What is ...? Flashcards

1
Q

AWS Glue

A

AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics. You can create and run an ETL job with a few clicks in the AWS Management Console. You simply point AWS Glue to your data stored on AWS, and AWS Glue discovers your data and stores the associated metadata (e.g. table definition and schema) in the AWS Glue Data Catalog. Once cataloged, your data is immediately searchable, queryable, and available for ETL. AWS Glue generates the code to execute your data transformations and data loading processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

AWS Fargate

A

sorta like Elastic Beanstalk for containers, builds containers and deploys them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ECS and its equivalent

A

highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances. Amazon ECS makes it easy to use containers as a building block for your applications by eliminating the need for you to install, operate, and scale your own cluster management infrastructure. Amazon ECS lets you schedule long-running applications, services, and batch processes using Docker containers. Amazon ECS maintains application availability and allows you to scale your containers up or down to meet your application’s capacity requirements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

EKS and its equivalent

A

Kubernetes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Athena

A

an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. serverless. analyse log data in S3.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

FSx for Lustre

A

compute-intensive workloads. doesn’t support the Windows-based applications as well as FSx for Windows file servers. can store data on S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

FSx for Windows File Server

A
  • centralized storage for windows-based applications; SMB, sharepoint, sql server, workspaces, iis webserver, etc
  • needs vpn or direct connect
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

DataSync

A

provides a fast way to move large amounts of data online between on-premises storage and Amazon S3 or Amazon Elastic File System (Amazon EFS).

on prem will no longer be used.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SQS long polling

A

Long polling helps reduce your cost of using Amazon SQS by reducing the number of empty responses when there are no messages available to return in reply to a ReceiveMessage request sent to an Amazon SQS queue and eliminating false empty responses when messages are available in the queue but aren’t included in the response.

  • Long polling reduces the number of empty responses by allowing Amazon SQS to wait until a message is available in the queue before sending a response. Unless the connection times out, the response to the ReceiveMessage request contains at least one of the available messages, up to the maximum number of messages specified in the ReceiveMessage action.
  • Long polling eliminates false empty responses by querying all (rather than a limited number) of the servers. Long polling returns messages as soon any message becomes available.

TLDR; short polling returns a response immediately, long polling doesnt return a response until a message arrives in the message queue, or the long poll times out.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

SQS short polling

A

The ReceiveMessageWaitTimeSeconds is the queue attribute that determines whether you are using Short or Long polling. By default, its value is zero which means it is using Short polling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ParallelCluster

A

an AWS-supported open-source cluster management tool that makes it easy for you to deploy and manage High Performance Computing (HPC) clusters on AWS. It does not provide higher bandwidth, higher packet per second (PPS) performance, and lower inter-instance latencies, unlike ENA or EFA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Elastic Fabric Adapter (EFA)

A

simply an Elastic Network Adapter (ENA) with added capabilities. It provides all of the functionality of an ENA, with additional OS-bypass functionality. OS-bypass is an access model that allows HPC and machine learning applications to communicate directly with the network interface hardware to provide low-latency, reliable transport functionality.

The OS-bypass capabilities of EFAs are not supported on Windows instances. If you attach an EFA to a Windows instance, the instance functions as an Elastic Network Adapter, without the added EFA capabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Elastic Network Adapter (ENA)

A

supports network speeds from 10Gbps up to 100Gbps for supported instance types. Elastic Network Adapters (ENAs) provide traditional IP networking features that are required to support VPC networking.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

step scaling

A

Increase or decrease the current capacity of the group based on a set of scaling adjustments, known as step adjustments, that vary based on the size of the alarm breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

cheapest S3 teir

A

S3 glacier deep archive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

glacier deep archive retrieval time

A

12 hours

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

s3 encryption in transit

A

SSL/TLS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

S3 Encryption at rest

A
  • s3 managed keys - SSE-S3
  • aws key management service, managed keys - SSE-KMS
  • server side encryption with customer provided keys - SSE-C
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

glacier retrieval time

A

minutes to hours

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

least durable S3

A

One zone-IA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Service control policies (SCP)

