based on the size of the alarm breach
3. Target Tracking Scaling - Increase or decrease the current capacity of the group based on a target value for a specific metric

Question 6

What are the 4 distinct services under Amazon Kinesis?

Answer 6

• Kinesis Data Firehose
  
  • Loads streaming data into data stores and analytics tools
  • Capture, transform, and load streaming data into Amazon S3, Amazon Redshift, Amazon Elasticsearch Service, and Splunk (NOT Lambda!!!)
• Kinesis Data Streams
  
  • Massively scalable and durable real-time data streaming service
  • Use an AWS Lambda function to process records in Amazon KDS
• Kinesis Video Streams
• Amazon Kinesis Data Analytics

Question 7

What is the default termination policy for Auto Scaling groups?

Answer 7

1. Select the AZ with the most instances
2. Select the instances with the oldest launch configuration
3. Select the instances closest to the next billing hour
4. Select an instance at random

Question 8

What are the advantages of Standard-IA storage?

Answer 8

Low-cost and high performance

Question 9

What is the Auto Scaling cooldown period?

Answer 9

• Configurable setting that helps ensure to not launch or terminate additional instances before previous scaling activities take effect.
• EC2 Auto Scaling supports cooldown periods when using simple scaling policies, but not when using target tracking policies, step scaling policies, or scheduled scaling

Question 10

What is SSE?

Answer 10

Server Side Encryption

Question 11

What types of routing and other advantages do Application Load Balancers support?

Answer 11

• Path-based routing
• Host-based routing
• Support for containerized applications

Question 12

What does SNI Custom SSL do?

Answer 12

Allows multiple domains to serve SSL traffic over the same IP address by including the hostname which the viewers are trying to connect to

Question 13

What is a Write Capacity Unit (WCU)?

Answer 13

One WCU represents:

• 1 write per second
• Up to 1KB in size
  
  • Additional WCUs consumed if above 1 KB

Question 14

What is an Amazon API Gateway cache?

Answer 14

• You can add caching to API calls by provisioning an Amazon API Gateway cache and specifying its size in gigabytes.
• The cache is provisioned for a specific stage of your APIs. This improves performance and reduces the traffic sent to your back end.
• Cache settings allow you to control the way the cache key is built and the time-to-live (TTL) of the data stored for each method.
• Amazon API Gateway also exposes management APIs that help you invalidate the cache for each stage.

Question 15

What AWS service offers managed instances of Chef and Puppet?

Answer 15

AWS OpsWorks

Question 16

What is the difference between Amazon Simple WorkFlow (SWF) and AWS Step Functions?

Answer 16

• SWF:
  
  • Fully-managed state tracker
  • Task coordinator service
    
    • It does not provide orchestration to multiple AWS resources
• Step Functions
  
  • Orchestration for applications
  • Orchestration for multiple AWS services

Question 17

What are Access Keys used for?

Answer 17

Authentication for API calls

Question 18

What is throttling?

Answer 18

• Amazon EC2 throttles EC2 API requests for each AWS account on a per-Region basis.
• We do this to help the performance of the service, and to ensure fair usage for all Amazon EC2 customers.
• Throttling ensures that calls to the Amazon EC2 API do not exceed the maximum allowed API request limits.

Question 19

What is Amazon EMR?

Answer 19

Amazon Elastic MapReduce:

• Managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances
• Securely and reliably handles a broad set of big data use cases:
  
  • Log analysis
  • Web indexing
  • Data transformations (ETL)
  • Machine learning
  • Financial analysis
  • Scientific simulation
  • Bioinformatics

Question 20

How does Amazon Redshift Enhanced VPC Routing work?

Answer 20

Using Amazon Redshift Enhanced VPC Routing:

• Amazon Redshift forces all COPY and UNLOAD traffic between your cluster and your data repositories through your Amazon VPC
• Use standard VPC features
  
  • Security groups
  • Network ACLs
  • VPC endpoints
  • VPC endpoint policies
  • Internet gateways
  • DNS servers
• Use to tightly manage the flow of data between your Amazon Redshift cluster and other resources
  
  • Use Enhanced VPC Routing to route traffic through your VPC
    
    • Also use VPC flow logs to monitor COPY and UNLOAD traffic
  • If Enhanced VPC Routing is not enabled:
    
    • Amazon Redshift routes traffic through the Internet
      
      • Including traffic to other services within the AWS network.

Question 21

What information about S3 activity can CloudTrail NOT collect?

Answer 21

• Detailed information about every access request sent to the S3 bucket including:
  
  • Requester
  • Turn-around time information

Question 22

For serving private content through CloudFront , signed URLs or signed cookies?

