Transverse

Question 1

Specificity of those encryption ? 
. SSE-S3
. SSE-C
. SSE-KMS
. SSL

Answer 1

. SSE-S3 requires that Amazon S3 manage the data and master encryption keys
. SSE-C requires that you manage the encryption key
. SSE-KMS requires that AWS manage the data key but you manage the master key in KMS
. SSL would encrypt data only when in-transit

Question 2

Placement group
. Cluster
. Partition
. Spread

Answer 2

. Cluster : HPC
. Partition : Hadoop, Cassandra & Kafka (The instances in a partition do not share racks with the instances in the other partitions, limit the impact of a single hardware failure to only the associated partition)
. Spread : reduce correlated failures)

Question 3

what is OpsWorks ?

Answer 3

Configuration management service that helps you configure and operate applications in a cloud enterprise by using Puppet or Chef

Question 4

Type of queue where orders are processed exactly once and which handle large increases in the number of requests ?

Answer 4

SQS FIFO

Question 5

Retention period for SQS ?

Answer 5

default retention period : 4 days : from 1 min up to 14 days

Question 6

application tier “Decouple” + asynchronously processing ?

Answer 6

SQS

Question 7

Type of queue which :
. Reduce empty responses by allowing Amazon SQS to wait until a message is available in a queue before sending a response.
. Reduce false empty responses by querying all rather than a subset of Amazon SQS servers.

Answer 7

Long polling

Question 8

Difference between long and short polling ?

Answer 8

While the regular short polling returns immediately, even if the message queue being polled is empty, long polling doesn’t return a response until a message arrives in the message queue, or the long poll times out.

Question 9

Services to decouple and architecture ? (2)

Answer 9

SQS & SWF (simple workflow service)

Question 10

Usage of RAID 0 & RAID 1 ?

Answer 10

. RAID 0 to increase performance

. RAID 1 to increase fault tolerance (redundancy)

Question 11

what protection do you get with WAF and Shield ?

Answer 11

WAF = XSS, to protect your applications against SQL injection and cross-site scripting (XSS) attacks,
Shield = DDoS

Question 12

What is GuardDuty ?

Answer 12

GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.

Question 13

what can be used to map the domain apex (example.com) to the Elastic Load Balancers ?

Answer 13

Alias records

Question 14

When does AWS KMS automatically rotates AWS managed keys ?

Answer 14

every year

Question 15

”batch processing” and “data is loaded nightly into Redshift and is consumed by business analysts”

2 services ?

Answer 15

Lambda for batch processing and Amazon Kinesis Data Firehose data loading.

Question 16

what are CloudWatch enhancer monitoring metrics ?

Answer 16

RDS child process, OS processes

Question 17

SWF vs Step Functions ?

Answer 17

Step function : coordinating application components using visual workflows.
SWF : If you require external signals (deciders) to intervene in your processes, or you would like to launch child processes that return a result to a parent,

Question 18

Point a hostname to any other hostname (app.domain.com -> balbla.anything.com)

Answer 18

CNAME

Question 19

Point a hostname to aws resource (app.domain.com -> blabla.amazonaws.com)

Answer 19

Alias

Question 20

How to configure the DNS zone apex record to point to a public facing load balancer ?

Answer 20

A recod aliased to the LB DNS name