Topical Cards from Digital Cloud AWS Cert Exam

Question 1

Kinesis Data Analytics

Answer 1

• used for processing and analyzing real-time streaming data from either Firehose or Data streams
• can only output data to S3, RedShift, Elasticsearch and Kinesis Data Streams
• Autoscaling and Managed (no servers)
• Real Time

Question 2

Kinesis Data Firehose

Answer 2

• the easiest way to deliver data directly to AWS services or servicers like Splunk
• data is NOT stored
• serverless data transforms with lambda functions
• Kinesis Data Streams can be used as the source(s) to Kinesis Data Firehose
• near real-time (1 minute latency)

Question 3

Kinesis Data Streams

Answer 3

• enables real-time processing of streaming big data
• stores data for later processing by applications (key difference with Firehose which delivers data directly to AWS services)
• partition keys can guarentee ordering
• records accessible from 24 hours (default) to 7 days
• does not deliver it to destinations such as Splunk
• must manage to scaling
• will have to develop code (producer/consumer) to use

Question 4

Default IAM User Permissions

Answer 4

• By default IAM users are created with no permissions

- an IAM policy must be attached to the user before they can do anything (even view their own access keys)

Question 5

EBS Encryption

Answer 5

• Data in transit between an instance and an encrypted volume is encrypted
• There is no direct way to change the encryption state of a volume
• All EBS types support encryption

Question 6

Amazon Glacier Resilience

Answer 6

• 99.999999999% durability of archives
• Data is resilient in the event of one entire AZ destruction
• Data is NOT replicated globally

Question 7

EBS Instance Store Configuration

Answer 7

• Can only specify the instance store volumes for your instance when you launch the instance
• Cannot add EBS volumes after launch

Question 8

Default Security Group Settings for a VPC

Answer 8

• Inbound rule that allows all traffic from the security group itself
• Outbound rule that allows all traffic to all addresses
• Custom security groups do not have inbound rules by default (blocking all inbound traffic) and allow all outbound traffic by default

Question 9

RDS Database Restore

Answer 9

• Can restore up to the last 5 minutes

- default DB security group is applied to the new DB instance

Question 10

Monitoring ELB Traffic

Answer 10

• Use VPC Flow Logs

- To set up, create a VPC flow log for each network interface associated with an ELB

Question 11

Network ACL

Answer 11

• tied to subnets
• stateless rules (rules applied to incoming traffic will not be applied to outgoing traffic
• support allow and deny rules
• rules applied in order
• by default inbound rule denying all traffic and outbound rule denying all traffic

Question 12

Enhanced Networking

Answer 12

-provides higher bandwidth, pakcet-per-second, and lower inter-instance latencies

Question 13

DynamoDB Auto Scaling

Answer 13

• uses AWS Application Auto Scaling Service to adjust provisted throughput capacity to traffic patterns
• most efficient and cost-effective solution to optimizing cost

Question 14

CodeDeploy

Answer 14

-automates application deployment to EC2 instances, on-premises instances, serverless lambda.

Question 15

OpsWorks

Answer 15

-mangaged instances of Chef and Puppet

Question 16

Beanstalk

Answer 16

• used to quickly deploy and mange applications in the cloud

- beanstalk handles deployment details for applications in Go, Java, Python, Ruby, Node.js, and PHP

Question 17

Run Command

Answer 17

• designed to support a wide ranbe of enterprise configuration needs on windws machines
• can install software, run scripts, or powershell commnads
• accessible in the AWS Managment Console

Question 18

AWS Config

Answer 18

-services that lets you assess, audit, and evaluate the configuration of your AWS Resources

Question 19

POSIX Permissions

Answer 19

-allow you to restrict access from host by user group for EFS

Question 20

EFS Security Groups

Answer 20

-can act as a fire wall to restrict network traffic for EFS

Question 21

Direct Connect Gateway

Answer 21

• transitive peering connections for VPC, VPN, and Direct Connect
• can be assoicated with transit gateway when you have mutiple vpcs in the same region
• can be associated with a virtural private gateway

Question 22

Direct Connect

Answer 22

• establish private connectivity between AWS and your datacenter
• set up a virtual private gateway on vpn and configured hardware connection to datacenter

Question 23

VPN CloudHub

Answer 23

-hub-and-spoke VPN model to connect your sites

Question 24

Transit Gateway

Answer 24

-transitive peering connections for VPC, VPN, and Direct Connect

Question 25

Private Link

Answer 25

• connect services privately form your service VPC to customers VPC
• eliminates the exposure of data to the public Internet
• dosen’t need vpc peering, public internet, NAT gateway, ect
• Must be used with NLB and Elastic Network Interface

