TD Exam 5 - Review Flashcards
1
Q
What is the minimum billing duration for AWS Glue
A
1 minutes
2
Q
Can AWS Batch automatically provision capacity for your batch jobs
A
Yes
3
Q
Does step scaling use CloudWatch Alarms
A
Yes
4
Q
What deos step scaling vary depending on
A
Size of alarm breach
5
Q
What does simple scaling depend on
A
A SINGLE scaling adjustment
6
Q
Is there such a thing as AWS Storage Gateway Hardware appliance
A
Yes
7
Q
What do you do if you want to use Storage gateway with an app that does not run on virtualized stuff
A
Storage Gateway Hardware appliance
8
Q
What kind of storage gateway do you need to use if you want SMB or NFS
A
File Gateway
9
Q
What protocol is used by Storage gateway volume mode
A
iSCSI, it’s block devices
10
Q
What does AppSync Gateway do
A
It offers an elegant server-side solution to aggregate data from multiple databases
11
Q
What is edge-optimized API Gateway used for
A
With CloudFront
12
Q
What can Transit Gateway use to make VPN more scalable
A
Equal Cost Multipath Routing, to do routing over multiple VPN tunnels
13
Q
What is the max throughput of a VPN tunnel
A
1.25 Gbps
14
Q
How many Virtual Private Gateways can VPCs have
A
One
15
Q
Can you have more than 2 tunnels for a VPN
A
No
16
Q
Will having a second Customer gateway device increase throughput of a VPN
A
No, only the redundancy
17
Q
What does Aurora do during Failover if you have no standby and are not serverless
A
Attemps to create new instance in same AZ, best efforts
18
Q
What happens during Aurora failover if you have a replica
A
CName flips to helathy relica. Around 30 s
19
Q
What does Aurora do during Failover if you have no standby and are serverless
A
Aurora automatically recreate db in different AZ
20
Q
What should you put in Route 53 to link an ALB
A
ALB DNS name
21
Q
Can you create CNAME records for you zone Apex
A
No
22
Q
Is data between EBS and EC2 encrypted if you use EBS encryption
A
Yes
23
Q
Are snapshots encrypted automatically if you use EBS encryption
A
Yes
24
Q
Are volumes created from encrypted EBS snapshots also encrypted
A
Yes
25
What do you use to configure instances without SSH and RDP if Systems Manager is enabled
Run Command
26
Should you use NACLs to deny access from a country
No, there is a lot of IPs in a country
27
What should you do to deny access from a Country
AWS WAF
28
What is Amazon Workspaces used for
Virtual Desktops
29
Are cloudtrail files encrypted by default
Yes, using SSE
30
Can EBS volumes be used when a snapshot is in progress
Yes
31
How does data load to a volume created from EBS snapshot
Lazily and in the background
32
Can Network firewall be used to inspect traffic entering and exiting a VPC
Yes
33
is Network Firewall stateless
No, it is stateful
34
Can you set lifecycle policy for 0 days in S3
Yes
35
Can you upload directly to Glacier
Yes, but not using the console
Using console, you can change storage class to glacier though
36
Can you specify public IPs for ALB
No
37
What do you need to point to onprem from ALB
PrivateLink or VPN
38
Does Network Load Balancer have weighted routing
No
39
What should you use if you need Real Time
Kinesis
40
What is AppSync
Serverless GraphQL and Pub/Sub API
41
Does AWS Trusted Advisor have Service Limits checks
Yes
42
What are CloudTrail Management events
Visibility into management events of AWS accounts
43
What are data events in CloudTrail
Resource operations
44
What polling does SQS use by default
Short Polling
45
How do you configure polling in SQS
ReceiveMessageWaitTimeSeconds
46
What value for ReceiveMessageWaitTimeSeconds means short polling
0
47
What value for ReceiveMessageWaitTimeSeconds means long polling
more than 0
48
What is false empty responses in SQS
You get an empty response when using short polling because not all servers are polled
49
How does long polling diminish the number of empty responses
By allowing SQS to wait for a message before sending a response, until timeout
50
How to you ensure all servers are polled using SQS
Use long polling
51
What is the max performance for S3
3500 writes per s, 5500 reads per s per S3 prefix
52
Does EFA support Windows
No
53
What is AWS ParallelCluster
AWS-supported open-source cluster management tool
54
What is a useful metric when sclaing based on SQS
ApproximateAgeOfOldestMessage
55
What is a limitation of SimpleDB
It has a limit on request capacity and storage size for a given table
56
How do you delay termination of instance
Lifecycle hook in AutoScaling Group to use Terminating:Wait state
57
What is instance warmup condition
Specifies how long before including instance in metric
58
What is AWS Wavelength
Allows AWS deployments in telecom provider data centers at edge of 5g netwroks
59
What is the point of Wavelength
Extend AWS to 5g edges
60
How can you used IAM for kubernetes RBAC
aws-auth configmap
61
What is default visibility timeout
30s
62
Which is more scalable, RDS or Aurora
Aurora
63
Can you use tags to limit access to ressources with IAM
Yes
64
Would XRAY on an ECS cluster track IP
No
65
What is CloudWatch application insights
Facilitates observability of apps and underlying AWS resources
Uses SageMaker
66
What do Access Logs on ALB provide
Request time, latencies, paths, client IP, server response
Disabled by default
67
CloudTrail vs Cloudwatch
CloudTrail: AWS console actions and api calls
Cloudwatch: systems monitoring
68
How to use IAM with MySQL
AWSAuthenticationPlugin for MySQL
69
What DB engines does IAM db auth work with
MySQL and PostgreSQL
70
What is an advantage of IAM DB auth
SSL for traffic
71
What are NS record types
Allow delegation to occur
72
What are A and AAAA records
Map host to IP (A = IPv4, AAAA = IPv6)
Or AWS Resource with alias
73
What is CNAME Records
Host to host (point to other names)
74
What is MX records
Mail
75
What is TXT record
Used to prove domain ownership
Add random text
76
Can you use a CNAME for the apex of a domain
No
77
Could you use a CNAME to point to an ALB with www.asd.com
Yes, ity is not the apex
78
Could you use a CNAME to point to an ALB with asd.com
No, it is the apex
79
What is an alias record
Usually, maps name to AWS resource
80
What can alias record be used with
naked/apex and normal recors
81
What is the difference between alias an CNAME record for non-apex domains
They work in the same way.
