Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

AWS Cloud Practitioner Exam > AWS Cloud Practitioner > Flashcards

AWS Cloud Practitioner Flashcards

(51 cards)

Start Studying
1
Q

What are subnets?

A

Subnets are separate areas that are used to group together resources. They are also used to control access/traffic permissions to the gateway.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

T/F: Subnets can be public or private.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are Public subnets?

A

Public subnets contain resources that need to be accessible by the public, such as an online store’s website.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Private subnets?

A

Private subnets contain resources that should be accessible only through your private network, such as a database that contains customers’ personal information and order histories.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a packet?

A

A packet is a unit of data sent over the internet or a network.

When a customer requests data from an application hosted in the AWS Cloud, this request is sent as a packet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

T/F: A packet enters into a VPC through an internet gateway.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

T/F: Before a packet can enter into a subnet or exit from a subnet, it checks for permissions.

A

TRUE - These permissions indicate who sent the packet and how the packet is trying to communicate with the resources in a subnet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

T/F: The VPC component that checks packet permissions for subnets is an instance.

A

FALSE - The VPC component that checks packet permissions for subnets is a network access control list (ACL).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a Network Access Control List?

A

A network access control list (ACL) is a virtual firewall that controls inbound and outbound traffic at the subnet level. The ACL also checks packet permissions for subnets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

T/F: By default, your account’s default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

T/F: For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic to allow.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

T/F: All network ACLs have an explicit deny rule. This rule ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

stateless packet filtering

A

Network ACLs perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound.

When a packet response for that request comes back to the subnet, the network ACL does not remember your previous request. The network ACL checks the packet response against its list of rules to determine whether to allow or deny.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Security groups

A

A VPC component (a virtual firewall) that checks packet permissions and controls inbound and outbound traffic for an Amazon EC2 instance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

T/F: By default, a security group denies all outbound traffic and allows all inbound traffic. You can add custom rules to configure which traffic to allow or deny.

A

FALSE - By default, a security group denies all inbound traffic and allows all outbound traffic. You can add custom rules to configure which traffic to allow or deny.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

T/F; Security groups perform stateful packet filtering. They remember previous decisions made for incoming packets.

A

FALSE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

T/F: Both network ACLs and security groups enable you to configure custom rules for the traffic in your VPC.

A

TRUE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Which VPC component should be used for isolating databases containing customer’s personal information?

A

Private subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Which VPC component should be used for creating a VPN connection between the VPC and the internal corporate network?

A

Virtual private gateway

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Which VPC component should be used for supporting the customer-facing website?

A

Public subnet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Which VPC component should be used for establishing a dedicated connection between the on-premises data center and the VPC?

Study These Flashcards
A

AWS Direct Connect

22
Q

Which statement best describes an AWS account’s default network access control list?

A. It is stateless and denies all inbound and outbound traffic.
B. It is stateful and allows all inbound and outbound traffic.
C. It is stateless and allows all inbound and outbound traffic.
D. It is stateful and denies all inbound and outbound traffic.

Study These Flashcards
A

C. It is stateless and allows all inbound and outbound traffic.

Network access control lists (ACLs) perform stateless packet filtering. They remember nothing and check packets that cross the subnet border each way: inbound and outbound. Each AWS account includes a default network ACL. When configuring your VPC, you can use your account’s default network ACL or create custom network ACLs.

By default, your account’s default network ACL allows all inbound and outbound traffic, but you can modify it by adding your own rules. For custom network ACLs, all inbound and outbound traffic is denied until you add rules to specify which traffic should be allowed. Additionally, all network ACLs have an explicit deny rule. This rule ensures that if a packet doesn’t match any of the other rules on the list, the packet is denied.

23
Q

T/F: Every EC2 instance, when it’s launched, automatically comes with a security group. And by default, the security group does not allow any traffic into the instance at all. All ports are blocked; all IP addresses sending packets are blocked.

24
Q

T/F: You can modify the security group to accept a specific type of traffic.

