Study Deck Flashcards

Question 1

Q

Which statement best describes an Availability Zone
A) A fully isolated portion of the AWS global infrastructure

B) A site that Amazon CloudFront uses to cache copies of content for faster delivery to users at any location

C) The server from which Amazon CloudFront gets your files

D) A separate geographical location with multiple locations that are isolated from each other

Answer

A

A) A fully isolated portion of the AWS global infrastructure

An Availability Zone is a single data center or a group of data centers within a Region.

Availability Zones are located tens of miles apart from each other. This helps them to provide interconnectivity to support the services and applications that run within a Region.

Question 2

Q

Which compute option reduces costs when you commit to a consistent amount of compute usage for a 1-year or 3-year term?

A) Spot Instances
B) Dedicated Hosts
C) Savings Plans
D) Reserved Instances

Answer

A

C) Savings Plans

Amazon EC2 Savings Plans enable you to reduce your compute costs by committing to a consistent amount of compute usage for a 1-year or 3-year term. This results in savings of up to 72% over On-Demand Instance costs. Any usage up to the commitment is charged at the discounted Savings Plan rate (for example, $10 an hour). Any usage beyond the commitment is charged at regular On-Demand Instance rates.

Question 3

Q

Which service is used to quickly deploy and scale applications on AWS?

A) AWS Outposts
B) AWS Elastic Beanstalk
C) AWS Snowball
D) Amazon Cloud Front

Answer

A

B) AWS Elastic Beanstalk

You upload your application, and Elastic Beanstalk automatically handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring.

Question 4

Q

Which tool enables you to visualize, understand, and manage your AWS costs and usage over time?

A) AWS Pricing Calculator
B) AWS Budgets
C) AWS Cost Explorer
D) AWS Artifact

Answer

A

C) AWS Cost Explorer

With AWS Cost Explorer, you can quickly create custom reports to analyze your AWS cost and usage data.

Question 5

Q

Which statement best describes Amazon GuardDuty?
A) A service that lets you monitor network requests that come into your web applications

B) A service that checks applications for security vulnerabilities and deviations from security best practices

C) A service that provides intelligent threat detection for your AWS infrastructure and resources

D) A service that helps protect your applications against distributed denial-of-service (DDoS) attacks

Answer

A

C) A service that provides intelligent threat detection for your AWS infrastructure and resources

AWS GuardDuty identifies threats by continually monitoring the network activity and account behavior within your AWS environment.

Question 6

Q

You want to store data in a key-value database. Which service should you use?

A) Amazon Aurora
B) Amazon RDS
C) Amazon DynamoDB
D) Amazon Document DB

Answer

A

C) Amazon DynamoDB

Amazon DynamoDB is a key-value database service. A key-value database might include data pairs such as “Name: John Doe,” “Address: 123 Any Street,” and “City: Anytown”.

Question 7

Q

You want to send and receive messages between distributed application components. Which service should you use?

A) Amazon ElastiCache
B) AWS Snowball
C) Amazon Simple Queue Service (SQS)
D) Amazon Route 53

Answer

A

C) Amazon Simple Queue Service (SQS)

Amazon SQS is a message queuing service. Using Amazon SQS, you can send, store, and receive messages between software components at any volume size, without losing messages or requiring other services to be available.

Question 8

Q

In the S3 Intelligent-Tiering storage class, Amazon S3 moves objects between a frequent access tier and an infrequent access tier. Which storage classes are used for these tiers? (Select TWO.)

A) S3 Glacier
B) S3 One Zone-IA
C) S3 Standard
D) S3 Glacier Deep Archive
E) S3 Standard-IA

Answer

A

C) S3 Standard
E) S3 Standard-IA

In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects’ access patterns. If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If you access an object in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard.

Question 9

Q

Which service is used to transfer up to 100 PB of data to AWS?
A) Amazon CloudFront
B) AWS Snowmobile
C) AWS DeepRacer
D) Amazon Neptune

Answer

A

B) AWS Snowmobile

AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi-trailer truck. It can transfer up to 100 PB of data.

Question 10

Q

Which tasks are the responsibilities of AWS? (Select TWO.)

A) Creating IAM users and groups

B) Training company employees on how to use AWS services

C) Configuring AWS infrastructure devices

D) Configuring security groups on Amazon EC2 instances

E) Maintaining virtualization infrastructure

Answer

A

C) Configuring AWS infrastructure devices
E) Maintaining virtualization infrastructure

The other three response options are tasks that are the responsibilities of customers.

Question 11

Q

Which pillar of the AWS Well-Architected Framework focuses on using computing resources in ways that meet system requirements?

A)Security
B)Reliability
C)Performance Efficiency
D)Operational Excellence

Answer

A

C)Performance Efficiency

The Performance Efficiency pillar focuses on using computing resources efficiently to meet system requirements, and to maintain that efficiency as demand changes and technologies evolve.

Question 12

Q

Which service is used to run containerized applications on AWS?

