All Flashcards
1
Q
KMS multi region keys what limits on them?
A
Keys are not global related, not cloned but replicated
Cannot be converted from single region key.
make management of keys more complex
2
Q
What does kinesis data streams offer for security features?
A
Control access via IAM.
Encryption in flight.
Encryption at rest with KMS.
VPC endpoint
3
Q
What two services support VPC Gateway Endpoints
A
S3.
Dynamo DB
4
Q
Define AWS firewall manager
A
Security management service to centrally, configure firewall rules across organizations includes
WAF rules.
Security groups.
Network firewall rules
R 53 resolver
5
Q
Define IAM ID Center
A
Allows for sign in for all accounts business cloud apps, like salesforce
Third-party app supporting SAML 2.0
6
Q
Aurora supports these databases
A
MYSQL
POSTGRES
7
Q
How many replicas in aurora cluster max?
A
15
8
Q
RDS technology, which does not support IAM
A
Oracle
9
Q
Define cloud watch metric stream
A
Send cloud watch metrics in near real time to S3 via kinesis firehose or third-party destinations
10
Q
Five tenants of AWS well architected application
A
Cost
Performance
Reliability
Security.
Operational excellence
11
Q
aws: principal org ID
A
For any resource policy to restrict to accounts that are member of an AWS Org
12
Q
Define comprehend medical is it HIPPA compliant
A
Detect extract analyze info from unstructured sources, such as doctors notes, radiology reports
Supports HIPAA
13
Q
Define Kendra
A
Document search service using machine learning
14
Q
Define Sagemaker
A
Fully manage service for deploying machine learning models quickly
15
Q
Define AWS Polly
A
Text to speech service.
Uses lexicons for pronunciations.
Uses SSML = speech synthesis markup language
16
Q
Define Transcribe
A
Auto convert speech to text
Auto remove PII.
Auto language
17
Q
Define VPC sharing versus VPC peering
A
Sharing is for sharing subnets with other AWS accounts or to centrally manage VPCs for multiple accounts.
Peering is a peering connection between two VPCs in same or multiple accounts
18
Q
What are SCP’s?
A
Service control policies.
IAM policies applied to OU or accounts to restrict access.
Does not apply to management account
19
Q
What is S3 max object size
A
Five TB
20
Q
What is lambda max execution time?
A
15 minutes
21
Q
What are RCU and WCU in Dynamo DB
A
Read capacity units and write capacity units.
Can be scaled independently
22
Q
What is the purpose of increasing visibility timeout in SQS?
A
Gives consumers more time to process messages, resulting in less duplicates
23
Q
Define SQS visibility timeout
A
Period of time where SQS prevents other consumers from receiving and processing messages
24
Q
What is a glacier vault lock?
A
Uses WORM.
Right once read many
Locks added for never delete
25
What is S3 durability and availability?
99.99 or 53 minutes in one year
26
What are the features of the application migration service or MGN?
Converts source servers to run an AWS physical VM or cloud
27
Key futures of Aurora global DB.
How many secondary regions?
How many read replicas
Replicas in other regions
Up to five secondary regions.
15 read replicas max per region
28
kinesis data shard -
What are the max throughput?
Incoming and outgoing.
provisioned mode:
each shard = 1MB per second incoming
2 MB per second outgoing
29
Define kinesis partition key function
Used to order data in shards
truck one goes to shard one
30
Can kinesis fire hose transform data
Yes
31
To create aurora read replica auto scaling do what
Create policy under actions
Can create auto scaling policy
Decide on target either by request or CPU
32
EKS node types
manage node. AWS manage the node for you.
self manage node
Fargate
33
Describe Aurora global database with regard to regions
One primary region.
Up to five secondary regions.
With up to 16 read replicas per region
34
What is the used case for Aurora serverless
In frequent intermittent or unpredictable workloads no capacity plan needed
35
Why use EFS over EBS?
EFS is a shared file storage service offering high performance and can be connected to from many EC two instances
36
Define aurora reader endpoint
A reader endpoint connects to all replicas therefore application only needs to connect to reader endpoint
37
Five things about Aurora high availability and read scaling
Storage replicated with Six copies of data
Instant takes rights the master
Auto fail over less than 30 seconds.