A

enable/disable AWS services either on OU or individual accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

ways to share s3 buckets

A

-bucket policies & aim (entire bucket)
-bucket acl’s & iam (individual objects)
-cross-account iam roles (console access as well)
all methods programmatic access only

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

cloudfront origin

A

origin of all files the CDN will distribute. can be s3, ec2, elb, route53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

cloudfront distribution

A

name given to the cdn which conists of a collection of edge locations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

cloudfront edge locations

A

read and write, objects are cached for life of the TTL(time to live)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

volume gateway - stored volumes

A

entire dataset stored on site and asynchronously backed up to S3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

volume gateway - cached volumes

A

entire dataset stored on S3 and the most frequently accessed data is cached on site.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Macie

A

analyze data in S3 to identify PII. can analyse cloudtrail logs for suspicious api activity. good for PCI-DSS compliance and ID theft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

blocking specific IP’s

A

cannot block IP’s with security groups, only network ACL’s

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

move an ec2 volume

A

AZ move: take snapshot, create ami from snapshot, use ami to launch ec2 in new AZ

region move: take snapshot, create ami, copy ami from one region to another, use copied ami to launch new ec2 instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

ebs encryption specifics

A
  • snapshots of encrypted volumes auto encrypted

- restored volumes of encrypted snapshots are encrypted

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

ways to encrypt ebs volumes

A

create snapshot of volume and select encrypt option, use snapshot to create ami, launch instance using ami

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

cloudwatch default and lowest monitoring intervals

A

5 min default and 1 minute with detailed monitoring.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

ec2 meta data

A

get public ip, etc. traffic is not logged

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Elastic File Store (EFS)

A
  • linux and linux-based
  • supports network file system NFSv4, only pay for storage used.
  • scales up to petabytes.
  • thousands concurrent nfs connections.
  • multi-az
  • 1 vpc at a time
  • simple, scalable file storage for use with your Amazon ECS tasks.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

block malicious IP addresses or range of IP’s

A

network ACL’s, layer 4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

cross-site scripting and SQL injections

A

use WAF, layer 7

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

RDS (OLTP)

A

sql, mysql,postgreSQL, oracle, aurora, mariaDB.. not serverless except for aurora

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

noSQL

A

dynamoDB

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

OLAP

A

redshift

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

elasticache

A

db in-memory caching; memcached and redis. redis for multi-az, backups, and restores.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

RDS backups

A

automated, db snapshots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

RDS read replicas

A

increase read performance. can be multi-az and multi-region. backups must be turned on.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

RDS Multi-AZ

A

only used for availability and Disaster recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

RDS encryption

A

Uses AWS KMS. all components of RDS instance are encrypted including backups, read replicas, snapshots

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

redshift availability

A

1 AZ, automatic 1 day retention backups, max retention 35 days, will always attempt to keep 3 copies of data, backup in s3. can replicate to another region for DR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Aurora availability

A

2 copies of data in each AZ, a minimum of 3 az’s. 6 copies total. snapshots can be shared. backups turned on by default.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Elastic Load Balancers (ELB)

A

have DNS name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Alias record

A

always choose over CNAME, alias for a record, not the actual record

50
Q

CNAME

A

name for the record

51
Q

simple routing policy

A

one record with multiple IP’s, no health checks

52
Q

default vpc comes with

A

route table, nacl, security group. no subnets no internet gateways. 5 IP’s are reserved. 1 internet gateway per vpc

53
Q

NAT gateways

A
  • 5gbps to 45gbps
  • not associated with secruity groups
  • auto-assigned public ip
  • needs routing
54
Q

default network ACL

A

stateless. allows all outbound and inbound traffic by default, assigned automatically if a subnet is not chosen by configurer. can block IP’s, security groups cant

55
Q

custom network ACL

A

stateless. denies all inbound and outbound traffic by default. can block IP’s, security groups cant

56
Q

unmonitored traffic

A
  • instances when they contact amazon dns
  • traffic generated by windows instance
  • traffic to and from metadata port
  • dhcp
  • traffic to reserevd ip addresses for default vpc router
57
Q

global accelerator

A

imrpoves availabilty and performance of application for local and global users. traffic traverses AWS backbone network.

