TD Exam 6 Flashcards
Can SQS accept http requests directly
No, No, not from outside AWS
What is on-demand capacity reservation
It enables you to reserve compute capacity in a specific AZ for any duration.
No commitment
Capacity available immeditaly
Is reserved capacity automatically used by running instances
yes, if they match
Does on-demand capacity reservation count with discounts fro regional reservation and SAvings plans
Yes if instance attributes match
Can you reserve capacity with Regional Reserved instances
No
Do you need commitment when doing on-demand capacity reservation
No
Does capacity reservation provide a discount
No
How much do on-demand capacity reservation cost
Equivalent of on-demand whether you run instances or not
Whatg do you pay for when you run an instance that matches attributes of an on-demand reservation
Pay only for the instance
Can scheduled reserved instance reserve capacity
Yes
What is the term for scheduled instance reservations
One year
What is AWS Elastic Disaster Recovery service (DRS)
Provides continuous block-level replication, recovery orchestration and automated server conversion capability
What kin of RPO and RTO can you expect from DRS
RPO of seconds, RTO of 5-20 mins
What is the max number of instances for spread placement group
21, 7 per AZ
Is there a limit for number of instances cluster placement group
Only the normal limit of instances in your account
What is recommended when using cluster placement group
Launch them all in a single request and use same instance type (size deos not matter)
What should you do if capacity error when launching new instance in cluster placement group
Stop and restart the instances
What type of replication do you get when you have Aurora Read replica in other region
Asynchronous less than one second
What type of replication do you get when you have RDS MySQL Read replica in other region
Asynchronous, more than one second
What should you use if you need read replica with asynchronous replication that is less than one second
Aurora read replica
Does Elastic Beanstalk support containers
Yes
What should you use if you want something that automatically handles load balancing, auto-scaling, monitoring, placing containers, etc
Elastic Beanstalk
What is the most efficient way to copy data with database
Aurora Cloning
Does Aurora serverless support cloning
No
Does Aurora serverless support IAM db auth
No
Does Aurora serverless support Native functions
No
Does scaing support metrics like CPU Utilization for ALB
No
Can you use a lambda url directly as a webhook
Yes
What is ECR
Alternative to docker hub
What is in a container definition
Image
Ports
What is a task in ECS
An app, can have multiple containers
Permissions is in task definition (task role)
Also if EC2 or Fargate
What is ECS service
Define how a task should scale
Can have load balancer in front of it
Configure scaling and HA
What is in a task definition in ECS
Security, container(s), resources
What is in a service in ECS
How many copies, HA, Restarts
How are CloudWatch Events turned into actions
Using Amazon EventBridge
What is generated for ACM certificates that are eligible for renewal
AWS Health events
Can you schedule CloudWatch event rules to run
Yes
How can you force ssl for Microsoft SQL server
rds.force_ssl parameter and reboot instance
No work required by client app
Download Amazon RDS Root cert and import it to servers then configure app
What engines is IAM DB auth available with
Postgres and MySQL
What is Transparent Data Encryption (TDE) used for
Usually for data at rest, not in transit
Does AWS Global Accelerator provide static IPs
Yes
What is endpoint group in Global Accelertator
Associated with a region
What are Unicast IP addresses
Multiple devices, route to device in closest location
Can global accelerator be used with non-http
Yes
Can cloudfront be used with non-http
No
What does Global accelerator do in terms of IP
2 static unicast IPs that it assigns to you
Do local zones support DX
Yes
How does VPC work with local zones
Create subnets in local zones
Where is S3 with local zones
In parent zone
What is CloudFront cache control max-age directive
How long objects stay in cache
Can you set 2 primary origins in cloudfront
No
What is minimum cache time in cloudfront
0 for web distributions
3600 for rtmp (this is streaming??)
What can an origin group contain
A primary and a secondary origin
Can you use an autoscaling group as origin for CloudFront
No, you need a load balancer in front
What type of operation is resharding in Kinesis
Pair-wise, divide in 2 or merge 2 shards
How do you increase capacity of a Kinesis stream
More shards, more exp too tho
Is there such a thing as Kinesis Video streams
Yes
How long does Kinesis stream store by default
24h
What is the max time of storage of data in Kinesis
365 days
What is Appflow
Service, fully-managed, to integrat apps
What is OpenSearch
Open source search engine
Which elasticache config supports multithread by deaulft
Memcached
Whcih elasticache engine supports advanced data structures
Redis
Which elasticache engine supports replication
Redis
Which elasticache engine supports backups
Redis
Which elasticache engine supports transactions (multiple operations as one)
Reds
Which elasticache engine supports multithreading
Memcached
Which elasticache engine supports sharding
Memcached
Which elasticache engine supports autodiscovery
Memcached
Is Redis in elasticache able to detect and replace failed nodes automatically
No
What are the adantages of memcached
Multithread
Node autodiscovery
Is EFS storage capacity elastic
Yes
What are the 2 performance modes for EFS
General purpose
Max IO
What are the 2 throughput modes for EFS
Bursting
Provisioned
What does cross-zone lone balancing do
Each load balancer node distributes traffic across registered targets in all AZs, if disabled, only same AZ as node
Is cross-zone balancing enabled by default
Only on ALBs, not on NLBs
What is the only required section in a CF template
Resources
How do you control version with cloudfront
Invalidate files or give them versioned file names
Advantages of CF object versions
Cheaper not to invalidate
Access logs speak better
Simplifies rolling forward and back
Where are application files stores for Elastic Beanstalk
S3
Where are log files stored for Elastic Beanstalk
S3 or CloudWatch logs
What is ECS cluster auto-scaling
Allows ECS to manage scale-in and out of ASG
Can you move assets directly to cloudfront
No
Does file gateway have a local cache
Yes
What does file gateway cache do
buffer for writes and cache for reads, cached read = immediate access
Can Amazon pinpoint stream to Kinesis
Yes
Is SNS suitable for multi-engagement SMS marketing campaign
No, use Pinpoint
What does Amazon Connect do
Cloud customer contact center service (customer service)
What does Amazon pinpoint do
Flexbile, scalable marketing communications service
Can uploader set permissions for objects in S3
Yes
Who owns an S3 object by deafult
Uploader account, not the bucket owner account
How do you make sure the bucket owner has access to everything uploaded
Bucket policy requiring bucket-owner-full-control in object ACL
What port is RDP
3389
What protocol is RDP
TCP and UDP (I think), port 3389
How do you get better permission with Athena
Convert to apache PArquet
Advantages of parquet
Columnar storage
2x faster to upload
6x less storage
(In S3 compared to other text formats)
What is a permission to read and write underlying data with access controlled by Lake Formation Permissions
IAM permission lakeformation:GetDataAccess
What is a characteristic of EBS encryption by default
It is per region
What happens to an unencryopted snapshot or volume when you set up encryption by default (EBS)
Resulting new volume or snapshot after will be encrypted
Is there a direct way to encrypt existing snapshot or volume
No
Does EBS encryption support asymmetric CMKs
No
Can you change CMK associated with existing encrypted snapshot or volume (EBS)
No, but can associate different CMK during snapshot copy operation
What are choices with auth when creating new IAM user by console
Console password or access keys, you need at least one
Not the case when created using CLI or API
What are the 2 policies associated with a role
Trust policy (who can assume)
Permissions (what can it do)