Master +15 read replicas.
Supports cross region replication.
38
Why use Aurora global database feature?
Global means available in multiple regions
39
What machine learning integrations does Aurora have?
Sage maker
Comprehend
40
Aurora - list 6 features
Backup and recovery
Isolation and security.
Industry compliance.
Automated patching.
Advanced monitoring.
Backtrack is a way, restoring the database to appoint in time recovery must be enabled by database creation
41
List features of Aurora
What databases does it support?
What is the performance increase?
What is the auto scale storage max?
How many replicas support?
What failover capabilities does it support?
What is the cost versus RDS?
Supports postgres and MYSQL.
Cloud optimize for 5X performance.
Auto scale storage to 128 TB.
Up to 15 read replicas
Failover instantaneous.
Cost is more than RDS
42
What is an EC2 instance store what benefits and what drawbacks
Benefits.
Higher disk I/O as VM‘s have direct access to discs on server hardware
Instance store is an ephemeral volume. It does not persist across stop/start.
43
List the EBS volume types
GP2
GP3
Io1/Io2
ST1
SC1
44
What is the used case for EBS volume GP2 or GP3
General purpose, SSD, volume balances, price, and performance
45
What is use case for EBS volume type
Io1/Io2?
Highest performance, SSD low latency high throughput
46
What is the used case for EBS volume type sT1
Lowest cost HDD volume design for frequently access throughput intensive workloads
47
What is the use case for EBS volume type SC1?
Lowest cost HDD volume design for less frequently accessed workloads
48
What is the max CIDR size in AWS?
/16
49
API Gateway create what types of API
Restful APIs
50
EFS backups are they enabled by default?
Yes, enabled by default for one zone
51
API gateway websocket API -
state full or state less
Stateful – full duplex
52
What is the RDS feature which does not require connection string
Multi-AZ
53
Define a stateless application
The application does not save session data
54
Define a stateful application
Save session data user retain session data
55
What can you say about SCP’s hierarchy?
SCPs are applied at OU level account example : cannot access lambda because SCP denies at OU level
56
Define Neptune
Graphing Database
use case:
number of likes from one post from one user
Think social networking
57
What kind of DB is dynamo DB
Key pair value
58
What is SAML?
Security assertion, markup language
59
What is the max size of dynamo DB table?
400 KB
60
Define lambda at edge
Feature of cloud front which enables code to run near users which improves performance and latency
61
Why use a volume gateway?
Provides block storage with ISCSI -
backed on S3 backed by EBS snapshots, which help restore on premises volumes
62
What is the main reason to use FSX file gateway for window server
Creates a local cash for frequently access files. Can use SMB, NTFS, AD.
63
With S3 file gateway, what protocol to use if you want to integrate with AD
SMB
64
How is data and S3 file gateway handled?
Most recently used data is cashed in the gateway
65
S3 file gateway, what protocols?
NTFS or SMB
66
What is SNS message filtering
Jason policy to filter messages before they are sent to subscribers
67
Define SNS to S3 through kinesis data fire hose.
What does this help you with?
This can allow you to persist your messages
68
What are the four types of storage gateways?
S3 file
FSX file
Volume
Tape
69
What are the 4 use cases for storage gateway?
DR.
Back up and restore.
Tiered storage.
On premises, cashing
70
What function does storage gateway perform?
Expose S3 data to on premises
71
What features does FSX NET ONTAP have with regard to cloning and storage?
Instant cloning of point in time.
Storage auto shrinks and grows
72
What is SNS and SQS fan out
One SNS topic pushes to multiple SQS cues so each service can read from their own SQSQ
73
What security features for SNS
Encryption in flight.
Encryption at rest.
Client Certs if desired
74
What is AWS global accelerator main benefits?
Provides regional failover
High availability
Static IPs
Improve performance via edge locations.
Find green control of regional deployments client affinity think blue Green deployments
75
What are two types of volume gateways that you can create?
Cashed: low latency access
Stored: entire data set on premises
76
data sync - what aws services can it sync to?
Does it preserve file permissions?
S3
EFS
FSx
Yes
77
What does AWS data sync do which is important when sync between AWS storage services?
Preserves metadata, including file permissions
78
What is the main goal of a volume gateway?