Answer 22

• Use signed URLs for the following cases:
  
  • You want to use an RTMP distribution. Signed cookies aren’t supported for RTMP distributions.
  • You want to restrict access to individual files, for example, an installation download for your application.
  • Your users are using a client (for example, a custom HTTP client) that doesn’t support cookies.
• Use signed cookies for the following cases:
  
  • You want to provide access to multiple restricted files, for example, all of the files for a video in HLS format or all of the files in the subscribers’ area of a website.
  • You don’t want to change your current URLs.

Question 23

What data does RDS Enhanced Monitoring collect that is not collected by CloudWatch?

Answer 23

• CloudWatch gathers metrics about CPU utilization from the hypervisor for a DB instance, and Enhanced Monitoring gathers its metrics from an agent on the instance
  
  • Cloudwatch:
    
    • CPU Utilization
    • Database Connections
    • Memory Utilization
  • Enhabced Monitoring
    
    • RDS Child Processes
    • OS Processes

Question 24

What is a DynamoDB stream?

Answer 24

• Ordered flow of information about any changes to data items in an Amazon DynamoDB table
• A stream record contains information about a data modification to a single item in a DynamoDB table
• You can create triggers that respond to events in DynamoDB Streams
• Must be enabled
• Go to DynamoDb Stream endpoint

Question 25

What VPC peering connection configurations are not supported?

Answer 25

• Overlapping CIDR Blocks
• Transitive Peering
• Edge to Edge Routing Through a Gateway or Private Connection

Question 26

What is AWS Shield Advanced?

Answer 26

• AWS Shield Advanced provides:
  
  • Detection and mitigation against DDoS attacks
  • Near real-time visibility into attacks
  • Integration with AWS WAF
• AWS Shield Advanced also provides:
  
  • 24x7 access to AWS DDoS Response Team (DRT)
  • Protection against DDoS related spikes in charges for:
    
    • EC2
    • ELB
    • CloudFront
    • Route 53

Question 27

What 2 ways can you store sensitive data in Amazon ECS?

Answer 27

• Store your sensitive data in either AWS Secrets Manager secrets or AWS Systems Manager Parameter Store parameters and then referencing them in your container definition
  
  • To inject sensitive data into your containers as environment variables, use the secrets container definition parameter.
  • To reference sensitive information in the log configuration of a container, use the secretOptions container definition parameter.

Question 28

What is a Read Capacity Unit (RCU)?

Answer 28

One RCU represents:

• 1 strongly consistent read per second
• 2 eventually consistent reads per second
• Up to 4KB in size
  
  • Additional RCUs consumed if above 4 KB

Question 29

What is Amazon API Gateway?

Answer 29

Amazon API Gateway:

• Provides throttling at multiple levels including:
  
  • Global
  • By service call

Throttling limits can be set for standard rates and bursts.

• For example, API owners can
  
  • Set a rate limit of 1,000 requests/sec for a specific method in their REST APIs
  • Configure Amazon API Gateway to handle a burst of 2,000 requests/sec for a few seconds.

Question 30

What are Auto Scaling group custom termination policies?

Answer 30

• OldestInstance. Terminate the oldest instance in the group.
• NewestInstance. Terminate the newest instance in the group.
• OldestLaunchConfiguration. Terminate instances that have the oldest launch configuration.
• OldestLaunchTemplate. Terminate instances that have the oldest launch template.
• ClosestToNextInstanceHour. Terminate instances that are closest to the next billing hour.

Question 31

What are characteristics of a Multi-AZ RDS deployment?

Answer 31

• Synchronous replication (highly durable)
• Only dB engine on primary instance is active
• Automated backups are taken from standby
• Always span 2 AZs within a Region
• dB engine version upgrades happen on primary instance
• Automatic failover to standby when problem is detected

Question 32

How does Amazon API Gateway do its tracking?

Answer 32

Amazon API Gateway tracks the number of requests/sec

Question 33

What is the difference between S3 Transfer Acceleration and AWS Global Connector?

Answer 33

• S3 Transfer Acceleration
  
  • Transfers of large files between a client and an S3 bucket
• AWS Global Connector
  
  • Optimizes path between users and applications
  • Utilizes AWS backbone

Question 34

How do you set throttling for your API Gateway?

Answer 34

Question 35

When it comes to the ENI attachment of an EC2 instance, what does ‘warm attach’ refer to?

Answer 35

Attaching while the instance is stopped

Question 36

What are characteristics of a Read Replica RDS deployment?

Answer 36

• Asynchronous replication (highly scalable)
• All read replicas are accessible
• No backups configured by default
• Can be within an AZ, Cross-AZ, or Cross-Region
• dB engine version upgrade independent form source instance
• Can be manually promoted to a standalone dB instance

Question 37

What happens when a throttling limit is exceeded with Amazon API Gateway?

Answer 37

• Any request over a throttling limit will receive a 429 HTTP response.
• The client SDKs generated by Amazon API Gateway retry calls automatically when met with this response.