Tutorial Dojo Flashcards by Brandan Haines

AWS Transit Gateway provides ___ design for connecting VPCs and on-premise networks.

Hub and Spoke

How well did you know this?

Not at all

Perfectly

Hybrid Connectivity (VPN/Direct Connect) to a single ____ to control organization’s entire AWS routing.

Transit Gateway

How well did you know this?

Not at all

Perfectly

Hub and spoke simplifies management and cost because ____ only connect to ____ to gain access to networks

Transit Gateways/VPCs

How well did you know this?

Not at all

Perfectly

AWS TG and AWS _____ solution simplify management of connections between AVPC and your network over a _____. It also minimizes network costs, improves bandwidth and provides more reliable network experience

Direct Connect/private connection

How well did you know this?

Not at all

Perfectly

True/False: VPC peering is supported in a Direct Connect connection.

False. VPC Peering does not support transitive peering relationships.

How well did you know this?

Not at all

Perfectly

What are the three “free” data transfers for S3?

1) In from Internet
2) Out to EC2 instance when in same region as S3 bucket
3) Out to CloudFront

How well did you know this?

Not at all

Perfectly

GP2 and Provisioned IOPS (io1) are backed by

SSD

How well did you know this?

Not at all

Perfectly

Throughput Optimized (st1) and Cold (sc1) are backed by

HDD/Magnetic

How well did you know this?

Not at all

Perfectly

SDD-backed provide better performance when IO is

random or sequential

How well did you know this?

Not at all

Perfectly

HDD-backed provide better performance when IO is __________ and ________

large AND sequential

How well did you know this?

Not at all

Perfectly

Provisioned IOPS (io1) are best for I/O intensive workloads such as ____ (3 examples). Therefore, io1 is a better solution for these platforms than [other storage option]_____.

Databases [MongoDB, Oracle, MySQL] / GP2

How well did you know this?

Not at all

Perfectly

What is Amazon Fargate?

Compute engine for containers w/ECS and Elastic Kubernetes Service (EKS). No over-provisioning.

How well did you know this?

Not at all

Perfectly

What is Amazon EMR?

Cloud big data platform for processing vast amounts of data using open source tools.

How well did you know this?

Not at all

Perfectly

True/False: ELB Access logging is enabled by default.

False. It is disabled. Once we turn it on it will store the logs to S3 as compressed files.

How well did you know this?

Not at all

Perfectly

What is the backing framework for Amazon EMR?

Hadoop.

How well did you know this?

Not at all

Perfectly

The combined use of IAM _______ and AWS ________ will support autonomy of corporate divisions while enabling governance and oversight.

Cross-Account access and consolidated billing w/ AWS organizations (linking accounts up to parent)

How well did you know this?

Not at all

Perfectly

Week after a Kinesis Data Stream and Lambda is deployed, users have noticed slowness as data rate increases. There’s a performance issue with Kinesis. What should be done?

Increase shards with UpdateSharedCount command.

How well did you know this?

Not at all

Perfectly

What are the two types of Kinesis resharding operations?

Split and Merge

How well did you know this?

Not at all

Perfectly

True/False: you are charged on a per-shard basis for Kinesis.

True. Therefore increasing # of shards increases cost (and vice versa).

How well did you know this?

Not at all

Perfectly

True/False. There is step scaling in Kinesis.

False. This is only applicable to EC2.

How well did you know this?

Not at all

Perfectly

What would three pieces of an elastic, scalable web tier solution be?

Elastic Load Balancing, Amazon EC2, and Auto Scaling

How well did you know this?

Not at all

Perfectly

Which DB solution is best for OLTP

Amazon RDS (not scalable)/Aurora (fully managed)

How well did you know this?

Not at all

Perfectly

You get a ‘insufficient capacity error’ for a Placement group. What is the correct action to take?

Stop and restart the instances in the placement group and try the launch again.

How well did you know this?

Not at all

Perfectly

What are the four metrics that CloudWatch monitors by default?

CPU Util
Network Util
Disk performance
Disk Read/Write

How well did you know this?

Not at all

Perfectly

Enhanced Monitoring metrics are stored for ___ days in CW logs.

Session State data is best stored in (two items)?

