Stuff I Forgot

Question 1

Static Website with S3 has what two major requirements

Answer 1

Must have a registered domain name and the S3 bucket has to be same as the domain

Question 2

What is an MX DNS record?

Answer 2

Mail server responsible for accepting eMail on behalf of domain.

Question 3

In a static website, does the S3 bucket need to be in same region as trusted zone?

Answer 3

No.

Question 4

In what case is the CORS (Cross-Account Resource Sharing) option valid for S3 static websites?

Answer 4

Only if the web application interacts with resources in a different domain.

Question 5

What is the function/purpose of Lambda@Edge?

Answer 5

Allows lambda functions to modify HTTP headers, generate dynamic responses and customize content based on user preference.

Question 6

What is AWS Glue?

Answer 6

Fully managed Extract, Transform, Load (ETL) service.

Question 7

What service is the Apache Parquet format associated with?

Answer 7

AWS Glue

Question 8

What need does Amazon EMR serve?

Answer 8

Formerly Amazon Elastic MapReduce; big data frameworks.

Question 9

What is geolocation routing?

Answer 9

Choose resources that serve traffic based on geographic location of users (meaning where the DNS query originates from).

Question 10

What is geoproximity routing?

Answer 10

Let Route 53 determine route based on location of user and resource. You can identify a bias which determines if more or less traffic is routed.

Question 11

Are you able to store access keys in ACM?

Answer 11

No.

Question 12

What is ACM and its purpose?

Answer 12

AWS Certificate Manager; let’s you provision, manage, and deploy pub/private SSL/TLS certs.

Question 13

What are some examples of things stored in AWS Secrets Manager?

Answer 13

DB credentials, passwords, third-party API keys, or even text.

Question 14

Does Systems Manager Parameter Store automatically rotate credentials?

Answer 14

No

Question 15

If a webservice client wanted to access only trusted IP address whitelisted, what service should be used?

Answer 15

Associate an EIP to an NLB.

Question 16

What layer of the OSI model does an NLB function at?

Answer 16

Fourth (TCP).

Question 17

Can you assign an EIP to an ALB?

Answer 17

No.

Question 18

What is the retention period range for SQS and what is the default?

Answer 18

1 minute to 14 days. Default is 4 days.

Question 19

What is the limit of inflight messages for a standard SQS queue?

Answer 19

120,000

Question 20

What is the limit for a FIFO SQS queue?

Answer 20

20,000

Question 21

In what scenario for transferring data is an AWS Snowmobile reasonable?

Answer 21

Exabyte and/or petabytes of data from onprem to S3.

Question 22

If you needed to transfer < 100T from onprem to AWS, what is a reasonable solution?

Answer 22

AWS Snowball (Edge)

Question 23

What would Kinesis Video Streams be used for?

Answer 23

Processing of video data streams at AWS

Question 24

What is the purpose of AWS Rekognition?

Answer 24

To detect faces, scenes, text, and inappropriate content in videos.

Question 25

What is AWS Elastic Transcoder?

Answer 25

Convert Media Files from one format to another.

Question 26

What is AWS Kendra?

Answer 26

Intelligent Enterprise Search service (via Machine Learning)

Question 27

If you needed to search Text, PDF, HTML, Powerpoint, and other documents, what service might you leverage?

Answer 27

AWS Kendra

Question 28

Which AES encryption option does S3 offer?

Answer 28

AES-256

Question 29

In Route 53 with Evaluate Target Health enabled, what functionality will this provide?

Answer 29

Route 53 will automatically route traffic to only healthy resources. If it is not available/down, secondary address is used.

Question 30

Can weighted routing be used as a DR / failover configuration?

Answer 30

No. Should only be used to route traffic for load balancing and/or testing different software versions

Question 31

Can CloudWatch events be used to monitor Route53 endpoints?

Answer 31

No; use a failover config in Route53 instead.

Question 32

If multi-AZ RDS primary fails, what happens to ensure connections get to the standby instance?

Answer 32

CNAME is switched from primary to secondary.

Question 33

What is the function of AWS WAF?

Answer 33

Web Application Firewall; for monitoring HTTP/HTTPS requests and blocking based on IP address or querys and you can return 403s or custom pages.

Question 34

What is the purpose of GuardDuty?

Answer 34

Threat detection service that monitors for malicious activity and unauthorized behavior

Question 35

What is the purpose of a gateway endpoint?

Answer 35

Provide connectivity to S3/DynamoDB without requiring internet gateway or a NAT.

Question 36

When would you want to use a gateway endpoint policy for S3 buckets?

Answer 36

When you want to trust several buckets instead of having to put a policy on each individual bucket.