A) Amazon Aurora
B) Amazon Elastic Kubernetes Service (Amazon EKS)
C) Amazon SageMaker
D) Amazon Redshift

Answer

A

B) Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon EKS is a fully managed service that you can use to run Kubernetes on AWS. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale.

Containers provide you with a standard way to package your application’s code and dependencies into a single object. Containers are frequently used for processes and workflows in which there are essential requirements for security, reliability, and scalability.

Question 13

Q

Which Support plans include access to all AWS Trusted Advisor checks? (Select TWO.)

A)Developer
B) Business
C) AWS Free Tier
D) Basic
E) Enterprise

Answer

A

B) Business
E) Enterprise

The other response options are incorrect because:

The Basic and Developer Support plans provide access to a limited selection of AWS Trusted Advisor checks.

The AWS Free Tier is not a Support plan. It is a program that consists of three types of offers that allow customers to use AWS services without incurring costs: Always free, 12 months free, and Trials.

Question 14

Q

Which virtual private cloud (VPC) component controls inbound and outbound traffic for Amazon EC2 instances?

A) Network access control list
B) Internet gateway
C) Subnet
D) Security group

Answer

A

D) Security group

A security group is a virtual firewall that controls inbound and outbound traffic for an Amazon EC2 instance.

By default, a security group denies all inbound traffic and allows all outbound traffic. You can add custom rules to configure which traffic should be allowed or denied.

Question 15

Q

Which action can you perform in Amazon CloudFront?

A)Provision an isolated section of the AWS Cloud to launch resources in a virtual network that you define.

B) Provision resources by using programming languages or a text file.

C)Deliver content to customers through a global network of edge locations.

D) Run infrastructure in a hybrid cloud approach.

Answer

A

C)Deliver content to customers through a global network of edge locations.

It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.

Question 16

Q

Which statement best describes Elastic Load Balancing?

A) A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances

B) A service that monitors your applications and automatically adds or removes capacity from your resource groups in response to changing demand

C) A service that provides data that you can use to monitor your applications, optimize resource utilization, and respond to system-wide performance changes

D) A service that enables you to set up, manage, and scale a distributed in-memory or cache environment in the cloud

Answer

A

A) A service that distributes incoming traffic across multiple targets, such as Amazon EC2 instances

A load balancer acts as a single point of contact for all incoming web traffic to your Auto Scaling group. This means that as Amazon EC2 instances are added or removed in response to the amount of incoming traffic, these requests are routed to the load balancer first and then spread across multiple resources that will handle them.

Question 17

Q

Which service enables you to consolidate and manage multiple AWS accounts from a central location?

A) AWS Organizations

B) AWS Artifact

C) AWS Identity and Access Management (IAM)

D) AWS Key Management Service (AWS KMS)

Answer

A

A) AWS Organizations

In AWS Organizations, you can centrally control permissions for the accounts in your organization by using service control policies (SCPs). Additionally, you can use the consolidated billing feature in AWS Organizations to combine usage and receive a single bill for multiple AWS accounts.

Question 18

Q

Which actions can you perform in Amazon Route 53? (Select TWO.)

A) Connect user requests to infrastructure in AWS and outside of AWS.

B) Monitor your applications and respond to system-wide performance changes.

C) Automate the deployment of workloads into your AWS environment.

D) Manage DNS records for domain names.

E) Access AWS security and compliance reports and select online agreements

Answer

A

A) Connect user requests to infrastructure in AWS and outside of AWS.

D) Manage DNS records for domain names.

Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that are hosted in AWS.

Additionally, you can transfer DNS records for existing domain names that are currently managed by other domain registrars, or register new domain names directly within Amazon Route 53.

Question 19

Q

You are running an Amazon EC2 instance and want to store data in an attached resource. Your data is temporary and will not be kept long term. Which resource should you use?

A) Instance store
B) Subnet
C) Amazon S3 bucket
D) Amazon Elastic Block Store (Amazon EBS) volume

Answer

A

A) Instance store

Instance stores are ideal for temporary data that does not need to be kept long term.

When an Amazon EC2 instance is stopped or terminated, all the data that has been written to the attached instance store is deleted.

Question 20

Q

Which migration strategy involves changing how an application is architected and developed, typically by using cloud-native features?

A) Refactoring
B) Replatforming
C) Rehosting
D) Repurchasing

Answer

A

A) Refactoring

Repurchasing involves replacing an existing application with a cloud-based version, such as software found in AWS Marketplace.

Rehosting involves moving an application to the cloud with little to no modifications to the application itself. It is also known as “lift and shift.”

Replatforming involves selectively optimizing aspects of an application to achieve benefits in the cloud without changing the core architecture of the application. It is also known as “lift, tinker, and shift.”

Question 21

Q

Which AWS Trusted Advisor category includes checks for your service limits and overutilized instances?

A) Security
B) Performance
C) Fault Tolerance
D) Cost Optimization

Answer

A

B) Performance

In this category, AWS Trusted Advisor also helps improve the performance of your services by providing recommendations for how to take advantage of provisioned throughput

Question 22

Q

Which service enables you to build the workflows that are required for human review of machine learning predictions?

