All

Question 1

S3 - How is a key defined?

Answer 1

A key acts as a file name.

It can include (back) slashes, dots or dashes.

Question 2

S3 - What is the durability / accessibility of S3 Standard?

Answer 2

99. 999999999% durability and

99. 99% availabiliy

Question 3

S3 - How is data consistency handled?

Answer 3

For PUT of new items AWS provides read-after write concistency.
For DELETE and PUT on existing objects eventual concistency (Because the files are stored across multiple data centers)

Question 4

S3 - Describe S3 Standard - Infrequent Access?

Answer 4

Same duability as Standard.
Storage costs are lower, but there is a retrieval fee.
Also the size min. is 128KB and the duration is set to a min. of 30 days

Question 5

S3 - What is a typical object lifecycle?

Answer 5

• Initially store in S3 Standard
• After 30 days transition to S3 IA
• After 90 days transition to Glacier
• After 3 years delete the file

Question 6

S3 - What is SSE-S3?

Answer 6

“Check-Box style” ecryption

AWS handles key management and key protection

Question 7

S3 - What is SSE-KMS?

Answer 7

Fully integrated solution, Amazon handles the users key management und protection, but the user manages the keys

Question 8

S3 - What is SSE-C?

Answer 8

User maintains own encryption keys, but Amazon handles the library implementation

Question 9

S3 - What is Client-Side encryption?

Answer 9

Data is ecrypted on the client side before the data is sent to S3

Question 10

S3 - What is MFA Delete Protection?

Answer 10

For a delete request the authorization with a MFA device is needed alongside the normal user/password route

Question 11

S3 - What are Pre-Signed URLs?

Answer 11

Private items be made “public” for a certain time duration

Question 12

S3 - What is cross-region replication?

Answer 12

For latency and performance reasons objects can be located in S3 buckets across different regions.
Required:
- IAM policy to enable S3 to sent the files to another region
- Versioning must be turned on

Question 13

EC2 - What defines an instance type?

Answer 13

1. Count of virtual CPUs
2. Memory
3. Storage in type and size
4. Network performance

Question 14

EC2 - What is enhanced networking?

Answer 14

Reduces impact of the virtualization on the networking capabilities.
Results in lower latency, more packets and less jitter

Question 15

EC2 - What defines an AMI?

Answer 15

• The operating system
• The state of patches
• The installed applications or other system software

Question 16

EC2 - What are the typs of AMIs?

Answer 16

• Published by AWS
• Maketplace AMIs
• AMIs from existing instances or backups
• From AWS VM Import/Export

Question 17

EC2 - How can you access an instance from the web?

Answer 17

• Assign a public or elastic IP or use the DNS for the instance
• Make sure that the route table, security group and NACL allow access

Question 18

EC2 - Does an EC2 instance need a security group?

Answer 18

Yes, at least one security group must be attached to the instance

Question 19

EC2 - What kind of source/destinatons are allowed in a Security Group?

Answer 19

CIDR IP blocks or other security groups

Question 20

EC2 - Can you export a VM and import it to AWS?

Answer 20

Yes, using AWS VM Import/Export.

Instances from AMIs cannot be exported (and used in another data center)

Question 21

EC2 - How can an instance be resized?

Answer 21

Stop the instance.

Change the type using the “Change Instance Type” setting

Question 22

EC2 - Can you change the Security Group on a running instance?

Answer 22

Yes, also rules in a security group can be changed and take effect immediately

Question 23

EC2 - What is Termination Protection?

Answer 23

No instance can be terminated before this setting is manually deselected.
Does not prevent Spot Instances to be terminated.

Question 24

EC2 - How can an EC2 reserved instance be modified?

Answer 24

• Switch the AZ in the same region

- Change the instance type in the same instance family

Question 25

EC2 - Describe the tenancy options for instances

Answer 25

Shared Tenancy: Host has instances from all customers
Dedicated Instance: Instance (Server) is used by the custome
Dedicated Host: Entire rack is used by the customer

Question 26

EC2 - What is Instance Store?

Answer 26

Storage located directly on the hadware (Not netwok storage like EBS)
Storage and usage costs are included in the instance costs.
Data will be lost if the instance goes down.
Instances can only be terminated, not sopped.

Question 27

EC2 - Are EBS volumes replicated on the Availability Zones?

Answer 27

They are replicated inside their AZ, but not across them

Question 28

EC2 - Can you use muliple EBS devices on a single instance?

Answer 28

Yes, they can also be combined using RAID.
But while one instance can have multiple volumes, a volume can only be attached to a single instance. (Use EFS for that case)

Question 29

EC2 - What is a magnetic EBS volume?

