Udemy course - Sections 1-10

Question 1

2 Benefits of private cloud

Answer 1

-complete control of the entire stack
-security - in a few cases, organizations may need to keep all or some of their applications and data in house

Question 2

3 benefits of public cloud

Answer 2

-variable expense, instead of capital expense
-economies of scale
-massive elasticity

Question 3

what is a hybrid cloud

Answer 3

where a private cloud and public cloud are connected together where you might be connected with either the internet or a private link.

Question 4

Three things the multi cloud can connect?

Answer 4

-private cloud (vmWare, openstack)
-public cloud (aws, azure)
-organization

Question 5

what is a region

Answer 5

physical locations in the world and independent of others and within a region, there are availability zones (az)

Question 6

what are the different zones with subnets that you can use to connect to a region

Answer 6

-Local Zone
-outpost
-wavelength (5g/mobile)

Question 7

what does cloudfront do

Answer 7

deliver content like videos through edge locations

Question 8

what is aws responsible for in the responsibility model?

Answer 8

Software
-compute
-storage
-datebase
-networking
Hardware
-regions
-availability zones
-edge locations

Question 9

what is the customer responsible for in the responsibility model?

Answer 9

-platform, applications, identity & access management
-operating system, network & firewall configurations
-client-side data encryption & data integrity authentication
-server-side encryption (filesystem and/or data)
-networking traffic protection (encryption, integrity, identity)

Question 10

three ways to access cloud services

Answer 10

-aws management console (ui)
-command line
-software development kit (ide)

Question 11

example of public services and what does that mean

Answer 11

-means you are connecting to services via a public address
-examples: dynamoDB, S3 (storage), route 53, cloudFront

Question 12

what are some private services and what does this mean?

Answer 12

-vpc where you have subnets with resources that can be either private or public
-examples: EC2 instance, amazon rds, elastic file system

Question 13

6 advantages of cloud computing

Answer 13

-trade capital expense for variable expense
-benefits from massive economies of scale
-stop guessing capacity
-speed and agility
-stop spending money running and maintaining data centers
-go global in minutes

Question 14

3 types of cloud computing model

Answer 14

-iaas (MANAGED TO OS)
-PAAS(managed to code)
-saas (pure consumption)

Question 15

4 types of cloud deployment

Answer 15

1) public
2) hybrid cloud
3) private cloud
4) multicloud (combo of private/hybrid/etc)

Question 16

fundamentals of pricing

Answer 16

-compute
-storage
-outbound data transfer

Question 17

aws global infrastructure is made up of:

Answer 17

AWS REGIONS
-region is a geographical area
-each region consists of 2 or more AZ (availability zones)
-isolated from other AWS Regions
Availability Zones (data centers)
-AZ are sep from each other
-AZs span one or more data centers
-each AZ is designed as independent failure zone
Local Zones (fairly new and may not come up on exam
-place compute, storage, db, and other services closer to end user
-extension of aws region where you can run your latency sensitive applications
edge locations and regional edge caches

Question 18

shared responsibility model

Answer 18

aws responsible for security of the cloud
-run underlying infrastructure
-hardware,software

user responsible for security in cloud
ec2 includes network level security, etc…

Question 19

what is IAM

Answer 19

-identity and access management is a web service that helps you security control access to aws services

Question 20

What does IAM control?

Answer 20

who is authenticated and authorized to use resources

Question 21

what are users?

Answer 21

individual accounts you log in with

Question 22

what permissions do users have by default

Answer 22

none

Question 23

what are groups used for?

Answer 23

organizing users and applying policies

Question 24

what do users log into the aws management console with?

Answer 24

user name and password

Question 25

what are access keys used for?

Answer 25

programmatic access (think CLI/API)

Question 26

what do access keys consist of?

Answer 26

access key id and secret access key

Question 27

what is a root user?

Answer 27

user that created the account

Question 28

what permissions do root users ahve?

Answer 28

full permissions that cannot be restricted

Question 29

What does multi-factor authentication use?

Answer 29

a second factor in addition to a password (typically code generated on a device)

Question 30

what are service control policies (SCPs)

Answer 30

feature of aws organization and they control the max available permissions in aws account and they do not grant permissions

Question 31

IAM best practices (8)

Answer 31

-locck away your aws account root user access keys
-create individual iam users
-use groups to assign permissions to IAM users
-grant least privileges
-get started using permission with aws managed policies
-use customer managed policies instead of inline policies
-use access levels to review IAM permissions
-configure a strong password policy for your users3
-enable mfa
-use roles for applications that run on amazon ec2 instances
-use roles to delegate permissions
-do not share access keys
-rotate credentials regularly
-remove unnecessary credentials
-use policy conditions for extra security
-monitor activity in aws account

Question 32

what does ARN stand for?