A) Amazon Augmented AI
B) Amazon Aurora
C) Amazon Textract
D) Amazon Lex

Answer

A

A) Amazon Augmented AI

Amazon Augmented AI (Amazon A2I) provides built-in human review workflows for common machine learning use cases, such as content moderation and text extraction from documents. With Amazon A2I, you can also create your own workflows for machine learning models built on Amazon SageMaker or any other tools

Question 23

Q

You want Amazon S3 to monitor your objects’ access patterns. Which storage class should you use?

A) S3 Standard-IA
B) S3 Glacier
C) S3 Intelligent-Tiering
D) S3 One Zone-IA

Answer

A

C) S3 Intelligent-Tiering

In the S3 Intelligent-Tiering storage class, Amazon S3 monitors objects’ access patterns. If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If you access an object in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard.

Question 24

Q

Which statement is TRUE for AWS Lambda?

A) The first step in using AWS Lambda is provisioning a server.

B) Before using AWS Lambda, you must prepay for your estimated compute time.

C) You pay only for compute time while your code is running.

D) To use AWS Lambda, you must configure the servers that run your code.

Answer

A

C) You pay only for compute time while your code is running.

AWS Lambda is a service that lets you run code without needing to provision or manage servers.

While using AWS Lambda, you pay only for the compute time that you consume. You are charged only when your code is running. With AWS Lambda, you can run code for virtually any type of application or backend service, all with zero administration.

Question 25

Q

Which component or service enables you to establish a dedicated private connection between your data center and virtual private cloud (VPC)?

A) Amazon CloudFront

B) AWS Direct Connect

C) Internet gateway

D) Virtual private gateway

Answer

A

B) AWS Direct Connect

AWS Direct Connect is a service that enables you to establish a dedicated private connection between your data center and VPC.

The private connection that AWS Direct Connect provides helps you to reduce network costs and increase the amount of bandwidth that can travel through your network

Question 26

Q

You want to store data in a volume that is attached to an Amazon EC2 instance. Which service should you use?

A) AWS Lambda

B) Amazon Simple Storage Service (Amazon S3)

C) Amazon ElastiCache

D) Amazon Elastic Block Store (Amazon EBS)

Answer

A

D) Amazon Elastic Block Store (Amazon EBS)

Amazon EBS provides block-level storage volumes that you can use with Amazon EC2 instances. If you stop or terminate an Amazon EC2 instance, all the data on the attached EBS volume remains available.

Question 27

Q

Which statement best describes AWS Marketplace?

A) A resource that provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications

B) A resource that can answer questions about best practices and assist with troubleshooting issues

C) A digital catalog that includes thousands of software listings from independent software vendors

D) An online tool that inspects your AWS environment and provides real-time guidance in accordance with AWS best practices

Answer

A

C) A digital catalog that includes thousands of software listings from independent software vendors

You can use AWS Marketplace to find, test, and buy software that runs on AWS.

Question 28

Q

Which service enables you to review details for user activities and API calls that have occurred within your AWS environment?

A) AWS CloudTrail
B) AWS Trusted Advisor
C) Amazon CloudWatch
D) Amazon Inspector

Answer

A

A) AWS CloudTrail

With CloudTrail, you can view a complete history of user activity and API calls for your applications and resources.

Events are typically updated in CloudTrail within 15 minutes after an API call was made. You can filter events by specifying the time and date that an API call occurred, the user who requested the action, the type of resource that was involved in the API call, and more.

Question 29

Q

Which Perspective of the AWS Cloud Adoption Framework focuses on recovering IT workloads to meet the requirements of your business stakeholders?

A) Operations Perspective
B) Governance Perspective
C) People Perspective
D) Business Perspective

Answer

A

A) Operations Perspective

The Operations Perspective of the AWS Cloud Adoption Framework also includes principles for operating in the cloud by using agile best practices.

Question 30

Q

Which tool is used to automate actions for AWS services and applications through scripts?

A) AWS Snowball

B) Amazon Redshift

C) AWS Command Line Interface

D) Amazon QLDB

Answer

A

C) AWS Command Line Interface

The AWS Command Line Interface (AWS CLI) enables you to control multiple AWS services directly from the command line within one tool. For example, you can use commands to start an Amazon EC2 instance, connect an Amazon EC2 instance to a specific Auto Scaling group, and more. The AWS CLI is available for users on Windows, macOS, and Linux.

Question 31

Q

What is Cloud computing according to amazon

Answer

A

On demand delivery of IT resources over the internet with pay as you go pricing

Question 32

Q

What are the 3 kinds of deployments of cloud computing?