Answer 29

They are using magnetic hard disks, which are cost-effective and range from 1GB to 1TB.
By default it has (only) 100 IOPS, but can burst.

Question 30

EC2 - What is a magnetic EBS volume used for?

Answer 30

• If data is accessed infrequently
• For sequential reads
• Low storage costs are required

Question 31

EC2 - How are (max.) IOPS calculated for standard EBS volumes?

Answer 31

Based on the storage capacity, 3 IOPS are given to every GB (300 IOPS for 100GB e.g.)
But the IOPS are capped to 10.000.

Question 32

EC2 - How are EBS volumes billed?

Answer 32

Based on the allocated storage capacity (regardless what is really used)

Question 33

EC2 - What are the max. volume sizes and throughputs of the EBS volume types?

Answer 33

General: 1GB - 16TB/ 160MB
Provisioned: 4GB - 32TB / 320MB
Magnetic: 1GB - 1TB / 40-90MB

Question 34

EC2 - Where are EBS snaphots located?

Answer 34

In S3, but they are not visible to the customer in the buket

Question 35

EC2 - Can you use an EBS snapshot in another region?

Answer 35

No, they can only be attached to an instance in the same region.
But they can be copied and therefore transferred to another region.

Question 36

EC2 - What does it mean that data is “lazily loaded”?

Answer 36

When a volume is restored the volume is accessible but the data might not be present, but is loaded on request.
Therefore on restoring all the blocks should called and therefore be present when customers are using it

Question 37

EC2 - How can you increase the size of a running EBS volume?

Answer 37

1. Create a snaphot

2. Create another volume (if increased size) form that volume

Question 38

EC2 - Are files on a EBS volume encrypted at rest?

Answer 38

Yes, using KMS.

The are also encrypted on transit between the instance and the volume

Question 39

VPC - What is the smallest/largest IP range in a VPC?

Answer 39

/28 (16 IPs)

/16 (65.536 IPs)

Question 40

VPC - What are the core components of a VPC?

Answer 40

• Subnets
• Route Table
• Security Groups
• Network Control Access Lists

Question 41

VPC - What is the difference between a public and private subnet?

Answer 41

Route table does / does not route traffic to/from the internet

Question 42

VPC - What is the “local” route in the route table?

Answer 42

It enables communication within the VPC.

The local route cannot be modified or removed.

Question 43

VPC - What is the purpose of the Internet Gateway?

Answer 43

Handles requests form / to the internet from the Route Table.
It translates the internal IPs from services and instances to the public IPs (EC2 instances only know their internal IP)

Question 44

VPC - How to create a public subnet with access to the internet with an IGW?

Answer 44

• Attach the Internet Gateway
• Create a route to/from 0.0.0.0/0
• Configure NACL and Security Groups

Question 45

VPC - Can you transfer an Elastic IP to anotther region?

Answer 45

No, they are locked to a region (used for local routing etc.)

Question 46

VPC - What is the purpose of a VPC endpoint?

Answer 46

Enables a private connection for AWS Services without the need to access the internet or a NAT gateway

Question 47

VPC - What is the purpose of VPC Peering?

Answer 47

Connection with other VPC, in your own account or with someone else.
But is always limited to the same region

Question 48

VPC - What are the restrictions for VPC Peering?

Answer 48

• There cannot be overlapping CIDR blocks
• Must be in the same region
• Transitive routing is not allowed
• Only one connection from VPC to VPC

Question 49

VPC - What are the default Security Group rules for in-/outbound traffic ?

Answer 49

Per default no inbound traffic is allowed

Outbound traffic is allowed, but can be changed.

Question 50

VPC - Can (per default) instances with the same Security Group talk to each other?

Answer 50

No, only if this is set up

Question 51

VPC - Will be changes to the Security Group have immediate effect?

Answer 51

Yes

Question 52

VPC - What are the differences between Security Groups and the NACL?

Answer 52

Instance Level / Subnet Level
Only allow rules / allow and deny rules
Stateful / Stateless
Evaluates all rules / Processes in ordered list

Question 53

VPC - What is a NAT instance?

Answer 53

EC2 Instance with a special AMI.
Allowed private instances to communicate to the internet (for updates e.g.)
The source/destination check needs to be disabled for the connection to work.

Question 54

VPC - How can you connect AWS to another data center?

Answer 54

Using a Virtual Private Gateway (VPG) or a Customer Gateway (CGW)

Question 55

CloudWatch - What are the two packages?

Answer 55

Basic: Free, data point every 5min, limited preselected metrics
Detailed: every minute, more and custom metrics, data aggregation

Question 56

ELB - Can you target more than one AZ?

