TD Exam 5 - Review Flashcards
What is the minimum billing duration for AWS Glue
1 minutes
Can AWS Batch automatically provision capacity for your batch jobs
Yes
Does step scaling use CloudWatch Alarms
Yes
What deos step scaling vary depending on
Size of alarm breach
What does simple scaling depend on
A SINGLE scaling adjustment
Is there such a thing as AWS Storage Gateway Hardware appliance
Yes
What do you do if you want to use Storage gateway with an app that does not run on virtualized stuff
Storage Gateway Hardware appliance
What kind of storage gateway do you need to use if you want SMB or NFS
File Gateway
What protocol is used by Storage gateway volume mode
iSCSI, it’s block devices
What does AppSync Gateway do
It offers an elegant server-side solution to aggregate data from multiple databases
What is edge-optimized API Gateway used for
With CloudFront
What can Transit Gateway use to make VPN more scalable
Equal Cost Multipath Routing, to do routing over multiple VPN tunnels
What is the max throughput of a VPN tunnel
1.25 Gbps
How many Virtual Private Gateways can VPCs have
One
Can you have more than 2 tunnels for a VPN
No
Will having a second Customer gateway device increase throughput of a VPN
No, only the redundancy
What does Aurora do during Failover if you have no standby and are not serverless
Attemps to create new instance in same AZ, best efforts
What happens during Aurora failover if you have a replica
CName flips to helathy relica. Around 30 s
What does Aurora do during Failover if you have no standby and are serverless
Aurora automatically recreate db in different AZ
What should you put in Route 53 to link an ALB
ALB DNS name
Can you create CNAME records for you zone Apex
No
Is data between EBS and EC2 encrypted if you use EBS encryption
Yes
Are snapshots encrypted automatically if you use EBS encryption
Yes
Are volumes created from encrypted EBS snapshots also encrypted
Yes
What do you use to configure instances without SSH and RDP if Systems Manager is enabled
Run Command
Should you use NACLs to deny access from a country
No, there is a lot of IPs in a country
What should you do to deny access from a Country
AWS WAF
What is Amazon Workspaces used for
Virtual Desktops
Are cloudtrail files encrypted by default
Yes, using SSE
Can EBS volumes be used when a snapshot is in progress
Yes
How does data load to a volume created from EBS snapshot
Lazily and in the background
Can Network firewall be used to inspect traffic entering and exiting a VPC
Yes
is Network Firewall stateless
No, it is stateful
Can you set lifecycle policy for 0 days in S3
Yes
Can you upload directly to Glacier
Yes, but not using the console
Using console, you can change storage class to glacier though
Can you specify public IPs for ALB
No
What do you need to point to onprem from ALB
PrivateLink or VPN
Does Network Load Balancer have weighted routing
No
What should you use if you need Real Time
Kinesis
What is AppSync
Serverless GraphQL and Pub/Sub API
Does AWS Trusted Advisor have Service Limits checks
Yes
What are CloudTrail Management events
Visibility into management events of AWS accounts
What are data events in CloudTrail
Resource operations
What polling does SQS use by default
Short Polling
How do you configure polling in SQS
ReceiveMessageWaitTimeSeconds
What value for ReceiveMessageWaitTimeSeconds means short polling
0
What value for ReceiveMessageWaitTimeSeconds means long polling
more than 0
What is false empty responses in SQS
You get an empty response when using short polling because not all servers are polled
How does long polling diminish the number of empty responses
By allowing SQS to wait for a message before sending a response, until timeout
How to you ensure all servers are polled using SQS
Use long polling
What is the max performance for S3
3500 writes per s, 5500 reads per s per S3 prefix
Does EFA support Windows
No
What is AWS ParallelCluster
AWS-supported open-source cluster management tool
What is a useful metric when sclaing based on SQS
ApproximateAgeOfOldestMessage
What is a limitation of SimpleDB
It has a limit on request capacity and storage size for a given table
How do you delay termination of instance
Lifecycle hook in AutoScaling Group to use Terminating:Wait state
What is instance warmup condition
Specifies how long before including instance in metric
What is AWS Wavelength
Allows AWS deployments in telecom provider data centers at edge of 5g netwroks
What is the point of Wavelength
Extend AWS to 5g edges
How can you used IAM for kubernetes RBAC
aws-auth configmap
What is default visibility timeout
30s
Which is more scalable, RDS or Aurora
Aurora
Can you use tags to limit access to ressources with IAM
Yes
Would XRAY on an ECS cluster track IP
No
What is CloudWatch application insights
Facilitates observability of apps and underlying AWS resources
Uses SageMaker
What do Access Logs on ALB provide
Request time, latencies, paths, client IP, server response
Disabled by default
CloudTrail vs Cloudwatch
CloudTrail: AWS console actions and api calls
Cloudwatch: systems monitoring
How to use IAM with MySQL
AWSAuthenticationPlugin for MySQL
What DB engines does IAM db auth work with
MySQL and PostgreSQL
What is an advantage of IAM DB auth
SSL for traffic
What are NS record types
Allow delegation to occur
What are A and AAAA records
Map host to IP (A = IPv4, AAAA = IPv6)
Or AWS Resource with alias
What is CNAME Records
Host to host (point to other names)
What is MX records
What is TXT record
Used to prove domain ownership
Add random text
Can you use a CNAME for the apex of a domain
No
Could you use a CNAME to point to an ALB with www.asd.com
Yes, ity is not the apex
Could you use a CNAME to point to an ALB with asd.com
No, it is the apex
What is an alias record
Usually, maps name to AWS resource
What can alias record be used with
naked/apex and normal recors
What is the difference between alias an CNAME record for non-apex domains
They work in the same way.