Answer

A

Cloud-Based Deployments
On-Premises Deployment
Hybrid deployment

Question 33

Q

What are aspects of a cloud based deployment

Answer

A

All parts of an app run in the cloud, as well as future design and development being done in the cloud

Question 34

Q

What are the aspects of an on-premises deployment

Answer

A

Deploy resources on site by using virtualization and resource management tool. Increases resource utilization by using app management and virtualization technologies.
AKA private cloud deployment

I like to think of it as adding a layer of cloud virtualization to existing hardware to better manage resources

Question 35

Q

What are the aspects of Hybrid deployment

Answer

A

Connect cloud-based resources to on-premises infrastructure. Its like hooking up existing hardware to AWS to benefit from cloud computing

Question 36

Q

What are the 6 benefits of cloud computing with Amazon

Answer

A

Trade upfront expense for variable expense
(Dont have to pay for a data center,servers,etc)
Stop spending money to run and maintain data centers
(Less time spent on management)
Stop guessing capacity
(AWS scales to your needs)
Benefit from massive economies of scale
(So many people are using AWS it costs less)
Increase speed and agility
(new resources can be created in a few clicks)
Go global in minutes

Question 37

Q

Describe EC2 instances

Answer

A

They are virtual servers run on physical machines. EC2 instances can run a multitude of different software and services and can be scaled up to meet your needs.

Question 38

Q

What are the 5 types of EC2 instances

Answer

A

General Purpose
Compute Optimized
Memory Optimized
Accelerated Computing
Storage Optimized

Question 39

Q

What are the characteristics of a general purpose EC2 instance?

Answer

A

Balances computing, memory and networking resources.

Good for webservices, code repos, game servers and small - medium databases

Question 40

Q

What are the characteristics of a Compute Optimized EC2 instance?

Answer

A

Ideal for compute-bound applications that benefit from high-performance processors.

Question 41

Q

What are the characteristics of a Memory Optimized EC2 instance?

Answer

A

Created with a lot of memory, ideally for processing large datasets in memory. Ideal for high-performance databases

Question 42

Q

What are the characteristics of a Accelerated Computing EC2 instance?

Answer

A

Uses hardware accelerators or coprocessors to perform functions more efficiently than is possible running on CPUs. Good for floating-point number calculations, graphic processing etc

Question 43

Q

What are the characteristics of a Storage Optimized EC2 instance?

Answer

A

Prioritizes workloads that require high, sequential read and write access to large databases. Designed to handle tens of thousands of input/output operations per second

Question 44

Q

What are the 5 EC2 pricing categories and what are they for

Answer

A

On-Demand
(Standard pay-as- you go category)

EC2 Savings Plan
(A 1 or 3 year plan that limits your computing usage for a lower price, if you go above what is described in your plan you are charged on-demand rate)

Reserved Instances
(A discount applied to the On-Demand instances. Think of it as a safety net if you go over on a savings plan. can have 1 to 3 year plans for instances)

Spot Instances
(Instances that can be started or stopped by AWS if they need the processing power.)

Dedicated Hosts
(Physical servers dedicated for your exclusive use.)

Question 45

Q

Define Scaling Up

Answer

A

Making components larger or faster to handle bigger loads

Question 46

Q

Define Scaling out

Answer

A

Adding more components in parallel to spread out a large load

Question 47

Q

What does the AWS Elastic Load Balancing do?

Answer

A

Distributes incoming traffic across multiple resources

Question 48

Q

What services help you avoid a monolithic application and how?

Answer

A

Amazon Simple Notification Service (SNS) and Simple Queue Service (SQS)

SNS allows you to set up individual app components as subscribers that can send and receive notifications.
SQS allows you to actually send, store and receive messages.
This setup allows each component to do its own thing without waiting for other components to send requests or come back online if they die

Question 49

Q

What is a container?

Answer

A

Containers package your app’s code and all of its dependencies into a single object.

Question 50

Q

What are some of the services that deal with containers?

Answer

A

Amazon Elastic Container Service - a container management system

Amazon Elastic Kubernetes Service - Allows you to deploy and manage containerized apps

AWS Fargate - A serverless compute engine for containers (makes containers serverless)

Question 51

Q

What is a Region?

Answer

A

A geographic location with Amazon datacenters to run your app out of.

Question 52

Q

What are the 4 considerations of selecting a region

Answer

A

Compliance with data governance and legal requirements

Proximity to customers

Available services in a region

Pricing - Not all regions cost the same

Question 53

Q

What is an availability zone

Answer

A

1 or many datacenters within a region. They are close enough to ensure low latency within the region, but far enough away to not be taken out by a natural disaster

Question 54

Q

Does Elastic Load Balancing work across Regions?

Question 55

Q

What are edge locations and what do they do? Bonus points for what AWS service uses them

Answer

A

Edge Locations are sites that CloudFront uses to store cached copies of your content outside your region. This allows people far from your region a closer copy of your content to retrieve.

Question 56

Q

What are the 5 utilities to setup an AWS resource?

Answer

A

AWS Management Console
AWS Command line interface (CLI)
Developer SDK
AWS Elastic Beanstalk - Allows you to deploy resources with code

AWS CloudFormation - Treats infrastructure as code

Question 57

Q

What is a Virtual Private cloud (VPC)?

