AWS Cloud Practitioner Flashcards

Question

Describe how permissions should generally be applied across users and groups

Answer 1

You should try to create groups with certain permissions, and then add users to their respective groups so that they inherit those permissions.

Answer 2

- Have a strong password rotation policy | - Always enable MFA wherever possible

Answer 3

An access key

Answer 4

To audit the permissions of your users and accounts

Answer 5

Passwords, access keys, and MFA

Answer 6

Simple Storage Service

Answer 7

- object | - flat

Answer 8

0 bytes to 5tb

Answer 9

None, storage is unlimited

Answer 10

- universal | - globally unique

Answer 11

- Key value pairs - Key - Value

Answer 12

- Standard - Standard Infrequently Accessed (IA) - One Zone IA - Intelligent Tiering - Glacier - Glacier Deep Archive

Answer 13

General purpose storage for any type of data, typically used for frequently accessed data

Answer 14

Automatic cost savings for data with unknown or changing access patterns

Answer 15

For long lived but infrequently accessed data that needs millisecond access

Answer 16

For re-creatable infrequently accessed data that needs millisecond access. It is called One Zone because data is stored in a single Availability Zone and would be lost in the event of AZ destruction

Answer 17

For long-term backups and archives with retrieval options from 1 minute to 12 hours

Answer 18

For long-term data archiving that is accessed once or twice a year and can be restored within 12 hours

Answer 19

Flat file storage

Answer 20

- Globally | - Individual Regions

Answer 21

- Static websites | - If you need to have a database

Answer 22

Because S3 scales automatically to meet demand i.e. a static website where you expect a lot of traffic

Answer 23

- Bucket policies - Object policies - IAM policies to Users & Groups

Answer 24

Across the whole bucket

Answer 25

To individual files

Answer 26

Users and Groups

Answer 27

- S3 stores versions of all objects - Great backup tool - Cannot be disabled - MFA delete capability

Answer 28

Amazon's Content Delivery Network (CDN)

Answer 29

The location where content will be cached. This is separate to an AWS region or AZ

Answer 30

The origin of all the files that the CDN will distribute. This can either be an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53

Answer 31

This is the name given to the CDN which consists of a collection of Edge Locations

Answer 32

Media Streaming

Answer 33

Read and write

Answer 34

The Time to Live (TTL)

Answer 35

Elastic Compute Cloud

Answer 36

A web service that provides resizable compute capacity in the cloud

Answer 37

- Reduces the time required to obtain and boot a new server instance to minutes - Allows you to quickly scale capacity up and down as requirements change

Answer 38

- On Demand - Reserved - Spot - Dedicated host

Answer 39

Allows you to pay a fixed rate by the hour or by the second with no commitment

Answer 40

Provides you with a capacity reservation, and offers a significant discount on the hourly charge for an instance. Contract terms are 1 year or 3 years.

Answer 41

Enables you to bid whatever price you want for instnace capacity, providing for even greater savings if your applications have flexible start times and end times.

Answer 42

Provides access to a physical EC2 server dedicated for your use. Dedicated host can help to reduce costs by allowing you to use your existing server-bound software licenses.

Answer 43

Fight Dr McPxz AU

Answer 44

High disk throughput

Answer 45

Cheap general purpose i.e. T2 micro free tier

Answer 46

Main choice for general purpose apps

Answer 47

Graphics (think pics)

Answer 48

Extreme memory

Answer 49

Extreme memory and CPU

Answer 50

Arm based workloads

Answer 51

Bare metal

Answer 52

- General purpose SSD (GP2) - Provisioned IOPS SSD (IO1) - Throughput Optimized HDD (ST1) (magnetic) - Cold HDD (SC1) (magnetic) - Magnetic (previous gen)

Answer 53

- General purpose SSD | - Balances price and performance for a wide variety of workloads

Answer 54

- Provisioned IOPS SSD | - Highest performance SSD volume for mission critical low latency or high throughput workloads

Answer 55

- Throughput Optimized HDD - Magnetic - Low cost HDD volume designed for frequently accessed, throughput intensive workloads

Answer 56

- Cold HDD - Magnetic - Lowest cost HDD volume designed for less frequently accessed workloads like file servers

Answer 57

True! EC2 is a server!

Answer 58

A private key

Answer 59

- SSH | - Port 22

Answer 60

- Remote Desktop Protocol | - Port 3389

Answer 61

Virtual firewall that opens specific ports for usage

Answer 62

- Failure | - Availability Zone

Answer 63

Using Roles

Answer 64

- Any time | - Changes take effect immediately

Answer 65

No, roles are universal

Answer 66

- Application load balancers - Network load balances - Classic load balancers

Answer 67

They are layer 7 aware meaning they can make intelligent decisions

Answer 68

- Extreme performance | - Static IP addresses

Answer 69

- Used for testing and development | - Keep costs low

Answer 70

Relational Database Service

Answer 71

- SQL/OLTP - SQL - MySQL - PostgreSQL - Oracle - Aurora - MariaDB

Answer 72

Redshift OLAP

Answer 73

Full managed in-memory data store, coompatible with Redis or Memcached. It takes a load off of the production db.