Answer 56

Yes, but not regions (use Route53)

Question 57

ELB - What is Idle Connection Timeout?

Answer 57

When using the ELB, there is one connection to the client and one to the backend servers.
This connection will be automatically closed once there was no message after a certain time

Question 58

ELB - What is Cross-Zone Load Balancing?

Answer 58

Being enabled it is possible to handle all instances as if they would be in one AZ, meaning there could be 1 instance in one AZ and 5 in another.
It is still recommended that there should be an equal amount of instances in each AZ

Question 59

ELB - What is Connection Draining?

Answer 59

It stops sending requests to unhealthy instances, but does not cancel open connections

Question 60

ELB - What is a Proxy Protocol?

Answer 60

It sends anoter header with information about the request to the backend instance

Question 61

ELB - What are Sticky Sessions?

Answer 61

Binds the session to a specific instance, so the customer will always be directed to this instance.
ELB can use it’s own cookie or use a custom cookie

Question 62

ELB - What are Health Checks?

Answer 62

ELB checks if the instance is responding (InService) or not (OutOfService)
There are three types of checks: Ping, loading a page o opening a connection

Question 63

CloudWatch - Limits of Cloudwatch

Answer 63

5000 Alarms per Account

Metrics are retained for two weeks (can be stored in S3 to keep longer)

Question 64

Auto Scaling - What is scheduled scaling?

Answer 64

Scale up or down based on scheduled events, for example the release of a product or an end of the month event

Question 65

Auto Scaling - What are the basic components?

Answer 65

Launch configuration, Autoscaling Group and scaling policy (optional)

Question 66

Auto Scaling - What is the Launch Configuration?

Answer 66

Which AMI, what instance type, what security group and the key pair.

Question 67

Auto Scaling - What is needed for the Auto Scaling Group?

Answer 67

Required: Min. Size and max. capacity
Optional: Desired capacity

Question 68

Auto Scaling - What instance groups can be used?

Answer 68

On-Demand or Spot

Question 69

Auto Scaling - How does the scaling policy work?

Answer 69

The Auto Scaling is associated with CloudWatch to monitor the instances, when a certain threshold is reached it will scale in or out

Question 70

Auto Scaling - Why should be scaling in be slower than scaling out?

Answer 70

• Instances are billed for one hour, so it does not make sense to waste that
• Maybe there will be another spike in a short time, then another instance would be needed

Question 71

IAM - What is the best practice for the root account?

Answer 71

Only use it once to create individual IAM users and then store the root credentials safely away

Question 72

IAM - How does an EC2 instance communicate to S3?

Answer 72

EC2 assumes a role that has the adequate rights to use S3

Question 73

IAM - How can other accounts be granted access?

Answer 73

By assigning them with (temporary) roles for the services they need to communicate to

Question 74

IAM - What is Identity Federation?

Answer 74

Authentication is done by another service, like Facebook

Question 75

IAM - How can you authenticate to AWS?

Answer 75

With Username/Password, Access Key/AcessID, or Access Key/Session Token

Question 76

IAM - What is included in a policy?

Answer 76

Effect (allow / deny)
Service
Resource
Action (Read, write e.g.)
Condition (schedule, IP range)

Question 77

DB - How are licences handled for oracle and MS SQL Server?

Answer 77

They can either be included in the instance, or brought in by the user

Question 78

DB - How is Aurora structured?

Answer 78

Aurora comes automatically with a cluster that has instances in multiple AZs.
There is one primary Instance (read/write) and up to 15 replicas (read)

Question 79

DB - What two options does RDS provide for backups?

Answer 79

Automated backups and manual snapshots

Question 80

DB - Why should you use Multi-AZ for snapshots?

Answer 80

Backups are taken from the standby, therefore not shorten the latency from the main

Question 81

DB - For which cases is Multi-AZ the failover?

Answer 81

• AZ is not reachable
• Network failure to the primary database
• Compute unit failed
• Storage unit failed

Question 82

DB - Can you perform a manual failover?

Answer 82

Yes

Question 83

DB - How can a running RDS instaced be scaled out?

Answer 83

Scheduling it with the next maintenance window or manually trigger it.
The database will be migrated with not much loss in performance

Question 84

DB - Describe a scenario for Read Replicas?

Answer 84

Blog with a lot of read, but not much write traffic

Question 85

DB - Is it possible to have Read Replicas in different Regions?

Answer 85

Yes

Question 86

DB - What is a Redshift cluster?

Answer 86

A cluster is composed of a leader node and multiple compute nodes.
Client Applications only interact with the leader node.

Question 87

DB - What happens when Redshift is resized?