Alias is free for requests pointing at AWS resource
What type of record should you pick when pointing to AWS Service
Alias
What is the record type for an alias
Should be the same type as what it is pointing at; can be CNAME, A, etc
What kind of record is the DNS fiven for an ELB
A record
What kind of record do you need for DNS pointing to ALB
Alias A record
Can you use alias elsewhere than R53
No, it is implemented by AWS, outside the DNS standard
Is EBS encrypted by default
No
Where is the key to decrypt EBS held in plaintext
Only in memory of EC2 host
Can you configure encryption for EBS by deaulft
Yes, for an account
Is KMS key used to encrypt EBS volume
No, it uses a DEK, one per volume
What volumes uses the same DEK in EBS
Snapshots, future volumes and the volume itself. No other volume uses it.
Can you remove encryption from an EBS volume or snapshot
No
What does OS see in an encrypted EBS
Plaintext
Is EC2 OS aware of encryption
No
No performance loss
What encryption used for EBS
AES-256
Can you detach secondary ENI
Yes, and attach it to other instance
Can ENIs have source/destination checks
Yes
What is RDS multiAZ instance mode
One standby in other AZ
Synchronous replication at storage level
Access via CNAME points to primary
Can do backup from standby
Failover: CNAME points to standby
60-120s, remove DNS caching for faster
Cannot use standby for read/writes
Same region only
What is RDS multiAZ cluster mode
One writer, 2 readers replicas (only) different AZs
SYNCHRONOUS replication
Readers are usable
Data committed when one reader at least has it
Each instance has it’s storage
Cluster endpoint
Reader endpoint (can include writer)
Instance endpoints
Replication via transaction logs, more efficient
Failover is faster, 35s + transaction logs apply
What is Aurora
Single primary + 0 or more replicas; failover and reads
No local storage, shared cluster volume
Max size of shared storage: 128 TiB, across AZs
Synchronous replication across storage nodes
Replication at storage level
All instances have access to all storage nodes
Default: only primary can write
Can have up to 15 replicas, any can be failover
Don’t allocate storage, billed on what is used, high water mark
Endpoints
What is Aurora serverless
Billed as serverless, write min an max ACU
Same resilience as Aurora (6 copies across AZ)
How many REad instances in Aurora Global DB
only one
What is systems manager used for
Centralize operational data and automate tasks across resources
What does run command do
Remotely and securely manage configuration of managed instances at scale
What is WAF
L7 firewall
What does WAF apply to
CF, ALB, AppSync, API Gateway and such
What is logged in CloudTrail
Almost anything that can be done to an AWS account
What is default storage for CloudTrail
90 days
Is Cloudtrail RT
No
How are EBS snapshots implemented
They are incremental
How can you force a complete restore of EBWS snapshot
Force read data
Or FSR (Fast snapshot restore)
When should you use datasync
Huge transfers
Schedule
Encryption
Throttling
Automatic retry
What is max size of SQS message
256 KB
Does SQS support encryption
Yes, using KMS, at rest
What are ASG Lifecycle hooks
Allow you to set up custom actions during ASG actions
What do ASG Lifecycle hooks do
Instances are paused within flow, until timeout or unpaused (CompleteLifecycleAction)
What can be used with Lifecycle hooks
SNS and EventBridge
What is a concept used in step scaling
Size of alarm breach
Can ASG respond to additional alarms during scaling for simple scaling
No
Can ASG respond to additional alarms during scaling for step scaling
Yes
Can AWS Achema COnversion handle app code
Apparently, yes
What are the 2 supported solutions to add nodes automatically to EKS
Karpenter
Cluster Autoscaler