DynamoDB | ElastiCache

True/False: DynamoDB is best to store key-value pairs

True.

Which database at AWS is best for OLAP?

Redshift

What is AWS OpsWorks?

Configuration management service that provides managed instances of Chef and Puppet.

What is DynamoDB?

Fast and Flexible NoSQL, fully managed relational DB service.

NACLs can be used to control what?

Traffic coming in and out of VPC network

NACLs are stateful or stateless [what does that mean]?

Stateless | Stateless means you have to have matching inbound/outbound rules.

What is the Amazon service that provides temporary elevated access.

AWS Security Token Service (STS)

Which of these subnets provides a range and which provides a specific IP address; /32 /0

/0 is a range of IPs/entire network | /32 is a specific IP

Ture or false: Traffic between VPC and other Amazon services do not leave Amazon Network

True.

What is an interface endpoint?

ENI w/ private IP; entry point for traffic.

What is a gateway endpoint?

Target for specified route in route table; used for traffic to a supported AWS service [S3 / DynamoDB].

What are two services that need a gateway endpoint?

S3 | DynamoDB

True or False. EBS volumes are restricted while snapshots are taken.

False. EBS can be used while snapshots are in progress.

When transitioning from STANDARD to STANDARD_IA or ONEZONE_IA what are the constraints (three of them)?

1) Objects smaller than 128k are not transitioned 2) Objects have to be stored 30 days in current storage class before you can transition them. 3) Only objects that are at least 30 days noncurrent can be transferred

Limitations on changing storage class do not apply for which classes (three of them)?

INTELLIGENT_TIERING, GLACIER, and DEEP_ARCHIVE

What are three things required to access an EC2 instance from the INTERNET?

1) IGW 2) Route to the IGW in the route table of the VPC 3) Public IP address attached to the instance

S3 log files are encrypted by either: ____ or you can encrypt with this service

``` Default Server Side Encryption (SSE) AWS KMS (Key Management Service) ```

What is the encryption algorithm used by S3?

AES-256

How does Aurora handle failure of primary instance? 1) How are replicas/CNAME handled? 2) What if AZ becomes unavailable? 3) What if no replica, and not serverless?

Failover is automatic. 1) If you have a replica, the CNAME is flipped to point to healthy replica (and then that is promoted). 2) Amazon recreates DB in different AZ 3) If you don't have a replica (and are running serverless), It will attempt to create new DB instance in same AZ.

How can you enable DR for Redshift in the event of an AWS region outage

Enable Cross-Region Snapshots

NLBs function at what OSI layer?

Layer 4

What is BYOIP, which LB is it associated with and what might it be used for?

Bring Your Own IP. You can use it to put an IP onto an Elastic IP that is assigned to an NLB. This can be useful if your IP is already whitelisted to clients.

True or False: NAT Instances and NAT Gateways support IPv6.

False. Only IPv4.

UDP is at Layer ___ of the OSI and therefore a ____ is the best way to route traffic to multiple targets.

4 | Network Load Balancer

What is the EC2 CLI way to get a "StateReason". Why might it be used?

aws ec2 describe-instances | This would show status of EC2 instances, with the reason the state was changed.

When using a static webpage, using ____ [for caching] and ____ [for storage] will ensure ideal hosting as it can support html, css, java, and images.

CloudFront | S3

What would be used to trace and analyze RESTful API requests?

AWS X-Ray

If you want new EBS volumes in a region to be automatically encrypted what step should you take?

Turn on EBS Encryption by Default Feature for the Region.

By default, records of a stream in Amazon Kinesis are accessible for up to _____ from the time they are added to the stream. You can raise this limit to up to ____ by enabling extended data retention.

24 hours | 7 days

NACLS are used to control traffic to an entire VPC, what vehicle can be used to control access to a single EC2 instance?

Security Group

If you need to create an AutoScaling fleet of EC2 instances with a new AMI, what step should be taken? Why?

Create a new launch configuration. You can only specify one launch configuration for an Auto Scaling group at a time, and you can’t modify a launch configuration after you’ve created it. Therefore, if you want to change the launch configuration for an Auto Scaling group, you must create a launch configuration and then update your Auto Scaling group with the new launch configuration.

What is the purpose of Lambda@Edge

Run lambda functions to customize content that cloudfront delivers (functions are executed at edge locations)

What is HTTP 504?

Gateway timeout

With CloudFront, why would you setup an origin group with two origins?

CloudFront would automatically switch over if one origin fails.

Which of these two is better for large sets of data? AWS Storage Gateway or AWS DataSync

AWS DataSync

The largest object that can be uploaded to S3 is:

Real time analytics for lots of records in small sizes batches is best done by what two services? [one to send, one to process]

Kinesis Data Stream | AWS Lambda

Non-relational DB In-memory cache that delivers up to 10x performance improvement from milliseconds to microseconds or even at millions of requests per second.

Amazon DynamoDB Accelerator

________ improves the performance of your database through caching query results.

ElastiCache

True/False. ENI is detached if you stop an EC2 instance.

False

True/False. EIP attached to an EC2 instance is ephemeral.

False

True/False. Data stored in instance-store devices is ephemeral.

True

Relational Databases have rigid schema which means what in relationship to flexibility?

That you have constraints and limits to what can be inserted. Therefore, Relational Databases are no good if you are going to have frequent schema changes.

Generally, do relational databases scale well? What is the relational Amazon DB service that does scale well.

No. DynamoDB.

Scale-In Operation has three things it will do in determining which instance to terminate. What are they?

AZ with most instances Instances with oldest launch config Instance that is closest in next billing hour.

SNI _____ relies on the SNI extension of the Transport Layer Security protocol.

Custom SSL

What allows multiple domains to serve SSL traffic over the same IP address by including the hostname which the viewers are trying to connect to?

SNI extension of Transport Layer Security Protocol

In regard to certificates, CloudFront web distribution with dedicated IP is not cost effective. Why?

Charge begins when you associate your SSL/TLS certificate with your CloudFront distribution. Additionally, dedicated IP is a monthly charge.

Read-after-write consistency, low-latency file operations, and multi-system connectivity are associated with what storage solution?

EFS

If a shard iterator in Kinesis data stream is expiring, what is a possible solution?

Increase the write capacity assigned to the shard table

Regarding size, storage capacity for Dynamo DB is automatically _____ for storage.

Scaled

What type of messing service is Amazon SNS?

Pub/Sub

Amazon SNS can push to what endpoints (5)?

