TD Exam 4 - Short review Flashcards
Does SNS prevent duplication, loss and maintain order by default?
No
Can SNS handle thousands of messages a day
Maybe not
Is Kinesis Data Stream appropriate for thousands of messages a day that need to be sent to EMR
Yes
Does Kinesis Data Stream prevent duplication, loss and maintain order by default?
Yes
Can you configure RAID for instance store volumes
Yes
Can you configure RAID for EBS volumes
Yes
What is RAID 0
Use data stripping to have better performance
Distributes I/O across volumes in a tripe
If you add a volume, you get straight addition of throughput and IOPS
Can an instance have multiple instance stores
Yes
What is RAID 1
It is used for data mirroring
What is ACID
Provides consistency
What is BASE
Provides HA
Which replication type in RDS supports ACID
REad-replica can support it
What is Amazon Elastic MapReduce
Amazon EMR
What is needed to ensure all objects uploaded to an S3 bucket can read publicly all over the internet
Configure S3 bucket policy to set all objects to public read
Grant public read access to the object when uploading it using S3 Console
What does CORS do in an S3 bucket
Allows objects from one domain to be loaded and accessible ro a different domain
Can you configure an S3 bucket policy to set all objects to public read
Yes, or set permission during upload for a specific object
Where is instance type configured for an auto-scaling group
In launch template
Do you need to create a new version of a launch template to change instance type
Yes, templates can’t be modified unless you create a new version
Are you restricted to us-east-1 when requesting public certificates with ACM
No
What is Redshift spectrum
It allows you to directly run SQL queries against unstructured data in S3
When do instances have associated DNS hostnames
When DNS resolution and DNS hostname are enabled in VPC configuration
What is Glacier Vault
A container for storing archives
There is such a thing as Vault Policies and Vault Lock for WORM compliance
Does AWS SSO require SAML compatibility
Yes
What is Requester Pays
Requester of S3 pays for access
Does Requester Pays disable anonymous access
Yes, automatically
What are the enhanced monitoring metrics in RDS
Includes RDS processes
OS processes
What does RDS enhanced monitoring do
Add an agent on the instance
What is freeable memory in RDS
How much ram is available on the instance
What are some metrics available by default with RDS
CPU Utilization
Database Connections
Freeable memory
What is queue length for Provisioned IOPS volumes
Length of waiting operations
What is the maximum ratio of IOPS to requested volume size
50:1
What is the max IOPS for provisioned IOPS io1
64k iops
What is the maximum IO size for io1 volume at 32k IOPS
256 kiB
What impact does volume size have on IOPS queue length and value
More GB = Better IOPS = lower queue length
What is IOPS volume queue
number of pending IO requests for a device
What queue length should you want for a latency-sensitive app
Low queue length
What is Amazon Application Discovery
Used to track the migration status of your applications from the Migration Hub console
What is the best way to do VM lift and shift
AWS Application Migration Service
What is the order or a resource dclaraiton in CloudFormation
region:account:service:service id
Can you automate promotion of an RDS read replica (automatic failover)
No
How can you ensure Redshift has continuity even if there is a region-wide failure
Enable Cross-Region snapshots in the cluster
What kind of resilience does redshift have by default
AZ, but can have multi-AZ deployment
What is an advantage of taking a snapshot and terminating an RDS instance vs stopping it
A stopped RDS instance still incurs cost of its storage
Can Cloudwatch alarms restart EC2 instances by themselves
Yes, using cloudwatch alarm actions
What are Flow logs
They are used in VPCs
What is Kubernetes Cluster Autoscaler
It automatically asjusts the number of nodes in a cluster. It utilizes Auto Scaling Groups
What is a Kubernetes Cluster Autoscaler alternative
Karpenter
Is there such a thing as Spot storage in EBS
No
What is ElastiCache
In-memory database, memcached or redis
Is there a managed config rule to check IAM user access key rotation
Yes
If you add a new domain to an ALB and want to redirect http traffic to https for that traffic only, do you need to create a new listener or a new ALB
No, there can only be one listener on a specific port per ALB
Where can you get information about upcoming AWS events
AWS Personal Health Dashbord
What is the metadata endpoint for EC2 instances
http://169.254.169.254/latest/meta-data/
What is user data vs metadata at 169.254.169.254
Metadata is information about the instance
User data is specified by user at isntance launch
How does AWS License Manager work
Makes it easier to centrally manage licenases from vendors
How can you force encryption for objects in an S3 bucket
Yes, by requiring the appropriate header
Can you enforce header rules on S3 bucket policies
Yes, that is how you enforce encryption
What algorithm is used when using S3 SSE
AES-256
Does KMS use AES 256 for S3
No
What are the different types of instances (in terms of optimized)
Is Comprehend Medical a thing
Yes, t is made specifically for Medical information from unstructured text
Is Textract Medical a thing
Yes, but it is not enoughto identif PHI in pdfs
Textract vs Comprehend
Textract : extract text from pdf and such
Comprehend: analyze text
Does Textract have PII redaction
Yes, but it is not suitable for PHI
What is Well-Architected tool
Automatically monitor workload status, conduct architectural reviews and check for AWS best practices
What is Elastic Fabric Adapter
A network device you attach to your EC2 instance to accelerate HPC
What is Elastic Network Adapter
It does not have os-bypass capacity like EFA
How do you grant access to CF to S3 bucket that is not public
Origin Access Identity
Does AWS SSO require SAML 2.0
Yes
What should you do if your identity store is not compatible with SAML 2.0
Build a custom identity broker and use STS
Where are 2 places you can upload an HTTPs certificate you got from a 3rd party
ACM and IAM Certificate Store
Is S3 suitable to upload a certificate
No
What is IAM certificate store
Lets you upload a certificate, but ACM is recommended
What is the primary recommended service for Lift and Shift
AWS Application Migration Service
What is the first step for lift and shift
Install AWS Replication agent on source servers
What are some characteristics of FIFO SQS queues
High throughput (not unlimited)
Exactly-once processing
FIFO delivery
Are step functions an alternative to SQS
YEs
What are some guarantees provided by Step Functions
Task is never duplicated and is assigned only once
Is there such a thing as predictive scaling
Yes, it uses AI to predict load
What does predictive scaling do
It uses machine learning to predict capacity requirements based on historical data from CloudWatch
What EBS is the cheapest
Magnetic volumes
What EBS provides storage with consistent and low-latency performance
Provisioned IOPS
What EBS volumes support multi-attach
Provisioned IOPS io2 and io1
What OS doesnt support OS-bypasss capavility of EFA
Windows
What happens if you attach EFA to windows instance
It acts like an Elastic Network Interface, no OS bypass feature
What is ENA
Provides traditional IP networking features
What is AWS Compute Optimizer
Helps you identify optimal resource configuration, like Lmambda memory size, EC2 instance type, etc
What is the only way to have automatic failover with RDS
Multi-AZ deployment
Can you enforce license limits in AWS Licnse Manager
Yes