Back up volumes from on premises servers to S3
79
RDS database can have how many read replicas
15
80
What is a storage gateway hardware app appliance
Use on premises in case there is no virtualization on premises
81
What is the key use for Aurora cloning
Copy on right method
Quick access to production DB.
Initial clone created with minimum space.
Uses copy on right method which only allocate storage when changes are made to data
82
Why use IAM permission boundaries?
Provides a boundary of permissions for any user.
Helpful for developers to manage their own permissions, but not to elevate their own permissions
83
Name three on-premises configurations for storage gateway
file gateway. With nfs/smb
volume gateway with iscsi
tape gateway with iscsi VTL
84
What are the two types of file systems in FSX luster?
Scratch
Persistent
85
Where did the name luster come from used in FSX luster
Linux cluster
86
What file system to use for high-performance computing Linux clusters scales to millions of IOPS integrates with S3?
FSX for luster
87
Define symmetric KMS key
Symmetric key is used to decrypt and encrypt in a single key
88
How do you decouple with SQS between application tiers?
Use SQS between front-end web apps and back-end apps which can process data
89
How can you increase SQS throughput?
By scaling up the consumers.
Create ASG from cloud watch alarm Q length this alarm triggers ASG scale out
90
Why use net app on tap?
Move workloads running NAS or ONTAPP
Supports NFS, SMB, ISCSI
91
What are SQS access policies
Similar to S3 bucket policies
Cross account access to SQS.
Other services write access to SQS
92
What is the only protocol in FSX for openZFS?
Only NFS
93
List route 53 record types
A Maps host name to IP version four
AAAA -host name to IPv6
CNAME - maps hosting to another name cannot map on domain zone Apex.
NS – name servers
Alias – like CNAME points to AWS resources can be used on Apex
94
Define dynamo DB DAX
Dynamo DB accelerator
10 times performance through caching
95
What is an edge optimized API gateway?
CloudFront feature for clients distributed, geographically. locations receive routed request, and API still lives in one region
96
What are AWS step functions?
Serverless workflow.
Human approval
Timeout.
Error handling
97
The export feature of dynamo DB does what
Exports to S3 with JSON format
98
What is glue data brew?
Used to clean and normalize data in preperation for ML
99
What is the max throughput for SQSFIFO queue
3000 messages per second
100
Does API gateway support caching?
 Yes
101
Does Dynamo DB supprt caching?
Yes
102
Define timestream
Does it include analytics?
What encryption?
Time series database
built in analytics
encryption at rest
103
Define Keyspaces
Apache open source noSQL.
Uses CQL Cassandra query language
104
What is the use case for dynamo DB streams?
Enables replication via changelog to other regions
105
What are the services the integrate with Quicksite?
Aurora.
S3
RDS
Open search
Athena
Red shift
106
What are the key features of open search?
Search any field, including partial matches
Dashboards.
Manage or serverless.
Can support SQL
Analysis of logs
107
What is enhanced VPC routing?
A feature of Redshift.
Forces a copy and unload traffic through your VPC
108
What type of DB is Redshift?
Relational DB
109
What are the valid subscribers for SNS?
HTTP and HTTPS
SQS
Lambda
Kinesis Firehose ONLY
Email
SMS
110
EKS supports which storage
EBS
EFS
FSX luster,
FSX Net ONTAPP
111
Document DB
What is it based on?
Does it auto scale?
Is it serverless?
How does it store data?
MongoDB=NoSQL
Autoscales.
Not serverless.
Stores Json data
112
Define AWS XRAY
Provides user centric model to analyze and debug applications.
Provides end to end view of request as traveling through the application
113
What is the data rate for KinesisDataStreams producers sending into KinesisDataStreams service?
1MB per second or 1000 messages per second
Per shard per shard
114
What is the data rate for KenesisDataStreams outbound to consumers?
2MB per second per shard
115
What makes up a kinesis data stream record
Contains
Partition key.
Data blob
116
DataLake
What is it built upon?
Major benefit
Where can the data be stored?
What sits on top?
What type of access control?
Built upon glue.
All data in one place.
Can be an S3, RDS, Aurora
Lake formation exists on top.
Column access control
117
Define MSK
Managed service for Kafka
118
Define AWS Recognition what use case
Find objects text and people using machine language.