``` SQS Queue Lambda HTTP Endpoint eMail Mobile Device ```

What is the ability to only send certain SNS topics to an endpoint?

Filtering

A decoupled application architecture would use what two services at AWS?

Simple Queue Service [SQS] | Simple Workflow Service [SWS]

True or False. DynamoDB can be used for real-time tabulations

True.

What is the service that keeps collaborative apps with shared data updated in real time and what is the backing DB?

AppSync | DynamoDB

Kinesis Data Stream enables [how fast] _________ processing of streaming ______.

Real-time | Big Data

True/False. SQS allows for duplicates to be sent.

True.

[vocab word] AWS Step Functions allows for serverless ______ for modern applications.

Orchestrations

What is Orchestrtation in regard to AWS Step Functions?

Centrally manage workflow by breaking it into steps with flow logic and tracking inputs/outputs between steps.

What is AmazonMQ?

Managed message broker service that supports multiple protocols.

What service can collect, process, and analyze data in real-time?

Amazon Kinesis

What are the three types of storage solutions provided by Storage Gateway?

File, Volume and Tape

Which of the AWS storage gateway options provides ability to use NFS/SMB?

File

By default RDS does not monitor certain things, in order to facilitate better monitoring of RDS, what should be done?

Enable Enhanced RDS monitoring.

It is expected that the database read queries will significantly increase in the coming weeks ahead. A Solutions Architect recently launched two Read Replicas to the database cluster to improve the platform's scalability. How should this be done with Aurora?

Use the built-in Reader endpoint of Aurora.

NLBs is primarily used to distribute traffic to servers not this piece of RDS technology ______ [regarding database]

Read Replicas

What is the most likely reason a Lambda function with over 15 minutes runtime would terminate?

Maximum Execution time setting

One way to secure private content on Cloudfront is to require signed _____ or signed ______.

