White Paper

Question 1

What are the 6 advantages of cloud computing

Answer 1

Trade capital expense for variable expenses

Benefit from massive economics of scale

Stop guessing capacity

Increase speed and agility

Stop spending money maintaining data center

Go global in minutes

Question 2

Types of cloud computing

Answer 2

Saas
End user apps
Entire stack managed for you

PAAS
data
Applications

Iaas
  O/S
  Manage middeware
  Runtime
  Data 
  Applications

On-premises
  Network
  Storage
  Servers
  Compute 
  Virtualization
  o/s 
  Middeware 
  Run intime 
  Data 
  Applications

Question 3

Deployment Models

Answer 3

Cloud

100% in the cloud

Hybrid

Connect existing resources to cloud based resources
Common to extend existing on premises
And cloud bro grow an organization connect to apis to internal sys

On-premises
Deployment resources on premises with virtualization aka private cloud

Question 4

Region

Availability zone

Answer 4

R: physical location with availability zones, each region is independent of others

Az: one or more data centers with redundant power, networking, connectivity,
Offer ability to operate production apps, dbs more highly available

Each availability zone is designed to be an independent failure zone. Physically separate

Question 5

Benefits of aws security

Answer 5

1 keeps data safe
2 meet compliance requirements
3 save money
4 scale quickly

Question 6

Sdks

Answer 6

Software development kits for your language or platform

Question 7

Amazon Athena

Answer 7

Serverless Query s3 data with sql
No infrastructure pay as you go
No need for ETL
Out of the box uses aws glue

Don’t have to spin up server
All taken care of
Auto performative

Question 8

CloudSearch

Answer 8

Manages all server resources need to build and deploy indexes

Search over your data

When search data but don’t want overhead of managing indexes yourself

The Amazon CloudSearch console enables you to easily create, configure, and monitor your search domains, upload documents, and run test searches.

Amazon CloudSearch supports 34 languages and popular search features such as highlighting, autocomplete, and geospatial search.

Question 9

_ data centers per region

Answer 9

At least 2

Question 10

Edge locations

Answer 10

Data centers designed to deliver services with the lowest latency possible.

Closer than regions or availability zones

Edge locations are used by:
   Cloudfront 
       Most used cached content in edgeLocations
   Route 53 
   Web application firewall
   aws shield
   AWS Global Accelerator

Edge locations only used by Amazon’s managed services

Question 11

Separation of responsibilities

Answer 11

On-premises:
Manage everything
Network, storage, servers, virtualization, o/s, middeware, runtime, data, applications

IAAS:
O/S, middeware, runtime, data, applications

PAAS:
Applications, data

SAAS:
You don’t manage anything

Question 12

Wavelength zones

Answer 12

5 g

Question 13

What does an ec2, rds db, redshift need to exist in?

Answer 13

Vpc

Question 14

S3 bucket is where?

Answer 14

Outside VPC

Question 15

Security group vs

Nacl

Answer 15

Security group state full, allow rules , instance level

Nacl stateless, deny rule,subnet level

Question 16

Servers in private network what do you do

Answer 16

Need NAT gateway

Config main route table

Question 17

VPC spans how far?

Answer 17

Entire region

Question 18

Ipsec vpn connection

Answer 18

Vpn tunnel In public internet encrypted

High bandwidth low latency

Question 19

AWS direct connect

Answer 19

High bandwidth low latency

Needs fiber optic laid down to aws partner

Most expensive

Bypass public internet

Question 20

AWS vpn cloudHub

Answer 20

If you have multiple site to site connections
Connect multiple sites into VPC
Uses spoke-hub model

Uses virtual private gateway of a single vpc

Question 21

Site to site vpn needs

Answer 21

Need vpn gateway customer gateway

Need to set up route tables

Question 22

VPN direct connect

Answer 22

Fiber optic cable connection
Virtual interface
Hybrid cloud solution

Question 23

Peering

Answer 23

Cheeper to communicate over private VPC vs over public internet
Traffic in aws backbone

Can only connect two VPCs together
Transitive routing isn’t allowed in pure peering

Question 24

AWS VPC endpoint

2 types

Answer 24

Interface endpoints
For support services like sns, cloudwatch, aws config

Gateway endpoints
For S3 or dynamodb
Fir these services the target is the gateway endpoint

Question 25

Sending traffic to intent from private subnet target is

Answer 25

Nat gateway

Question 26

AMI

Answer 26

Amazon machine image:

Info of an instance of a virtual server
That has software config for the type (o/s, server)

Question 27

What is amazon Athena?

Answer 27

Amazon Athena is an interactive Serverless service used to analyze data directly in amazon Simple storage service (s3)

Question 28

VPC basic 5

Answer 28

1 VPC spans all Az in region
2 Launch services such as EC2
3 Must specify block of range of IPc4 addresses in classless inter-domain routing
4 Add one or more subnets in each Availability zone in the VPC
5 has internet gateway to access resources inside the VPC from outside

Question 29

Subnet basics 3

Answer 29

1 Is a range of ip addresses in VPC
2 specify ipv4 classless inter-domain routing that is a subset of the VPC cidr block
3 each subnet is entirely in one availably zone

Question 30

A db instance in a VPC can be accessed by a different ec2 in a different VPC with?

Answer 30

Peering,
Diff VPCs can communicate if they are in the same network.

Can create VPC peering connection between VPCs, VPCs in another account,or VPCs in a different aws region

Question 31

3 Db instance classes

Answer 31

Standard m
Memory optimized
Burstable (cheapest)

Question 32

What subnet group is needed for the db?

Answer 32

Db subnet group with private instances

Question 33

A database will need security group rules that

Answer 33

Allow traffic on the port (tcp) (fourth layer) of the database engine

Question 34

DynamoDB overall supports:

Answer 34

Key value and document data structures

Question 35

How can you speed up DynamoDB?

Answer 35

DynamoDB Accelerator for read performance is a caching fully managed in memory cache
Data replicated in at least 3 Availability zones

Question 36

DynamoDB streams has added

Answer 36

Data for Functionality to allow ways to trigger events

Question 37

What is private cloud?

Public cloud?

Answer 37

On premises infrastructure but exposes apis that allow self service that can use the aws inhouse that is not public

Public is allowing apis to anyone.

Question 38

Local zones && wavelength zones are both

Answer 38

Closer to customers
Single digit latency

*Wavelength for mobile phones, for 5g network

Question 39

Edge locations allow you to

Answer 39

Host content closer to users in a caching approach.

