TD Exam 2 - Short Review Flashcards
What Load Balancer should you use if you want unbroken encryption
NLB
Which Load Balancer should you use if you want Static IP for whitelisting
NLB
Which Load Balancer should you use if you want the fastest performance (millions of rps)
NLB
Which Load Balancer should you use if you want to use a protocol other than HTTP or HTTPS
NLB
Which Load Balancer should you use if you need Private Link
NLB
Which Load Balancer should you use if you need to use Layer 7 information
ALB
Which Load Balancer should you use for a gRPC app
ALB
Can you assign an Elastic IP to an ALB
No
Can you assign an Elastic IP to a NLB
Yes
What are the protocol versions for ALB
HTTP1
HTTP2
gRPC
Do NLBs support gRPC
No
What are some use cases for Lambda@Edge
A/B Testing
Migration between S3 origins
Different Objects Based on Device
Content by Country
Overriding a response header
Redirect unauthenticated users to a sign-in page
Normalize query string params for better cache hits
What should you used if you want to do A/B testing with CloudFront
Lambda@Edge on the viewer request
What should you used if you want to do migration between S3 origins with CloudFront
Lambda@Edge on the Origin request
What should you used if you want to do different objects based on device with CloudFront
Lambda@Edge on the Origin request
What should you use if you want to do different content by country with CloudFront
Lambda@Edge on the Origin request
What do CloudFront Header Policies do
They tell which HTTP headers should be included or excluded in the responses sent by CloudFront
Which service should you use for transferring large sets of data to aws?
DataSync, not storage gateway
When should you use DataSync
When you need reliable transfer of large amounts of data
What is Amazon EMR
A managed cluster platform that simplifies running big data frameworks, like Apache Hadoop and Apache Spark
What can you use Amazon EMR for
To process data, to transform and move large amounts of data in and out of AWS data stores and databases
What is Amazon Redshift
A cloud data warehouse
What does Redshift do
It makes it fast, simple and cost-effective to analyze all your data using standard SQL and existing BI tools
What is AWS Network Firewall
A stateful, managed network firewall and intrusion detection and prevention service for VPC
Where do you create an AWS Network Firewall
In your VPC
Where do AWS Network Firewalls filter traffic
At the perimeter of the VPC
At which level do Security Gorups provide protection
Instance level
At what level do NACLs provide protection
Subnet level
At what level foes WAF provide protection
Endpoint level
What is needed if you set up AWS Network Firewall
Reroute VPC network traffic through the firewall endpoint
How do you ensure 2 instances in different subnets can communicate
NACLs to allow traffic between subnets
SGs to allow instance to instance communication
Do you launch Aurora in subnets
yes
What is the default value for ASGs cooldown
300
What does cooldown do in ASGs
It ensures that auto-0scaling does not terminate or launch instances before the previous scaling activity has taken effect
Are cooldowns in ASGs configurable
Yes
When would you use RDS Proxy
If you have a too many connections error
If you’re using Lambda
When you need long-running connections
When resilience to db failure is important
What do you pay for in API Gateway
Per API call and for data transferred out
Which APIs are supported by API Gateway
REST, HTTP, WebSockets
What does AWS Config do
It enables you to assess, audit and evaluate the configurations of AWS resources
What does AWS Inspector do
It scans EC2 instances and its OS (also containers) for vulnerabilities and deviations against best practices
Can do networking assessment
What does GuardDuty do
It generates findings of suspicious activities using AI. It is used with data sources and can be cross-account
How does failover occur in RDS multi-AZ
CNAME is switched from primary to standby instance
Can DMS work with DynamoDB
Yes
Can you use S3 as a target for DMS
Yes, and it will write data as CSV by default
Can also use parquet format if you want something more compact with faster queries
How can you encrypt DMS connections
Use SSL by assigning a certificate to a DMS endpoint
Do you need to set up SSL for Redshift data transfer
No, it’s endpoint already uses SSL, no need to set it up in DMS
What is Landing Zone
It allows you to set up a well-architected multi-account environment with rules for security, operations and internal compliance
How can you allow Organizational Units to launch new accounts with preapproved configurations
Use AWS Control Tower with guardrails to enfore policies or detect violations
What is Control Tower GuardRails
It provides governance controls by preventing the creation of resources that don<t conform
What other AWS services are used by Control Tower Guardrails
CloudFormation to establish a baseline
AWS Organization Service Control POlicies to prevent configuration changes
AWS Config rules to continuously detect non-complicance
How do you specify a role for an ECS task
Declare the IAM Role in the taskRoleArn section of the task definition
What is a service that is very suitable for batch jobs
ECS
How can you use an existing Directory for AWS sign in
Use IAM Identity center (Federation)
What do SCPs do
They say what permissions can be granted to identities in accounts in an organization