Question 26

VPC Endpoints

Answer 26

-provide private access to aws services within a vpc

Question 27

Internet Gateway

Answer 27

-provide internet access at VPC level via ipv4 & ipv6

Question 28

Route Tables

Answer 28

-connect subnets to Interne Gateway, VPC Peering Connections, VPC Endpoints, ect

Question 29

Nat Instances

Answer 29

• provides internet access to private instances on private subnet
• Managed by user and requires additional set up like disabling source/destination check on the ec2

Question 30

Network ACL

Answer 30

-Statless, subnet allow and deny rules

Question 31

Securty Groups

Answer 31

-Stateful, operate at ec2 level

Question 32

Site to Site VPN

Answer 32

-connect datacenter to vpc over public internet, set up a virtual private gateway on vpn, customer gateway on the DC

Question 33

AWS DataSync

Answer 33

• Used to move large amounts of data online between on-premises storage and Amazon S3 or Amazon Elastic File System (Amazon EFS
• source datastore can be Server Message Block (SMB) file servers

Question 34

S3 Standard-IA

Answer 34

• objects are available for millisecond access
• charges a retrieval fee for these objects
• stores the object data redundantly across multiple geographically separated Availability Zone
• resilient to the loss of an Availability Zone

Question 35

S3 One Zone-IA

Answer 35

• objects are available for millisecond access
• charges a retrieval fee for these objects
• object data in only one Availability Zone
• data is not resilient to the physical loss of the Availability Zone resulting from disasters

Question 36

Service Control Policy (SCP)

Answer 36

• used to apply restrictions across multiple member accounts in an OU
• use deny rule to block a resource type (ec2 instance type for example) in member accounts

Question 37

Global Accelerator

Answer 37

• improves the availability and performance of your applications with local or global users
• uses the congestion-free AWS global network to route TCP and UDP traffic to a healthy application endpoint in the closest AWS Region to the user.
• provides static IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions to your ALB or NLB

Question 38

FSx for Windows File Server

Answer 38

• provides fully managed, highly reliable file storage accessible over SMB protocol
• provides a rich set of administrative features that include end-user file restore, user quotas, and Access Control Lists
• supports Distributed File System Replication (DFSR) in both Single-AZ and Multi-AZ deployments

Question 39

EFS

Answer 39

• file storage for EC2 instances

- only available for Linux instances

Question 40

Target Tracking AutoScaling

Answer 40

-allows you to specify a target value for a metric to scale off of (CPU for instances)

Question 41

RedShift

Answer 41

• columnar data warehouse DB that is ideal for running long complex queries.
• RedShift can also improve performance for repeat queries by caching the result and returning the cached result when queries are re-run.

Question 42

AWS Batch Multi-node parallel jobs

Answer 42

• enable you to run single jobs that span multiple Amazon EC2 instances (model training)
• does not require you to launch, configure, and manage Amazon EC2 resources directly
• supports IP-based, internode communication, such as Apache MXNet, TensorFlow, Caffe2, or Message Passing Interface (MPI)

Question 43

Scaling Process

Answer 43

• There are two primary process types: Launch and Terminate
• other process are Scheduled Actions, Replace Unhealthy, AZ Rebalance, ect.
• Autoscaling groups can have multiple scaling processes
• Process can be suspened and resumed

Question 44

EC2 Standby State AutoScaling

Answer 44

• used for performing updates/changes/troubleshooting etc. without health checks being performed or replacement instances being launched
• instance still managed by Auto Scaling
• do not count towards available EC2 instance for workload/application
• health checks are not performe

Question 45

Aazon DynamoDB Streams

Answer 45

• captures a time-ordered sequence of item-level modifications in DynamoDB table
• stores this information in a log for up to 24 hours
• logs can be accessed in near-real time

Question 46

Troubleshooting ECS Containers

Answer 46

• Verify that the Docker daemon is running on the container instance.
• Verify that the Docker Container daemon is running on the container instance.
• Verify that the container agent is running on the container instance.
• Verify that the IAM instance profile has the necessary permissions.

Question 47

Cognito Identity Pools

Answer 47

• provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token.
• used to obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB.

Question 48

Cognito User Pools

Answer 48

• A user pool is a user directory in Amazon Cognito

- Used to provide access to an application (think web app log in via facebook)