Answer 87

Redshift creates a new cluster and migrates all the data to it

Question 88

DB - How to set up / change DynamoDB

Answer 88

User will define the read / write capacity, AWS will provide the right hardware.
Infrastructure will be added in runtime when the requirements change

Question 89

DB - How is Multi-AZ set up for DynamoDB?

Answer 89

It is automatically configured inside the region

Question 90

DB - In DynamoDB, what is a Eventually Consistent Read?

Answer 90

Since the data is replicated some of the written data might be inconsistent (1sec window)

Question 91

DB - In DynamoDB, what it a Strongly Consistent Read?

Answer 91

Before giving out data it makes sure all nodes have the same data

Question 92

SQS - Describe the message lifecyle in three steps

Answer 92

Message is send and distributed across multiple SQS Servers
Being taken and processed, it remains in the queue, but is not visible to be received again.
The “taker” sends a request to delete the message

Question 93

SQS - What is a Delay Queue?

Answer 93

A time where is message is in the queue, but invisible for the consumers

Question 94

SQS - How to trigger the deletion of the message

Answer 94

Send a request with the handle ID

Question 95

SQS - What is long polling?

Answer 95

If no message is in the queue wait a certain amount of time until breaking the connection.
This reduces CPU load.

Question 96

SQS - What is a dead letter queue?

Answer 96

If a service cannot process a message, for whatever reason, it can move the message to another queue, the “dead letter queue”

Question 97

SWF - What is SWF?

Answer 97

Is a task organiser for workloads with multiple tasks that cannot be done synchronously .

Tasks are assigned to workers, who do the task and return the info to the Decider

Question 98

Route53 - What is a host?

Answer 98

Individual computer or service accessed through a domain

Question 99

Route53 - What is a Name Server?

Answer 99

Computer designated to translate names into IP addresses

Question 100

Route53 - What three steps are taken for DNS resolution?

Answer 100

1. Check host file
2. Check DNS cache
3. Contact DNS Server

Question 101

Route53 - What is A / AAAA?

Answer 101

Mapping of a host to a IPv4/IPv6 address

Question 102

Route53 - What is a CNAME?

Answer 102

Points subdomains to a domain

Question 103

Route53 - What is a Pointer (PTR)?

Answer 103

Maps IPs to DNS names

Question 104

Route53 - What is the Sender Policy Framework?

Answer 104

Ensures that mails are send from the server the DNS name is mapped to

Question 105

Route53 - What are the three main functions for Route53?

Answer 105

DNS Service
Domain registration
Health checks

Question 106

Route53 - What resources can Route53 route to?

Answer 106

CloudFront
ElasticLoadBalancers
S3
EC2

Question 107

Route53 - What are public/private Hosted Zones?

Answer 107

Private: Information about how to route traffic in the VPC
Public: How to route traffic on the Internet

Question 108

Route53 - What is a routing policy?

Answer 108

Determines how Route53 handles queries.

Can be simple, weighted, latency based, failover or geolocation based

Question 109

Route53 - What is Simple Routing?

Answer 109

Directly routes to one resource

Question 110

Route53 - What is Weighted Routing?

Answer 110

Multiple resources.

Every resource gets a value which determines their priority in the routing

Question 111

Route53 - What is Latency Based Routing?

Answer 111

Pings all resources, smallest value will be the target

Question 112

Route53 - What is Failover Routing?

Answer 112

Determines what happens if the main resource is not available

Question 113

Route53 - What is Geolocation Routing?

Answer 113

Based on the IP of the user.

Routes to Continents, Countries or even States

Question 114

Elasticache - What is the cache-aside pattern?

Answer 114

App checks the cache first, if no entry found the the value is taken from the database and then stores in the cache

Question 115

Elasticache - Difference Redis / Memcached?

Answer 115

Memcached is easier to set up and can scale very easily by using partitions.
Redis has more data types, can be persisted and uses read replicas

Question 116

Elasticache - How to vertically scale Elasticache

Answer 116

It is not possible to scale to runtime.
You need to create a new cluster.
For memcached that means losing the whole cache, for redis a snapshot can be used

Question 117

Elasticache - Is it possbile to create Multi-AZ in Elasticache?

Answer 117

Yes

Question 118

CloudFront - What is a CDN?

Answer 118

Distributed network of caching servers to speed up content delivery world wide

Question 119

CloudFront - What happens when a file is not in an edge location?

Answer 119

It will be retrieved from the origin server and then cached

Question 120

CloudFront - Explain Distribution, Origin and Cache Control

Answer 120

Distributions: Name under which the CDN can be accessed
Origins: Where the files come from
Cache Control: How long items should be in cache