Answer 32

Amazon Resource Name

Question 33

what IAM entity can be used to delegate permissions?

Answer 33

role

Question 34

what is elastic compute cloud?

Answer 34

EC2 that lets you run web services in the cloud (virtual servers)

Question 35

what operating system can EC2 run?

Answer 35

all: linux/windows/mac

Question 36

AMI is used to launch what?

Answer 36

amazon machine image launches an EC2 instance (consists of ebs snapshot, permissions and configurations)

Question 37

what is user data?

Answer 37

data supplied by the user at instance launch in the form of a script

Question 38

what is instance metadata

Answer 38

data about your instance that you can use to configure or manage the running instance

Question 39

are user data/metadata encrypted?

Answer 39

no

Question 40

how can you view meta data?

Answer 40

instance http: address

Question 41

what are access keys used for?

Answer 41

gain permissions to other AWS services

Question 42

how are access keys stored?

Answer 42

plain text

Question 43

what is preferred method over access keys?

Answer 43

iam role and because they are not stored

Question 44

what does aws batch do?

Answer 44

enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs

Question 45

what does aws batch provisions?

Answer 45

optimal quantity and type of computer resources

Question 46

what are some perks about amazon lightsail

Answer 46

great for users who don’t have deep tech expertise to provision compute services
-provides pretty much everything you need in cloud
-best suited for projects that require a few dozen instances or fewer
-simple management interface
-good for blogs, website, web applications, e-commerce etc
-can deploy load balancers and attach block storage

Question 47

What is ECS?

Answer 47

elastic compute service

Question 48

what is a task also known as?

Answer 48

containers

Question 49

what is ECS used for?

Answer 49

running docker containers in the cloud

Question 50

EC2 launch types?

Answer 50

managed (you control) unmanaged (fargate- serverless)

Question 51

what is elastic container registry?

Answer 51

private container image registry

Question 52

do ebs volumes data persists?

Answer 52

yes, independently of the lift of the instance

Question 53

Do EBS volumes need to be attached to an instance?

Answer 53

nope

Question 54

Can multiple EBS volumes be attached to an instance?

Answer 54

yes

Question 55

Can you attached multiple instances to a volume?

Answer 55

sort of through multi-attach but has constraints

Question 56

Can EBS volumes be in different AZs as the instances they are attached to?

Answer 56

No, false, they have to be in same AZ

Question 57

what is deleted on termination by default

Answer 57

the root ebs volumes, but any extras you connected will not be.

Question 58

what are snapshhots?

Answer 58

captures point-in-time of an instance

Question 59

where are snapshots stored?

Answer 59

s3

Question 60

what happens with the snapshots as you make periodic snapshots of a volume?

Answer 60

they are incremented

Question 61

Is EBS volumes AZ or region specific?

Answer 61

AZ

Question 62

is snapshots AZ or region speecific?

Answer 62

region

Question 63

What is DLM and what does it do?

Answer 63

data lifecycle manager, automates the creation, retention, and deletion of EBS snapshots and EBS-backed AMI

Question 64

What does DLM help with?

Answer 64

-protects data by enforcing reg back up schedule
-creates standardized AMIs that can be refreshed at intervals
-retains backups as required by auditors and internal compliance
-recue storage costs by deleting outdated backups
-create disaster recovery backup policies that back up data to isolated accounts

Question 65

what are instance store volumes?

Answer 65

high performance local disks physically attached to host comp on which ec2 instance runs

Question 66

is instant stores persistent?

Answer 66

no, they are ephemeral (data lost without power)

Question 67

what is instance stores good for?

Answer 67

temp storage of info that changes frequently, like buffers/caches/scratch data

Question 68

what is EFS

Answer 68

elastic file system that is a file-based storage system, which uses NFS protocol

Question 69

can EFS connect many EC2 instances concurrently?

Answer 69

yes

Question 70

Can EC2 instances connect only to one AZ?

Answer 70

No, they can be connected from multiple AZs

Question 71

Can you connect instances from other VPCS?

Answer 71

YES

Question 72

Is EFS available for windows instances?

Answer 72

no, only available for linux

Question 73

What kind of file can be stored in S3?