Used in content moderation
119
Define IAM conditions and what are the 4 categories
Source IP
Requested region.
Resource tags.
MFA present
120
Supported databases in RDS
MySQL
Postgres
Maria DB
Oracle
Microsoft SQL server
Aurora
121
key feature of S3 versioning
Enables rollbacks
Version key is updated.
Delete the delete marker will restore original version
122
Aurora serverless-
Key Features
What DB's supported
On demand
Auto scaling.
Auto start/stop
Supports MYSQL and POSTGRES
123
What are valid Route53 health checks?
Cloudwatch alarms
Endpoints.
Other health checks
124
List the S3 storage classes
Standard.
Standard infrequent.
One zone infrequent.
Glacier instant retrieval.
Glacier, flexible retrieval
Glacier, deep archive
Intelligent tiering
125
EventBridge supported Targets
Lambda
SNS
SQS
Cloudwatch
API destinations
API Gateway
126
For event bridge security.
What two types of policies
Resource based
IAM role
127
Define AWS control tower
Govern and secure multi account AWS environment.
Automate setup of environment.
Automate policies.
Detect policy violations
128
What two types of guard rails are used in AWS control tower
Preventative – use SCP’s
Detective – ID noncompliant resources via config
129
What are the three services that guard duty scans?
Cloudtrail events
VPC flow logs.
DNS logs
130
Define AWS Macie
Data and security privacy services.
Detects PII
131
Data sync copies data to what storage providers
NFS
SMB
Hadoop
Google cloud
Snowcone
S3.
FS X – all.
EFS.
132
What is the one service AWS data sync does not copy data to
EBS
133
Which services support throttling
API gateway
SQS
Kinesis
134
What is the minimum storage in days for S3 glacier instant retrieval
90 day minimum storage
135
What is the retrieval time for S3 glacial instant retrieval
Millisecond retrieval
136
What are the three retrieval modes for glacial flexible?
Expedited
Bulk.
Standard.
137
S3 object lambda what is it used for?
Can change the object before retrieved by application to remove sensitive data.
Only one bucket needed.
Creates S3 access point and lambda access point
138
What are the two types of snowball edge? What does it do?
Storage optimize : 80 TB.
Compute optimized: 42 TB.
Processes data
139
What are the sizes available for a snowcone?
8TB AND 14 TB versions
140
Define glue service
Extract, transform and load. ETL
– fully serverless
– pulls from S3 to transform and load to red shift
141
What are the glacier, deep archive retrieval modes?
Standard.
Bulk.
142
What is the retrieval time for glacier deep archive standard mode?
12 hours
143
What is retrieval time for glacial deep archive bulk mode?
48 hours
144
What is the minimum storage in days for glacial deep archive?
180 days
145
Define comprehend
Natural language processing to determine key places, people and events
146
List the S3 intelligent tiering categories
F I A A D
Frequent.
Infrequent
archive instant access.
Archive access.
Deep archive access
147
What are the benefits of using organizations?
Use one account to manage multiple accounts.
Cloud watch logs can be sent through central account for logging.
Better security
148
Define VMware Cloud
VSphere in AWS
149
How many IP’s for cider 10.0.0.0/31
2
150
List the number of IPs per cider.
/32
/31
/30
/29
/28
/27
/26
1
2
4
8
16
3 2
64
151
What are the two types of direct connect gateway
Hosted
Dedicated
152
What is a used case for direct connect gateway
Connect on premises to VPC using a direct connection location bypasses Internet
153
Define AWS VPN cloud hub
Allows to securely communicate with multiple sites using AWS VPN
154
How many IPs are reserved in AWS subnets by default
5
155
Define AWS inspector
For EC2 and ECS
Analyze, running processes to report OS vulnerabilities.
156
What is the purpose of SQS long polling?
Reduces API calls
agent weights for a time during the polling period in case message comes in
157
What cookie names are not allowed on application load balancer
AWSALB
AWSALBAPP
AWSALBTG
158
What is storage Gateway hardware appliance?
On premises in case there is no virtualization on premises
159
What types of health checks do network load balancers support?
TCP.
HTTP
HTTPS
160
What types of health checks do network load balancers support?