Data centers that have a lot of storage equipment

Reduces latency

Build a CDN with aws cloudfront service

Question 40

AWS outposts

Answer 40

Brings aws infrastructure on premise

Hardware Racks and servers

Helps to build hybrid

in house

Many companies are just starting or need
Local service like person Identification

Question 41

Federated users

Answer 41

Are external to aws account access to internal services in aws account

Question 42

Iam

Answer 42

Identity and Access Management

Allows access to services and resources

Manage users or groups

Use permissions to Allow or deny

Question 43

Iams 3 services

Answer 43

Identity
Authentication
Authorization

Question 44

Iam root can

Answer 44

Create multiple Iam users for the account
Can do all services
Must give permissions (Policies) to other iam users, Groups, and Roles
Can make 5000 iam users

Question 45

Can make iam accounts for apps called identity accounts to

Answer 45

to use credentials to for example use database and read and write to it

Question 46

Get Iam access by (2)

Answer 46

Username, password

Access key I’d, secret access keys for cli programmatic access or sdks

Question 47

IAM groups

Answer 47

Different permissions for the different group via permissions Policies

Not an indentiey so can’t login as group

Group is a best practice

Question 48

IAM Roles

Answer 48

Iam identity that gives set of permissions for service requests

People, users, applications, or services like ec2 can assume the role

Iam role will have trust policy

When a user uses the role it Will have Security token service give temp credentials to the user allowing the user any permissions in the trust policy

Question 49

Security Token Service

Answer 49

Is a backend fully managed service

Question 50

Permission policy vs trust policy

Answer 50

The permissions policy grants the user of the role the needed permissions to carry out the intended tasks on the resource. The trust policy specifies which trusted account members are allowed to assume the role.

Question 51

Types of managed policies

Answer 51

Managed
Custom managed
Inline policies -> 1 person needs this policy etc

Question 52

Mfa

Answer 52

2 factor authentication with 2 types + either physical device (phone) or virtual device
token
Token lasts 30 seconds

Question 53

Way to increase security

Answer 53

Add mfa to root user

In real world add mfa tokens for iam users

Question 54

Scope of STS

Answer 54

Global but can be restricted for regions

Question 55

Iam users can change password policy for

Answer 55

All of users and enforce users to have specific rules such as forcing them to change their password after x amount of time

Question 56

VPC enpoints enable _

Answer 56

Private connection to aws supported services

Question 57

S3, IAM, and DynamoDB are what

Answer 57

Global services

S3 global however bucket is regional (think china and banning things in s3 bucket)

Question 58

How to login to AWS console?

Answer 58

Username, password

Question 59

How to secure root user?

Answer 59

Enable multi factor authentication

Question 60

Directory Service gives

Answer 60

Managed Active Directory give everything allows microsoft SQL authentication

Question 61

How to get credentials report?

Answer 61

AWS management console can download credentials report to see a list of users and status of various credentials like password, access keys, and mfa devices

Also from cli and aws sdks

Question 62

If you’re data access pattern is unknown what tier should you choose?

Answer 62

Intelligent tiering (latency access tiers)

Question 63

Intelligent access has what lifecycle?

Answer 63

30 date standard
90 days glacier
180 days deep glacier

Question 64

FSx for windows is

Answer 64

Fully managed file storage built on windows server

Question 65

Access keys are _ term?

Answer 65

Long

Question 66

For buckets to be replicated from source to destination what must be enabled?

Answer 66

Versioning

Question 67

Amazon storage gateway is

Answer 67

Is a hybrid cloud storage service that gives on-premises access to virtually unlimited cloud storage

Question 68

What is difference between EFS and EBS?

Answer 68

Elastic File system can be accessed by different instances at same time

Elastic block store can only he used by one instance at a time

Question 69

S3 can store how many objects?

Answer 69

Unlimited

Question 70

Amazon EMR is for?

Answer 70

Amazon elastic map reduce

Service big data platform to process vast amounts of data

Question 71

Amazon Kinesis is for

Answer 71

Real timr streaming data to gain insights and react to information

Question 72

What is amazon SQS?

Answer 72

Decoupled architecture
Pull based
Message order not guaranteed 
Don't use is order is mandatory
SQS qing system holy holds 14 days

Question 73

Amazon ebs

Answer 73

Elastic block storage 
Attached to server, can be detached
Ssd volume low latency
Hdd high throuput
SSD relational db, nosql

With multi-attached up to 16 ec2 instances

The ebs and ec2 must be in the same AZ

Question 74

AWS trusted advisor

Answer 74

Provides recommendations to follow best practices.

Evaluates your account with checks. Finds ways to optimize infrastructure, improve security, performance, reduce costs, monitor service quotas.

5 checks 
Cost optimization
Performance
Security
Fault tolerance
Service limits

Question 75

Trusted advisor levels

Answer 75

Basic: free
No tech support

Developer: greater than 29$/mo or 3% of monthly usage
Support over email
Business: general guidance < 24 hrs
System impaired: < 12 hrs
Production system impaired <4 hrs
Production system down <1 hr
Price >100$ mo
Enterprise on-ramp:
> $5500 mo
Enterprise:
$15000 mo

Question 76

Organizations is for

Answer 76

A collection of accounts that are centrally managed together using consolidated billing,
Organized hierarchically with OUs

Question 77

AWS cost explorer

Answer 77

Visualize, understand, manage your aws costs

Question 78

AWS well architected tool in general

Answer 78

Free
Evaluate apps
Gives recommends
IDs high risk issues

Question 79

AWS kms

Answer 79

Key management service
Create, manage cryptographic keys
And control use in a side range of services

Question 80

Well architected tool pillars

Answer 80

Operational excellence
Security
Reliability
Performance effeminacy
Cost optimization
Sustainably (not on test)

Question 81

S3 uses what type of storage?

Answer 81

Object

Question 82

S3 standard has durability meaning

Answer 82

Kept in 3 az

Question 83

S3-ia

Answer 83

Have cheaper storage cost but more expensive retrieval cost

Question 84

S3 glacier retrieve time

Answer 84

Minutes to hours

Question 85

Amazon EFS

Answer 85

Simple, serverless, set-and-forget, elastic file system

Can be shared to 1000s of ec2 instances
File storage system

Question 86

Amazon RDS

Answer 86

Relational database Service

Fully managed database service
Save time,

Question 87

Amazon aurora

Answer 87

Under amazon RDS engines
3 x faster postgres
5x faster mysql

6 copies under the hood

Can also get replication copies

Scalable

Question 88

S3 is bad for saving relational data because?