Answer

A

A networking service that allows you to set boundaries and your AWS resources and limit access to them

Question 58

Q

What is a subnet?

Answer

A

A section of a VPC that can group resources based on security or operational needs.

Question 59

Q

What security feature acts as a firewall at the subnet level?

Answer

A

The network Access Control List

Question 60

Q

What is a Security Group?

Answer

A

A firewall that controls inbound & outbound traffic for an EC2 instance.

Question 61

Q

Which security feature is stateless and what does that mean?

Answer

A

Access Control lists are stateless and that means they don’t remember any network packets that they have already checked, so they check it incoming and outgoing. Security groups are stateful meaning they will only check a packet the first time they encounter it.

Question 62

Q

What is Amazon Route 53 and what does it do?

Answer

A

Route 53 is Amazon’s domain name service (DNS) manager. It lets you register and manage domain names and route users to your applications.

Question 63

Q

What other service does Route 53 work with to use edge locations

Answer

A

CloudFront

Question 64

Q

What is the differences between Instance Stores and Elastic Block Stores (EBS)

Answer

A

An Instance store only retains data while an EC2 instance is active, while EBS survives after the EC2 instance is terminated.

Answer 64

A

In object level storage any given item of data (file, directory whatever) is considered an object complete with metadata and a key. When an object is changed it is completely overwritten. Block level storage splits an item into equal blocks of data, and when one is altered then the only change happens and is saved only the blocks affected are overwritten.

Answer 65

A

S3 Standard
S3 Standard-Infrequent Access (S3 Standard-IA)
S3 One Zone-Infrequent Access (One Zone-IA or Standard One Zone-IA)
S3 Intelligent-Tiering
S3 Glacier
S3 Glacier Deep Archive

Answer 66

A

Frequently

Answer 67

A

Intelligent-Tiering moves data between multiple access tiers depending on if a user has accessed it or not.

Answer 68

A

S3 Glacier is a data storage option meant for long term infrequently accessed information. It is mostly used for data archiving and is able to retrieve objects within a few minutes or hours.

Answer 69

A

Deep Archive is like regular glacier but costs less and retrieval time is about 12 hours.

Answer 70

A

You would use EBS when you had a lot of writes and edits, and S3 if you were making more reads but not a lot of writes.

Answer 71

A

Uses block storage with a local file system
Clients access data through file paths
Scales automatically
Can scale up to petabytes without disruption

Answer 72

A

EBS is only available to an EC2 instance it is attached to at the same availability zone. EFS is available to any instance within a region, and can also be used by on-premises servers.

Answer 73

A

Amazon RDS automates provisioning, setup, patching, and backups. Integrates with other services (like Lambda) and is compatible with multiple flavors of SQL

Answer 74

A

Aurora is Amazons relational database engine. It is compatible with MySQL and PostgreSQL, is faster than either of the previously mentioned database (5x faster than MySQL and 3x faster)

Answer 75

A

S3 bucket

Answer 76

A

DynamoDB is a nonrelational key-value database service.

Answer 77

A

DynamoDB is a serverless nonrelational means it is typically faster than a typical relational DBS, and can handle non-uniform data more easily. However Dynamo DB cannot do complicated business analytics.

Answer 78

A

Redshift is a data warehouse service that can query multiple databases, or data lakes with one API call.

Answer 79

A

A heterogeneous migration is when you migrate your database from where it is to a new one with a different database engine. A homogenous migration is moving your database from where it is to another database with the same database engine.

Answer 80

A

Is a service that helps you migrate your database while the source database remains active; excels at heterogeneous migrations

Answer 81

A

A document database that supports MongoDB workloads and is good for content management.

Answer 82

A

Neptune is a graph database service. It is good for applications that work with highly connected datasets. (Think things like recommendation engines and fraud detection)

Answer 83

A

QLDB is a ledger database that stores all of the changes that have been made to your app. It acts like a changelog and lets you see all the changes made to app data.

Answer 84

A

Creates blockchain networks with open source frameworks. Good for making block chain networks

Answer 85

A

ElastiCache adds a caching layer on top of existing databases and supports Redis and Memchached. The caching layer lets you store results from commonly used queries in memory so retrieval is always quick.

Answer 86

A

Adds an in memory cache for DynamoDB. Increases read times from single-digit milliseconds to microseconds.

Answer 87

A

Data
OS
Network and Firewall Configuration
Client-side data encryption
Server-side encryptions
Network traffic protection
(All things going into the cloud)

Answer 88

A

Software
Hardware/infrastructure
Regions
Availability Zones
Edge Locations
(All things that the cloud is comprised of)

Answer 89

A

IAM is Amazons user/group management system that lets admins control permissions to features of AWS.

Answer 90

A

Do not use for every day tasks
Create an IAM user with permissions to create other users
Only use root user to update root user credentials or alter AWS support plan.

Answer 91

A

A name and credentials

Answer 92

A

A document (looks like a JSON object) that allows or denies access to an AWS service or resource

Answer 93

A

A user should only have enough permissions to complete their tasks.