TCP.
HTTP
HTTPS
161
RDS supports what databases
MYSQL
Maria DB
MS sequel server
Oracle
162
List the difference between cloud front and global accelerator
Call front is a cashing at the edge locations performance improved via cashing
Global accelerator good for UDP or TCP no cashing good for gaming IOT - fast regional failover
163
List EFS storage classes
Standard.
In frequent
Archive
164
Define cross zone load balancing
Since traffic to all instances evenly across availability zones and instances
165
Kinesis data streams list for features in regards to records
Routing records
Ordering of records.
Multiple applications consume same stream data.
Replay Consumer records up to 365 days later in the same order
166
What is EFS regional versus one zone file systems?
One zone stores data redundantly across a single zone.
Regional stores data across AZs
167
What is AWS Route 53 resolver
It is a DNS responds recursively to DNS queries from:
AWS resources for public records Amazon VPC specific DNS names
Amazon R53 private hosted zones
is available by default and all VPCs.
168
For route 53 resolver what does an inbound resolver endpoint do?
Allows DNS queries TO your VPC FROM your on premises network or another VPC
169
For route 53 outbound resolver endpoint does what
Allows DNS queries FROM your VPC TO your on premises network or another VPC
170
A route 53 resolver automatically answers DNS queries for
VPC domain names for EC2 instances.
Records in private hosted zones.
Public domain names resolver performs recursive look ups against public name servers on the Internet
171
Route 53 resolver what to do to resolve DNS queries for any resources in the on prime network from AWSVPC
Create an outbound, DNS resolver to resolve host names on prem from your VPC
172
True or false
a recovered instance is identical to the original instance, including the instance ID private IP, elastic IP address and all incident data
True
173
Simplified automatic recovery EC2 instance is supported if
It uses default or dedicated instance tenancy.
It does not use elastic fabric adapter.
174
List differences between kinesis data, streams, and kinesis data fire hose
Kinesis data streams ingest data for streaming at scale
KDfirehose is a date of transfer service to load streaming data to S3, redshift,and others
Kinesis data streams needs shards configuration manually KDFireHose is fully managed service
Kinesis streams has manual scaling
Fire hose has automated scaling
Kinesis data streams, support replay capability fire hose does not
175
Kinesis data of fire hose is the easiest way to do what
Load streaming data into data stores and analytics tools
176
Name the two types of spot requests
One time
Persistent
177
What defines a persistent spot request
Request is opened again after the spot instance is interrupted
178
List the spot instance request states
Open
Active
Fail
Closed
Disabled.
Cancelled
179
What is a dedicated spot instance?
Has a tenency of dedicated when you create the spot instance
180
What is the default tenency for EC two instances?
Shared hardware
181
What is a dedicated instance?
Instance that will run on hardware dedicated to a single AWS account
182
Dedicated instances might share hardware with
Other instances from the same AWS account that are not dedicated instances
183
List some differences between a dedicated host and a dedicated instance
Dedicated host as a physical server with instance capacity fully dedicated to your use.
Dedicated instance is a physical server that’s dedicated to a single customer account.
Billing for a dedicated host is per host billing per instance, billing for dedicated instance.
Visibility of sockets on dedicated host no visibility on dedicated instance
184
You cannot request a spot instance with the tenency of default if
In a VPC with instance tenancy as dedicated
185
You can only cancel spot instance request that are in what status
Open
Active
Disabled
186
You can only stop a spot instance if
The spot instance was launched from a persistent spot instance request
187
You can’t stop a spot instance if it is part of a fleet or a launch group true or false
True
188
What is a spot capacity pool
Set of unused EC to instances with the same instance type operating system availability zone and network platform
189
What can you do to control spending for spot fleet?
Specify the spot, max total price for spot instances and
on demand max total price for on-demand instances
190
At what size data set would it be better to use S3 transfer acceleration over cloud front to distribute content
Objects smaller than one gigabyte size should use cloud front otherwise use S3 with transfer acceleration
191
AWSWAF covers what end points?
Cloud front distributions
API Gateway.
Application load balancer
App sync graph CL
Cognito user pool
App runner.