Answer 88

Can’t handle computation of join etc

Question 89

DynamoDB

Answer 89

Handles up to tillions of requests a day

Consistent performance

Single digit millisecond response time

Question 90

Amazon DMS

Answer 90

Databases migration service

Can migrate db type x to database y type
Or x to x

Question 91

A EFS stores data in

Answer 91

Multiple AZ

Question 92

Shared responsibility model

Answer 92

You take care what goes IN the cloud

Question 93

Patching ec2 instances is who’s responsible

Answer 93

You

Question 94

IAM empowers you to

Answer 94

Take care of your responsibilities

Question 95

Roles _

Answer 95

Allow a user to do tasks based on permissions

Question 96

SCPs can be applied to

Answer 96

OU

Individual account

Question 97

AWS artifact

Answer 97

Think Compliance

Allows you to check compliance of the cloud

See compliance reports
Accept agreements

Question 98

Amazon WAF

Answer 98

Sees up address not permitted will block
Web application firewall
Works with Use for application load balancer

Stops sql injection

AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that control bot traffic and block common attack patterns, such as SQL injection or cross-site

Question 99

Amazon Shield

Answer 99

Basic free protection
Paid deeper protection

Dos ddos attacks

Question 100

Inspector

Answer 100

Automated inspection to make sure

Vulnerability management continually scans aws workloads for vunerabilities

Question 101

Guard duty

Answer 101

Intelligent threat detection protection of threats

Won’t protect can review

Inspects logs to see if s threat exists

Question 102

AWS CloudWatch

Answer 102

Metrics in real time

Can config automatic alerts

See if you need to auto scale

Gives Dashboard

Question 103

AWS CloudTrail

Answer 103

Can backtrack user activities based on api calls

Filter through logs generated

See who stopped what

What did x occur

Why did y change

When did z do that

Question 104

Trusted advisor

Answer 104

Automatically records information

Then can receive real time guidance for best practices

Makes suggestions

Recommendation in 5 areas

Cost opt. 
 Perform. 
Securi
 fault tol. 
Service limits

Save u $. I in 1 az
Add az

Question 105

Always free

Answer 105

DynamoDB

Lambda

Question 106

12 months free overall with limits

Answer 106

S3 standard storage

EC2

Question 107

Free trial

Answer 107

X time free trial

Ec2 750 free hours

Question 108

CloudTrail stores it’s info

Answer 108

CloudTrail records api calls sending log files to your s3 bucket
Data for api caller, time of api call, source of ip address, request params

Question 109

What is it called when amazon script automatically runs ec2 instances

Answer 109

Bootstrapping

Question 110

Aws lightsail

Answer 110

Is a virtual private server
Easy fast build host server
Compute, storage, networking capacity nd capabilities to deploy

Everything you need to launch quickly

Question 111

CloudWatch if

Answer 111

If Detailed monitoring is enabled publishes metrics every minute. Metrics can be hypervisor-driven metrics or Simple instance performance measurements.

Question 112

Amazon CloudWatch EC2 metrics include

Answer 112

information about CPU utilization, disk I/0, network I/O activity, instance status such as start stop information

Question 113

AWS TCO calculator has been replaced with the

Answer 113

AWS Pricing Calculator

Question 114

AWS TCO

Answer 114

Compare running workloads on-premises to cloud

Question 115

AWS Pricing calculator

Answer 115

Let’s you explore AWS services and create an estimate for your use cases on AWS before you ever use
Estimate the cost for your architecture solution

Use cases create estimate model solutions before building them

Question 116

Which level do NSCLs work?

Answer 116

Subnet level

Question 117

AWS OpsWorks Stacks

Answer 117

AWA managed Chef and puppet

If you see chief and puppet on exam rhink chief and puppet

Chef and puppet help you perform server configuration automatically

Chief and puppet help you with repetitive tasks

Question 118

How to backup EC2 instances?

Answer 118

EBS snapshots

Question 119

AWS cloudFront

Answer 119

Is a CDN that allows you to cache your content at edge locations around the world
Lower latency
Protects against DDos attacks

Built in distributed Denial of service DDos

Question 120

AWS CodeDeploy

Answer 120

Thinks automates code deployment

Automates deployment of app into production

Coordinates service deployments and updates across a fleet of EF2 instances.

Fully automates

No additional fees just pay for resources needed to run and start application

Including on-premises deployment

Works with any platform

Deploy 1 or 1000s of instances

Question 121

The use of what AWS feature or service allows companies to track and categorize spending on a detailed level?

Answer 121

Cost allocation tags

Oncw enabled can tack resources and have AWS generated tags and user defined tags

Question 122

An CloudFront Origin can be a s3 bucket, EC2 instance, Elastic load balancer, or Route 53?

Answer 122

True

Question 123

Which of the following EC2 options is best for long term workloads with predicable usage patterns?

Answer 123

Reserved instances are the most economical option for long term workloads with predicable patterns

Question 124

EC2 pricing On-Demand

Answer 124

On-Demand: with on demand instances you pay for compute capacity of instance by hour or second (based on type)

For low cost flexibly of EC2 (no upfront payment)
For short term spike or unpredictable workloads that cannot be interrupted
For apps being developed or tested on amazon first time

Question 125

EC2 pricing Spot instances pricing

Answer 125

EC2 spot request spare ec2 with 90% discount

For apps that have flexible start/stop time

For apps feasible at low prices

For users with urgent computing needs with large amounts of capacity

Question 126

EC2 savings plan pricing

Answer 126

for EF2 or Fargate

1 or 3 year term of $x/yr

Question 127

Dedicated host EC2 price

Answer 127

Dedicated server for you and only you

Can use existing software-bound licenses

Can be purchased on demand (hourly)

Can be purchased as a reservation for up to 70% off the on demand price

Question 128

AWS artifact is for

Answer 128

Resources for compliance related information
Service organization control reports
Payment card industry reports
Certifications

Question 129

Aws personal health dashboard

Answer 129

Get personal information on you’re services that are down/ issues
Get notifications

If planned maintenance within your account will tell you

Question 130

AWS service health dashboard

Answer 130

• global issues within AWS

Question 131

AWS inspector

Answer 131

Automated
Only works on “EC2” “instances”
Not on account (trick question)

Question 132

Loose coupling

Answer 132

As a system grows it can be broken into looser, smaller, loosely coupled components

Question 133

s3 deep glacier retrieval time?