Answer 73

any

Question 74

what is the size range of files in S3?

Answer 74

0bytes to 5TB

Question 75

is there a limited storage on s3?

Answer 75

no

Question 76

Can buckets be named the same anywhere in the world?

Answer 76

no, they have to be unique as namespace is universal

Question 77

Where are buckets created?

Answer 77

regions

Question 78

what is a good policy when creating buckets?

Answer 78

create them close to your users so to reduce latency

Question 79

six storage classes?

Answer 79

-s3 standard?
-s3 intelligent tiering
-s3 standard-IA
-s3 one zone-ia
-s3 glacier
-s3 glacier deep archive

Question 80

what is s3 standard

Answer 80

(durable, immediately available, frequently accessed)

Question 81

what is s3 intelligent-tiering?

Answer 81

(automatically moves data to the most cost- effective tier)

Question 82

what is standard-IA

Answer 82

(durable, immediately available, infrequently
accessed)

Question 83

What is s3 one zone-ia

Answer 83

(lower cost for infrequently accessed data with less
resilience)

Question 84

What is s3 glacier

Answer 84

(archived data, retrieval times in minutes or hours)

Question 85

what is glacier deep archive

Answer 85

(lowest cost storage class for long term retention)

Question 86

What are some S3 features

Answer 86

-Transfer acceleration – speeds up uploads using CloudFront
* Requester pays – the account requesting the objects pays
* Events – can trigger notifications to SNS, SQS and Lambda
* Static website hosting – setup a static website
* Encryption – encrypt objects in the bucket
* Replication – replicate within (SRR) or across (CRR) Regions

Question 87

What does versioning mean?

Answer 87

means of keeping multiple variants of an object in the same bucket

Question 88

What is versioning used for?

Answer 88

to preserve, retrieve, and restore every version of every object stored in your Amazon S3 bucket

Question 89

what does a versioning-enabled bucket enable you to do?

Answer 89

recover objects from accidental deletion or overwrite

Question 90

What are data access times for glacier and deep archive?

Answer 90

Data access time (Glacier) 1-5 minutes 3-5 hours 5-12 hours
Data access time (Deep Archive) N/A 12 hours 48 hours

Question 91

What are two things to know about s3 Glacier

Answer 91

-Extremely low cost and you pay only for what you need with no commitments of upfront fees
- Two classes Glacier and Glacier Deep Archive

Question 92

What are two things to know about s3 object-lock?

Answer 92

-Store objects using a write-once-read-many (WORM) model
-Prevent objects from being deleted or overwritten for a fixed time or indefinitely

Question 93

What are 3 things to know about s3 Glacier vault lock?

Answer 93

• Also used to enforce a WORM model
• Can apply a policy and lock the policy from future edits
• Use for compliance objectives and data retention

Question 94

What is AWS Storage Gateway?

Answer 94

-Hybrid cloud storage service
-Access cloud storage from on-premises applications
-Enables access to proprietary object storage (S3) using standard protocols

Question 95

What are some use cases for aws storage gateway

Answer 95

• Moving backups to the cloud
• Using on-premises file shares backed by cloud storage
• Low latency access to data in AWS for on-premises applications
• Disaster recovery

Question 96

What are the three types of storage gateway?

Answer 96

-file, volume, tape

Question 97

what is file gateway?

Answer 97

provides file system interfaces to on-premises
servers

Question 98

what is volume gateway?

Answer 98

provides block-based access for on premises servers

Question 99

what is tape gateway?

Answer 99

provides a virtual tape library that is compatible with common backup software (block and file interfaces)

Question 100

What is Route 53?

Answer 100

DNS (domain name service) to register ip addresses to common names

Question 101

what are three functions that route 53 does?

Answer 101

*Domain registration – Route 53 allows you to register domain
names
* Domain Name Service (DNS) – Route 53 translates name to IP
addresses using a global network of authoritative DNS servers
* Health checking – Route 53 sends automated requests to your
application to verify that it’s reachable, available and functional

Question 102

What are some route 53 routing policies?

Answer 102

• Simple – IP address associated with name
• Failover – if primary is down, route to secondary
• Geolocation – route based on geographic location of request
• Geoproximity – route to closes Region withing geo area
• Latency – use lowest latency route to resources
• Multivalue answer – returns several IP addresses
• Weighted – relative weights (e.g. 80%/20%)

Question 103

what is amazon ec2 auto scaling?