192
After you have launched an instance, what are the only two choices for changing it’s tenancy
You can change the tenancy of an instance from dedicated to host or from host to dedicated
193
Scale out refers to what type of scaling
Horizontal
194
Scale out refers to what type of scaling
Horizontal
195
Scale up is used in conjunction with what type of scaling
Vertical
196
Security groups are state full, true or false
True
197
NACL’s are stateless true or false
True
198
Because NACL‘s are stateless, you must do what?
You must allow both inbound and outbound traffic
199
Why use SQS delay cues
They let you postpone the delivery of new messages to consumers for a number of seconds.
Makes messages unavailable to consumers for a period of time this helps consumers process all the messages
200
True or false service control policies do not affect service linked roles
True
201
Service control policy affects what
All users and roles in member accounts, including root user of the member accounts
202
What are dynamo DB streams?
Allows you to capture time ordered sequence item level modifications in a table, integrated with lambda so you can create triggers that automatically respond to events
203
What is dynamo db TTL ?
Feature of dynamo DB, which enables time to live on a table
204
Define elastiCache
Fully managed in memory data store compatible with Redis or MEMCACHED
205
Describe mongo DB
Mongo DB source available cross platform document oriented, database classified as no sequel. Uses json documents to store data
206
What is QLDB?
Quantum ledger, database dedicated to financial transactions
207
Describe HA options for Neptune
Available across 3AZ with 15 read replicas
208
Name for features of timestream
Serverless
Auto scale
Thousands of times faster at 1/10 the cost of relational databases
Data storage tearing
Built-in analytics
209
Describe Athena
Serverless query service for s3 stored data
Uses SQL language
Common with Quicksight
210
How do you improve Athena performance?
Use columnar data - Apache Parquet
Compress data for smaller retrieval
Partition data sets in s3
Use larger files
211
What is Athena Federated query?
Allows, SQL queries across data stored relational or non relational or Redis
212
Redshift what underlying database based on ?
OLTP OR OLAP?
Based on post sequel
OLAP online and analytical processing
213
List differences between red shift and Athena
Faster queries than Athena for joins aggregations
Redshift uses indexes
214
What is the MEMCACHED evictions cloud watch metric?
When memory begins to fill up it deletes unused, cache keys to free up space
215
What is the default behavior of AWS lambda in terms of network access?
Runs in a secure VPC with access to AWS services in the Internet lambda owns its own VPC, which is not connected to accounts default VPC
216
What action to take to deploy new roles in each of the organizations accounts
Use cloud formation stack sets
217
What can you use to validate the integrity of AWS cloud Trail log files
Enable cloud Trail, log file integrity, validation
218
Define AWS data pipeline
Define data driven workflows, so that completed tasks can kick off the next task
219
Define Amazon data, lifecycle manager or DLM
Automate creation, retention, and deletion of EBS snapshots
220
What file systems does the data sync support?
NFS
SMB
HDFS
cloud storage providers
snowcone
S3
EFS
FSX
open OpenZFS
net app on tap 
221
What type of billing method used when using AWS Linux, Ubuntu
Per second
222
List default termination policy in ASG
In order:
Align with allocation strategy
If old launch template configuration
Next billing hour
223
Can security groups have deny statements
No
224
Are security groups stateful
Yes
225
Which cluster placement strategy for large distributed workloads like Kafka Hadoop, and Cassandra and why
Partition placement group least likely to have hardware failure as each partition is its own dedicated rack
226
What’s the difference between a launch configuration and a launch template
Template can contain different types of instances and can’t have versions.
Configuration contains one instant types used by ASG
227
Static webpage definition
Static webpage delivers stored content with HTMLCSS or Java
228
dynamic webpage definition
Dynamic is generated site at runtime by php node.js, asp.net
229
What type of billing method used when using AWS Linux, Ubuntu
Per second
230
List default termination policy in ASG
In order:
Align with allocation strategy
If old launch template configuration
Next billing hour
231
Can security groups have deny statements
No
232
Are security groups stateful
Yes
233
Which cluster placement strategy for large distributed workloads like Kafka Hadoop, and Cassandra and why
Partition placement group least likely to have hardware failure as each partition is its own dedicated rack
234
What’s the difference between a launch configuration and a launch template
Template can contain different types of instances and can’t have versions.