Answer 133

12-48 hours

Question 134

Local zones

Answer 134

Only w few, like large cities

Physically bring services closer to customers

Question 135

SQS is a service for __

A system must __

Messages are typically processed by

Answer 135

Message processing

Pull the q to discover events

A single consumer

Question 136

SNS is a __ /__

__ to a topic can __ to __

Answer 136

Publisher Subscriber System

Publishing. Deliver. Many Subscribers (fan out)

Different types SQS, lambda, email

Question 137

SNS or SQS

Do other systems care about an event?

If yes _

Do you care about an event?

Answer 137

SNS bc because tell other systems need info.

SQS because you need the data

Question 138

Aws shield

Answer 138

Standard get Dos, DDos protection

Advanced $3000 get WAF too

Question 139

Application load balancer

Answer 139

Makes routing decisions at the application layer (http/https)
Can route requests to one or more ports

Question 140

Applications layer

Answer 140

Http/https

Question 141

Network load balancer

Answer 141

Makes routing decisions at the transport layer (tcp/ssl)
Can handle millions of requests per second
Attempts to Opens tcp connection forwards request without modifying headers

Question 142

Transport layer

Answer 142

(tcp/ssl)

Question 143

Classic load balancer

Answer 143

Makes routing decisions at transport layer (TCP/SSL) or the application layer (http/https)

Question 144

Gateway load balancer

Answer 144

Allows you to deploy, scale, manage virtual appliances such as firewalls

Operates at 3rd layer (OSI) open system interconnection

Question 145

Guard duty vs inspector

Answer 145

Guard duty looks in logs to see if there was an attack

Inspector sees what happens when you get an attack

Question 146

EBS volume types optimized for transactional read write

Answer 146

SSD

Question 147

EBS volumes optimized for large streaming workloads were dominant performance attribute is throughput

Answer 147

HHD

Question 148

Storage optimized EC2 instances are good for

Answer 148

Are good for high performance for locally stored data

Question 149

General purpose EC2 I’d good

Answer 149

If you have a balanced need for different workloads

Good for small/medium databases

Gaming servers

Backend enterprise servers

Question 150

Use cases for memory optimized EC2

Answer 150

Workloads that need Large amounts of data before running

A high performance database or real time processed of unstructured data

Question 151

Accelerated compute EC2S use cases

Answer 151

Graphics apps, game streaming, application streaming

Question 152

EC2 on demand pricing is good for

Answer 152

When testing

Question 153

On savings offers

Answer 153

Consists $/hr for one or 3 year term

Savings up to 72%

Fargate and lambda included

Question 154

Reserved 3

Answer 154

Up to 75% discount
Steady state or predicable usage
1-3 year term

Question 155

Batch workloads could be _ intance

Answer 155

Spot

Batch workloads are containerized, Batch is a perfect fit for Spot Instances. If a workload is interrupted, Batch will automatically spin-up another Spot Instance you’ve specified.

Question 156

Dedicated 2

Answer 156

Specially for you

Usually for meeting compliance requirements

Question 157

Aws firewall manager

Answer 157

Security management service

Centrally configure firewall rules

Question 158

Aws session manager

Answer 158

1 on 1 sessions with ec2

Session Manager is a fully managed aws aws systems manager

Let’s you manage ec2 instances, on-premises instances, and virtual machines through a one click browser based shell or through the AWS CLI

Question 159

CloudFront features

Answer 159

Reduces latency
Improved security traffic encryption
AWS shield standard (DDos)
Cut cost with consolidated requests 
CDN

Question 160

CloudFront has VOD

Answer 160

Video on demand streaming

Question 161

Resource groups are a __ service

Answer 161

Regional

Work with EC2, S3, DynamoDB, lamdba, etc

Question 162

Resource Group 4

Answer 162

Logical group to manage resources in the same region.

Can be nested

Create a resource group with tags that are on your resources

To edit resource group Change value of the tags, will no longer be associated with them.

Deleted resource groups will not delete the resources

Question 163

With basic support you can use discussion forums to

Answer 163

Ask for technical advice

Question 164

AWS Application Migration Service

AWS (MGN) 4

Answer 164

Automated

Converts source servers to run natively on AWS

Fastest route to the cloud

Is region specific

Question 165

AppStream2.0

Answer 165

Fully managed streaming service the provides uses with instant access to their desktop application from anywhere

Question 166

Local zones is an

Answer 166

Extension of an AWS region

Question 167

Edge locations used by (3)

Answer 167

Route53
Global Accelerator
CloudFront

Question 168

Amazon SQS allows you to __, __, & __ messages

Between ___

Answer 168

Send
Store
Receive
Components

The message is stored until it’s processed

Question 169

SQS is where ___ are ___ until___

Answer 169

Messages
Placed
Processed

Question 170

Sns ___ messages to ___

Answer 170

Sends

Services

Question 171

Amazon ECS is used for?

Answer 171

Amazon elastic container service is highly scalable high performance container management service that supports Docker containers and allows you to easily run applications

Question 172

Elastic IP addresses

Answer 172

Is a static Ip4 address designed for dynamic cloud computing

Question 173

What features of Amazon RDS provide to deliver scalable, available durability?

Answer 173

Multi-AZ RDS creates a replica in another AZ ands synchronously replicates to it.

Read replicas are used for read heavy DB and replication is asynchronous

Question 174

Amazon ES

Answer 174

Amazon elasticsearch

Let’s you search visualize up to petabytes of unstructured data

Can visualize data and build interactive dashboards

Question 175

AWS OpenSearch

Answer 175

Search visualize and analyze petabytes of data

Question 176

AWS Control Tower

Answer 176

Aws Control Tower is intended for organizations with multiple accounts and teams to create new accounts and set up environment at scale

Question 177

AWS IEM

Answer 177

Infrastructure Event Management

Gives architecture and scaling guidance and operational support during prep and execution of planned events

Holiday shopping season
Prod launch
Migrations

Question 178

AWS Partner Network Consulting Partners

Answer 178

Professional consulting firms that help customers design, architect, build, migrate, manage aws

Question 179

AWA CodePipeline

Answer 179

CDCI

automates building, testing, deployment

Question 180

AWS System Manager

Answer 180

Centralizes operational data from multiple AWS services and automates tasks across AWS resources

Question 181

AWS Management Console

Answer 181

Broad collection of service consoles for managing AWS resources

Question 182

ENI

Answer 182

An elastic network interface is a logical networking component in a VPC that represents a virtual network card. It can include the following attributes:

A primary private IPv4 address from the IPv4 address range of your VPC

One or more secondary private IPv4 addresses from the IPv4 address range of your VPC

One Elastic IP address (IPv4) per private IPv4 address

One public IPv4 address

One or more IPv6 addresses

One or more security groups

A MAC address

A source/destination check flag

Question 183

AWS Batch

Answer 183

AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS. AWS Batch dynamically provisions the optimal quantity and type of compute resources (e.g., CPU or memory optimized instances) based on the volume and specific resource requirements of the batch jobs submitted. With AWS Batch, there is no need to install and manage batch computing software or server clusters that you use to run your jobs, allowing you to focus on analyzing results and solving problems. AWS Batch plans, schedules, and executes your batch computing workloads across the full range of AWS compute services and features, such as AWS Fargate, Amazon EC2 and Spot Instances.

