Topical Cards from Practice Exam 1

Question 1

Amazon Aurora

Answer 1

• MySQL or PostgreSQL compatible editions
• Serverless
• Low Latency
• Fault-Tolerant

Question 2

ElastiCache

Answer 2

• Not Serverless
• Used for Caching
• Low Latency

Question 3

DynamoDB

Answer 3

• key-value database (no sql)
• Serverless
• low latency

Question 4

Origin Access Identity

Answer 4

• used for sharing private content via CloudFront
• is a virtual user identity that will be used to give your CF distribution permission to fetch a private object from your origin server (e.g. S3 bucket).

Question 5

CloudFront

Answer 5

• content delivery network
• for dynamic and static content
• caching with cloud front can reduce network cost and load on ec2s/lambdas for serving popular content
• has Point of Presence(edge locations) for low latency
• has regional location to help reduce latency/network traffic for less popular content that isn’t fit for PoP

Question 6

CloudFront Signed URLs

Answer 6

• Used to enable users to securely access content
• access to individual files, for example, an installation download for your application
• used when your users are using a client (for example, a custom HTTP client) that doesn’t support cookies.

Question 7

CloudFront Signed Cookies

Answer 7

• Used to enable users access to multiple restricted files, for example, all of the files for a video in HLS format or all of the files in the subscribers’ area of website.
• don’t want to change your current URLs

Question 8

SSE-C Encryption

Answer 8

• Customer-Provides Keys and manages key creation process
• AWS handels the encryption process
• AWS manages key storage and roation process

Question 9

Client-side encryption

Answer 9

• encrypting data before sending it to Amazon (you handle encryption process)
• Method 1) use a master key you store within your application
• Method 2) Use a customer master key (CMK) stored in AWS Key Management Service

Question 10

Source/Destination Check

Answer 10

• Controls whether source/destination checking is enabled on an ec2 instances
• Disabling this attribute enables an instance to handle network traffic that isn’t specifically destined for the instance.
• Must be diabled for instances running network address translation, routing, or a firewall service
• enabled by default

Question 11

SQS

Answer 11

• fully managed message queuing service that enables you to decouple and scale microservices
• CANNOT be used as a trigger source for Lambda
• Standard queues offer maximum throughput, best-effort ordering, and at-least-once delivery
• FIFO queues are designed to guarantee that messages are processed exactly once, in the exact order that they are sent
• FIFO queues support up to 3000 messages per second

Question 12

SNS

Answer 12

• highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices
• SNS won’t keep our data if it cannot be delivered
• SNS cannot be used for data streaming
• offeres email and text notification capability
• can be used as an event source to trigger Lambdas

Question 13

Amazon Neptune

Answer 13

• Not Serverless
• Graph Database (highly connected dataset.. ie social network data)
• highly available
• secure with support for HTTPS encrypted client connections and encryption at rest

Question 14

Amazon Relational Database Service (Amazon RDS)

Answer 14

• Not Serverless

- relational database

Question 15

Snowball Edge Storage Optimized

Answer 15

• optimal choice if you need to securely and quickly transfer dozens of terabytes to petabytes of data to AWS
• 80 TB of usable HDD storage, 40 vCPUs, 1 TB of SATA SSD storage, and up to 40 Gb network connectivity to address large scale data transfer and pre-processing use cases
• original Snowball device had 80TB of storage space

Question 16

Multi-AZ Amazon RDS

Answer 16

• Multi-AZ deployments for MariaDB, MySQL, Oracle, and PostgreSQL DB instances use Amazon’s failover technology
• SQL Server DB instances use SQL Server Database Mirroring
• automatically provisions and maintains a synchronous standby replica in a different Availability Zone
• Failover is automatically handled by Amazon RDS by fliping the canonical name record (CNAME) for your DB instance to point at the standby

Question 17

Storage Gateway File

Answer 17

• AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage
• Tape Gateway for connecting tape backups to the cloud
• File Gateway for connecting to the cloud in order to store application data files and backup images as durable objects on Amazon S3
• Volume Gateway to present cloud-based iSCSI block storage volumes to your on-premises applications

Question 18

Network Load Balancer

Answer 18

• best suited for use-cases involving low latency and high throughput workloads that involve scaling to millions of requests per second
• Network Load Balancers expose a fixed IP to the public web
• Network Load Balancers don’t support security groups, based on the target group configurations, the IP addresses of the clients or the private IP addresses associated with the Network Load Balancers must be allowed on the web server’s security group
• Layer 4 operator

Question 19

Application Load Balancer

Answer 19

• Ideal for advanced load balancing of HTTP and HTTPS traffic
• Layer 7 operator
• provides advanced request routing targeted at delivery of modern application architectures, including microservices and container-based applications
• expose a fixed DNS (=URL) rather than the IP address

Question 20

Classic Load Balancer

Answer 20

• intended for applications that were built within the EC2-Classic network
• expose a fixed DNS (=URL) rather than the IP address

Question 21

Launch Configuration

Answer 21

• Launch Configurations are used to launch EC2 instances in an Auto Scaling Group
• Launch Configurations are Immutable (can’t change)
• To modify an EC2 instance’s config in an ASG, you need to create a new Launch Congifuration

Question 22

EBS GP2

Answer 22

• offer cost-effective storage that is ideal for a broad range of workloads
• single-digit millisecond latencies
• up to 16,000 IOPS
• range in size from 1 GiB to 16 TiB
• deliver their provisioned performance 99%
• Volume size is 1 GB to 16 TB.