Answer 74

- Multi AZ for disaster recovery | - Read replicas for performance

Answer 75

AWS DNS service

Answer 76

Domain Name Service

Answer 77

To resolve domain names to IP addresses

Answer 78

An easy to use service for deploying and scaling web applications and services with familiar languages and servers without worrying about the infrastructure that runs those applications. Simply upload an app and Elastic Beanstalk automatically handles the details of capacity provisioning, load balancing, scaling, app health monitoring, etc

Answer 79

CloudFormation gives you an easy way to model a collection of related AWS and third party resources, provision them quickly and consistently, and manage them throughout their lifecycles by treating infrastructure as code. - You can create CloudFormation templates that describes the resources you want to use - The service is free but the resources are not

Answer 80

- IAM - Route 53 - CloudFront - SNS/SES - S3

Answer 81

- Snowball - Snowball Edge - Storage Gateway - Code Deploy - Opsworks - IoT Greengrass

Answer 82

CloudWatch is a monitoring and observability service. It provides you with data and actionable insights to monitor your applications, respond to system wide performance changes, optimize resource utilization, and get a unified view of operational health.

Answer 83

- 5 minutes | - 1 minute

Answer 84

By creating CloudWatch Alarms

Answer 85

Performance

Answer 86

Systems Manager gives you visibility and control of your infrastructure on AWS. it provides a unified user interface so you can view operational data from multiple AWS services and automate operational tasks across your AWS resources as well as group resources.

Answer 87

CloudWatch

Answer 88

A virtual disk that can be attached to EC2. The size of the disk can be changed, but it is not done automatically.

Answer 89

A virtual disk that can be attached to EC2, and the size of the disk is elastic

Answer 90

They are both virtual disks in the cloud, but EBS size cannot be changed automatically whereas EFS is elastic.

Answer 91

Global Accelerator is a networking service that sends your user's traffic through AWS global network infrastructure, improving user performance by up to 60%. When the internet is congested, Global Accelerator's automatic routing optimizations will help keep packet loss, jitter, and latency consistently low.

Answer 92

Capex stands for Capital Expenditure which is where you pay up front. It's a fixed, sunk cost.

Answer 93

Opex stands for operational expenditure which is where you pay for what you use. Think of utility billing such as electricity, gas, water, etc

Answer 94

- Pay as you go - Pay for what you use - Pay less as you use more - Pay even less when you reserve capacity

Answer 95

Allows you to pay a fixed rate by the hour or by the second with no commitment

Answer 96

Provides you with a capacity reservation, and offers a significant discount on the hourly charge for an instance. Contract terms are 1 year or 3 years.

Answer 97

Enables you to bid whatever price you want for instance capacity, providing for even greater savings if your applications have flexible start and end times.

Answer 98

Physical EC2 server dedicated for your use. Dedicated hosts can help you reduce costs by allowing you to use your existing server bound software licenses.

Answer 99

- VPC - Elastic Beanstalk - CloudFormation - Identity Access Manager (IAM) - Auto Scaling - Opsworks - Consolidated Billing

Answer 100

Budgets is used to budget or predict costs BEFORE they are incurred

Answer 101

Cost Explorer is used to explore cost AFTER they have been incurred

Answer 102

Enterprise

Answer 103

None guaranteed

Answer 104

- General Guidance, 24hrs | - System Impaired, 12hrs

Answer 105

- General Guidance, 24hrs - System Impaired, 12hrs - Production Impaired, 4hrs - Production Down, 1hr

Answer 106

- General Guidance, 24hrs - System Impaired, 12hrs - Production Impaired, 4hrs - Business Critical System Down, 15min

Answer 107

Tags are key value pairs attached to AWS resources

Answer 108

Data about data

Answer 109

Resource groups make it easy to group resources using the tags that are assigned to them. You can group resources that share one or more tags.

Answer 110

Tag Editor is a global service that allows us to discover resources and to add additional tags to them as well.

Answer 111

False. The paying account should be used for billing purposes only. Do not deploy resources to the paying account.

Answer 112

CloudTrail is enabled per AWS account and is enabled per region

Answer 113

- Turn on CloudTrail in the paying account - Create an S3 bucket with a policy that allows cross-account access - Turn on CloudTrail in the other accounts and use the bucket in the paying account

Answer 114

They are applied across the group

Answer 115

AWS Quick Start is a way of deploying environments quickly, using CloudFormation templates built by AWS Solutions Architects who are experts in that particular technology

Answer 116

AWS Landing Zone is a oslution that helps customers more quickly set up a secure multi-account AWS environment on AWS best practices

Answer 117

Simple Monthly Calculator is used to calculate your running costs on AWS on a per month basis. It is not a comparison tool.

Answer 118

TCO calculator is used to compare costs of running your infrastructure on premise vs in the AWS cloud. It will generate reports that you can give to C-level execs to make a business case to move to the cloud.

Answer 119

- Customer Data - Platform, apps, identity and access management - operating system, network and firewall configuration - client side data, encryption, and data integrity - server side encryption - network traffic protection

Answer 120

- Software - Compute - Storage - Database - Networking - Hardware/AWS Global Infrastructure - Regions - AZs - Edge Locations

Answer 121

Encryption

Answer 122

- Operational Excellence | - Reliability

Answer 123

Loose coupling

Answer 124

Think Parallel

Answer 125

IAM Policy Simulator

Answer 126

Create an IAM Role and have the application assume the role.

Answer 127

Identities

Answer 128

Security group

Answer 129

AWS Organizations

Answer 130

Network ACL

Answer 131

AWS CodeStar

Answer 132

CodePipeline

Answer 133

Internet gateway

Answer 134

Auto Scaling

Answer 135

S3 Lifecycle Policy

AWS Cloud Practitioner Flashcards

(182 cards)