Question 37

What is the main function of Cognito?

Answer 37

Single Signon for Web/Mobile; or integrating with Social Media Identities (FB, Google, etc.)

Question 38

What is Amazon Macie?

Answer 38

Detect usage patterns on S3 data. Evaluate S3 for data patterns (e.g. PII) vi Machine Learning

Question 39

What is Amazon Inspector?

Answer 39

Automated security assessment service for security/compliance of applications.

Question 40

What is the correct header request required for server side encryption (SSE-S3)?

Answer 40

x-amz-server-side-encryption

Question 41

These headers fall into what category for encryption: x-amz-server-side-encryption-customer-algorithm, x-amz-server-side-encryption-customer-key, x-amz-server-side-encryption-customer-key-MD5?

Answer 41

SSE-C

Question 42

EFS only supports this type of locking:

Answer 42

File

Question 43

Which Amazon service is capable of locking objects and preventing them from deletion/being overwritten?

Answer 43

S3

Question 44

Which protocol is required on a VPC?

Answer 44

IPv4

Question 45

What is SageMaker?

Answer 45

AWS managed service to build ML models

Question 46

What is AWS Detective?

Answer 46

Analyze, investigate, and identify security issues.

Question 47

What is Monitron?

Answer 47

Detects abnormal condition in industrial equipment.

Question 48

DynamoDB tables are ____________ resources.

Answer 48

Public

Question 49

How can you secure a DynamoDB table so it won’t have exposure to public internet?

Answer 49

Via a gateway endpoint.

Question 50

DynamoDB does not support what time of endpoint?

Answer 50

Interface

Question 51

What is Timestream?

Answer 51

Time series DB service for use with IoT

Question 52

How can you ensure a specific message in an SNS topic gets to a designated SQS queue?

Answer 52

Create the topic, configure the queues to subscribe, set filter policies on the SNS to publish based on type.

Question 53

What type of Database is Dynamo?

Answer 53

NoSQL

Question 54

Bastion hosts should reside where in the VPC

Answer 54

Public Subnet

Question 55

What is a primary function of Redshift?

Answer 55

Data Warehousing

Question 56

What is SWF?

Answer 56

Simple WorkFlow Service

Question 57

What are the two main services that are used to decouple applications in AWS?

Answer 57

SQS and SWF

Question 58

What is a MEAN stack?

Answer 58

JavaScript-based framework for developing scalable web applications; MongoDB, Express, Angular, and Node

Question 59

What service(s) would be employed to stop/block DDoS attacks?

Answer 59

WAF and Shield

Question 60

If you had a service that was processing SQS queues and you wanted something to process at a higher priority (e.g. premium); how should that be accomplished?

Answer 60

By creating two different SQS queues and configuring the processing to ensure the premium queue is emptied before doing the standard queue.

Question 61

Can you set a processing priority on items in an SQS queue.

Answer 61

No.

Question 62

When would you want to use a Geoproximity routing in Route53

Answer 62

When you want a larger portion of traffic from specific geographic regions to go to a specific region in AWS.

Question 63

What differentiates Geoproximity from Geolocation?

Answer 63

Size of the area; Geolocation lets you choose instances based on location.

Question 64

Which loadbalancer type handles gRPC traffic?

Answer 64

ALB

Question 65

What layer OSI is gRPC?

Answer 65

7

Question 66

Which loadbalancer type functions at Layer 7 of the OSI model?

Answer 66

ALB

Question 67

Which loadbalancer type functions at Layer 3 of the OSI Model?

Answer 67

NLB

Question 68

If you are getting “Too Many Connections” connecting to a MySQL database, which is one way to handle that?

Answer 68

RDS proxy. This would handle connection pooling. NOTE: Another way would be to upgrade the DB/increase memory.

Question 69

What DB solution is associated with key-value store?

Answer 69

DynamoDB

Question 70

Can you attach EBS volumes in any availability zone?

Answer 70

No, EBS must be in same zone as instance.

Question 71

What is the purpose of a placement group?

Answer 71

Low-latency network performance

Question 72

For API Gateway, what do you pay for?

Answer 72

API calls received and data transferred out

Question 73

What service provides a static anycast IP?

Answer 73

Global Accelerator

Question 74

What is the default autoscaling cooldown period?

Answer 74

300 seconds

Question 75

Is a NAT required to create a VPN connection?

Answer 75

No

Question 76

AWS Global Accelerator is appropriate for which protocols?

Answer 76

UDP, MQTT, VoIP, or HTTP with static IP

Question 77

Apache _____ is associated with big data frameworks.

Answer 77

Spark

Question 78

What service would you use to query an S3 bucket?

