TD Exam 3 - Long review

Question 1

What are the 2 modes for ECS

Answer 1

EC2 and Fargate

Question 2

What is a container definition used in ECS

Answer 2

Tells where the image is, and which ports are exposed

Question 3

What is a task defintion

Answer 3

Represents the app as a whole, can have multiple containers. Has everything except what is in container definition

Question 4

Where is Task role defined for ECS

Answer 4

In Task definition

Question 5

What is a service definition in ECS

Answer 5

Defines a service

Question 6

What is a service in ECS

Answer 6

Defines how Tasks scale, how to distribute load, etc

Question 7

What is in a Container definition in ECS

Answer 7

Image and ports

Question 8

What is in a Task definition in ECS

Answer 8

Security (Task role), Container(s) and resources

Question 9

What is a Task role in ECS

Answer 9

IAM Role which the task assumes

Question 10

What is in a service in ECS

Answer 10

How many copies, HA, restarts

Question 11

What is DMS

Answer 11

A managed Database Migration Service

Question 12

What does DMS use

Answer 12

A replication instance

Question 13

Can the destination of DMS be onprem?

Answer 13

Yes, either the destination or source needs to be in AWS

Question 14

What do you define on a replication instance in DMS

Answer 14

Replication task

Question 15

What are the different states of EC2 instance

Answer 15

Pending
Running
Rebooting
Shutting down
Terminated
Stopping
Stopped

Question 16

To what state can an instance transtion from pending

Answer 16

Running

Question 17

To what states can an instance transition from running

Answer 17

Rebooting
Shutting down
stopping

Question 18

To what state can an instance transition to from Shutting down

Answer 18

Terminated

Question 19

To what state can an instance transition from terminated

Answer 19

None; It is terminated

Question 20

To what state can an instance transition from stopping

Answer 20

Stopped

Question 21

To what states can an instance transition from stopped

Answer 21

Pending
Terminated

Question 22

What is the pending state

Answer 22

The instance is preparing to enter a running state

Question 23

When will you be billed when an instance is stopping

Answer 23

If it is preparing to hibernate

Question 24

What are the 2 types of backup functionality in RDS

Answer 24

Automated Backups
Snapshots

Question 25

Where are backups from RDS stored

Answer 25

AWS-Managed S3 buckets

Question 26

Where are RDS backups taken from

Answer 26

Standby instance if you are in multi-AZ mode
Otherwise from primary, so might have performance issues

Question 27

Are RDS snapshots automatic

Answer 27

No

Question 28

What are RDS snapshots and backups taken of

Answer 28

An instance, so all the databases within it

Question 29

Do RDS snapshots expire

Answer 29

No, you have to clean them up yourself, manual or external process to delete

Question 30

What is a difference between RDS snapshots and backups

Answer 30

Backups are automated
Also backups have transaction logs written every 5 minutes

Question 31

What is the possible range of values for RDS backups retention

Answer 31

0 to 35 days

Question 32

Can you keep RDS backups after deleting a db

Answer 32

Yes, but they still expire

Question 33

Can RDS snapshots and transaction logs be replicated to another region

Answer 33

Yes, but has to be explicitly configured; it is not the default

Question 34

What happens when you restore an RDS snapshot

Answer 34

A new RDS instance is created; with a new address

Question 35

Is restoring a backup in RDS fast

Answer 35

No, it restores the backup then replays the transactions from transaction log

Question 36

What is AWS backup

Answer 36

A fully-managed data-protection service

Question 37

What is an advantage of AWS backup

Answer 37

IT allows you to consolidate management in one place, across accounts and regions

Question 38

What are some things supported by AWS Backup

Answer 38

Compute
Block storage
File storage
DBs
Object storage

Question 39

What is a central component of AWS backup

Answer 39

Backup plans

Question 40

What can you configure with lifecycles in AWS Backups

Answer 40

When a backup transitions into cold storage and when it expires

Question 41

What is a vault in AWS Backup

Answer 41

Backup destination - assign KMS key for encryption

Question 42

What is specified in an AWS Backup backup plan

Answer 42

Frequency
Window
Lifecycle
Vault
Region copy

Question 43

What is vault lock in AWS backup

Answer 43

Write-once, read-many (lock); you get 72h to delete, then you can’t
Can still have lifecycle to make it expire

