Technology Flashcards
Which AWS database service supports active-active configuration with cross-region support?
Amazon DynamoDB with Global Tables
- DynamoDB: Fully managed NoSQL database with high performance.
- Global Tables: Multi-region, active-active replication for low-latency access.
- Supports automatic scaling, in-memory caching, and continuous backups.
Which service helps identify optimal AWS resource configurations for cost and performance?
AWS Compute Optimizer
- Uses machine learning to recommend optimal EC2, EBS, and Lambda configurations.
- Reduces costs and improves performance by analyzing historical utilization data.
Which AWS service enables private connectivity between VPCs and AWS services without exposing traffic to the public internet?
AWS PrivateLink
- Private connectivity between VPCs and supported services
- Ensures secure communication without internet traffic
- Used with VPC endpoints (e.g., interface and resource endpoints)
Which storage option would you recommend for an EC2 instance running a fault-tolerant scientific computation application requiring high-performance disks and fast I/O?
Instance Store
- Provides temporary block-level storage attached to the host computer.
- Ideal for applications that don’t need data persistence after instance termination.
- Low latency and high-performance storage for fault-tolerant applications that can handle potential disk failures.
Q: What are the key components of AWS Global Infrastructure?
AWS Regions
- Physical locations around the world where AWS has data centers. A Region typically contains 3 to 6 Availability Zones (AZs), each designed for high availability and fault tolerance.
Availability Zones (AZs)
- Isolated, physically separate locations within a Region, each made up of one or more discrete data centers. These AZs are connected by ultra-low-latency, high-bandwidth networking to ensure high performance and resiliency.
Which AWS services are used to decouple components of a microservices application in the AWS Cloud? (two)
Amazon Simple Queue Service (SQS): A fully managed service to decouple microservices, allowing you to send and receive messages at scale without data loss.
Amazon Simple Notification Service (SNS): A durable, secure, managed messaging service to decouple microservices by sending messages to multiple subscribers like Lambda, SQS, and HTTP/S webhooks.
Which methods can you use to access and manage all AWS services? (three)
AWS Management Console: A web interface for easy access to AWS services.
AWS CLI (Command Line Interface): A command-line tool for managing AWS services and automating tasks with scripts.
AWS SDK (Software Development Kit): Provides language-specific APIs for managing AWS services programmatically.
Which AWS services can be used to automate a scheduled, serverless backup process?
Amazon EventBridge
- Serverless task scheduling
- Triggers actions based on a defined schedule
AWS Lambda
- Run code without managing servers
- Executes scheduled tasks, up to 15-minute runtime
Which of the following AWS services are global in scope? (two)
AWS IAM
- Manages user access across all AWS regions
- Enables identity and access management
Amazon CloudFront
- Content delivery network (CDN)
- Delivers content globally with low latency
What is the relationship between VPCs and subnets in terms of Availability Zones?
VPC
- Spans multiple Availability Zones within a region
- Virtual network for launching resources
Subnet
- Spans one Availability Zone within a region
- Range of IP addresses within a VPC
Which AWS service allows automatic deployment of web apps while providing access to underlying resources?
AWS Elastic Beanstalk
- Automatic deployment and scaling of web apps
- Full control over the resources
- Supports languages like PHP, Node.js, and Python
Which AWS service provides low-latency access to end-users in various locations, ideal for gaming applications?
AWS Local Zones
- Deploy services closer to end-users for low-latency access
- Connected to parent region via high-bandwidth private network
- Supports services like EC2, VPC, RDS, ElastiCache, etc.
What is the primary benefit of deploying an Amazon RDS Multi-AZ database with one standby?
Enhanced availability and durability
- Synchronously replicates data to a standby in a different AZ
- Automatic failover in case of infrastructure failure
- Ideal for production database workloads
Which AWS service enables secure shell access to EC2 instances without opening new ports or using public IPs?
AWS Systems Manager Session Manager
- Fully managed interactive shell/CLI
- No need for inbound ports or SSH keys
- Increases security and auditability
- Supports cross-platform access
What are the different gateway types supported by AWS Storage Gateway?
Tape Gateway, File Gateway, Volume Gateway
- Hybrid cloud storage service
- Connects on-premises environments to AWS Cloud
- Used for tape backups, file shares, low-latency access, disaster recovery, etc.
Which AWS service is ideal for moving on-premises message broker functionality to the cloud with minimal effort?
Amazon MQ
- Managed service for Apache ActiveMQ and RabbitMQ
- Simplifies provisioning, setup, and maintenance
- Connects to existing applications via standard APIs and protocols
- No need to rewrite code to migrate from existing message brokers
Which AWS services are suitable for monitoring CPU utilization on EC2 instances and sending email alerts when it exceeds 80%? (two)
Amazon CloudWatch
- Monitors resource utilization and system performance
- Can trigger alarms for specific thresholds (e.g., CPU utilization)
- Sends alerts via Amazon SNS
Amazon SNS
- Fully managed pub/sub messaging service
- Delivers notifications (like email) based on CloudWatch alarm state changes
Which AWS service stores, manages, and deploys Docker container images?