Is the directory service intended to be used for multi-account auth purposes
No, not directly from AWS Organization, you still need IAM Identity center
How do you use an existing directory service for user authentication
Configure IAM Identity center and integrate it using the Active Directory Connector
Is there an option to use an external authentication on AWS Organizations
No
Can you create VPC peering between onprem network and VPC
No
Do peered VPCs support edge-to-edge routing
No
Can VPC peering transmit a VPN connection
No
Can VPC peering transmit a Direct Connect connection
No
Can VPC peering transmit an internet connection from an Internet Gateway
No
What are some services you can use to create a decoupled architecture for apps onprem and in AWS
SQS and SWF (Simple Workflow Service)
Where can workers from SWF be
On cloud or onprem
What is Amazon SWF
A web service that makes it easy to coordinate work across distributed application components
What are the 2 main concepts in SWF
Tasks: invocation of logical steps in applications
Workers: programs that interact with SWF to get tasks, process them and return their results
Can subnets span AZs
No
For VPCs, are IPv4 CIDR ranges required
Yes
For VPCs, are IPv6 CIDR ranges required
No
Can you disable IPv4 for a VPC
No
What do you need to attach to your VPC to have a VPN
Virtual Provate Gateway
What are the steps to implement a VPN to a VPC
Attach a virtual private gateway to the VPC
Create a custom route table
Update security group rules
Create an AWS-managed VPN connection
What does a customer gateway resource fo in AWS
It provies information to AWS about your customer gateway device
Do Customer Gateways need a publicly routable static IP
Yes
Do you need to attach an elastic IP to a Virtual Private Gateway
No
Do you need a NAT instance to create a VPN connection
No
What does geoproximity routing do
It gives the CLOSEST record
Is EBS off-instance
Yes
Can EBS volumes be attached to any EC2 instance in any AZ
No, it is only in one AZ
Do EBS volumes support live configuration changes while in production
Yes, you can modify volume type, volume size and IOPS capacity without service interuption
Can you modify EBS volume size without interruption
Yes
Can you modify EBS volume type without interruption
Yes
Can you modify EBS IOPS capacity without interruption
Yes
Does EBS automatically replicate to another AZ
No
Does EBS do automatic replication
Yes, within an AZ
What types of EBS and EC2 instance types allow multi-instance connection
Provisioned IOPS SSD (io1) attached to multiple Nitro-based instances using EBS Multi-Attach
What kind of VPC endpoint can be used with DynamoDB
Gateway endpoint
What do you specify when you create a DynamoDB Gateway endpoint
Specify the VPC where it will be deployed and the route table that will be associated with the endpoint
How can you implement department-by-department cost-tracking
Tag resources with the department name and enable cost allocation tags
What is a tag in AWS
A label you associate to an AWS resource
COnsists of a key and a value
Each tag key must be unique
Each tag key can only have one value
What are tags used for in AWS
To organize resources
What are cost allocation tags used for in AWS
to track costs on a detailed level
What does AWS Budget do
It allows you to be alerted and run custom actions if budget thresholds are exceeded
Where do you need to activate tags to enable cost-tracking
In Billing and Cost management console
What is Amazon EMR
A managed cluster that simplifies running big data frameworks on AWS to process and analyze vast amounts of data. It can do ETL
What service should you associate with the phrase “big data processing frameworks”
EMR
What service should you associate with the phrase “access data using various business intelligence tools and standard SQL queries”
Amazon Redshift
Can you use big data frameworks effectively with Glue
No, use EMR
What service allows you to do SQL queries in S3
Athena
What does S3 select feature do
Allows you to run simple SQL queries against a subset of data from a specific S3 object
What does Amazon Managed Service for Apache Flink studio do
Process streaming data
What should you do to convert csv files to Parquet
Scheduled ETL job in AWS Glue, use crawler to automatically discover raw data
What is a fanout scenario
SNS topic used to push to multiple places (multiple SQS queues subscribed to the topic)
How can you limit what an SNS subscriber gets
SNS message filtering; by default, they receive everything
Can you specify failover for Route 53
Yes
What happens when you enable failover in route 53
It points to secondary when primary is unhealthy
What do you need to host a static website on S3
An S3 bucket with the same name as the domain or subdomain configured to host a static website
Registered domain name
Route 53 as the DNS service for the domain
Does the S3 bucket need to be in the same region as the R53 hosted zone for a static website
No
What is a Bastion host
EC2 in public subnet with public or elastic IP with sufficient RDP or SSH access. Users log into it to manage other hosts in private subnets
What protocol do you use with a Windows Bastion host
RDP
What is Amazon Data Lifecycle Manager used for
Can use it to automate the creation, retention and deletion of snapshots taken to back up EBS
Is there such a thing as EBS lifecycle policy
No