Question 44

Can you do on-demand backup in AWS backup

Answer 44

Yes

Question 45

Can you do Point-In-Time-Recovery for AWS backup

Answer 45

Yes, for supported product

Question 46

What is S3 select

Answer 46

Ways to retrieve part of an object instead of the whole object

Question 47

What is a disadvantage of filtering a large object on the client side

Answer 47

Still use the whole object size of data transfer

Question 48

What does S3 select and Glacier Select do

Answer 48

Allows you to use SQL-like segments to select part of the object

Question 49

What is an advantage of S3 select

Answer 49

S3 pre-filters an object, only sends the result

Question 50

What are some file formats supported by S3 select

Answer 50

CSV, json, parquet, BZIP2 compression for csv and json

Question 51

What do S3 access points do

Answer 51

Simplify managing access to S3 buckets and objects

Question 52

What do S3 access points allow you to do

Answer 52

Rather than one bucket with one bucket policy, you create many access points with different policies
Each access point has its own endpoint address
an have different network access control

Question 53

What is a way of making S3 bucket accessible via VPC

Answer 53

Access point with VPC origin

Question 54

What types of records are supported with failover routing

Answer 54

primary and secondary

Question 55

What is the use case for failover routing

Answer 55

Active-passive failover

Question 56

What is a VPC router

Answer 56

HA, runs in all AZs the VPC is in, each vpc has a vpc router

Question 57

What is the address of the VPC router

Answer 57

network + 1of the subnet

Question 58

What does a VPC router do by default

Answer 58

Route traffic between subnets

Question 59

What is the main route table of a vpc

Answer 59

The route table used by default by a subnet

Question 60

What happens if many routes match traffic

Answer 60

Higher prefix takes priority

Question 61

What are possible targets for a route table

Answer 61

Gateway or route table

Question 62

Can you update local routes in route tables

Answer 62

No

Question 63

What kind of resilience does an internet gateway have

Answer 63

Region resilient

Question 64

Can you attach an internet gateway to more than one vpc

Answer 64

no

Question 65

Can you attach a vpc to more than one internet gateway

Answer 65

no

Question 66

What are the actions you need to take to make a subnet public

Answer 66

Create IGW
Attah IGW to VPC
Create custom route table
Associate route table
Make the default route the internet gateway
Configure subnet to allocate IPv4 addresses

Question 67

What happens when you allocate a public IP in a subnet

Answer 67

A record is created in the IGW to associate the instance private ip to the public ip

Question 68

Is an EC2 instance ever aware of it’s public IPv4 address

Answer 68

No

Question 69

Is an EC2 instance ever aware of it’s public IPv6 address

Answer 69

Yes

Question 70

What is a jumpbox

Answer 70

Bastion host

Question 71

What is Parameter store

Answer 71

Storage for configuration and secrets

Question 72

What are the 3 parameter types you can store in parameter store

Answer 72

String, StringList and SecureString

Question 73

What are some features of parameter store

Answer 73

It supports hierarchies and versioning

Question 74

What are the formats of data that can be store in parameter store

Answer 74

Plaintext and Ciphertext (integrates with KMS)

Question 75

What are Parameter Store public parameters

Answer 75

Parameters made available by aws, per region (eg latest AMI per region)

Question 76

Is parameter store public or private

Answer 76

Public

Question 77

What can permissions be associated with in parameter store

Answer 77

Tree hierarchy or specific parameters

Question 78

How does Parameter store handle encryption

Answer 78

KMS

Question 79

What can parameter store changes generate

Answer 79

Events

Question 80

What is Secrets Manager usable from

Answer 80

Console, CLI, API or SDK

Question 81

Which supports secret automatic rotation, Secrets Manager or PArameter store

Answer 81

Secrets Manager

Question 82

How does secret automatic location work in Secrets Manager

Answer 82

Using Lambda

Question 83

What are some features of Secrets Manager vs Parameter store

Answer 83

Secrets Manager is designed for secrets
It also directly integrates with some AWS products (RDS)

Question 84

What is EC2 on-demand

Answer 84

Multiple customers share hardware

Question 85

How are you billed for EC2 on-demand

Answer 85

Per second that the instance is running

Question 86

Do you have priority with on-demand

Answer 86

No, in case of big demand (major failure), people with reserved get priority

Question 87

What is spot pricing

Answer 87

AWS sells unused capacity at big discount, up to 90% discount
AWS sets price, customers set max they are willing to pay