Amazon Elastic Container Registry (Amazon ECR)
- Manages Docker container images
- Fully managed, no need for container repository maintenance
- Integrates with Amazon ECS to run containers
Which AWS service enables SQL-based analysis of data stored in Amazon S3 with minimal effort?
Amazon Athena
- Serverless interactive query service
- Analyzes data in S3 using standard SQL
- No infrastructure management required
- Pay-per-query pricing
Which Amazon Route 53 routing policy is used for active-passive failover?
Failover Routing
- Routes traffic to a primary resource when healthy
- Switches to a secondary resource when the primary becomes unhealthy
- Can route to an S3 bucket, EC2 instance, or other AWS services
What is the primary benefit of deploying an Amazon RDS database in a Read Replica configuration?
Improves database scalability
- Creates read-only copies synchronized with the master database
- Enhances read performance by distributing queries
- Supports cross-region replication for better global performance
Which AWS service is best for moving large amounts of data to AWS from a remote location with limited bandwidth?
AWS Snowball
- Overcomes bandwidth limitations for large data transfers
- Moves terabytes in about a week
- Ideal for backups, archives, IoT data, and analytics datasets
Which two AWS services are regional in scope?
AWS Lambda
- Functions run within a specific AWS region
- Auto-scales within that region
Amazon Rekognition
- Image and video analysis happens in the region where it’s deployed
Which AWS services are global?
- AWS Identity and Access Management (IAM)
- Amazon CloudFront (CDN service)
- AWS Route 53 (DNS service)
- AWS Web Application Firewall (WAF)
- AWS Global Accelerator
What is the region-specific constraint when launching an Amazon EC2 instance?
An Amazon Machine Image (AMI) must be in the same region as the EC2 instance
- AMIs are region-specific but can be copied across regions
- The AMI region does not affect EC2 instance performance
Which AWS service provides a high-performance, low-latency in-memory database?
Amazon ElastiCache
- Supports Redis and Memcached
- Ideal for caching, session stores, gaming, real-time analytics
- Improves database performance by reducing read load
How does AWS Site-to-Site VPN establish secure connections between on-premises networks and AWS?
- Uses a Virtual Private Gateway (VGW) as the AWS-side VPN concentrator.
- Requires a Customer Gateway, representing the on-premises VPN device in AWS.
- Provides a secure tunnel over the public internet.
- Suitable for low to moderate bandwidth needs.
How can a company improve the global performance of a static website hosted on Amazon S3?
Use Amazon CloudFront, a global content delivery network (CDN).
- Distributes website files (HTML, images, videos) to edge locations worldwide.
- Directs user requests to the nearest edge location for faster load times.
What AWS service provides intelligent search capabilities for unstructured data (e.g., PDFs, Word documents, text files)?
Amazon Kendra is an AI-powered enterprise search service.
- Uses natural language processing to return relevant answers from large datasets.
- Supports multiple file formats (PDFs, Word docs, HTML, etc.).
- Pre-trained for industry-specific domains and customizable for business needs.
Which Amazon S3 storage class offers the lowest availability, and why?
S3 One Zone-Infrequent Access (S3 One Zone-IA)
- Stores data in only one Availability Zone instead of across multiple.
- Suitable for rarely accessed data that still needs quick retrieval.
What are key differences between Security Groups and Network ACLs?
Security Groups are stateful – return traffic is automatically allowed.
Network ACLs are stateless – each request must be explicitly allowed/denied.
Security Groups apply at the instance level, while Network ACLs apply at the subnet level.
Network ACL rules are processed in numerical order, while Security Groups evaluate all rules before deciding.
Which AWS service allows running Docker containers while still managing the underlying servers?
Amazon ECS (Elastic Container Service) provides container orchestration.
- Not fully managed – users can control and configure the underlying servers.
- Works with EC2 launch type (user-managed) or Fargate launch type (AWS-managed).
How can a company move IT resources (data and applications) from one AWS Region to another?
No automated AWS service for full region migration.
- The company must manually create resources in the destination region.
- Data and applications must then be migrated separately using AWS tools (e.g., S3 replication, AWS Database Migration Service).
What is AWS Global Accelerator, and when is it useful?
AWS Global Accelerator is a networking service that improves the availability and performance of global applications. It:
- Uses static IP addresses as fixed entry points to applications.
- Improves performance by proxying packets at the edge for TCP/UDP traffic.
- Supports non-HTTP use cases like gaming (UDP), IoT (MQTT), and VoIP.
Which Amazon S3 storage classes do not charge data retrieval fees?
S3 Standard: High-durability, frequently accessed storage with no retrieval fees.
S3 Intelligent-Tiering: Automatically moves data between frequent and infrequent access tiers, with no retrieval fees.
Which AWS service is best suited for load-balancing HTTP and HTTPS traffic?
Application Load Balancer (ALB)
- Part of Elastic Load Balancing (ELB).
- Distributes incoming application traffic across multiple targets.
- Ideal for handling HTTP and HTTPS requests across multiple AZs.