Answer 103

• automates the scaling of ec2 instances which can be elastic and scalable
• Launches and terminates EC2 instances based on demand
• Helps to ensure that you have the correct number of EC2 instances available to handle the application load

Question 104

what is ASG?

Answer 104

Auto Scaling Group which is collections of EC2 instances

Question 105

What does ASG use in order to scale?
(2)?

Answer 105

status checks and cloudWatch metrics

Question 106

When can EC2 scaling scale (2)?

Answer 106

on-demand and on schedule

Question 107

What are scaling policies?

Answer 107

• Target Tracking – Attempts to keep the group at or close to the
  metric
• Simple Scaling – Adjust group size based on a metric
• Step Scaling – Adjust group size based on a metric – adjustments
  vary based on the size of the alarm breach
• Scheduled Scaling – Adjust the group size at a specific time

Question 108

What is ELB

Answer 108

Elastic load balancing, which distributes incoming app traffics across multiple targets

Question 109

how does ELB handle traffic over AZs?

Answer 109

Either in a single zone or multiple AZs

Question 110

Why is ELB helpful?

Answer 110

features high availability, automatic scaling, and robust
security necessary to make your applications fault tolerant

Question 111

what are two types of elastic load balancer?

Answer 111

• Application Load Balancer (ALB) – layer 7 load balancer that
  routes connections based on the content of the request
• Network Load Balancer (NLB) – layer 4 load balancer that
  routes connections based on IP protocol data

Question 112

Can ELB distribute across regions?

Answer 112

ELB cannot distribute connections across regions, only availability zones. To direct traffic across regions use Amazon Route 53

Question 113

what is launch configuration?

Answer 113

A launch configuration is the template used to create new EC2 instances and includes parameters such as instance family, instance type, AMI, key pair and security groups

Question 114

what is a hosted zone?

Answer 114

A hosted zone represents a set of records belonging to a domain

Question 115

are there instances to manage with serverless lambda functions?

Answer 115

no, serverless simply means no infrastructure (OSs or hardware) to manage, therefore no instances)

Question 116

how is provisioning and patching handled on serverless services?

Answer 116

automatically

Question 117

is there automatic scaling and high availability with serverless services?

Answer 117

Yes

Question 118

what are some aws serverless services?

Answer 118

-lambda
-fargate
-eventbridge
-step functions
-SQs
-SNS
-API Gateway
-s3
-dynamoDB

Question 119

benefits of lambda?

Answer 119

• No servers to manage
• Continuous scaling
• Millisecond billing
• Integrates with almost all other AWS services

Question 120

How is payment done with lambda functions

Answer 120

You pay only for the compute time you consume (you pay
nothing when your code is not running)

Question 121

when is lambda functions executed and how are they scaled?

Answer 121

AWS Lambda executes code only when needed and scales
automatically

Question 122

What is SQS and what is it used for? (4 things to keep in mind)

Answer 122

• SQS offers a reliable, highly-scalable, hosted queue for storing messages in transit between computers
• SQS is used for distributed/decoupled applications
• SQS uses a message-oriented API
• SQS uses pull based (polling) not push based

Question 123

What is Amazon MQ and what is it used for (5 things to keep in mind)

Answer 123

• Message broker service
• Similar to Amazon SQS
• Based on Apache Active MQ and RabbitMQ
• Used when customers require industry standard APIs and protocols
• Useful when migrating existing queue-based applications into the cloud

Question 124

What is SNS and what is it used for? (5 things to keep in mind)

Answer 124

• Publisher / subscriber model
• Amazon SNS is used for building and integrating looselycoupled, distributed applications
• Provides instantaneous, push-based delivery (no polling)
• Uses simple APIs and easy integration with applications
• Offered under an inexpensive, pay-as-you-go model with no up-front costs

Question 125

What is AWS step functions? (2 things to keep in mind)

Answer 125

• AWS Step Functions makes it easy to coordinate the components of distributed applications as a series of steps in a visual workflow
• You can quickly build and run state machines to execute the steps of your application in a reliable and scalable fashion

Question 126

What is SWF and what does it do or things to keep in mind? (4 things)

Answer 126

• Amazon Simple Workflow Service
• Coordinate work across distributed application components
• Create distributed asynchronous systems as workflows
• Best suited for human-enabled workflows like an order fulfilment system or for procedural requests
• AWS recommends that for new applications customers consider Step Functions instead of SWF

Question 127

What does amazon event bridge do? (3 things)

Answer 127

• Serverless event bus
• Used for building event-driven architectures
• Ingests data and routes it to target AWS services

Question 128

What are 4 things the amazon api gateway do? (4)

Answer 128

• Publish APIs on AWS
• Create RESTful and WebSocket APIs
• Fully managed service
• Forward connections to AWS services and on-premises
  applications

Question 129

what is a VPC dedicated to?