Question 88

Should you use spot instances if your workload cannot tolerate interruptions

Answer 88

No

Question 89

Are you still billed for your unused reservation

Answer 89

Yes

Question 90

What are EC2 reservations defined by

Answer 90

Type of instance and AZ or region

Question 91

What happens if you lock an instance reservation to an AZ

Answer 91

You reserve capacity, but you can only take advantage in that AZ

Question 92

If you lock an EC2 reservation to a region, does it reserve capacity?

Answer 92

No

Question 93

What are the term lengths for reservation

Answer 93

1 or 3 year

Question 94

What is a dedicated host

Answer 94

You get a whole host
Hosts are designed for a famility of instances
Capacity management is required

Question 95

What is dedicated instances

Answer 95

You don’t own or share the host, but you have dedicated hardware
You don’t manage the host

Question 96

What are the limitations in terms of number of EC2 instances

Answer 96

• On-demand: vCPU-based limit per region
• Purchasing 20 reserved instances per region
• Dynamic Spot limit per region for Spot instance requests

Question 97

What is AWS Nitro

Answer 97

The underlying platform for next generation of EC2 instances
Uses dedicated hardware for the hyervisors

Question 98

What instance types for general purpose

Answer 98

t-type
m-type

Question 99

Can you stop an Instance store-backed instance

Answer 99

No, you can only terminate it

Question 100

How do you give a static IPv4 address to an instance

Answer 100

Elastic IP addresses

Question 101

What OS are supported for instance hibernation

Answer 101

Amazon Linux
Ubuntu 18.04 LTS

Question 102

What is a requirement for hibernation

Answer 102

Encrypted EBS-backed instance

Question 103

What happens when an instance hibernates

Answer 103

Writes in-memory state to a file in root EBS

Question 104

What do you pay for in an hibernating instance

Answer 104

EBS Volumes and Elastic IPs

Question 105

What happens to attached EBS volume when an instance is terminated

Answer 105

Preserved by default

Question 106

How can you prevent accidental instance termination

Answer 106

Enable termination protection

Question 107

Is there such a thing as instance stop protection

Answer 107

Yes

Question 108

What can you do to a stopped instance

Answer 108

Modify properties, size, or update kernel

Question 109

What is included in an AMI

Answer 109

Template for root volume
Launch permissions
Block device mapping

Question 110

What are EC2 placement groups

Answer 110

They determine how instances are placed on underlying hardware

Question 111

What are the 3 options for placement groups

Answer 111

Cluster
Spread
Partition

Question 112

What is cluster placement group

Answer 112

It clusters instances into a low-latency group in a single AZ

Question 113

What is Spread placement group

Answer 113

Spreads instances across underlying hardware
Can span multiple AZs

Question 114

What is the max number of instance per AZ per group for cluster group

Answer 114

7

Question 115

What is partition placement group

Answer 115

Spread across logical partitions
Different partitions do not share hardware

Question 116

What is a use case for cluster placement group

Answer 116

Performance, fast speeds, low latency

Question 117

What is a use case for spread placement group

Answer 117

Small number of critical instances that need to be kept separated from each other

Question 118

What is the maximum number of EC2 partitions per AZ

Answer 118

7

Question 119

What is partition group great for

Answer 119

Topology-aware apps

Question 120

What is Elastic inference accelerators

Answer 120

Enable to attach low-cost GPU powered acceleration to EC2, Sagemaker instances and other resources

Question 121

Does ENI stay attached when stopping an instance

Answer 121

Yes

Question 122

Does Elastic IP detach after stopping instance

Answer 122

No

Question 123

Can underlying host change when stopping an restarting instance

Answer 123

Yes

Question 124

What are the 3 components of AWS Glue

Answer 124

Central Metadate Repository
ETL Engine
Flexible Scheduler

Question 125

What is the AWS Glue Data Catalog

Answer 125

Perisitent metadata store

Question 126

What is the crawler used for in AWS GLue

Answer 126

Populate AWS Glue Data Catalog with tables

Question 127

How does the crawler work in AWS Glue

Answer 127

Determine format, schema of raw data
Group data into tables or partitions
Write metadata to AWS Glue Data Catalog