Answer 78

Athena

Question 79

Which is the correct field for a Task IAM role?

Answer 79

taskRoleArn

Question 80

What is the purpose of a rate-based WAF rule?

Answer 80

Stop requests from going over a limit in a five minute span.

Question 81

Can security groups be used to deny traffic?

Answer 81

No

Question 82

What are two main ways to prevent object deletion at S3?

Answer 82

MFA for delete; versioning

Question 83

File Gateway is used for what pupose?

Answer 83

To allow for outside resources to interface with S3 via NFS or SMB.

Question 84

What is necessary to connect a private subnet to connect to the internet?

Answer 84

A NAT gateway on a public subnet.

Question 85

If only single AZ, a scale-in policy is triggered on an ALB/ASG due to low number of incoming traffic, which instance is terminated?

Answer 85

The one with the oldest launch template.

Question 86

If there are multiple AZs in an ASG, which one is picked if a scale-in policy is triggered?

Answer 86

The one with the most number of instances

Question 87

What does the service AWS Transfer for SFTP provide?

Answer 87

Managed solution for SFTP that interfaces with identies and stores items in S3.

Question 88

What would be a method to have member-only access to S3 files?

Answer 88

Use Signed Cookies

Question 89

In what case would you use a signed URL?

Answer 89

For accessing individual files.

Question 90

What is the maximum days for an EFS lifecycle policy?

Answer 90

90 days

Question 91

What is the Aurora endpoint purpose?

Answer 91

To provide different points for different functions (e.g. reader/writer) and/or capacity directions (e.g. point production traffic to a specific endpoint

Question 92

What kind of file system is Amazon FSx for Lustre?

Answer 92

High-performance, parallel file system (hot data)

Question 93

Which AWS Service helps prevent against DDoS attacks

Answer 93

Shield

Question 94

Which service helps protect against SQL injection or cross-site scripting attacks?

Answer 94

WAF

Question 95

What is the default retention for RDS enhanced logs?

Answer 95

30 days

Question 96

What is the method to improve database performance on DynamoDB with provisioned throughput?

Answer 96

Partition keys with high-cardinality attributes (large number of distinct values)

Question 97

Does RDS events capture data-modifying events (INSERT, DELETE, UPDATE)?

Answer 97

No; it only captures operational events.

Question 98

Can S3 and WorkDocs be integrated?

Answer 98

No

Question 99

Does Lambda automatically encrypt environment variables?

Answer 99

Yes

Question 100

Since the KMS for Lambda is available to all, what is a way to better secure encrypted environment variables?

Answer 100

Create a new KMS key and enable encryption helpers.

Question 101

What would a reason for slow eMail processing in an SQS queue (e.g. get 5 messages and then in a few hours get 20)

Answer 101

Web application not deleting messages in SQS queue

Question 102

What would long polling in an SQS queue do?

Answer 102

Reduce empty responses.

Question 103

If you want to connect to an RDS via an authentication token, what should you do?

Answer 103

Enable IAM DB authentication

Question 104

What relational database mitigates multi-region failures and has RPO of 1 second and RTO of 1 minute?

Answer 104

Aurora

Question 105

Which DB is associated with OLAP systems?

Answer 105

Redshift

Question 106

Is Oracle RMAN (Recover Manager) supported in RDS?

Answer 106

No

Question 107

What solution could be provided for HTTP 504 errors and what is a 504?

Answer 107

Gateway Timeout. Use Lambda @ Edge & setup origin failover via cloudfront.

Question 108

What solution can be used when a web portal is expected to receive massive number of visitors?

Answer 108

API gateway throttling limits

Question 109

What is an HTTP 429

Answer 109

Too many requests

Question 110

How would you manage an EKS etcd key-value store?

Answer 110

Via Secrets Manager and a KMS key

Question 111

What is blue/green in a development structure?

Answer 111

Blue: existing; Green; updated

Question 112

What is the most cost effective way to release a new version of an API?

Answer 112

Canary release strategy

Question 113

Which service handles AWS compliance reporting?

Answer 113

Artifact

Question 114

How long does it take for S3 cross-region replication to happen?

Answer 114

Roughly 15 minutes.

Question 115

What are the two retention modes provided by S3 Object Lock?

Answer 115

Governance and Compliance

Question 116

What is the difference between Governance and Compliance mode in S3

Answer 116

Compliance mode prevents protected objects from ANY user (including root) and the mode can’t be changed or shortened.

Question 117

Does a legal hold in S3 Object Lock have a time period?

Answer 117

No

Question 118

What option should be used if an EC2 instance needs to send data to S3/Dynamo that doesn’t pass through the internet?