25
What is the key difference between a security group and a network ACL?
A security group is stateful, meaning it has some kind of memory when it comes to who to allow in or out. In contrast, a network ACL is stateless, which remembers nothing and checks every single packet that crosses its border regardless of any circumstances.
26
What is Route 53?
Route 53 is AWS's domain name service or DNS, and it's highly available and scalable; used to manage the DNS records for domain names.
27
What is Domain Name System (DNS)?
Think of DNS as a translation service. But instead of translating between languages, it translates website names into IP, or Internet Protocol, addresses that computers can read.
28
T or F - You can use Route 53 to register domain names, so you can buy and manage your own domain names right on AWS.
TRUE
29
What is a content delivery network, or CDN?
A CDN is a network that helps to deliver edge content to users based on their geographic location.
30
Which statement best describes DNS resolution? A. Launching resources in a virtual network that you define B. Storing local copies of content at edge locations around the world C. Connecting a VPC to the internet D. Translating a domain name to an IP address
D. Translating a domain name to an IP address
31
Your company has an application that uses Amazon EC2 instances to run the customer-facing website and Amazon RDS database instances to store customers’ personal information. How should the developer configure the VPC according to best practices? A. Place the Amazon EC2 instances in a private subnet and the Amazon RDS database instances in a public subnet. B. Place the Amazon EC2 instances in a public subnet and the Amazon RDS database instances in a private subnet. C. Place the Amazon EC2 instances and the Amazon RDS database instances in a public subnet. D. Place the Amazon EC2 instances and the Amazon RDS database instances in a private subnet.
C. Place the Amazon EC2 instances and the Amazon RDS database instances in a public subnet.
32
Amazon CloudFront?
a content delivery service. You can use CloudFront to store cached copies of your content at edge locations that are close to your customers.
33
T/F - Security groups are stateful and deny all inbound traffic by default.
TRUE - Security groups are stateful. This means that they use previous traffic patterns and flows when evaluating new requests for an instance.
34
Summarize the basic concept of storage and databases. Describe the benefits of Amazon Elastic Block Store (Amazon EBS). Describe the benefits of Amazon Simple Storage Service (Amazon S3). Describe the benefits of Amazon Elastic File System (Amazon EFS). Summarize various storage solutions. Describe the benefits of Amazon Relational Database Service (Amazon RDS). Describe the benefits of Amazon DynamoDB. Summarize various database services.
35
What is an Instance Store?
An instance store provides temporary block-level storage for an Amazon EC2 instance. An instance store is disk storage that is physically attached to the host computer for an EC2 instance, and therefore has the same lifespan as the instance. When the instance is terminated, you lose any data in the instance store.
36
What is the concept of block-level storage?
You can think of block-level storage as a place to store files. A file is a series of bytes that are stored in blocks on a disc. When a file is updated, the whole series of blocks aren't all overwritten. Instead, it updates just the pieces that change. This makes it an efficient storage type when working with applications like databases, enterprise software, or file systems.
37
What is Amazon Elastic Block Store (Amazon EBS)?
Amazon EBS allows you to create virtual hard drives (block-level storage), that we call EBS volumes, that you can attach to your EC2 instances. These are separate drives from the local instance store volumes, and they aren't tied directly to the host that your EC2 is running on. EBS is best for data that requires retention.
38
T/F - If you stop or terminate an Amazon EC2 instance, all the data on the attached EBS volume remains available.
TRUE
39
What are Amazon EBS snapshots?
An EBS snapshot is an incremental backup. This means that the first backup taken of a volume copies all the data. For subsequent backups, only the blocks of data that have changed since the most recent snapshot are saved. Incremental backups are different from full backups, in which all the data in a storage volume copies each time a backup occurs. The full backup includes data that has not changed since the most recent backup.
40
Amazon Simple Storage Service (Amazon S3) - regional object storage
Amazon S3 is an object storage service that stores data as objects within buckets. An object is a file and any metadata that describes the file. A bucket is a container for objects.
41
T/F - Buckets and the objects in them are private and can be accessed only if you explicitly grant access permissions.
TRUE - You can use bucket policies, AWS Identity and Access Management (IAM) policies, access control lists (ACLs), and S3 Access Points to manage access.
42
S3 Standard
* Amazon S3 storage class * Designed for frequently accessed data * Stores data in a minimum of three Availability Zones * S3 Standard provides high availability for objects. This makes it a good choice for a wide range of use cases, such as websites, content distribution, and data analytics. S3 Standard has a higher cost than other storage classes intended for infrequently accessed data and archival storage.
43
S3 Standard-IA
* Amazon S3 storage class; Ideal for infrequently accessed data * Has a lower storage price and higher retrieval price * S3 Standard-IA is ideal for data infrequently accessed but requires high availability when needed. * Both S3 Standard and S3 Standard-IA store data in a minimum of three Availability Zones. S3 Standard-IA provides the same level of availability as S3 Standard but with a lower storage price and a higher retrieval price.
44
S3 Intelligent-Tiering
Amazon S3 monitors objects’ access patterns. If you haven’t accessed an object for 30 consecutive days, Amazon S3 automatically moves it to the infrequent access tier, S3 Standard-IA. If you access an object in the infrequent access tier, Amazon S3 automatically moves it to the frequent access tier, S3 Standard.
45
S3 Glacier
S3 Glacier is a low-cost storage class ideal for data archiving. You can retrieve objects stored in the S3 Glacier storage class within a few minutes to a few hours.
46
You want to store data that is infrequently accessed but must be immediately available when needed. Which Amazon S3 storage class should you use?
S3 Standard-IA
47
S3 Glacier Deep Archive
A low-cost storage class that ideal for data archiving. By comparison, you can retrieve objects stored in the S3 Glacier Deep Archive storage class within 12 hours.
48
S3 One Zone-Infrequent Access (S3 One Zone-IA)
* Stores data in a single Availability Zone * Has a lower storage price than S3 Standard-IA Compared to S3 Standard and S3 Standard-IA, which store data in a minimum of three Availability Zones, S3 One Zone-IA stores data in a single Availability Zone. This makes it a good storage class to consider if the following conditions apply: * You want to save costs on storage. * You can easily reproduce your data in the event of an Availability Zone failure.
49
What are three benefits of Amazon S3 (Amazon Simple Storage Service)?
1. unlimited storage, with individual objects at 5,000 gigabytes in size, 2. specializes in write once/read many 3. 99 .999 999 999% durable
50
Amazon Elastic File System (Amazon EFS)
Amazon EFS is a regional service. It is a scalable file system used with AWS Cloud services and on-premises resources. It stores data in and across multiple Availability Zones. The duplicate storage enables you to access data concurrently from all the Availability Zones in the Region where a file system is located. Additionally, on-premises servers can access Amazon EFS using AWS Direct Connect. As you add and remove files, Amazon EFS grows and shrinks automatically. It can scale on demand to petabytes without disrupting applications.
51
T/F - File storage is ideal for use cases in which a large number of services and resources need to access the same data at the same time.
TRUE - In file storage, multiple clients (such as users, applications, servers, and so on) can access data that is stored in shared file folders. In this approach, a storage server uses block storage with a local file system to organize files. Clients access data through file paths.

AWS Cloud Practitioner Exam (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions