AWS Cloud Technical Essentials Flashcards
(152 cards)
1
Q
It is the on-demand delivery of IT resources over the internet with pay-as-you-go pricing. Instead of buying, owning, and maintaining physical data centers and servers, you can access technology services, such as computing power, storage, and databases, on an as-needed basis from a cloud provider.
A
Cloud Computing
2
Q
What are the 6 benefits of Cloud Computing?
A
- Pay as you go (Elasticity)
- Benefit from massive economies of scale (Cost Savings)
- Stop guessing capacity (Elasticity)
- Increase speed and agility (Agility)
- Stop sending money running and maintaining data centers (Cost Savings)
- Go global in minutes
3
Q
What are the types of Cloud Computing?
A
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
- Software as a Service (SaaS)
4
Q
It contains the basic building blocks for cloud IT. It typically provides access to networking features, computers (virtual or on dedicated hardware), and data storage space. IaaS gives you the highest level of flexibility and management control over your IT resources. It is most similar to the existing IT resources with which many IT departments and developers are familiar.
A
IaaS
5
Q
It removes the need for you to manage underlying infrastructure (usually hardware and operating systems), and allows you to focus on the deployment and management of your applications. This helps you be more efficient as you don’t need to worry about resource procurement, capacity planning, software maintenance, patching, or any of the other undifferentiated heavy lifting involved in running your application.
A
PaaS
6
Q
It provides you with a complete product that is run and managed by the service provider. In most cases, people referring to SaaS are referring to end-user applications (such as web-based email). With a SaaS offering, you don’t have to think about how the service is maintained or how the underlying infrastructure is managed. You only need to think about how you will use that particular software.
A
SaaS
7
Q
What are the types of Cloud Computing?
A
- Cloud
- Hybrid
- On-premises
8
Q
What are clusters of Data Centers?
A
Availability Zone or AZ
An AZ consists of one or more data centers with redundant power, networking, and connectivity. These data centers operate in discrete facilities with undisclosed locations. They are connected using redundant high-speed and low-latency links.
If you see that a resource exists in us-east-1c, you know this resource is located in AZ c of the us-east-1 Region.
9
Q
What are clusters of AZs called?
A
Region
10
Q
What are the four aspects of choosing a Region?
A
- Compliance - Enterprise companies often need to comply with regulations that require customer data to be stored in a specific geographic territory.
- Latency - IT resources have to be close to your user base
- Price - Prices may vary per region due to local economy and physical nature of operating data centers
- Service Availability - Not all services are available in every region
11
Q
It consists of Edge locations and regional Edge caches. These are used to cache content closer to end users, thus reducing latency.
A
Global Edge Network
You can use services like Amazon CloudFront to cache content using the Edge locations.
12
Q
These are geographic locations worldwide where AWS hosts its data centers. AWS Regions are named after the location where they reside.
A
Regions
13
Q
Where is the AWS Cloud Infrastructure built around?
A
AWS Regions and Availability Zones
14
Q
It is the URL of the entry point for an AWS web service.
A
AWS Service Endpoint
15
Q
What are the types of AWS Service Endpoints?
A
- Regional
- Global
- Federal Information Processing Standard (FIPS) - FIPS endpoints use a TLS software library that complies with FIPS 140-2. These endpoints might be required by enterprises that interact with the United States government. With FIPS endpoints, the minimum requirement is TLS 1.2. Recommended is TLS 1.3.
- Dual Stack - These endpoints can be accessed using either IPv4 or IPv6 requests.
16
Q
What does API stand for?
A
Application Program Interface
17
Q
How to make API calls in AWS or how do you connect to AWS?
A
- AWS Management Console - This is a web-based method that you log into from your browser.
- AWS Command Line Interface (CLI)
- AWS Software Development Kits (SDK)
18
Q
Who is responsible for the security in AWS Cloud?
A
This is a shared responsibility between AWS and the customer.
19
Q
What part of the Shared Responsibility Model is AWS responsible for?
A
AWS is responsible for security of the cloud. This means AWS is required to protect and secure the infrastructure that runs all the services offered in the AWS Cloud. AWS is responsible for:
- Protecting and securing AWS Regions, Availability Zones, and data centers, down to the physical security of the buildings
- Managing the hardware, software, and networking components that run AWS services, such as the physical server, host operating systems, virtualization layers, and AWS networking components
20
Q
Provide the 3 categories of AWS Services.
A
- Infrastructure Services - Compute services, such as Amazon Elastic Compute Cloud (Amazon EC2
- Container Services - Services that require less management from the customer, such as Amazon Relational Database Service (Amazon RDS). Container services refer to AWS abstracting application containers behind the scenes, not Docker container services. This enables AWS to move the responsibility of managing that platform away from customers.
- Abstracted Services - Services that require very little management from the customer, such as Amazon Simple Storage Service (Amazon S3)
21
Q
What part of the Shared Responsibility Model is the customer responsible for?
A
You’re responsible for security in the cloud. When using any AWS service, you’re responsible for properly configuring the service and your applications, as well as ensuring your data is secure.The level of responsibility you have depends on the AWS service. Some services require you to perform all the necessary security configuration and management tasks, while other more abstracted services require you to only manage the data and control access to your resources.
22
Q
Who is responsible for Hardware or AWS Global Infrastructure?
A
AWS
23
Q
Who is responsible for Regions, AZs, and Edge Locations?
A
AWS
24
Q
Who is responsible for the infrastructure in various software components that run AWS services?
A
AWS
25
Who is responsible for compute databases, storage, and networking?
AWS
26
Who is responsible for securing services from the host operating system up through the virtualization layer?
AWS
27
Who manages the physical host the VM is placed on as well as everything through the hypervisor level?
AWS
28
Who is responsible for patching the host operating system and the hypervisor?
AWS
29
Who is responsible for the underlying hardware up through the virtualization layer?
AWS
30
Who is responsible for the security in the Cloud?
Customer
31
Who is responsible for patching the operating systems of the customers' VMs?
Customer
32
Who is responsible for the security of the base layer in the Cloud?
AWS
33
Who is responsible for encrypting the data in transit and at rest?
Customer
34
Who is responsible for configuring firewalls in the Cloud?
Customer
35
Who is responsible for defining user access?
Customer
36
Who owns the customer's data in AWS?
Customer
37
Does the Shared Responsibility Model vary from service to service?
Yes
38
Who is responsible for Platform, applications, identity and access management?
Customer
39
Who is responsible for the security of the Cloud?
AWS
40
Who is responsible for protecting and securing AWS Regions, Availability Zones, and data centers, down to the physical security of the buildings?
AWS
41
Who is responsible for managing the hardware, software, and networking components that run AWS services, such as the physical server, host operating systems, virtualization layers, and AWS networking components
AWS
42
Who is responsible for managing the underlying infrastructure and foundation services?
AWS
43
Who is responsible for managing the underlying infrastructure and foundation services, operating system, and application platform?
AWS
44
Who is responsible for operating the infrastructure layer, operating system, and platforms, as well as server-side encryption and data protection?
AWS
45
Who is responsible for controlling the operating system and application platform, as well as encrypting, protecting, and managing customer data?
Customer
46
Who is responsible for customer data, encrypting that data, and protecting it through network firewalls and backups?
Customer
47
Who is responsible for managing customer data and protecting it through client-side encryption?
Customer
48
Who is responsible for choosing a Region for AWS resources in accordance with data sovereignty regulations?
Customer
49
Who is responsible for implementing data protection mechanisms, such as encryption and managing backups?
Customer
50
Who is responsible for using access control to limit who has access to your data and AWS resources?
Customer
51
Who is responsible for patching and fixing flaws within the infrastructure?
AWS
52
Who is responsible for patching their guest OS and applications?
Customer
53
Who is responsible for maintaining the configuration of its infrastructure devices?
AWS
54
Who is responsible for configuring the guest operating systems, databases, and applications?
Customer
55
What are the things to remember when creating a root user account?
1. Use Multi-factor Authentication (MFA)
2. Do not use the root user for everyday tasks, even the administrative ones.
56
What is the process of giving users permission to access AWS resources and services?
Authorization
57
What is the process of verifying the user's identity?
Authentication
58
What is a single sign-in identity that has complete access to all AWS services and resources in the account?
AWS Root User
59
What are the two sets of credentials associated with an AWS Root User?
1. Email address and Password
2. Access keys
60
What are the two parts of an Access Key?
1. Access Key ID
2. Secret Access Key
61
What do you need to authenticate your requests via AWS CLI or AWS API?
1. Access Key ID
2. Secret Access Key
62
Who has complete access to all AWS services and resources in your account, as well as your billing and personal information?
AWS Root User
63
How do you ensure the safety of the AWS Root User?
1. Choose a strong password for the root user.
2. Never share your root user password or access keys with anyone.
3. Disable or delete the access keys associated with the root user.
4. Do not use the root user for administrative tasks or everyday tasks.
64
How do you delete the access key of your AWS Root User?
1. Go to the My Security Credentials page in the AWS Management Console and sign-in with the root user's email address and password.
2. Open the Access Keys section.
3. Under Actions, click Delete.
4. Click Yes.
65
What is the simplest and most common form of authentication?