Answer 118

VPC endpoints

Question 119

What function does DynamoDB Stream do and what might you use it for?

Answer 119

Tracks changes to DynamoDB tables. Could be used for a “follow” effect of a new user or something like that.

Question 120

What type of replication does an RDS read replica provide?

Answer 120

Asynchronous

Question 121

If using a CloudFormation template to build several related assets that have interdependencies, what is the attribute you can use to ensure success before moving on?

Answer 121

CreationPolicy / use cfn-signal helper

Question 122

If you are updating an AutoScaling group and you have a new AMI to launch a fleet of instances, what further step(s) must be taken?

Answer 122

Create a new launch template

Question 123

How much ephemeral storage is allocated to a Fargate task?

Answer 123

20G

Question 124

Security groups are stateful, which means what?

Answer 124

When a rule is applied to an incoming rule, it is also automatically applied to the outgoing rule.

Question 125

What is the purpose of allowing ports 32768-65535 on an outbound NACL?

Answer 125

Ephemeral ports on outbound connections to a destination

Question 126

What does DynamoDB Accelerator supply?

Answer 126

In memory cache that changes response time from milliseconds to microseconds.

Question 127

Is DynamoDB compatible with CloudFront?

Answer 127

No

Question 128

Which type of RDS can tolerate frequent schema changes?

Answer 128

DynamoDB as tables are schemaless

Question 129

What does AppFlow provide?

Answer 129

Integration to transfer data between SaaS applications (Salesforce/SAP)

Question 130

What is Amazon MQ?

Answer 130

Message broker for Apache MQ/RabbitMQ

Question 131

What is the best option for an always available (24/7) Route 53 that stops routing to unhealthy targets?

Answer 131

Active-Active Failover with Weighted Routing

Question 132

If you are trying to change a Aurora instance from server to serverless, is it possible to just change the instance class?

Answer 132

No

Question 133

Is VPC peering supported with a Direct Connect connection?

Answer 133

No

Question 134

If you wanted to use KMS with Lambda; where should you put the kms:decrypt permissions

Answer 134

In the functions execution role and also the KMS key policy to allow the function to access it.

Question 135

Can you set Lambda as a destination for Kinesis Data Firehose?

Answer 135

No

Question 136

If a higher valued rule in a NACL DENY’s something that is already allowed, what happens?

Answer 136

It’s allowed. If higher number rules contradict it doesn’t matter because as soon as the rule matches traffic it is applied.

Question 137

What is expedited retrievals in regard to Glacier.

Answer 137

Allows retrievals faster (1-5 minutes)

Question 138

What is provisioned capacity in regard to glacier?

Answer 138

Allows for three expedited retrievals every five minutes and up to 150M of retrieval throughput.

Question 139

What type of IAM can be attached to a group?

Answer 139

IAM Policy

Question 140

Systems Manager Parameter store is a better fit when storing ___________ parameters.

Answer 140

Application

Question 141

Is it possible to change an EC2 instance to hibernation mode after it has been launched?

Answer 141

No

Question 142

Can AWS Config be used to detect non-compliant tags?

Answer 142

Yes

Question 143

What is the maximum retention period for automated backup on Aurora?

Answer 143

35 days

Question 144

What service could be used to create a 90-day retained backup for Aurora?

Answer 144

AWS Backup

Question 145

What service does Comprehend provide?

Answer 145

Natural language processing that can find meaning/insights from text (find sentiments [e.g. if someone liked or disliked something]

Question 146

What is AWS Neptune?

Answer 146

Fully managed graph database service; build and run applications with highly connected datasets.

Question 147

Are ELBs capable of routing traffic over different AZs?

Answer 147

No

Question 148

What is the default an maximum retention for a Kinesis data stream?

Answer 148

24h to 365days

Question 149

Will you be billed for a instance that is preparing to stop?

Answer 149

No; however you will be build if preparing to hibernate

Question 150

What solution can automatically scale storage capacity for RDS?

Answer 150

Storage Autoscaling

Question 151

Can Kinesis Data Firehose function as an ETL?

Answer 151

Yes

Question 152

True/False: Newly created subnets are automatically associated with main route table

Answer 152

True

Question 153

What is the block size for a VPC?

Answer 153

/16 and /28

Question 154

What is job bookmarking in relation to Glue?

Answer 154

Stores state of job’s progress in data store so it can resume where it failed or had problem.

Question 155

If you had various web domains but wanted them all to serve SSL traffic, how would that be done with an ALB?

Answer 155

Upload the SSL certs and bind multiple certs to the same listener. ALB chooses optimal TLS cert using Server Name Indication (SNI).