Question 184

AWS RI Types

Answer 184

Standard: Standard RIs may be exchanged for other RIs within the same family. For example, if you have several T2 RIs, you can exchange them for other RIs in the T2 family. But, your selection must stay within the T2 family.
Convertible: Convertible RIs allow you to exchange RIs with far more flexibility than standard RIs. For example, you can change an RI that is for a T2.large to an R5.xlarge, as long you pay the difference and it’s of greater or equal value.
Scheduled: Scheduled RIs are available to launch within the time windows you reserve. They align your capacity reservation with a predictable, recurring schedule that only requires a fraction of a day, week, or month.

Question 185

AWS Cost and usage report

Answer 185

The AWS Cost and Usage Reports (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use Cost and Usage Reports to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that break down your costs by the hour, day, or month, by product or product resource, or by tags that you define yourself. AWS updates the report in your bucket once a day in comma-separated value (CSV) format. You can view the reports using spreadsheet software such as Microsoft Excel or Apache OpenOffice Calc, or access them from an application using the Amazon S3 API.

Question 186

AWS Device Farm

Answer 186

Improve the quality of your web and mobile applications by testing across desktop browsers and real mobile devices hosted in the AWS Cloud

Device Farm is only available in the us-west-2 (Oregon) region.

Question 187

Bucket policy

Answer 187

Bucket policy and user policies are two ways to access policy options available for granting permission to your S3 bucket

Question 188

Amazon DocumentDB

Answer 188

Scale JSON workloads with ease using a fully managed document database service

When you absolutely positively must have DynamoDB work mission critical document DB

Question 189

Aws SDKs simplify using ___ in your application with an __

Answer 189

AWS services

API

Question 190

An elastic network interface is a

Answer 190

A logical networking component in a vpc

Anelastic network interfaceis a logical networking component in a VPC that represents a virtual network card. It can include the following attributes:

A primary private IPv4 address from the IPv4 address range of your VPC

One or more secondary private IPv4 addresses from the IPv4 address range of your VPC

One Elastic IP address (IPv4) per private IPv4 address

One public IPv4 address

One or more IPv6 addresses

One or more security groups

Question 191

Amazon EMR

Answer 191

Easily run scale big data workloads apache spark, hive, presto

Interactive sql queries, machine learning apps and frameworks like apache spark, hive, presto

Question 192

AWS Management Console

Answer 192

AWS Management Console
Access and manage Amazon Web Services through the AWS Management Console, a simple and intuitive
user interface. You can also use the AWS Console Mobile Application to quickly view resources on the go.

Question 193

Amazon QuickSight

Answer 193

Amazon QuickSight
Amazon QuickSight is a fast, cloud-powered business intelligence (BI) service that makes it easy for you
to deliver insights to everyone in your organization. QuickSight lets you create and publish interactive
dashboards that can be accessed from browsers or mobile devices. You can embed dashboards into your
applications, providing your customers with powerful self-service analytics. QuickSight easily scales to
tens of thousands of users without any software to install, servers to deploy, or infrastructure to manage.

Question 194

Amazon AppFlow

Answer 194

Amazon AppFlow
Amazon AppFlow is a fully managed integration service that enables you to securely transfer data
between Software-as-a-Service (SaaS) applications like Salesforce, Zendesk, Slack, and ServiceNow, and
AWS services like Amazon S3 and Amazon Redshift, in just a few clicks.

Question 195

Amazon EventBridge

Answer 195

Amazon EventBridge
Amazon EventBridge is a serverless event bus that makes it easier to build event-driven applications
at scale using events generated from your applications, integrated Software-as-a-Service (SaaS)
applications, and AWS services

Question 196

Amazon MQ

Answer 196

Amazon MQ
Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it
easy to set up and operate message brokers in the cloud.

Question 197

Amazon Simple Workflow Service

Answer 197

Amazon Simple Workflow Service
Amazon Simple Workflow Service (Amazon SWF) helps developers build, run, and scale background
jobs that have parallel or sequential steps. You can think of Amazon SWF as a fully-managed state
tracker and task coordinator in the cloud.

Question 198

Amazon SWF

Answer 198

Simple Workflow Service:

Background jobs in parallel

Question 199

AWS Application Cost Profiler

Answer 199

AWS Application Cost Profiler
AWS Application Cost Profiler provides you the ability to track the consumption of shared AWS resources
used by software applications and report granular cost breakdown across tenant base. You can achieve
economies of scale with the shared infrastructure model, while still maintaining a clear line of sight to
detailed resource consumption information across multiple dimensions.
With the proportionate cost insights of shared AWS resources, organizations running applications can
establish the data foundation for accurate cost allocation model, and ISV selling applications can better
understand your profitability and customize pricing strategies for your end customers.

Question 200

AWS Budgets

Answer 200

AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed
(or are forecasted to exceed) your budgeted amount.

Question 201

AWS App Runner

Answer 201

AWS App Runner — Build and run
containerized applications on a fully managed
service

Question 202

AWS App Runner —

Answer 202

AWS App Runner — Build and run
containerized applications on a fully managed
service

Question 203

VMware Cloud on AWS

Answer 203

VMware Cloud on AWS is an integrated cloud offering jointly developed by AWS and VMware delivering a
highly scalable, secure and innovative service that allows organizations to seamlessly migrate and extend
their on-premises VMware vSphere-based environments to the AWS Cloud running on next-generation
Amazon Elastic Compute Cloud (Amazon EC2) bare metal infrastructure

Question 204

VMware Cloud on AWS is

Answer 204

VMware Cloud on AWS is an integrated cloud offering jointly developed by AWS and VMware delivering a
highly scalable, secure and innovative service that allows organizations to seamlessly migrate and extend
their on-premises VMware vSphere-based environments to the AWS Cloud running on next-generation
Amazon Elastic Compute Cloud (Amazon EC2) bare metal infrastructure

Question 205

AWS App2Container (A2C)

Answer 205

AWS App2Container (A2C) is a command-line tool for modernizing .NET and Java applications into
containerized applications.

