Testing Flashcards
IAM Stands for:
Identity and Access Management
What does a IAM User use to Log in:
Username and Password
CLI stands for:
Command Line Interface
API stands for:
Application Programming Interface
CLI/API uses what to log in
Access Keys and Access Key IDs
MFA stands for:
Multi Factor Authentication
SCP Stands for:
Service Control Policies
IAM Best Prctices:
- Lock AWS account user access keys
- Create individual users
- Use groups to assign permissions to users
- Grant least privilege
- Start with AWS managed policies
- Use customer managed policies
- Use access levels to review permissions
- Strong Password policy
- MFA
- Use Roles for apps and to delegate permissions
- do not share keys
- rotate credentials
- remove unnecessary credentials
- Use policy conditions
- Monitor activity
EBS stands for:
Elastic block store
What is Block Storage and what is AWS service
Hard drives connected to a system (a C: or D: drive
What is Block Storage and what is AWS service
Hard drives connected to a system (a C: or D: drive
EC2 Stands for:
Elastic Compute Cloud
What does EC2 do?
Runs virtual servers or instances in the cloud
What is User Data
User Data is code that runs commands
What is Meta Data
Metadata returns information
What is LightSail
SUPER SIMPLE cheap cloud server for those with little expertise
What is Batch
Allows you to run thousands of computing jobs on AWS
It dynamically provisions the optimal quantity and types of resources
What is a Docker Container
It is a place to store all the steps to run an app including OS, code, settings, etc
It makes the movable from hardware and very efficient
What does ECS stand for
Elastic Container Service
What is a cluster
a logical grouping of tasks or services
What is ECS Launch Type
it is an elastic container that you keep control of
You are charged per instance
You are responsible for optimization and management but get more control
What is ECS Fargate
it is an elastic container that is managed by AWS
Charged per running tasks
You have limited control
EBS Snapshots do what
Capture a volume at a point in time
where is a snapshot stored
Inside a region outside of a AZ
Differences between SnapA and SnapB and SnapC
Snap A is the OG while all those after are the changes that are made after the OG
What does DLM stand for
Data Lifecycle Manager
What does DLM do
automates creation, retention, and deletion of snapshots
What does S3 stand for:
Simple Storage Service
What kind of storage system is S3
Object storage
What are the 6 classes of S3 storage
- Standard
- Intelligent Tiering
- Standard-IA
- One Zone-IA
- Glacier
- Glacier Deep Archive
Standard S3 Storage
3 AZ
common data
Intelligent Tiering
3 AZ
It moves data to the most logical storage class
Standard-IA Storage Class
3 AZ
charged per GB retrieved so it needs to data not regularly accessed
One Zone-IA Storage class
Like Standard-IA but in one AZ
It makes the data less protected at a cheaper price
Glacier Storage
3 AZ
Available in minutes at an updated price
Glacier Deep Dive
3 AZ
Available in hours
protected data that you do not need right away
S3 Versioning
Keeping multiple variants in the same bucket
used to preserve, retrieve and restore objects
S3 Replication
CRR Replicates data across region
SRR Replicates data in the same region
Storage Gateway uses
Moving data from on premises to the cloud
File Gateway
Storage gateway using a file based system
Volume Gateway
Block based storage gateway system
Backup Gateway
Storage gateway that uses block or file protocols
S3 Features
Transfer acceleration Requester pays Events Static website hosting Encryption Replication
What is Route 53
It is a DNS or Domain Naming System
Route 53 Policies
simple failover geolocation geo proximity latency Multivalue answer weighted
Route 53 features
Domain registration
hosts zones
health checks
monitors Traffic flow
Auto scaling Groups
EC2 Status Check
CloudWatch
EC2 Status Check
If one instance fails status check will replace that instance
CloudWatch does what
Monitors Metrics
adds and removes instances based on metrics
What does Auto Scaling do?
Launches and terminates instances automatically scales horizontally Responds to checks and metrics can scale on demand or by a schedule set policies on how to respond
What does ELB stand for:
Elastic Load Balancer
4 types of Elastic Load Balancers
Application
Network
Classic
Gateway
Application Load Balancer
Operates at request level (level 7)
Network Load Balancer
Operates at the connection level (level 4)
Classic Load Balancer
Older generation that uses both level 4 and 7
Gateway Load Balancer
used in front of virtual apps such as firewalls
Scaling Policies
Target Tracking
Simple Scaling
Step Scaling
Scheduled scaling
Benefits of Serverless services
No instances No hardware No management Capacity provisioning and patching Provides auto scaling
Serverless services
Lambda Fargate EventBridge Step Function SQS SNS S3 API Gateways DynamoDB
Lambda Functions
Executes code when needed
only pay when code runs
Lambda function benefits
no servers
Continuous Scaling
millisecond billing
integrates with services
SQS stands for what
Simple Queue Service
SQS does what
It decouples the App tier from the Web tier.
pull based. the app will pull the info from the queue
MQ is a what
Message broker service
MQ does what
It works like sqs EXCEPT:
it works with industry standards like apache
and
it is a push based system
SNS stand for what
Simple Notification Service
What does SNS do?