Answer 129

aws account

Question 130

true/false, Not logically isolated form other virtual networks in the aws cloud

Answer 130

flase, it is logically isolated

Question 131

what kind of controls do you have over a vpc?

Answer 131

complete control

Question 132

Can you launch your aws resources into your vpc and if so, whats an example?

Answer 132

yes, EC2 instances can be launched to your VPC

Question 133

what is analogous to having your own DC (data center?) inside aws?

Answer 133

VPC

Question 134

what do you have to specify when you create a vpc?

Answer 134

range of IPv4 addresses for the vpc in form of a cidr (classless inter-domain routing) block,

-ex: 10.0.0.0/16

Question 135

what does a VPC span?

Answer 135

all AZs in a rgion

Question 136

who has control of the aws resources inside a vpc?

Answer 136

you have full controll of access

Question 137

whats the default number of VPCs you can create per region?

Answer 137

5

Question 138

What is the default when talking about a VPC?

Answer 138

default vpc is created in each region with a subnet in each AZ

Question 139

4 things to remember about security groups?

Answer 139

-they are firewalls for EC2 instances
-operate at the instance level
-supports allow rules only
-stateful

Question 140

4 things to remember about network access control lists or NACLs?

Answer 140

-firewall at subnet level
-support allow and deny rules
-stateless
-process rules in order

Question 141

what is lost when instance is stopped?

Answer 141

public IPS

Question 142

what are public IPs?

Answer 142

dynamic

Question 143

can public Is be moved between instances?

Answer 143

no

Question 144

whats attached to all instances?

Answer 144

private IPs

Question 145

are private IPs retained when an instance is stopped?

Answer 145

yes

Question 146

what are elastic IPs?

Answer 146

static public addresses

Question 147

are elastic IPs retained when instance is stopped?

Answer 147

yes

Question 148

what IPs can be moved between instances?

Answer 148

elastic ones

Question 149

how are elastic IPs charged?

Answer 149

when assigned to account and not being used

Question 150

what is used for access the internet from private subnets and where are they deployed?

Answer 150

NAT instances & Gateways and deployed in public subnets

Question 151

where do route tables need to be updated if trying to access public IP addresses from private subnet?

Answer 151

private subnet

Question 152

Does AWS or you manage NAT instances?

Answer 152

You

Question 153

Does AWS or you manage NAT gateways?

Answer 153

AWS

Question 154

what is vpc peering

Answer 154

allows you to route between VPCs using private IP addresseS

Question 155

2 things/benefits about AWS managed VPN?

Answer 155

1) VPN connection between on-premises sites and aws
2) uses the public internet

Question 156

2 things about AWS direct connect

Answer 156

1) private connection from on-premises to aws
2) avoid the public internet

Question 157

AWS transit gateway (2 things)

Answer 157

-connects VPCs and on-premises networks through a central hub
-simplifies network configuration

Question 158

3 things to remember about aws outpost?

Answer 158

-deploy aws infrastructure on-prem and connect AWS servers
-can extend a vpc into the on-prem environment
-supports several AWS services

Question 159

How can an organization create a private hybrid cloud connection between their on-premises data center and the AWS Cloud?

Answer 159

Direct Connect

Question 160

Which AWS-managed network service can be used to enable Internet connectivity for EC2 instances in private subnets?

Answer 160

NAT Gateway

Question 161

What type of information does VPC peering use to route traffic from one VPC to another?

Answer 161

private IP addresses

Question 162

Which services have a Global scope?

Answer 162

AWS IAM, CloudFront, Route 53

Question 163

Which types of Origin does Amazon CloudFront support (2)?

Answer 163

s3 and ec2 instances

Question 164

In Amazon Route 53, what is the name for the configuration item that holds a collection of records belonging to a domain?

Answer 164

hosted zone

Question 165

Which service can assist a developer with quickly deploying and managing a web application on AWS?

Answer 165

beanstalk

Question 166

AWS Elastic Beanstalk is an example of which cloud computing service model?

Answer 166

Paas

Question 167

Which service can be used to automatically create an Amazon VPC and then launch an EC2 instance, Auto Scaling Group and Elastic Load balancer?

Answer 167

cloud formation