URLs | Cookies

Origin Access Identity (OAI) can be used to require users access S3 content by using only

CloudFront URLs

True/False. IAM Policy can be applied to a conditional tag.

True

What is a good way to restrict users to only a certain environment at AWS (e.g. UAT)

IAM policies that allow access to specific tags

To handle bursts in API gateway (e.g. massive amount of requests expected), you should setup:

Throttling limits in API gateway

HTTP requests through a public-facing ALB every five minutes can be tracked with what function? Bonus: is this feature enabled by default?

Access logs | No.

For an S3 API Call, on a successful upload there are two results. What are they?

HTTP 200 result code and MD5 checksum

If you have an identity store that is not compatible with SAML, one option is to:

Build a custom identity broker application. This would use STS to give short-lived AWS creds.

What is a visibility timeout in SQS?

Period of time during which SQS prevents other consuming components from receiving and processing a message.

Egress-Only Internet Gateway is only applicable to what AWS component?

VPCs

In order for an EC2 instance to get out to the internet, but not allow anything in, you should use a:

NAT Gateway

Best way to secure S3 from others getting to your items is to:

Configure S3 bucket to remove public read access and use pre-signed URLs with expiry dates.

AWS Directory Service AD Connector provides what?

Allows AWS to integrate with existing AD/LDAP in the cloud.

True/False: You can assign an EIP to an ALB.

False.

What services can you use to import SSL/TLS certificate form a third party CA?

IAM Certificate Store | AWS Certificate Manager

True/False in Route 53, Active-Active failover allows for a 'primary' and 'secondary' resource.

False. Active-Active uses all available resources.

For accessing Cloud front with these restrictions what is the best option: You want to provide access to multiple restricted files, for example, all of the files for a video in HLS format or all of the files in the subscribers’ area of a website; You don’t want to change your current URLs.

Signed Cookies

For accessing cloud front with these cases, what is the best option? You want to use an RTMP distribution, You want to restrict access to individual files, for example, an installation download for your application, Your users are using a client (for example, a custom HTTP client) that doesn’t support cookies.

Signed URLs

There are two main types of VPC endpoint. Most AWS services use VPC ______ Endpoint except for S3 and DynamoDB, which use VPC ______ Endpoint.

Interface | Gateway

Patch management, infrastructure selection and data sync can coordinate multiple AWS services into serverless workflows via what AWS Service?

AWS Step Functions.

What is a VPN and its benefit?

Allows connection to on-prem DC using IPSec/TLS.

AWS Direct Connect allows for what between your network and VPC?

Private and dedicated network connetion.

What are the prerequisites when routing traffic using Amazon Route 53 to a website that is hosted in an Amazon S3 Bucket?

S3 Bucket must be the same as domain name | Registered domain name

Which of these is not a default cloudwatch metrics? CPU Util, Memory Util, Network Packets out, Disk read activity?

Memory Util

What is the function that would allow an EC2 instance to access DB instead of password.

AWS IAM [w/DB authentication]

One of the developers was instructed to create the environment variables for the MongoDB database hostname, username, and password as well as the API credentials that will be used by the Lambda function for DEV, SIT, UAT, and PROD environments. Considering that the Lambda function is storing sensitive database and API credentials, how can this information be secured to prevent other developers in the team, or anyone, from seeing these credentials in plain text?

Create new KMS key and enable encryption helpers to store/encrypt sensitive info.

Which service provide a record of actions taken by a user, role, or an AWS service in Amazon S3? Which service provides detailed records for the requests that are made to an S3 bucket?

AWS CloudTrail | Amazon S3 server access logs

In what scenario would you use target tracking scaling as opposed to simple scaling?

When you don't want to wait for a cooldown period to complete before doing additional scaling activities.

You've got a group of EC2 instances behind a LB, need to secure the application by allowing multiple domains to serve SSL traffic over same IP. What is the option to use here?

Generate an SSL certificate with AWS Certificate Manager and create a CloudFront web distribution. Associate the certificate with your web distribution and enable the support for Server Name Indication (SNI).

When dealing with an encrypted EBS volume, there are four types of data encrypted. What are they?