Question 23

EBS io1

Answer 23

• designed to meet the needs of I/O-intensive workloads, particularly database workloads, that are sensitive to storage performance and consistency
• you to specify a consistent IOPS rate when you create the volume
• delivers the provisioned performance 99.9 percent of the time
• up to 64,000 IOPS per volume
• Volume size is 4 GB to 16TB.

Question 24

AWS Systems Manager Parameter Store (aka SSM Parameter Store)

Answer 24

• provides secure, hierarchical storage for configuration data management and secrets management
• an store data such as passwords, database strings, EC2 instance IDs, Amazon Machine Image (AMI) IDs, and license codes as parameter values
• can store values as plain text or encrypted data
• can reference parameters via the unique name specified at parameter creation

Question 25

NAT Gateways

Answer 25

• enable EC2 instances in a private subnet to connect to the internet or other AWS services
• prevent the internet from initiating a connection with those instances
• cannot associate a security group with a NAT gateway.
• can associate exactly one Elastic IP address with a NAT gateway

Question 26

VPC Peering

Answer 26

• networking connection between two VPCs, non transative
• enables you to route traffic between them using private IPv4 addresses or IPv6 addresses
• EC2 instances in either VPC can communicate with each other as if they are within the same network
• can connect between your own VPCs, or with a VPC in another AWS account

Question 27

Dynamic Port Mapping

Answer 27

• available with an Application Load Balancer
• makes it easier to run multiple tasks on the same Amazon ECS service on an Amazon ECS cluster
• you can run multiple tasks from a single service on the same container instance

Question 28

RDS Encryption

Answer 28

• must encrypt prior to launch (cannot change encryption after launch)
• cannot create encrypted read replica from unencrypted master DB
• cannot create an encrypted Read Replica from an unencrypted master DB instance
• Read replicas in same region as master are encrypted with same key
• Read replicas in a different region as master can be encrypted with a different key

Question 29

IAM Access Key

Answer 29

-used for signing programmatic requests you make to AWS

Question 30

AWS KMS API

Answer 30

-can be used for envelope protection of keys before they are written to disk.

Question 31

DynamoDB global tables

Answer 31

• fully managed solution for deploying a multi-region, multi-master database
• provides an active-active configuration where reads and writes can take place in multiple regions with full bi-directional synchronization

Question 32

Amazon Aurora Global Database

Answer 32

• provides read access to a database in multiple regions
• does not provide active-active configuration with bi-directional synchronization
• you can failover to your read-only DBs and promote them to writable

Question 33

CloudFront geo restriction

Answer 33

• can allow your users to access your content only if they’re in one of the countries on a whitelist of approved countries
• can prevent your users from accessing your content if they’re in one of the countries on a blacklist of banned countries

Question 34

Elastic Fabric Adapter

Answer 34

-type of AWS Elastic Network Adapter (enhanced netwworking) with added capabilities for High Performance Computing use cases
-enables customers to
run applications requiring high levels of inter-node communications at scale on AWS

Question 35

AWS Batch

Answer 35

• used for running large numbers of batch computing jobs

- dynamically provisions the EC2 instances

Question 36

Static S3 Website Configuration Options

Answer 36

• Using a REST API endpoint as the origin with access restricted by an origin access identity (OAI)
• Using a website endpoint as the origin with anonymous (public) access allowed
• Using a website endpoint as the origin with access restricted by a Referer header
• If you just use S3 without cloudfront, it cannot be an HTTPS site, only HTTP

Question 37

Egress-Only Internet Gateway

Answer 37

• a horizontally scaled, redundant, and highly available VPC component that allows outbound communication
• prevents the Internet from initiating an IPv6 connection with your instances.

Question 38

Amazon Elastic File System (EFS) Permissions

Answer 38

• After creating a file system, by default, only the root user (UID 0) has read-write-execute permissions
• root user must explicitly grant them access.
• common use case is to create a “writable” subdirectory under this file system root for each user you create on the EC2 instance and mount it on the user’s home directory

Question 39

S3 Glacier Retrievals

Answer 39

• stardard retrievals are 3-5 hours
• expidiated retrievals in 1-5 minutes
• bulk retrievals are lowest cost, think petabytes of data, 5-12 hours

Question 40

EBS Throughput Optimized HDD (ST1)

Answer 40

• provides up to 500 IOPS per volume
• no SLA for IOPS
• cheaper than GP2 and ST1

Question 41

EBS Cold HDD (SC1)

Answer 41

• provides up to 250 IOPS per volume
• no SLA for IOPS
• cheapest option

Question 42

Resolving apex/domain names (example.com)

Answer 42

• You can create an A record that is an Alias that uses the customer’s website zone apex domain name and map it to the ELB DNS name
• A CAME record can’t be used for resolving apex or naked domain names