Answer 94

A

A group is a collection of IAM users that have similar permissions, when a change is made to the group permission it applies to all the users in the group. IAM roles are a set of permissions that can be temporarily assigned to a user.

Answer 95

A

AWS Organizations lets you consolidate multiple AWS accounts under one master account. I like to think of it as letting an account make child accounts.

Answer 96

A

An organizational unit are organizations with similar service needs and changes applied to the unit affect all organizations within that unit. Think of it as an IAM group but for organizations

Answer 97

A

A service that provides on-demand access to any AWS security and compliance reports.

Answer 98

A

An agreement is a signed document detailing the types of information you use in AWS services. An Artifact report is a report detailing your responsibilities to comply with certain regulations (like HIPPA)

Answer 99

A

A website that helps you learn more about AWS compliance.

Answer 100

A

When a bad actor leverages an army of bots to flood your service with network traffic in hopes that it overloads the network.

Answer 101

A

Is a AWS service that protects against DDoS attacks.

Answer 102

A

2.
Standard is free and protects against most common types of DDoS attacks.
Advanced is a paid service and mitigates more sophisticated attacks. Advanced also integrates with more AWS services.

Answer 103

A

KMS is a service that lets you create, manage, and use cryptographic keys and control which user groups have access to them. These keys let you encrypt and decrypt data.

Answer 104

A

WAF adds an additional Firewall that works like the access control list.

Answer 105

A

GuardDuty is an intelligent threat detection service. It monitors all of your network activity and account behavior to look for suspicious patterns.

Answer 106

A

CloudWatch is a cloud monitoring system that will let you set up custom metrics and alert you if you go above or below specified thresholds or run scripts/functions to remediate the problem.

Answer 107

A

CloudTrail is an auditing service that records all API calls made from you AWS account.

Answer 108

A

An optional feature of CloudTrail that Automatically detects unusual API activities.

Answer 109

A

A system that monitors your AWS environment for common concerns and provides recommendations in accordance with best practices.

Answer 110

A

Cost Optimization
Performance
Security
Fault Tolerance
Service Limits

Answer 111

A

Always Free (Assuming you stay under certain limits)
12 months Free
Trials - limited trials based on time or usage

Answer 112

A

Pay For what you use,
Pay less when you reserve,
Pay Less with volume-based discounts when you use more

Answer 113

A

Lets you estimate costs for your AWS use cases and share them with others

Answer 114

A

You pay for the time it took for Lambda to compute your code

Answer 115

A

You pay for the compute time that you use while your instance was running.

Answer 116

A

Storage (size, duration)
Requests and data retrieval
Data Transfer
Management and replication.

Each storage class is charged differently

Answer 117

A

A website that breaks down what you are spending and where. Lets you compare your current month-to-date balance with the previous month and forecasts the next month’s bill based on current usage. It also lets you purchase and manage savings plans, pay bills and publish cost and usage reports

Answer 118

A

All charges made by an Organization are itemized and sent to the Organization master account. This lets apply for things like bulk discount pricing and savings plans across your Organization

Answer 119

A

Lets you create a budget to plan your service usage, cost and instance reservations. It also give you forecasted costs vs budgeted costs

Answer 120

A

Set a max amount you are willing to spend.

Answer 121

A

Enables you to visualize and manage your AWS cost/usage over time. (makes pretty graphs).

Answer 122

A

Basic
Developer
Business
Enterprise

Answer 123

A

Its free
access to whitepapers and documentation
gives you limited access to Trusted Advisor checks
Access to the personal Health Dashboard

Answer 124

A

Everything in basic level
Best Practice guidance
Client-side diagnostic tools
building block architecture support
guidance on how to use AWS offerings and features
Email access to customer support

Answer 125

A

Everything in the basic and support plans
Full access to Trusted Advisor
Direct phone access to cloud support engineers
Infrastructure event management
Limited support for 3rd party software

Answer 126

A

Everything at the other levels

A technical Account Manager

Answer 127

A

A living person who becomes your primary point of contact in AWS. Is an expert across all AWS services and ensures you have a well architected framework

Answer 128

A

Operational Excellence
Security
Cost Optimization
Reliability 
Performance Efficiency

Zack’s Mnemonic: Think Oscorp from Spiderman with 1 O

Answer 129

A

A digital catalogue of software from independent vendors that run on AWS.

Answer 130

A

CAF organizes guidance into 6 areas of focus that addresses distinct responsibilities in adopting a cloud based infrastructure.

Answer 131

A

Business Perspective,
People Perspective,
Governance Perspective
Platform Perspective
Security Perspective
Operations Perspective

Answer 132

A

Ensures that IT aligns with business needs and that IT investments link to key business results. Use the business perspective to create a strong business case for cloud adoption.