Data at rest inside the volume Data moving between volume and instance Snapshots created from the volume All volumes created from the snapshots

``` In cloud formation, JSON/YAML is used to descript infrastructure. Of these, which is required? – Format Version – Description – Metadata – Parameters – Mappings – Conditions – Transform – Resources – Outputs ```

Only resources is required, but the rest should be provided in some semblance of order.

When should you consider AWS Snowball based on internet connection speed [size/amount of data] T3 100M 1000M

2T or more 5T or more 60T or more

To setup private endpoints that don't pass through public internet, what is the best option: AWS VPN CloudHub, AWS Direct Connect, VPC endpoints or Transit Gateway

VPC Endpoints

What is a stream record in regard to DynamoDB?

A modification record of the dynamodb table (create/update/delete)

DynamoDB performance can be better distributed evenly by using provisioned throughput by having partition keys with __________; which have a few/great number of distinct values for each item.

High-Cardinality; great

True/False CloudWatch Alarms can update ECS task count.

False.

What is the IOP guarantee for EC2 with io1?

32000

In order to get above 32000 IOPs for EC2, what type of instance is necessary

A Nitro-

If you wanted to split-up read requests to Aurora what is necessary?

Custom Reader Endpoint

What is the primary function of Amazon Macie?

To scan data stored in S3 and detect PII or intellectual property.

What is the primary function of Amazon Rekognition?

Identifies objects, people, text, scenes and activities in images/videos.

What is the easiest way to create NAT gateway high availability?

Have one in each AZ.

DynamoDB Stream and AWS Lambda Triggers can be used to serve what functionality (regarding "follow" actions)?

SNS notification to subscribers

What service should be used to handle minimum number of ECS tasks with Fargate?

CloudWatch Event rules.

True/False: Standard Reserved instances can be later exchanged for other convertible reserved instances.

False.

Which is more cost effective: Lambda with Step Functions or Kinesis Data Streams/SQS?

KDS/SQS.

What are the possible Event Notification destinations available for S3 buckets?

SQS | Lambda

Which Amazon service is most effective for blocking SQL Injection/Cross-Site Scripting attacks?

WAF

You want to evenly distribute incoming traffic to an ALB, in Route 53, which record types will you use to point the DNS name of the Application Load Balancer?

Alias w/ type A | Alias w/ type AAAA

CNAME records in Route 53 can only be used for what?

Subdomains

What is an AAAA type DNS record?

IPv6

What is an MX DNS/Route 53 entry primarily used for?

Mail servers

True/False: DataSync can write directly to S3, Glacier and/or Glacier Deep Archive.

True

Which of the LBs supports support path-based routing, host-based routing, and support for containerized applications?

Application LB

What is the function/purpose of AWS Config?

Assess, audit, and evaluate the configurations of your AWS resources.

By default, EC2 instances use the _____ addressing protocol.

IPv4

RDS automatically performs a failover to standby for what two events?

Storage failure on primary | Loss of AZ

When should AWS Snowmobile be used?

In exabyte/petabyte range.

What Amazon service is cloud-agnostic and open-source for containerized workloads?

Amazon EKS

Which of the DB services gives the Architect the ability to store huge amounts of data and perform quick and flexible queries on it?

Redshift

True/False: a Classic load balancer supports SNI.

False.

Geoproximity can be used to specify a larger ____ known as a ____ for countries/locations

Area/Bias

What needs configured outside the VPC for successful site-to-site VPN?

Internet-routable IP address to customer gateway external interface for the on-prem network

True/False: Every subnet created is auto associated with them main route table for the VPC.

True.

What are the two allowed block size in a VPC (netmask)?

/16 [65,536 IPs]; and /28 [16 IPs]

Which option is cheaper: On-demand or spot?

Spot is much cheaper than On-Demand.

In the following scenario, what actions should be taken: The instance uses a default security group and has an attached Elastic IP address. The network ACL has been configured to block all traffic to the instance. The Solutions Architect must allow incoming traffic on port 443 to access the application from any source.

Security group to allow TCP on port 443 from source 0.0.0.0/0 NACL allowing TCP connection to ephemeral ports 32768-65535

True/False in Route-53: Active-Active failover includes a primary and secondary source.

False.