Question 128

What is needed to use DynamoDB accelerator

Answer 128

Install DAX SDK on instance

Question 129

Does DAX change how apps interact with DynamoDB from the apps perspective

Answer 129

No

Question 130

How is DAX accessed

Answer 130

Via an endpoint
It load balances

Question 131

What is the architecture of DAX

Answer 131

Primary instance with replica in other AZs
Primary supports Write
Replicas support read

Question 132

Does DAX support write-through

Answer 132

Yes, on primary node

Question 133

Is DAX HA

Answer 133

Yes, if primary fails, we have a failover

Question 134

What kinds of scaling does DAX do

Answer 134

Up AND Out

Question 135

Is DAX a public service

Answer 135

No, it is deployed within a VPC

Question 136

Do you have to set autoscaling for Dynamodb

Answer 136

Yes

Question 137

What is capacity in DynamoDB

Answer 137

Speed

Question 138

What is on-demand mode for DynamoDB

Answer 138

You only pay for the operations

Question 139

What do you set when you use provisioned DynamoDB

Answer 139

RCU and WCU, they are KB per second of read or write

Question 140

What does Autoscaling do with DynamoDB

Answer 140

Dynamically adjusts the provisioned throughput capacity

Question 141

What is DynamoDB Global Tables

Answer 141

Multi-master cross-region replication

Question 142

Who wins conflict resolution with DynamoDB Global Tables

Answer 142

Last writer

Question 143

What is the speed of replicaiton for Global DynamoDB

Answer 143

GEnerally sub-second

Question 144

What is AWS Transit Gateway

Answer 144

A Network Transit Hub to connect VPCs to onprem networks

Question 145

What does Transit Gateway use

Answer 145

site-to-site vpns and DX

Question 146

What attachments are supported for AWS Transit Gateway

Answer 146

VPC
Site-to-Site VPN
Direct Connect Gateway

Question 147

How many VPN tunnels do you need from a Customer Gateway to a Transit Gateway to have HA

Answer 147

2

Question 148

Where do you configure VPC attachments for a Transit Gateway

Answer 148

One to a subnet in each AZ where service is required

Question 149

How can you connect to VPCs in another account or region with Transit Gateway

Answer 149

Peer to other transit gateway that belongs to another account or region

Question 150

When you peer Transit Gateways, where does traffic transit by

Answer 150

AWS Global Network, not public internet

Question 151

Does Transit Gateway support transitive routing

Answer 151

Yes
As long as appropriate routing is in place

Question 152

How can you share Transit Gateways between AWS accounts

Answer 152

Using RAM

Question 153

What does Transit Gateway do with regards to Multicast

Answer 153

It enables customers to have fine-grain control on who can consume and produce multicast traffic
Can maange multicast groups

Question 154

What are the 3 modes of storage gateway

Answer 154

Volume
-Cache
-Stored
Tape
File

Question 155

What is Storage Gateway Volume stored mode

Answer 155

It only uses AWS for backups

Question 156

What does AWS Storage gateway file mode do

Answer 156

It presents a file-based interface to S3

Question 157

How does Storage Gateway volume mode work

Answer 157

Uses volumes that have S3 snapshots

Question 158

What is Amazon DocumentDB

Answer 158

Fully managed document database
COmpatible with MongoDB

Question 159

If you can’t change the code and must use MongoDB, what should you use

Answer 159

DocumentDB

Question 160

What is Amazon Neptune

Answer 160

Graph database

Question 161

What is the Cluster endpoint in Aurora

Answer 161

AKA writer endpoint
Points to primary

Question 162

What is Aurora Parallel Query

Answer 162

Enables Aurora to push down and distribute computational load of a single query across thousands of CPUs in Aurora storage layer

Question 163

What are the 4 types of endpoints for Aurora

Answer 163

Cluster
Reader
Custom
Instance

Question 164

What is a custom endpoint in Aurora

Answer 164

It reprensts a set of instances you choose, and does load-balancing

Question 165

What is an instance endpoint in Aurora

Answer 165

Connects to a specific instance

Question 166

What can wildcard certificates handle

Answer 166

Syb-domains

Question 167

When should you use dedicaeed IP custom ssl

Answer 167

For browsers that do not support SNI