Configuration contains one instant types used by ASG
235
Static webpage definition
Static webpage delivers stored content with HTMLCSS or Java
236
dynamic webpage definition
Dynamic is generated site at runtime by php node.js, asp.net
237
Any explicit deny in any policy results in
Overrides the allow
238
What are the 5 policy types are available in a single AWS account
Identity-based
Resource-based
IAM permissions boundary
SCP’s
Session policies
239
To help save S3 cost how can glue job help
Glue job can extract transform load and compressed data before it’s sent to S3
240
What are the EFS performance modes?
General purpose
Max I/O
241
What are EFS throughput modes
Elastic – auto scales
Provision – workload is known
Bursting - throughput scales with storage
242
Why build a shared services VPC
Provides access across multiple accounts, which are shared reducing admin overhead
243
How does global accelerator help with blue green deployments?
Global accelerator can shift traffic to green deployment from blue gradually or all at once
244
What three types of virtual interface available for direct connect
Public – to connect for public AWS services
Private to connect to VPC using private ips
Transit – to connect to VPC using private IP and transit Gateway
245
Define IAM policy evaluation
DORIBS
Is there an explicit deny?
Organization SCP
Resource SCP
ID based
IAM permissions boundary
Session policies
246
Read replicas use asynchronous, or synchronous replication
Read replicas use asynchronous replication
247
Read replicas in multi AZ set up use as synchronous or synchronous replication
Read replicas use synchronous in multi-AZ What?
248
What is Amazon QuickSite?
Service machine, learning power business intelligence service creates interactive dashboards
249
With regard to QuickSite, what is SPICE?
In memory computation engine if data is imported into QuickSight
250
What are the data sources for quick site?
RDS
Aurora.
Red shift
Athena
S3
Open search.
Timestream
251
When you define users in QuickSite, do the same users exist in IAM
No, these users exist only within quick sight
252
What is Parquette file?
Open source column, oriented, data file format, designated for efficient, data storage and retrieval use with Apache Parquette
253
What are glue job bookmarks?
Prevents reprocessing old data
254
What is glue elastic views?
Combine and replicate data across multiple data stores using SQL
255
What is lake formation?
Works on top of a data lake
centralize all your data for analytical purposes
fully managed service discover cleanse, transform ingest data
256
What is a huge benefit of using AWS lake formations
Centralized permissions
257
What other two types of kinesis data analytics
Sequel applications
Apache flink
258
Why would you need to use kinesis data analytics for Apache Flink?
For more advanced Java or sequel data analytics
259
Which version of kinesis data analytics would you use if you had kinesis fire hose as source?
You cannot use Flink must use kinesis analytics
260
What DR options are available for red shift
Multi AZ mode for some cluster types
If single AZ, then snapshots are used
261
With red shift, what can you do with snapshots?
Snapshots can be copied to another AWS region
262
What is red shift spectrum
Query data that is already an S3 without loading it
263
What service can convert JSON files to Apache Parquette
AWS glue
264
What should you use to control access to your KMS CMKs?
KMS key policies
265
What’s the difference between AWS secrets, manager and SSM parameter store
With AWS secrets manager, you can rotate the secrets automatically
266
What’s the difference between dedicated instances and dedicated hosts?
Dedicated hosts are dedicated physical servers all your instances run on can use your own licensing
Dedicated instances are instances that run hardware that’s dedicated to a single customer. Other instances can run on the same hardware from other AWS accounts.
267
What are Amazon cloud watch alarm actions
Create alarms, automatically stop terminate, reboot, or recover your EC2 instances
268
Which is better for handling spikes of traffic cloud front or global accelerator
Cloud front
269
Which is better for non-HTTPuse cases such as gaming UDP IOT VOIP
Global accelerator
270
Can SNS buffer messages
No
271
What three services can handle throttling
API Gateway
SQS
Kinesis
272
What is a VIF and what are the two types?
VIF = virtual interface
Public and private
273
What is the difference between a public VIF and a private VIF?
Public VIF enables access to public services such as S3
Private VIF enables access to your VPC
274
What is the difference between AWS private link and AWS direct connection
Private link provides a private network connection between VPCs and AWS services.
AWS direct connect is dedicated private connection between on premises and AWS.