Answer 133

A

Supports development of an organization-wide change in management strategy. Use to evaluate organizational structures and roles, new skill and process requirements. Helps prioritize training and staffing

Answer 134

A

Focuses on the skill and processes to align IT strategy with business strategy. Use to understand how to update the staff skills and processes necessary to ensure business governance in the cloud. Ensures that you maximize the business value and minimize risk

Answer 135

A

includes principles and patterns for implementing new solutions on the cloud and migrating on-premises workloads to the cloud.
Use a variety of architectural models to understand and communicate the structure of IT systems and their relationships. Describe the architecture of the target state environment in detail.

Answer 136

A

Ensures that the organization meets security objectives for visibility auditability, control and agility

Answer 137

A

Helps you enable, run, use, operate, and recover IT workloads to the level agreed upon with your business stakeholders.

Define how day-to-day, quarter-to-quarter and year-to-year business is conducted.

Answer 138

A

They describe 6 migration strategies.
Rehosting
Replatforming
Retire
Retain
Repurchase
Refactoring (re-architecting)

Answer 139

A

Moving an app into the cloud without changing any part of it AKA lift & shift

Answer 140

A

Moving an app into the cloud and making a few changes to optimize cloud utility. No core architecture changes. AKA lift-tinker-shift

Answer 141

A

Removing a part of an app that is no longer needed during migration

Answer 142

A

Dropping a service being used in an app in favor of a new one on the cloud.

Answer 143

A

Involves completely changing how an app works to better use cloud features. Is the most costly of the migration methods and should only be done due to a strong business need

Answer 144

A

The snow family is a series of devices that are designed to help you move a massive amount of data by having amazon sending you a data storage device, filling it up, and sending it back to be uploaded to the cloud.

Answer 145

A

Snowcone is a small edge computing data transfer device. Has the following
2 CPUs
4GB of Memory
8TB of Storage

Answer 146

A

Comes in 2 flavors
Edge Storage Optimized
- more suited for large scale data migrations and recurring transfers
80TB of HDD space
Edge Compute Optimized
- more suited for things that require powerful computing resources (machine learning, motion video analysis etc.
42TB of HDD storage

Answer 147

A

Snowmobile is a shipping container filled with technology that lets you ship up to 100 petabytes of data in one go.

Answer 148

A

Refers to the ability to run and monitor systems to deliver business value and continually improve supporting processes and procedures.

Answer 149

A

The ability to protect information, systems and assets while delivering business value through risk assessment and mitigation strategies

Answer 150

A

Refers the ability of a system to:
Recover from infrastructure or service disruptions

Dynamically acquire computing resources to meet demand

mitigate disruptions such as misconfigurations or network issues

Answer 151

A

The ability to use computing resources efficiently to meet system requirements.

Evaluating the performance efficiency of your architecture includes experimenting more often, using serverless architectures, and designing systems to be able to go global in minutes.

Answer 152

A

The ability to run systems to deliver business value at the lowest price point.

Answer 153

A

B) Operational Excellence

Answer 154

A

A) Increase speed and agility.

E) Stop spending money running and maintaining data centers.

Answer 155

A

B) Security Perspective

The Security Perspective of the AWS Cloud Adoption Framework also helps you to identify areas on non-compliance and plan ongoing security initiatives.

Answer 156

A

B) Retaining

E) Rehosting

Answer 157

A

The correct response option is 100 PB.

AWS Snowmobile is a service that is used for transferring up to 100 PB of data to AWS. Each Snowmobile is a 45-foot long shipping container that is pulled by a semi trailer truck.

Answer 158

A

A) A service that enables you to build conversational interfaces using voice and text. Think Alexa

Answer 159

A

C) Combine usage across accounts to receive volume pricing discounts.

Answer 160

A

C) AWS Cost Explorer

AWS Cost Explorer includes a default report of the costs and usage for your top five cost-accruing AWS services. You can apply custom filters and groups to analyze your data. For example, you can view resource usage at the hourly level.

Answer 161

A

B) AWS Budgets

In AWS Budgets, you can set custom alerts that will notify you when your service usage exceeds (or is forecasted to exceed) the amount that you have budgeted.

Your budget can be based on costs or usage. For example, you can set an alert that will notify you when you have incurred $100.00 of costs in Amazon EC2 or 500,000 requests in AWS Lambda.

Answer 162

A

B) Enterprise

A Technical Account Manager (TAM) is available only to AWS customers with an Enterprise Support plan. A TAM provides guidance, architectural reviews, and ongoing communication with your company as you plan, deploy, and optimize your applications.

Answer 163

A

A) AWS Marketplace

AWS Marketplace is a digital catalog that includes thousands of software listings from independent software vendors. You can use AWS Marketplace to find, test, and buy software that runs on AWS.

Answer 164

A

A) Monitor your resources’ utilization and performance

D) Access metrics from a single dashboard

Answer 165

A

C) AWS Trusted Advisor

AWS Trusted Advisor is a web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. The inspection includes security checks, such as Amazon S3 buckets with open access permissions.

Answer 166

A

A) Reliability

E) Fault tolerance

Answer 167

A

B) A document that grants or denies permissions to AWS services and resources

The correct response option is: A document that grants or denies permissions to AWS services and resources.