58
Q

vpc endpoints

A

privately connect vpc to supported aws services and endpoint services powered by privatelink without the use of any other devices or connections. no public IP requred. traffic doesnt leave amazon network. horizontally scaled, highly available, redundant.

59
Q

vpc gateway endpoints

A

S3, dynamodb

60
Q

private link

A
  • peering vpc’s to 10-1000 customer vpc’s. no vpc peering; no route tables, nat gateways, igw’s,etc
  • needs network load balancer on service/owner vpc and ENI on customer vpc
61
Q

transit gateway

A

transitive peering between thousands of vpc’s and on-premises data centers in hub-and-spoke model, regional, multi-account access with resource account manager(RAM). works with route tables, direct connect, and vpn. supports IP multicast.

62
Q

cloudhub

A

link multiple real world locations with vpc and other real world locations

63
Q

SQS message queue times

A

1 minute to 14 days. default retention is 4 days. 256kb size.

64
Q

SQS visibility timeout

A

time that the message is hidden after it is picked picked up. message is deleted if job is processed, otherwise message becomes visible again.

65
Q

SWF

A
  • task-oriented API, workflow executions can last up to 1 year.
  • Actors: workflow starters, deciders, activity workers.
66
Q

kinesis data firehose

A

analyze data in real-time, cannot send to S3 directly

67
Q

kinesis streams

A

shards, persistence

68
Q

kinesis data analytics

A

analyze data in both kinesis and data firehose

69
Q

Cognito

A

Identity broker, handles interaction between applications and web ID provider. user authenticates with web id provider and receives an authentication token and exchanged for temporary credentials to assume an iam role.

70
Q

X-Ray

A

debug serverless applications

71
Q

lambda

A
  • global

- maximum processing time of 15 minutes

72
Q

Storage Gateway

A

replicate data, on-prem will still be used

73
Q

Management Events

A

provide visibility into management operations that are performed on resources in your AWS account. These are also known as control plane operations. Management events can also include non-API events that occur in your account.

74
Q

Data Events

A

provide visibility into the resource operations performed on or within a resource. These are also known as data plane operations. It allows granular control of data event logging with advanced event selectors. You can currently log data events on different resource types such as Amazon S3 object-level API activity (e.g. GetObject, DeleteObject, and PutObject API operations), AWS Lambda function execution activity (the Invoke API), DynamoDB Item actions, and many more.

75
Q

is iam global?

A

yes but not every resource its attached to is

76
Q

traffic difference between ALB NLB

A

alb blocks traffic at load balancer, nlb lets it pass.

77
Q

cloudfront firewall

78
Q

geo match

A

feature in cloudfront to block traffic from specific geo location

79
Q

kms

A
  • manages customer master keys(CMKs)
  • regional
  • ideal for s3 objects, database passwords, api keys stored in systems manager parameter store.
  • up to 4kb in size
  • audit using cloudtrail.
  • fips 140-2 level 2
80
Q

moving encrypted objects between regions

A

decrypt, move, re-encrypt using key from new region

81
Q

CloudHSM

A
  • managed service
  • validated control for regulatory requirements of keys
  • fips 140-2 level 3
  • pkcs#11, Java cryptography extensions(JCE), microsoft cryptoNG (CNG)
  • lost keys are irretreivable
  • no aws api’s
  • operates in its own vpc
82
Q

systems manager parameter store

A
  • securely manages configuration and secrets, caching and distributing secrets
  • component of AWS Systems Manager(SSM)
  • serverless
  • good for: passwords, db connection strings, license codes, api keys
  • encrypted(KMS) or plaintext
  • store in hierarchies
  • track versions
  • can set TTL
83
Q

secrets manager

A

manages configuration and secrets, more expensive at scale than systems manager parameter store but has features like:

  • automatically rotates secrets and apply them in RDS
  • can generate random secrets
  • shared across accounts
  • charged per secret and per 10k api calls
84
Q

AWS Shield

A

protects against DDoS
WAF or ALB comes with shield standard no cost:
-L3 and L4 attacks: syn/udp floods, reflection attacks

  • shield advanced: 3k per month, enhanced protection for ec2, elb, cloudfront, global accelerator, route 53
  • 24x7 business and enterprise support from DDoS response team (DRT)
  • DDoS cost protection
85
Q

WAF

A
monitors http(s) requests to cloudfront, alb, or api gateway using filtering rules.
filter by:
-ip
-query string parameters
-sql injection

request options:

  • allow all
  • block all
  • count

properties:

  • originating ip
  • originating country
  • request size
  • values in headers
  • strings in requests matching regex
  • cross-site scripting
86
Q

can you boot from ebs hdd? ssd?