Alias is free for requests pointing at AWS resource
82
What type of record should you pick when pointing to AWS Service
Alias
83
What is the record type for an alias
Should be the same type as what it is pointing at; can be CNAME, A, etc
84
What kind of record is the DNS fiven for an ELB
A record
85
What kind of record do you need for DNS pointing to ALB
Alias A record
86
Can you use alias elsewhere than R53
No, it is implemented by AWS, outside the DNS standard
87
Is EBS encrypted by default
No
88
Where is the key to decrypt EBS held in plaintext
Only in memory of EC2 host
89
Can you configure encryption for EBS by deaulft
Yes, for an account
90
Is KMS key used to encrypt EBS volume
No, it uses a DEK, one per volume
91
What volumes uses the same DEK in EBS
Snapshots, future volumes and the volume itself. No other volume uses it.
92
Can you remove encryption from an EBS volume or snapshot
No
93
What does OS see in an encrypted EBS
Plaintext
94
Is EC2 OS aware of encryption
No
No performance loss
95
What encryption used for EBS
AES-256
96
Can you detach secondary ENI
Yes, and attach it to other instance
97
Can ENIs have source/destination checks
Yes
98
What is RDS multiAZ instance mode
One standby in other AZ
Synchronous replication at storage level
Access via CNAME points to primary
Can do backup from standby
Failover: CNAME points to standby
60-120s, remove DNS caching for faster
Cannot use standby for read/writes
Same region only
99
What is RDS multiAZ cluster mode
One writer, 2 readers replicas (only) different AZs
SYNCHRONOUS replication
Readers are usable
Data committed when one reader at least has it
Each instance has it's storage
Cluster endpoint
Reader endpoint (can include writer)
Instance endpoints
Replication via transaction logs, more efficient
Failover is faster, 35s + transaction logs apply
100
What is Aurora
Single primary + 0 or more replicas; failover and reads
No local storage, shared cluster volume
Max size of shared storage: 128 TiB, across AZs
Synchronous replication across storage nodes
Replication at storage level
All instances have access to all storage nodes
Default: only primary can write
Can have up to 15 replicas, any can be failover
Don't allocate storage, billed on what is used, high water mark
Endpoints
101
What is Aurora serverless
Billed as serverless, write min an max ACU
Same resilience as Aurora (6 copies across AZ)
102
How many REad instances in Aurora Global DB
only one
103
What is systems manager used for
Centralize operational data and automate tasks across resources
104
What does run command do
Remotely and securely manage configuration of managed instances at scale
105
What is WAF
L7 firewall
106
What does WAF apply to
CF, ALB, AppSync, API Gateway and such
107
What is logged in CloudTrail
Almost anything that can be done to an AWS account
108
What is default storage for CloudTrail
90 days
109
Is Cloudtrail RT
No
110
How are EBS snapshots implemented
They are incremental
111
How can you force a complete restore of EBWS snapshot
Force read data
Or FSR (Fast snapshot restore)
112
When should you use datasync
Huge transfers
Schedule
Encryption
Throttling
Automatic retry
113
What is max size of SQS message
256 KB
114
Does SQS support encryption
Yes, using KMS, at rest
115
What are ASG Lifecycle hooks
Allow you to set up custom actions during ASG actions
116
What do ASG Lifecycle hooks do
Instances are paused within flow, until timeout or unpaused (CompleteLifecycleAction)
117
What can be used with Lifecycle hooks
SNS and EventBridge
118
What is a concept used in step scaling
Size of alarm breach
119
Can ASG respond to additional alarms during scaling for simple scaling
No
120
Can ASG respond to additional alarms during scaling for step scaling
Yes
121
Can AWS Achema COnversion handle app code
Apparently, yes
122
What are the 2 supported solutions to add nodes automatically to EKS
Karpenter
Cluster Autoscaler
123