275
What is the key difference between kinesis data streams and kinesis firehose
Kinesis data streams stream and process data runs real time metrics and analytics
Kinesis data firehose will load streaming data into data stores and analytics tools. It does not do any analytics by itself.
276
What are the two types of VPC endpoint?
Interface.
Gateway
277
What is the difference between a VPC interface endpoint and a gateway endpoint
An interface endpoint enables connectivity to AWS services over AWS private link. It consists of a collection of an elastic network interfaces private IP addresses services as an entry point for traffic to the AWS service.
GatewayEndpoints our supported by Amazon, S3 and dynamo DB. Gateway and points do not use AWS private link instead uses specific IP routes to connect to Dynamo DB or S3
278
What is VPC traffic mirroring?
To replicate network traffic to and from an EC2 to instance and forward to an out of band security and monitoring appliance
279
Which services are available for private link
EC2
ELB
Kinesis
EC2 systems manager
SNS
Data sink
280
Amazon elastiCache is used for
Used as a cashing layer in front of relational databases
281
What is spread placement group
Spreads instances across underlying hardware
282
How many instances per group per AZ in a spread placement group
7
283
True or false Amazon EFS file system can have Mount targets in only one VPC at a time
True
284
What are some limits on EC2 Hibernate?
RAM must be less then 150GB
Root Volume must be EBS and encrypted
No bare metal
ON-Demand reserved and spot instances supported
285
Is EFS compatible with Windows OS?
NO
286
What are the EFS performance modes?
General and MAX I/O
287
What are the EFS storage classes?
Standard.
Infrequent access
Archive
288
Does Amazon RDS mySQL support storage auto scaling?
Yes
289
How to migrate AWS account from an AWS organization a to organization B what are the steps?
Remove member from old organization
send invite to member the new organization
accept the invite to new organization
290
What happens in the case of auto scaling group when an instance is in impaired status?
Auto scaling does not immediately terminate the instance, but waits for a few minutes for the instance to recover
291
Can a single region KMS key be converted to a multi region
No!
292
Route 53 what is created automatically for a public hosted zone only
NS and SOA records
293
Can IAM permission boundaries be applied to groups
No. Roles or users only.
294
Can IAM permission boundaries be applied to groups
No. Roles or users only.
295
Can you host a website on lambda
No
296
Can you put cloud front in front of lambda?
No
297
List the default auto scaling group termination policy
Allocation strategy,
Old launch template
Old Launch configuration
Next billing hour
298
Can you use S3 Gateway endpoint to transfer data over direct connection
No!
299
To use EBS multi what type of EBS volume is needed
Io2 or io1
300
For IAAS what components are responsibility of the customer?
Applications
Data
Runtime
Middleware
OS
301
For PAAS what components are responsibility of the customer?
Applications
Data
302
What database is in-memory, low latency, high performance?
ElastiCache
303
What is EMR?
ETL service. Extract Transform and Load
304
What does a DynamoDB Global table do for you?
Table will be accessible with low-latency in multiple regions
305
What failover type is DynamoDB Global Table?
Active - Active
306
What type of storage does RedShift store data?
Columnar
307
What DB type of DB is RedShift based on?
Postgres
308
What are the performance increase for Redshift?
10X increase
309
Is RedShift OLTP or OLAP?
OLAP - Online Analytical processing
310
What is MPP
Massive Parallel Processing - Used by Redshift
311
Does Redshift have Serverless offering?
YES -
312
What does EMR stand for?
Elastic Map Reduce
313
What does EMR do?
Helps to create Hadoop clusters for vast amounts of data
314
Is Athena Serverless?
YES
315
What use cases for Athena?
Analyze and query
VPN flow logs
ELB logs
CloudTrails
316
DocumentDB is based on....
MongoDB
317
DocumentDB is SQL or NoSQL?
NoSQL
318
What is TimeStream Database
Time Series database -
1000 times faster
1/10th the cost of relational databases
319
What is QLDB
Quantum Ledger Database
Immutable - cannot be modified.
Journal behind the scene
cryptographically verifiable.
320
AWS managed blockchain is a service to...
join public blockchain networks
build your own blockchain
321
AWS Managed blockchain is compatible with what frameworks
HyperLedger Fabric
Ethereum