Single-factor Authentication
66
What are the forms of Single-factor Authentication?
1. Username and Password
2. Security PIN
3. Security token
67
What form of authentication requires two or more authentication methods to verify an identity?
Multi-factor Authentication
68
What are the different categories of information for an MFA?
1. Something you know, such as a username and password, or PIN
2. Something you have, such as a one-time passcode from a hardware device or mobile app
3. Something you are, such as fingerprint or face scanning technology
69
What are the different MFA mechanisms?
1. Virtual MFA devices
2. Hardware devices
3. Universal 2nd Factor (U2F) devices
70
Which Virtual MFA devices are supported by AWS?
1. Authy
2. Duo Mobile
3. LastPass Authenticator
4. Microsoft Authenticator
5. Google Authenticator
71
Which Hardware devices are supported by AWS?
1. Key Fob
2. Display Card
72
Which U2F device is supported by AWS?
1. YubiKey
73
What is a Virtual MFA device?
A software app that runs on a phone or other device that provides a one-time passcode
74
What is an MFA Hardware device?
A hardware device, generally a key fob or display card device that generates a one-time six-digit numeric code.
75
What is an MFA U2F device?
A hardware device that you plug into a USB port on your computer.
76
In IAM, what is a Group?
It refers to a collection of IAM users.
77
Can you assign a policy to a Root User?
No
78
Can you assign a policy to an Admin User?
Yes
79
It is a web service that enables you to manage access to your AWS account and resources.
IAM
80
What does IAM stand for?
Identity and Access Management
81
What provides a centralized view of who and what are allowed inside your AWS account (authentication), and who and what have permissions to use and work with your AWS resources (authorization)?
IAM
82
Is IAM global and not specific to any one Region?
Yes. You can see and use your IAM configurations from any Region in the AWS Management Console.
83
How much does it cost to use an IAM service?
The service is offered at no additional charge.
84
What represents a person or service that interacts with AWS?
IAM User
85
Can an IAM Group have many IAM Users?
Yes
86
Can an IAM Group belong to other IAM Groups?
No
87
Can an IAM User belong to many IAM Groups?
Yes
88
How do you grant permissions in IAM?
By using IAM Policies
89
Can you attach an IAM Policy to an IAM User?
Yes
90
Can you attach an IAM Policy to an IAM Group?
Yes
91
Can you attach an IAM Policy to an IAM Role?
Yes
92
What are the four major JSON elements in an IAM Policy?
1. Version
2. Effect
3. Action
4. Resource
93
What defines the version of the policy language?
The Version element in an IAM Policy.
94
Which JSON element in an IAM Policy specifies the language syntax rules that are needed by AWS to process a policy?
Version
95
How do you use all the available policy features in an IAM Policy?
Include "Version": "2012-10-17" before the "Statement" element in all your policies.
96
Which JSON element in an IAM Policy specifies whether the statement will allow or deny access?
Effect
97
What are the valid values for the Effect element in an IAM Policy?
1. Allow
2. Deny
98
Which JSON element in an IAM Policy describes the type of action that should be allowed or denied?
Action
99
What does the "*" mean in the Action element of an IAM Policy?
"*" is called a wildcard, and it is used to symbolize every action inside your AWS account.
100
Which JSON element in an IAM Policy specifies the object or objects that the policy statement covers?
Resource
101
What does the "*" mean in the Resource element of an IAM Policy?
"*" is called a wildcard. This represents .all resources inside your AWS console
102
Which JSON element in an IAM Policy specifies whether the statement results in an allow or an explicit deny?
Effect
103
Which JSON element in an IAM Policy describes the specific actions that will be allowed or denied?
Action
104
Which JSON element in an IAM Policy specifies the object or objects that the statement covers?
Resource
105
What is the difference between an IAM User and an IAM Role?
IAM users have usernames and passwords as well as static credentials whereas IAM roles do not have any login credentials like a username and password and the credentials used to sign requests are programmatically acquired, temporary in nature, and automatically rotated.
106
What is a standard security principle that advises you to grant only the necessary permissions to do a particular job and nothing more?
Principle of Least Privilege
107
Is IAM used to secure access to your AWS account and resources?
Yes
108
Is IAM used for website authentication and authorization, such as providing users of a website with sign-in and sign-up functionality?
No
109
Does iAM support security controls for protecting operating systems and networks?
No
110
What does IdP stand for?
Identity Provider
111
What provides you a single source of truth for all identities in your organization?
Identity Provider or IdP
112
What is AWS' Single Sign-On service called?
AWS IAM Identity Center
113
What is an AWS IAM Identity Center?
It lets your users sign in to a user portal with a single set of credentials.