When would s3:ObjectRemoved:DeleteMarkerCreated be triggered?

When a delete marker is created for a versioned object.

If you wanted to use S3 Select against a specific object, what two things are needed?

Bucket Name | Object Key

True/False: You will be billed when reserved instance is in terminated state

True

True/False: You will be billed when On-demand is in pending?

False

True/False: You will be billed when spot instance is in stopping state

False

True/False: You will be billed when On-Demand is preparing to hibernate in stopping state.

True

How are NACL rules processed?

In order of number; lowest is evaluated first and if it matches, it is applied immediately regardless of higher-value rule that may contradict it.

In which Amazon Service is SSE an option (EC2 or S3)?

RDS Metrics that are monitored without Enhanced monitoring (3):

CPU Util Database Connections Freeable Memory

RDS Metrics monitored WITH enhanced monitoring (3):

RDS Child Processes RDS Processes OS Processes

AnyCast IP is associated with which AWS Service?

AWS Global Accelerator

Which is more efficient: AWS Systems Manager Agent (SSM) or CloudWatch?

CloudWatch

These are the four things that ______ has advantages for: * collecting logs with metrics * can run on windows server * additional system metrics * better performance

CloudWatch Agent

What is needed to ensure Redshift is highly available/can handle an AWS region outage?

Cross-Region Snapshots

There are two ways to ensure that requests coming in to an SQS queue can be changed/modified to ensure single processing, what are they?

SQS FIFO Queue | Change from SQS to SWF

Amazon RDS w/MySQL can automatically failover when what configuration exists?

Standby replica in another availability zone w/Multi-AZ deployment

In what scenario is FSx for Lustre used?

Compute-intensive HPC/machine learning; works natively with/optimized for S3. HOWEVER, Lustre doesn't support Windows-based applications only Windows servers.

Security Groups are Stateful or Stateless [what does that mean?]

Stateful; if incoming is granted, outgoing is also granted.

The Outputs section of a CF template defines what and could be used for what function?

Optional section template that describes the values that are returned whenever you view your stack's properties [such as DNS server hostname]

On-prem sharing of traffic (50% to on-prem, 50% to aws) can be handled with what two functions?

Route 53 w/Weighted Routing | ALB w/Weighted Target Groups

True/False: EFA is supported on Windows Instances.

False. You can attach one but it just functions as a regular ENA.

True/False: It is possible to recover from a CloudHSM via snapshot if it gets zeroed out.

False -- you must have your own copy of the keys for solid backup.

Can AWS Secrets Manager generate short-lived authentication tokens?

No. It is used for storing passwords, secrets and other creds.

In SQS, if an EC2 instance is terminated in a parallel asynchronous processing scenario, what happens to the message?

When visibility timeout expires, it becomes available for processing by other EC2 instances.

Long Polling helps reduce cost of SQS by reducing the number of _____ responses and eliminating false _____ responses.

empty

What is the Amazon service that you can use for Virtual Deskops?

Amazon Workspace

In order to point to a DNS zone apex record, how should the Route-53 be configured.

Create an A record aliased to load balancer DNS

What is the ApproximateAgeOfOldestMessage metric useful for?

Application with time sensitive messages; and/or scaling policies.

When tracing detailed information on an ALB for HTTP, what is the best option?

Access logs on the ALB [it is disabled by default]

When real-time processing is needed, what is the service you should immediately think of?

Kinesis

Gateway endpoints are targets for traffic destined to where?

S3 | DynamoDB

Which type of scaling uses metrics and threshold values with a set of scaling adjustments?

Step Scaling

Vertical scaling means ___________ your current resource

Upgrading

Horizontal scaling means _________ your current resource

Adding more

What is DNSSEC? Is it supported by Route 53?

Domain Name System Security Extensions. Protocols that add security to DNS lookup. No.

In terms of caching, the best way to control what a user gets from a cloudfront distribution is to use what functionality?

Versioned Objects

AWS Global Accelerator services what function and what can it be used for?

Static IP that acts as point of entry for single or multiple AWS regions (ALB/NLB/EC2). This can reduce number of IPs [e.g. whitelisting]

What is the recommended storage engine for MySQL?

InnoDB

Cross-Region Read Replication latency of less than a second is a feature of what RDS solution?