Question 206

AWS Cost and Usage Report

Answer 206

One stop shop for accessing most granular data about AWS cost and usage

Question 207

Application load balancer supports

Answer 207

Path-based and host based routing

Question 208

AWS CloudFormation

Answer 208

AWS CloudFormation
Think Template IAAS to automate cloud setup

is a service that helps you model and set up your AWS resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and CloudFormation takes care of provisioning and configuring those resources for you. You don’t need to individually create and configure AWS resources and figure out what’s dependent on what; CloudFormation handles that.

Question 209

Amazon S3 is optimal for

Answer 209

Storing numerous classes of information that are relatively static and not rapidly changing

Question 210

AWS services as long as you know the pattern of scope

Answer 210

You don’t need to memorize the scope of all of the AWS services as long as you know the pattern. There are actually only a handful of services that are considered as global services such as IAM, STS, Route 53, CloudFront and WAF. For Zonal services, the examples are EC2 Instance and EBS Volumes where they are tied to the Availability Zone where they were launched. Take note that although EBS Volumes are considered as a zonal service, the EBS snapshots are considered as a regional since it is not tied to a specific Availability Zone. The rest of the services are regional in scope.

Question 211

CloudEndure, an AWS company

Answer 211

About CloudEndure, an AWS company

CloudEndure accelerates the journey to the AWS cloud with solutions that provide business continuity during the migration process and additional protection once there. CloudEndure Migration simplifies, expedites, and automates large-scale migrations from physical, virtual, and cloud-based infrastructure to AWS. CloudEndure Disaster Recovery protects against downtime and data loss from any threat, including ransomware and server corruption. With CloudEndure it’s business as usual, always.

Question 212

AWS Migration Hub

Answer 212

Monitor the state of your migrations

Question 213

AWS Database Migration Service

Answer 213

Migrate databases fast safe to cloud (only not physical)

Question 214

AWS GroundStation

Answer 214

Control satellites

Question 215

AWS support plan:

Answer 215

In addition, customers with a Business or Enterprise support plan have access to these features:

• Use-case guidance: what AWS products, features, and services to use to best support your specific needs.
• AWS Trusted Advisor, which inspects customer environments. Then, Trusted Advisor identifies opportunities to save money, close security gaps, and improve system reliability and performance.
• An API for interacting with Support Center and Trusted Advisor. This API allows for automated support case management and Trusted Advisor operations.
• Third-party software support: help with Amazon Elastic Compute Cloud (EC2) instance operating systems and configuration. Also, help with the performance of the most popular third-party software components on AWS.

The AWS Support API provides access to some of the features of the AWS Support Center. This API allows programmatic access to AWS Support Center features to create, manage, and close your support cases, and operationally manage your Trusted Advisor check requests and status. AWS provides this access for AWS Support customers who have a Business or Enterprise support plan. Since the Business support plan is more affordable than the Enterprise, therefore, the most cost-effective support plan to use is Business.

Question 216

Basic and Developer support plans both don’t

Answer 216

Basic and Developer support plans are incorrect since these types do not have access to the AWS Support API.

Question 217

SSH keys is only useful if you

Answer 217

SSH keys is incorrect because this is only useful if you want to connect and control your EC2 instances by establishing an SSH connection.

Question 218

AWS Professional Services

Answer 218

AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. We work together with your team and your chosen member of the AWS Partner Network (APN) to execute your enterprise cloud computing initiatives.

Question 219

AWS Sales Representative may

Answer 219

Help you on your infrastructure migration project and help you with costs

Question 220

Among the following services, which is the most suitable one to use to store the results of I/O-intensive SQL database queries to improve application performance?

Answer 220

Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, run, and scale popular open source compatible in-memory data stores. With this service, you can build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores.

The in-memory caching provided by Amazon ElastiCache can be used to significantly improve latency and throughput for many read-heavy application workloads (such as social networking, gaming, media sharing and Q&A portals) or compute-intensive workloads (such as a recommendation engine).

In-memory caching improves application performance by storing critical pieces of data in memory for low-latency access. Cached information may include the results of I/O-intensive database queries or the results of computationally-intensive calculations.

Hence, the correct answer in this scenario is: Amazon ElastiCache.

Question 221

AWS OptsWorks

Answer 221

AWS OpsWorks is a configuration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef and Puppet.

Question 222

AWS Identity and Access Management (IAM)

Answer 222

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. IAM has various identities such as IAM Users, IAM Groups, and IAM Roles.

An IAM group is a collection of IAM users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group. If a new user joins your organization and needs administrator privileges, you can assign the appropriate permissions by adding the user to that group. Similarly, if a person changes jobs in your organization, instead of editing that user’s permissions, you can remove him or her from the old groups and add him or her to the appropriate new groups.

Question 223

Requirements for ec2 with an EBS Volume

Answer 223

Security group, EBS Root volume, and VPC and subnet specification are all required when launching an EC2 instance.

Question 224

AWS X-Ray

Answer 224

Debugger, pry

Analyze and debug production, distributed applications

Question 225

Enterprise support plan offers:

Answer 225

Well-Architected Reviews, Operations Reviews.

Question 226

Permitted security assessments

Answer 226

• Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers
• Amazon RDS
• Amazon CloudFront
• Amazon Aurora
• Amazon API Gateways
• AWS Lambda and Lambda Edge functions
• Amazon Lightsail resources
• Amazon Elastic Beanstalk environments

Question 227

There is an incident with your team where an S3 object was deleted using an account without the owner’s knowledge. What can be done to prevent unauthorized deletion of your S3 objects?

Answer 227

By setting up MFA, you add an extra layer of protection for your AWS accounts. This is very useful for preventing unwanted access to your AWS resources. In S3, once versioning is enabled for your objects, you can also set up MFA delete so that deleting objects require an additional MFA authentication.

MFA delete can help prevent accidental bucket deletions by requiring the user who initiates the delete action to prove physical possession of an MFA device with an MFA code and adding an extra layer of friction and security to the delete action. Remember that only the bucket owner (root account) can enable MFA delete.

Hence, the correct answer is: Configure MFA delete on the S3 bucket.

Question 228

key design principles of the AWS Cloud: (6)

Answer 228

Some key design principles of the AWS Cloud include

scalability, 
disposable resources, 
automation, 
loose coupling managed services instead of servers, 
flexible data storage options.

Question 229

Instance metadata

Answer 229

Instance metadata is data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into categories, for example, host name, events, and security groups.