How can a company deploy the same Amazon EC2 instance in a different AWS Region?
Amazon Machine Images (AMIs)
- Provide pre-configured templates for launching EC2 instances.
- An AMI can be copied to another AWS Region to deploy the same configuration in multiple locations.
- This enables scalability and redundancy across different regions.
What AWS service inspects and protects Amazon CloudFront distributions?
AWS Web Application Firewall (AWS WAF)
- Provides protection against SQL injection, XSS, and other attacks.
- AWS WAF integrates with Amazon CloudFront and blocks malicious requests at the edge before reaching web servers.
- It allows custom security rules for monitoring and filtering HTTP/HTTPS traffic.
What AWS tool allows developers to define cloud infrastructure using programming languages like Python and JavaScript?
AWS Cloud Development Kit (AWS CDK)
- Open-source framework for defining cloud infrastructure using programming languages.
- Uses constructs to preconfigure cloud resources with best practices.
- Generates AWS CloudFormation templates for infrastructure provisioning.
- Enables custom constructs to streamline development and enforce organizational requirements.
Which AWS service provides a simple, low-cost way to launch and manage a virtual private server (VPS) for development and testing?
Amazon Lightsail
- Simple and cost-effective VPS service.
- Includes virtual machines, SSD storage, data transfer, DNS management, and static IP.
- Ideal for developers with little cloud experience.
- Provides predictable, low-cost pricing for easy cloud adoption.
What AWS service provides a cost-effective solution for transferring petabytes of data from on-premises to AWS?
AWS Snowmobile
- Exabyte-scale data transfer service for massive migrations.
- Moves up to 100PB per Snowmobile (a 45-foot long shipping container).
- Ideal for video libraries, image repositories, and full data center migrations.
- Secure, fast, and cost-effective solution for large-scale data transfers.
What AWS service enables the development of chatbots with Natural Language Understanding (NLU)?
Amazon Lex
- Provides conversational AI for building chatbots with voice and text.
- Uses the same technology as Amazon Alexa for speech recognition and language understanding.
- Enables businesses to add natural language interactions to applications.
What AWS service automates code reviews and identifies performance issues in applications?
Amazon CodeGuru
- Uses machine learning to review code and improve quality.
- Identifies security vulnerabilities and inefficiencies.
- Includes CodeGuru Reviewer (for static analysis) and CodeGuru Profiler (for performance optimization).
- Helps developers optimize cost and efficiency in applications.
Which Amazon S3 storage class is best for storing secondary backup copies of on-premises data at a lower cost while ensuring rapid access?
Amazon S3 One Zone-Infrequent Access (S3 One Zone-IA)
- Stores data in a single Availability Zone (AZ).
- Costs 20% less than S3 Standard-IA.
- Suitable for infrequently accessed data that does not require multi-AZ resilience.
- Ideal for secondary backups or easily re-creatable data.
What AWS serverless service is used to prepare data for analytics?
AWS Glue
- Fully managed extract, transform, and load (ETL) service.
- Simplifies data preparation and integration for analytics.
- Supports batch processing of structured and semi-structured data.
- Automates schema discovery and data cataloging.
What AWS service allows users to track changes in AWS resource configurations over time?
AWS Config
- Continuously monitors and records AWS resource configurations.
- Helps with compliance auditing, security analysis, and change management.
- Provides detailed resource configuration history.
Which AWS feature helps organize resources and manage tasks across multiple AWS services?
AWS Resource Groups
- Organizes multiple AWS resources for easier management.
- Allows bulk actions on related resources (e.g., EC2 instances, S3 buckets).
- Requires proper IAM permissions for shared accounts.
What AWS service provides a managed artifact repository for application dependencies, integrating with package managers like Maven, npm, and Gradle?
AWS CodeArtifact
- Fully managed artifact repository for storing and sharing software packages.
- Works with Maven, Gradle, npm, yarn, pip, NuGet, and more.
- Scales automatically, reducing the need for self-managed repository solutions.
What are key facts about AWS Regions and Availability Zones?
Each AWS Region consists of multiple, isolated Availability Zones (AZs) in a geographic area.
Traffic between AZs is encrypted and runs on a high-bandwidth, low-latency, redundant network.
- AZs have independent power, cooling, and security for high availability.
- Running workloads across multiple AZs improves fault tolerance.
- AWS Regions meet strict security and compliance standards.
Which AWS service automates the creation and maintenance of up-to-date server images?
Amazon EC2 Image Builder
- Simplifies building, testing, and deploying VM and container images for AWS or on-premises.
- Provides built-in automation, security settings, and a graphical interface to reduce manual effort.
- Eliminates the need for custom scripts or manual snapshots.
Which AWS service connects IoT devices to the cloud without managing servers?
AWS IoT Core
- Supports billions of devices and trillions of messages.
- Routes messages securely to AWS services (Lambda, S3, DynamoDB, etc.).
- Supports multiple protocols: MQTT, HTTPS, MQTT over WSS, and LoRaWAN.
- Provides automated authentication, encryption, and granular access control.