87
Q

throughput hdd

A

500 iops
data warehousing
log processing
sequential

88
Q

provisioned ssd

A

32,000 iops
large database workloads
random access

89
Q

general ssd

A

10,000 iops
general workloads
random access

90
Q

glacier automatically encrypts data?

91
Q

Elastic IP

A
  • static IP that can be moved, allowing decoupling
  • An Elastic IP address doesn’t incur charges as long as the following conditions are true:
  • The Elastic IP address is associated with an Amazon EC2 instance.
  • The instance associated with the Elastic IP address is running.
  • The instance has only one Elastic IP address attached to it.
92
Q

RTO

A

recovery time objective. time it takes for system to recover

93
Q

RPO

A

recovery point objective. how much data is lost if system fails.

94
Q

fault tolerance

A

0% interruption, failure is concealed. higher requirement than high availability, think overkill.. 4 servers necessary at all teams means 8, 4 in 2 AZ’s

95
Q

high availability

A

application will still perform, but may be slower. 4 servers necessary, 2 in 2 AZ’s

96
Q

where to store all static content?

97
Q

when not to use RDS

A
  • massive read/writes
  • sharding
  • simple get/put requests and queries
  • RDBMS customization
98
Q

AWS Config

A

tracks resources and verifies that new resources comply with configuration rules

99
Q

VPC flow logs

A

log network traffic

100
Q

Inspector

A

checks ec2 instances for security vulnerabilities

101
Q

Trusted advisor

A

checks accounts for security, liability, performance, cost, and service limits

102
Q

Which of the following is a custom metric in CloudWatch which you have to manually set up?

A

memory utilization

103
Q

enhanced monitoring?

A

RDS not EC2

104
Q

aws data pipeline

105
Q

appstream

106
Q

Posix

107
Q

symmetric

108
Q

asymetric

109
Q

codecommit

A

managing a source-control service that hosts private Git repositories. You can store anything from code to binaries and work seamlessly with your existing Git-based tools. CodeCommit integrates with CodePipeline and CodeDeploy to streamline your development and release process.

110
Q

codedeploy

A

deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, or serverless Lambda functions. It allows you to rapidly release new features, update Lambda function versions, avoid downtime during application deployment, and handle the complexity of updating your applications, without many of the risks associated with error-prone manual deployments.

111
Q

opsworks

112
Q

cloudmap

A

cloud resource discovery service. With Cloud Map, you can define custom names for your application resources, and it maintains the updated location of these dynamically changing resources. This increases your application availability because your web service always discovers the most up-to-date locations of its resources.

113
Q

automatic ebs encryption?

A

encryption by default

114
Q

Aurora read replicas

A
  • Aurora, MySQL, and postgreSQL
  • cross-region read replicas
  • asynchronous(milliseconds)
  • automated failover
  • up to 15 replicas
115
Q

bucket-owner-full-control

A

bucket policy allowing ownership of bucket

116
Q

egress-only Internet gateway

A

horizontally scaled, redundant, and highly available VPC component that allows outbound communication over IPv6 from instances in your VPC to the Internet, and prevents the Internet from initiating an IPv6 connection with your instances.

117
Q

Elastic Beanstalk

A

automatic infrastructure building centered around given code. supports docker too

118
Q

cloudformation template

A
  • Format Version
  • Description
  • Metadata
  • Parameters
  • Mappings
  • Conditions
  • Transform
  • Resources (required)
  • Outputs
119
Q

cross-zone load balancing

A

distribute incoming requests evenly to all EC2 instances across multiple Availability Zones

120
Q

Inter-Region VPC Peering

A

is a thing