114
What does ARN stand for?
Amazon Resource Name
115
What do you need to define to allow your users to make programmatic calls to AWS using things like the AWS command line and AWS software development kits?
Access Keys
116
Which compute service that allows you to host virtual machines?
EC2
117
What does AMI stand for?
Amazon Machine Image
118
True or False: Every action a user takes in AWS is an API call
True
119
What are the four main factors that a solutions architect should consider when they must choose a Region?
Latency, price, service availability, and compliance
120
What provides temporary credentials (that expire after a defined period of time) to AWS services?
IAM Role
121
It consists of one or more data centers with redundant power, networking, and connectivity. These data centers operate in discrete facilities with undisclosed locations. They are connected using redundant high-speed and low-latency links.
Availability Zone (AZ)
122
Name the list of AWS compute services.
1. AWS App Runner
2. Batch
3. EC2
4. EC2 Image Builder
5. Elastic Beanstalk
6. Lambda
7. Lightsail
8. AWS Outposts
9. Serverless Application Repository
123
What are the categories of AWS compute services?
1. Instances (virtual machines)
2. Containers
3. Serverless
4. Edge and hybrid
5. Cost and capacity management
124
What are the AWS services under Instances (virtual machines)?
1. Amazon Elastic Compute Cloud (EC2)
2. Amazon EC2 Spot Instances
3. Amazon EC2 Auto Scaling
4. Amazon Lightsail
5. AWS Batch
125
What are the AWS services under Containers?
1. Amazon Elastic Container Service (ECS)
2. Amazon ECS Anywhere
3. Amazon Elastic Container Registry (ECR)
4. Amazon Elastic Kubernetes Service (EKS)
5. Amazon EKS Anywhere
6. AWS Fargate
7. AWS App Runner
126
What are the AWS services under Serverless?
AWS Lambda
127
What are the AWS services under Edge and Hybrid?
1. AWS Outposts
2. AWS Snow Family
3. AWS Wavelength
4. VMWare Cloud on AWS
5. AWS Local Zones
128
What are the AWS services under Cost and Capacity Management?
1. AWS Savings Plan
2. AWS Compute Optimizer
3. AWS Elastic Beanstalk
4. EC2 Image Builder
5. Elastic Load Balancing (ElB)
129
It is a secure and resizeable compute capacity (virtual servers) in the cloud.
Amazon Elastic Compute Cloud (EC2)
130
It is used to run fault-tolerant workloads for up to 90% off.
Amazon EC2 Spot Instances
131
It is used to automatically add or remove compute capacity to meet changes in demand.
Amazon EC2 Auto Scaling
132
It is an easy-to-use cloud platform that offers you everything you need to build an application or website.
Amazon Lightsail
133
It is a fully managed batch processing at any scale.
AWS Batch
134
It is a highly secure, reliable, and scalable way to run containers.
Amazon Elastic Container Service (ECS)
135
It is used to run containers on customer managed infrastructure.
Amazon ECS Anywhere
136
It is used to easily store, manage, and deploy container images.
Amazon Elastic Container Registry
137
It is a fully managed Kubernetes service.
Amazon Elastic Kubernetes Service (Amazon EKS)
138
It is used to create and operate Kubernetes clusters on your own infrastructure.
Amazon EKS Anywhere
139
It is a serverless compute for containers.
AWS Fargate
140
It is used to build and run containerized applications on a fully managed service.
AWS App Runner
141
It is used to run code without thinking about servers. Pay only for the compute time you consume.
AWS Lambda
142
It is used to run AWS infrastructure and services on premises for a truly consistent hybrid experience.
AWS Outposts
143
It is used to collect and process data in rugged or disconnected edge environments.
AWS Snow Family
144
It is used to deliver ultra-low latency application for 5G devices.
AWS Wavelength
145
It is the preferred service for all vSphere workloads to rapidly extend and migrate to the cloud
VMWare Cloud on AWS
146
It is used to run latency sensitive applications closer to end-users.
AWS Local Zones
147
It is a flexible pricing model that provides savings of up to 72% on AWS compute usage.
AWS Savings Plan
148
It recommends optimal AWS compute resources for your workloads to reduce costs and improve performance.
AWS Compute Optimizer
149
It is an easy-to-use service for deploying and scaling web applications and services.
AWS Elastic Beanstalk
150
It is used to build and maintain secure Linux or Windows Server images.
EC2 Image Builder
151
It is used to automatically distribute incoming application traffic across multiple targets.
Elastic Load Balancing
152
It is a web service that provides secure, resizable compute capacity in the cloud. It is designed to make web-scale computing easier for developers.
Amazon Elastic Compute Cloud (EC2)