Pushes out information out instead of pull like SQS
pushes info to topic which will be sent to all accounts attached to that topic
Step Functions
Coordinates workflows automatically
Uses visual workflows and run state machines
SWF stands for what?
Simple Workflow Service
SWF does What?
Works like Step functions but in workflows that require human interaction
EventBridge Does what?
It is a serverless event bus
it takes data that triggers an event to signal to the right server
API stands for what?
Application Programming Interface
API Gateways do what?
It is the front door for applications
Connects multiple ways
forwards requests to Lambda or VPCs
VPC Stands for?
Virtual Private Cloud
What are Security Groups
Firewall for Instances
What does ACL stand for
Access Control List
What is ACLs purpose
A firewall at the Subnet level
3 types of IP addresses
Public
Private
Elastic
Qualities of a Public IP address
Dynamic
lost when instance stops
cannot be moved between instances
Qualities of a Private IP
Attached to ALL instances
Retained when instance stops
Qualities of an Elastic IP
Static public address
Retained when instance stops
can be moved between instance
Pay if not in use
What does NAT stand for
Network Address Translation
NAT Instances and Gateways uses and their difference
used for accessing internet from private subnets
Instances managed by you
Gateways managed by AWS
VPC Peering
Routes made between VPC and IP address
VPN stands for what
Virtual Private Network
Managed VPN
VPN connection between on premises sites and AWS
Direct Connect
Private connection from on premises to AWS
Transit Gateway
Connects VPCs and on premises through a central hub
Outposts
Deploy actual infrastructure on premises to connect to AWS
What is CloudFront
Content delivery Network
What does CloudFront do?
Sends data to edge locations
Allows customers to access data quickly
What does Global Accelerator do?
Routes connections to app endpoints
improves availability and performance of apps
What does CloudFormation do?
Infrastructure provisioned automatically through code
allows you to provision consistently
What does CDK stand for
Cloud Development Kit
What does Cloud Development Kit do?
Open source framework to define app resources using familiar programming languages
What does Beanstalk do?
Management service for Web Apps
Deploys environment that can include Auto scaling, elastic load balancing and databases
What does X-Ray do?
Analyze and debug production
What does OpsWorks do?
It is a Config Management service in Chef or Puppet
RDS stands for
Relational Database Service
What does RDS use for encryption
KMS
What does RDS support
SQL Oracle MySQL Postgre Aurora MariaDB
What is Aurora
A relational database that is compatible with MySQL and Postgre
What is DynamoDB
Fully managed NoSQL Key/Value Store
It is a non-relational, Key-Value System
DynamoDB Features
Serverless NoSQL Push button horizontal DAX Back ups Global Table
What is Redshift
A relational database and SQL Data Warehouse
Used for Online analytics processing (OLAP)
EMR stands for what?
Elastic Map Reduce
What does EMR do?
Manages Cluster Platforms frameworked in Hadoop and Spark Performs ETL (extract, transform, and load) functions Processes data for analytics and business intelligence
What does Elasticache do?
It is a key-value store
fully manages implementations of redis and memcached
you put it in front of databases like RDS and Dynamo to lower latency of extracting data
What does Athena do?
Runs queries on S3 data
What does Glue do?
It is a ETL service for the metadata stored by Athena
How do Kinesis Data Streams work
Producers send data to shards
consumers process data to save to another source
How does Kinesis firehose work
automated data sent without shards
Saves data directly to another source
How does Kinesis Data Analytics work
Real time SQL processing for streaming
What does SQL stand for
Structured query langauge
What does Pipeline do
processes and moves data between different services
What is Quicksight
Business Intelligence Service
Creates and publish interactive BI dashboards for machine learning
What is Neptune
Fully managed graph database service
What is DocumentDB
A fully managed Document database that queries and indexes JSON data
What is QLDB
A fully managed ledger database that provides verifiable transaction logging
What is Managed Blockchain
Joining public and private networks using ethereum
What is Organizations
a consolidation of multiple accounts
most important feature for test is consolidated billing
What is control tower
Simplifies the creation of multiple accounts by setting up governance, compliance, and security guardrails
What is Systems Manager
Manages multiple AWS Resources
System Manager components
Automation Run Command Inventory Patch Manager Session Manager Parameter Store
What is Service Catalog
Creates and manage catalogs of IT services
Allows you to manage commonly deployed services
What is Config
It is a fully managed compliance management service
Helps with Autiting, Security Analysis, and Resource Change Tracking
What is Trusted advisor
Helps Optimize your environment
What does Trusted Advisor Advise on
Cost Optimization
Performance
Security
Fault Tolerance
What is Personal Health Dashboard
A Dashboard that provides alerts when events will affect you
What is Service Health Dashboard
Provides the Current status of AWS Services
What is Directory Service
Fully managed hosts active directory
What is AD Connector
Allows on premises user to log into AWS with SSO
What is Simple AD
Low scale/cost Active Directory
What does System Manager Parameter Store do
Provides Secure, hierarchical storage
What can systems manager parameter store
passwords
data strings
license codes
What are the values in systems manager parameter store
do it all as parameter values
plaintext (unencrypted)
ciphertext (encrypted)
What is Secret Manager
it is similar to parameter store BUT
allows native and automatic key rotation, fine grained permissions, and central auditing
What does KMS stand for
Key Management Service
What does KMS do
Creates and manages Keys
CloudHSM stands for
Cloud based hardware security Module
What does CloudHSM do
Generates your own encryption keys
more control and more secure than KMS but more expensive
What is CloudTrail
Logs API activity for auditing
Can trigger cloudwatch events
What are VPC Flow Logs
Capture the information about IP traffic going to and from the VPC interfaces
Where are Flow Logs created
VPC
Subnet
Network Interfaces
What does S3 Access Logs do
Provides records for the requests made to a bucket
S3 Access Logs details include
Requester Bucket Name Time Action Response Status Possible Error Codes
What does Detective do?