You can also use instance metadata to access user data that you specified when launching your instance. For example, you can specify parameters for configuring your instance, or include a simple script. You can build generic AMIs and use user data to modify the configuration files supplied at launch time. For example, if you run web servers for various small businesses, they can all use the same generic AMI and retrieve their content from the Amazon S3 bucket that you specify in the user data at launch. To add a new customer at any time, create a bucket for the customer, add their content, and launch your AMI with the unique bucket name provided to your code in the user data. If you launch more than one instance at the same time, the user data is available to all instances in that reservation. Each instance that is part of the same reservation has a unique ami-launch-index number, allowing you to write code that controls what to do. For example, the first host might elect itself as the original node in a cluster. For a detailed AMI launch example, see Example: AMI launch index value.

Question 230

AWS Partner Network Technology Partners

Answer 230

APN Technology Partners provide software solutions that are either hosted on, or integrated with, the AWS platform. Technology Partners include Independent Software Vendors (ISVs), SaaS, PaaS, developer tools, management and security vendors.

Question 231

Agility

Answer 231

The cloud allows you to innovate faster because you can focus your valuable IT resources on developing applications that differentiate your business and transform customer experiences rather than managing infrastructure and data centers. With cloud, you can quickly spin up resources as you need them, deploying hundreds or even thousands of servers in minutes. The cloud also makes it easy and fast to access a broad range of technology such as compute, storage, databases, analytics, machine learning, and many other services on an as-needed basis. As a result, you can very quickly develop and roll out new applications, and your teams can experiment and innovate more quickly and frequently. If an experiment fails, you can always de-provision resources without risk.

Question 232

Lambda@Edge

Answer 232

Lambda@Edge is a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency. With Lambda@Edge, you don’t have to provision or manage infrastructure in multiple locations around the world. You pay only for the compute time you consume - there is no charge when your code is not running.

Question 233

IAM POLICY

Answer 233

Good for

Policies and permissions in IAM
PDF
Kindle
RSS
You manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents. AWS supports six types of policies: identity-based policies, resource-based policies, permissions boundaries, Organizations SCPs, ACLs, and session policies.

IAM policies define permissions for an action regardless of the method that you use to perform the operation. For example, if a policy allows the GetUser action, then a user with that policy can get user information from the AWS Management Console

Question 234

AWS cognito

Answer 234

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 and OpenID Connect.

Question 235

AWS Config

Answer 235

AWS Config continuously evaluates your resources as they are created, changed, or deleted.

AWS Config is a service thatenables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

Question 236

Where can you back up Amazon EBS volumes?

Answer 236

You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data. Each snapshot contains all of the information that is needed to restore your data (from the moment when the snapshot was taken) to a new EBS volume.

Question 237

Well-Architected Framework pillars

Answer 237

The Well-Architected Framework has been developed to help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications. This is based on five pillars namely:

1. Operational Excellence
2. Security
3. Reliability
4. Performance Efficiency
5. Cost Optimization
   1) Operational Excellence pillar focuses on running and monitoring systems to deliver business value and continually improving processes and procedures.
   3) Reliability pillar focuses on the ability to prevent and quickly recover from failures to meet business and customer demand.
   4) The performance efficiency pillar focuses on using IT and computing resources efficiently. It focuses on the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve.
   5) Cost optimization pillar focuses on avoiding un-needed costs by choosing the right services for the job and by right-sizing them.

Question 238

AWS Well-Architected Framework helps just read

Answer 238

The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while building systems on AWS. By using this Framework, you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. It provides a way for you to consistently measure your architectures against best practices and identify areas for improvement. The process for reviewing an architecture is a constructive conversation about architectural decisions and is not an audit mechanism. Having well-architected systems greatly increases the likelihood of business success.

The operational excellence pillar focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures. Key topics include managing and automating changes, responding to events, and defining standards to successfully manage daily operations.

Using tools such as AWS CodeDeploy to deploy small, incremental changes to your application ensures that you do not introduce drastic updates that may affect your application entirely. Performing monthly game days allows you to test your environment for different failure scenarios so you can quickly plan out ways to remediate them.

Question 239

Just read about system manager

Answer 239

AWS Systems Manager is incorrect because although you can remotely operate and deploy packages/scripts to your on-premises servers with this one, this service is still not suitable to be used for deploying your web application. It also doesn’t have a feature to easily rollback your deployments unlike OpsWorks. This service is primarily used to automate maintenance and deployment tasks on Amazon EC2 and on-premises instances, or automatically apply patches, updates, and configuration changes across any resource group.

Question 240

Which of the following services should you use to deploy and easily rollback a web application from your Git repository to your on-premises server?

Answer 240

AWS offers services that integrate application deployment and management across on-premises and cloud environments for a robust hybrid architecture. Below are the following services that you can use to manage or deploy applications to your servers running on-premises:

OpsWorks – AWS OpsWorks is a configuration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef and Puppet.

CodeDeploy – AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier to rapidly release new features, avoids downtime during application deployment, and handles the complexity of updating applications.

Question 241

Amazon S3 Transfer Acceleration

Answer 241

Amazon S3 Transfer Acceleration is a bucket-level feature that enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of the globally distributed edge locations in Amazon CloudFront.

Question 242

AWS Global Accelerator

Answer 242

AWS Global Accelerator is a networking service that improves the performance of your users’ traffic by up to 60% using Amazon Web Services’ global network infrastructure. When the internet is congested, AWS Global Accelerator optimizes the path to your application to keep packet loss, jitter, and latency consistently low.

With Global Accelerator, you are provided two global static public IPs that act as a fixed entry point to your application, improving availability. On the back end, add or remove your AWS application endpoints, such as Application Load Balancers, Network Load Balancers, EC2 Instances, and Elastic IPs without making user-facing changes. Global Accelerator automatically re-routes your traffic to your nearest healthy available endpoint to mitigate endpoint failure.

Think reduces latency

Question 243

AWS CodeBuild

Answer 243

AWS CodeBuild is a fully managed build service in the cloud. AWS CodeBuild compiles the source code, runs unit tests, and produces artifacts that are ready to deploy. CodeBuild eliminates the need to provision, manage, and scale own build servers. It provides prepackaged build environments for popular programming languages and build tools such as Apache Maven, Gradle, and more. You can also customize build environments in CodeBuild to use your own build tools. CodeBuild scales automatically to meet peak build requests

Question 244

What are the differences codeBuild and CodeDeploy?

Answer 244

What are the differences?
The main difference between the two is; AWS CodeBuild can be classified as a tool in the Continuous Integration category, while AWS CodePipeline is grouped under Continuous Deployment.