IAM policies provide you with the flexibility to customize users’ levels of access to resources. For instance, you can allow users to access all the Amazon S3 buckets in your AWS account or only a specific bucket.

Answer 168

A

C) IAM role

An IAM role is an identity that you can assume to gain temporary access to permissions. When someone assumes an IAM role, they abandon all permissions that they had under a previous role and assume the permissions of the new role. IAM roles are ideal for situations in which access to services or resources needs to be granted temporarily instead of long-term.

Answer 169

A

C) Granting only the permissions that are needed to perform specific tasks

When you grant permissions by following the principle of least privilege, you prevent users or roles from having more permissions than needed to perform specific job tasks. For example, cashiers in the coffee shop should be given access to the cash register system. As a best practice, grant IAM users and roles a minimum set of permissions and then grant additional permissions as needed.

Answer 170

A

D) AWS Shield

As network traffic comes into your applications, AWS Shield uses a variety of analysis techniques to detect potential DDoS attacks in real time and automatically mitigates them.

Answer 171

A

C) Create cryptographic keys.

AWS Key Management Service (AWS KMS) enables you to perform encryption operations through the use of cryptographic keys. A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data. You can use AWS KMS to create, manage, and use cryptographic keys. You can also control the use of keys across a wide range of services and in your applications.

Answer 172

A

B) S3 Glacier
E) S3 Glacier Deep Archive

Objects stored in the S3 Glacier storage class can be retrieved within a few minutes to a few hours. By comparison, objects that are stored in the S3 Glacier Deep Archive storage class can be retrieved within 12 hours.

Answer 173

A

A) EBS volumes store data within a single Availability Zone. Amazon EFS file systems store data across multiple Availability Zones.

An EBS volume must be located in the same Availability Zone as the Amazon EC2 instance to which it is attached.

Data in an Amazon EFS file system can be accessed concurrently from all the Availability Zones in the Region where the file system is located.

Answer 174

A

D) Amazon Simple Storage Service (Amazon S3)

Answer 175

A

B) A serverless key-value database service

Amazon DynamoDB is a key-value database service. It is serverless, which means that you do not have to provision, patch, or manage servers.

Answer 176

A

A) Amazon Redshift

Amazon Redshift is a data warehousing service that you can use for big data analytics. Use Amazon Redshift to collect data from many sources and help you understand relationships and trends across your data.

Answer 177

A

B) Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet.

A subnet is a section of a VPC in which you can group resources based on security or operational needs. Subnets can be public or private.

Public subnets contain resources that need to be accessible by the public, such as an online store’s website.

Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.

Answer 178

A

C) AWS Direct Connect

Answer 179

A

A) They are stateful and deny all inbound traffic by default.

Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance.

By default, security groups deny all inbound traffic, but you can add custom rules to fit your operational and security needs.

Answer 180

A

D) Internet gateway

Answer 181

A

D) Amazon Route 53

Amazon Route 53 is a DNS web service. It gives developers and businesses a reliable way to route end users to internet applications that host in AWS.

Another feature of Route 53 is the ability to manage the DNS records for domain names. You can transfer DNS records for existing domain names managed by other domain registrars. You can also register new domain names directly in Route 53.

Answer 182

A

C) A Region consists of two or more Availability Zones.

For example, the South America (São Paulo) Region is sa-east-1. It includes three Availability Zones: sa-east-1a, sa-east-1b, and sa-east-1c.

Answer 183

A

A) Compliance with data governance and legal requirements

B) Proximity to your customers

Answer 184

A

D) A global content delivery service

Amazon CloudFront is a content delivery service. It uses a network of edge locations to cache content and deliver content to customers all over the world. When content is cached, it is stored locally as a copy. This content might be video files, photos, webpages, and so on.

Answer 185

A

C) Edge location

Answer 186

A

D) Extend AWS infrastructure and services to your on-premises data center.

Answer 187

A

C) Compute optimized

Answer 188

A

A) 1 year
C) 3 years

Reserved Instances require a commitment of either 1 year or 3 years. The 3-year option offers a larger discount.

Answer 189

A

B) Spot Instance

Answer 190

A

A) Ensuring that no single Amazon EC2 instance has to carry the full workload on its own

Elastic Load Balancing is the AWS service that automatically distributes incoming application traffic across multiple resources, such as Amazon EC2 instances. This helps to ensure that no single resource becomes overutilized.

Answer 191

A

D) Amazon Elastic Kubernetes Service (Amazon EKS)

Amazon EKS is a fully managed Kubernetes service. Kubernetes is open-source software that enables you to deploy and manage containerized applications at scale.

Answer 192

A

D) On-demand delivery of IT resources and applications through the internet with pay-as-you-go pricing

Answer 193

A

A) Private cloud deployment

Answer 194

A

B) The aggregated cloud usage from a large number of customers results in lower pay-as-you-go prices.

This answer describes how customers can benefit from massive economies of scale in cloud computing.

Brainscape's Knowledge GenomeTM

Study Deck Flashcards

Learn about AWS

Brainscape's Knowledge Genome^TM