Analyze, Investigate, and Identify security issues root causes
Data sources for Detective
VPC Flow Logs
CloudTrail
GuardDuty
What is GuardDuty and what does it detect
Intelligent Threat Detection Service Detects: Account Compromise Instance Compromise Malicious Reconnaissance Bucket Compromise
What is Macie
Fully managed Data security
Uses machine learning and pattern matching to find and protect sensitive data in S3
What does WAF stand for
Web Application Firewall
What does WAF do
Creates rules that block common exploits like SQL injection and Cross site scripting
What is Sheild
Managed DDoS protection service
What is Artifact
Provides on demand security and compliance reports
What is Security Hub
Provides a view of security alerts across AWS Accounts
What is Security Bulletins
Security and privacy events affecting AWS Services
Why should you contact the Trust and Safety team
Spam Port Scanning DDoS Intrusion Attempts Hosting of objectional or copyrighted material Distributing Malware
Penetration Testing
Testing Security by simulating an attack
is allowed for 8 services without permission
What are the pillars of Well-Architected
Operational Excellence Security Reliability Performance Efficiency Cost Optimization
What does Well Architected Consist of:
Guidance
Tool
Lenses
Architecture Center
Operational Excellence Pillar
Support Development of Workloads
Security Pillar
Protect data, systems, and assets
Reliability Pillar
Ensuring workload can perform
Performance Efficiency Pillar
Ability to use computing resources meet system requirements
Cost Optimization Pillar
Ability to run systems at the lowest price
What do you pay for in AWS
Compute
Storage
Outbound Data
What are the basics for On-Demand pricing
Standard rate
No Commitments
What are the basics for Reserved pricing
1-3 year commitment
75% discount
What are the basics for Spot Instant pricing
Bid for unused space
Up to 90% discount
can be terminated at anytime
What are the basics for Dedicated instances pricing
Physical isolation at host hardware
Pay per instance
What are the basics for Dedicated Hosts pricing
Physical server dedicated for your use
socket core visibility
Host affinity
Pay per host
What are the basics for Saving Plans pricing
Commitment to consistent amount of usage
Pay per hour
1-3 year commitment
What do you pay for in S3
Storage class
Storage quantity
Number of requests
data transfer out
What do you pay for in Glacier
Expedited
Standard
Bulk
What do you pay for in EBS
Volumes - GB per month
Snapshots - Space consumed by Snapshots
What do you pay for in RDS
Clock hours of server up time
Database characteristics
Database purchase type
What do you pay for in DynamoDB
Reading, Writing, and Storing Data
Either on-demand or provisioned
What do you pay for in Lambda
Number of requests
Duration of request (to the nearest millisecond)
Price is dependent
Benefits of Consolidated billing
One bill
Easy tracking
combined usage
What do you do in Budgets
Set custom budgets
configure alerts
What does budgets integrate with
Cost explorer
Chatbot
Service catalog
What is Cost explorer
View charts of your costs to discover patterns of spending
What does Cost and Usage report break down
Hour Day Month Product Product resource Tags
What does Price list API do?
Queries prices of services
What does DMS stand for
Database migration service
What does DMS do
Migrates Databases
Source database remains operational during transfer
What does SMS stand for
Server migration service
What does SMS do
Migrates servers and virtual machines
What does DataSync do
Online data transfer service
Transfers data between on premises and storage services
What is the Snowball Family used for
Used for migrating large volumes of data to AWS
What does Rekognition do
Image and video analysis
What does Transcribe do
Add speech to text capabilities to apps
What does Translate do
Neural machine translation service
What does Sagemaker do
helps data scientists prepare, build, train, and deploy high quality machine learning models
What does Comprehend do
natural language processing service
Uses machine learning to understand unstructured (like a written letter) information
What does Lex do
It is a conversational AI for chatbots
What does Polly do
Turns text into life like speech
What does Workspaces do
Managed DaaS solution
Works with windows or linux
What does Appstream 2.0 do
Fully managed non persistent app streaming service
What does Worklink do
Provides secure, one click access to your internal websites from mobile phones
What does Workdocs do
Google suite by amazon
What does IoT core do
Lets you to connect to IoT devices to the cloud without the need to manage servers
What does IoT stand for
Internet of Things