Aurora

True/False: EFS works natively with S3.

False

True/False: S3 works natively with Amazon FSx for Windows.

False

If you have several EC2 instances in multiple AZs, how can you distribute incoming requests evenly?

Cross-zone load balancing

If you wanted to group resources together and had a fleet of EC2 instances you wanted to push a new version of code to, what is the best option?

CodeDeploy

In Elastic Beanstalk, where does it store the application files and server log files?

Application files are stored in S3; server logs can also optionally be stored in S3/CloudWatch Logs.

RDS synchronously replicates the data to a standby instance in a different Availability Zone (AZ) that is in what region?

The same as the primary

What are the two options to connect an on-prem infrastucture to AWS?

Direct Connect & IPSec VPN connection

What is the minimum duration charge for S3? S3-Intilligent? S3 Standard-IA? S3 One-zone IA? S3 Glacier? S3 Glacier Deep Archive?

none, 30, 30, 30, 90, 180 days

CloudTrail is used for what purpose

Tracking changes to AWS resources; API and non-API account activity.

True/False. Oracle Real Application Clusters [RAC] are supported in RDS.

False.

If you wanted to automate snapshots of EBS volumes, what product would you use.

Amazon DLM (Data Lifecycle Manager)

True/False - you can set a priority on individual items in a single SQS queue (example: split priority from free)

False; best thing to do here is setup two SQS queues

True/False: Systems Manager parameter store rotates parms by default

False

Perfect Security Secrecy is a SSL/TLS cipher suite used with what two services?

CloudFront & ELB

AWS Trusted Advisor is best used for what function?

Providing "best practice" reccomendations.

What is the default value for the autoscaling cooldown?

300 seconds

To encrypt S3-managed SSE, what is the header request?

x-amz-server-side-encryption

What is needed to be configured outside the VPC to have a successful site-to-site VPN?

Internet-routable static IP address of gateway | External interface for on-prem network

CloudFormation with based on success signals (applications are properly running before stack creation proceeds is done via what attribute?

CreationPolicy w/cfn-signal helper.

What is the limit for regions for On-Demand based on; what must be done to increase it?

vCPU. Request a limit increase from Amazon.

Is EKS good to run docker?

No; Fargate should be used instead.

What benefits does Fargate provide?

Provisioning and managing servers, pay per resources per application. Improves security by isolation by design.

What does Kinesis Data Firehose get you?

Streaming data into analytic tools. Capture, transform and load data into S3/Redshift/Elasticsearch and Splunk.

How are EBS volumes encrypted?

Via AWS KMS

Is SSE an option on EBS?

No; SSE is not used in EC2/EBS.

True/False. RDS Read Replicas can elastically scale out?

True

What kind of synchronization do Read Replicas provide?

Asynchronous

What is provisioned capacity in regard to S3?

Retrieval capacity for expedited retrievals is there when you need it. Three expedited retrievals can be performed every five minutes.

Is a DynamoDB table and CloudFront compatible?

No.

What are the settings in VPC that allow/generate a DNS hostname?

DNS resolution | DNS hostnames

If you have a high throughput DynamoDB table; what is the best way to improve performance of an application using it?

Enable DynamoDB auto scaling

What is Data Pipeline?

Cloud-based data workflow; moves data between different AWS services.

What is the ratio of provisioned IOPS to volume size?

50:1

What is the difference between Volume Gateway cached mode and stored mode?

Cached gives you access to a subset (frequently accessed) of your data; stored is the entire dataset.

What is target tracking scaling?

Capacity is increased/decreased based on target value for specific metric.

True/False: CloudTrail logs are encrypted by default using S3 SSE.

True

To use Long Polling on an SQS queue, what should be done?

Change ReceiveMessageWaitTimeSeconds to a value greater than zero.

EIPs will not be charged under what three conditions?

EIP associated with instance Instance is running Only on EIP attached to instance

What is necessary to make API calls to AWS resources?

Set of access keys for the user and necessary permissions

What is a major difference between Elastic Beanstalk and ECS?

Features like load balancing, monitoring and auto scaling are not auto-enabled in ECS.

What is the setting/parm to ensure connections are using SSL for RDS?

rds.force_ssl

What is the requirement to have MicrosoftSQL encrypted [what cert?]

Amazon RDS Root CA