Question 245

Amazon CognitoSimple

Answer 245

Amazon CognitoSimple and Secure User Sign-Up, Sign-In, and Access Control

Question 246

Standard Reserved Instance

Answer 246

One-year to three-year term
Enables you to modify Availability Zone, scope, networking type, and instance size (within the same instance type) of your Reserved Instance. For more information, see Modifying Reserved Instances.
Can be sold in the Reserved Instance Marketplace.

Question 247

Convertible Reserved Instance

Answer 247

Convertible Reserved Instance
One-year to three-year term

Enables you to exchange one or more Convertible Reserved Instances for another Convertible Reserved Instance with a different configuration, including instance family, operating system, and tenancy.

There are no limits to how many times you perform an exchange, as long as the target Convertible Reserved Instance is of an equal or higher value than the Convertible Reserved Instances that you are exchanging. For more information, see Exchanging Convertible Reserved Instances.
Cannot be sold in the Reserved Instance Marketplace.

Question 248

Amazon Aurora

Answer 248

Amazon Aurora
faster mysql postgresql

self-healing 
	2 copies of data in differen AZ 
		(in 3 AZ) you have 6 copies data 
	offer 15 low latency replics

Question 249

Applicaion Load Balancer

Answer 249

functions at application layer (7th layer)
http/https
need listeners checks connection of requests
config listener rules
will route requests to different targets
registering lambda functions

Question 250

Network Load balacer

Answer 250

Network Load balacer 
		at fourth layer 
		opens TPC 
		ability to handle volitle worklods 
		TPC, UDP, TLS traffic 
		suporst static IP addresses 
		also assign Elastic IP addresses

Question 251

Amazon ElastiCache

Answer 251

Amazon ElastiCache

Unlock microsecond latency and scale with in-memory caching

Amazon ElastiCache is a fully managed, in-memory caching service supporting flexible, real-time use cases. You can use ElastiCache for caching, which accelerates application and database performance, or as a primary data store for use cases that don’t require durability like session stores, gaming leaderboards, streaming, and analytics. ElastiCache is compatible with Redis and Memcached.

Question 252

Which of the following do you need to programmatically interact with your AWS environment? (Select TWO.)

Answer 252

You use can AWS SDKs to programmatically interact with your AWS resources. Using access keys, which are unique identifiers for your IAM user, you can connect to your resources in a secure manner.

The AWS Access Key ID and AWS Secret Access Key are your AWS credentials. They are associated with an AWS Identity and Access Management (IAM) user or role that determines what permissions you have.
Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). If you don’t have access keys, you can create them from the AWS Management Console. As a best practice, do not use the AWS account root user access keys for any task where it’s not required. Instead, create a new administrator IAM user with access keys for yourself.

Question 253

AWS golden AMI

Answer 253

A golden AMI is an AMI that contains the latest security patches, software, configuration, and software agents that you need to install for logging, security maintenance, and performance monitoring.

An AMI includes the following:

• One or more EBS snapshots, or, for instance-store-backed AMIs, a template for the root volume of the instance (for example, an operating system, an application server, and applications).
• Launch permissions that control which AWS accounts can use the AMI to launch instances.
• A block device mapping that specifies the volumes to attach to the instance when it’s launched.

Hence, the correct answer is: Create a golden AMI of the instance and copy it to the other Region.

Question 254

AWS KMS or Key Management Service

Answer 254

AWS KMS or Key Management Service is incorrect because this is a central repository for encryption keys in your account. It is not used to protect your network from potential security threats. KMS is useful if you have data that you need to encrypt, and you want a central location where you can manage your keys.

Question 255

IAAS you start at __ and go up?

Answer 255

O/S
Middleware
Runtime
Data
Applications

Question 256

Amazon Simple Storage Service (Amazon S3) details

Answer 256

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. It is the most cost-effective choice for storing objects since this is its primary purpose. Another advantage you receive from Amazon S3 is volume discounts.

Question 257

standard design principle

Answer 257

standard design principle

1. Design for failure
2. Decouple your components
3. Implement elasticity
4. Think parallel

Question 258

Amazon Lightsail is a

Answer 258

Amazon Lightsail is a PaaS solution for users who need a simple virtual private server (VPS) solution. Lightsail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud. Lightsail includes everything you need to launch your project quickly – a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP – for a low, predictable monthly price.

Question 259

AWS Config is a

Answer 259

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

Question 260

AWS CodeStar

Answer 260

AWS CodeStar enables you to quickly develop, build, and deploy applications on AWS. AWS CodeStar provides a unified user interface, enabling you to easily manage your software development activities in one place. With AWS CodeStar, you can set up your entire continuous delivery toolchain in minutes, allowing you to start releasing code faster. AWS CodeStar makes it easy for your whole team to work together securely, allowing you to easily manage access and add owners, contributors, and viewers to your projects. Each AWS CodeStar project comes with a project management dashboard, including an integrated issue tracking capability powered by Atlassian JIRA Software. With the AWS CodeStar project dashboard, you can easily track progress across your entire software development process, from your backlog of work items to teams’ recent code deployments. Visit here to learn more.

Question 261

Neptune

Answer 261

Graph database.

Build and run graph applications with highly connected datasets

Question 262

AWS Architecture Center

Answer 262

AWS Architecture Center
The AWS Architecture Center provides reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more. This expert guidance was contributed by cloud architecture experts from AWS, including AWS Solutions Architects, Professional Services Consultants, and Partners.

Question 263

AWS Architecture Center

Answer 263

The AWS Architecture Center provides reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more.

Question 263

AWS Architecture Center

Answer 263

The AWS Architecture Center provides reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more.

Question 264

You can use ___ with redshift to query data

Answer 264

Querying external data using Amazon Redshift Spectrum

Question 265

AWS Quick Starts

Answer 265

AWS Quick Starts are production architecture accelerators that help customers deploy AWS-native services and products from AWS Partners. These accelerators reduce hundreds of manual procedures into just a few steps, so AWS customers can build production environments quickly and start using them immediately.

Question 266

Restricting access to Amazon S3 content by using an origin access identity (OAI)

Answer 266

Restricting access to Amazon S3 content by using an origin access identity (OAI)
PDF

Kindle

RSS

To restrict access to content that you serve from Amazon S3 buckets, follow these steps:

Create a special CloudFront user called an origin access identity (OAI) and associate it with your distribution.

Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users. Make sure that users can’t use a direct URL to the S3 bucket to access a file there.

After you take these steps, users can only access your files through CloudFront, not directly from the S3 bucket.

Question 267

AWS cloudHSM

Answer 267

Hardware security model generate and use own crypto keys