AWS SA Professional Exam Flashcards
(134 cards)
1
Q
How long does it take to get data out of Glacier?
A
It can take AT LEAST 3 hours
2
Q
What storage type provides the ability to create point-in-time snapshots of data volumes?
A
EBS
3
Q
Which three services have automated backups?
A
RDS
Elasticache (Redis only)
Redshift
4
Q
Which service does not have automated backups?
A
EC2
5
Q
In Read Replicas vs Multi-AZ; Which is used for scaling?
A
Read Replicas
6
Q
In Read Replicas vs Multi-AZ; Which is used for DR?
A
Multi-AZ
7
Q
How many read replicas can you have?
A
Up to 5
8
Q
Can you have read replicas in different regions?
A
Yes - With the exception of SQL Server and Oracle
9
Q
Are read replicas synchronous or asynchronous?
A
Asynchronous
10
Q
[T/F] Read Replicas can be made off of Multi-AZ’s database
A
True
11
Q
[T/F] Read Replicas can be in Multi-AZ.
A
True
12
Q
Can you have a read replica of a read replica? Will this increase latency?
A
Yes, but only for MySQL and this will increase latency
13
Q
DB Snapshots and Automated backups [can/cannot] be taken of read replicas.
A
Can - but are not enabled by default
14
Q
If you application does not require transaction support, Atomicity, Consistency, Isolation, Durability (ACID) compliance, joins & SQL… What should you consider using instead of RDS?
A
DynamoDB
15
Q
What are the 4 different Storage Gateway Types?
A
File Gateway
Gateway-Cached Volumes
Gateway-Stored Volumes
Gateway-Virtual Tape Library
16
Q
How long does it take to access virtual tapes in your virtual tape library?
A
Instantaneous
17
Q
How long does it take to access your virtual tapes from your virtual tape shelf?
A
It can take 24 hours
18
Q
How is Storage Gateway encrypted?
A
Encrypted using SSL for transit
Encrypted at rest in S3 using AES-256
19
Q
How are Gateway-Stored Volumes stored?
A
Stored data as Amazon EBS Snapshots in S3.
20
Q
Gateway Storage snapshots [can/cannot] be scheduled.
A
Gateway Storage Volumes can be scheduled.
21
Q
Gateway Storage bandwidth [can/cannot] be throttled.
A
Gateway storage can be throttled - which is great for remote sites
22
Q
_______ make it easy to group your resources using the tags that are assigned to them. You can group resources that share one or more tags.
A
Resource groups
23
Q
_________ allows you to get volume discounts on all your accounts.
A
Consolidated billing
24
Q
With consolidated billing, _____ is on a per account and per region basis but can be aggregated into a single bucket in the paying account.
A
CloudTrail
25
The contract length for Reserved Instances is between __ and __ years.
1 & 3
26
What are the 3 types of RIs?
-Standard
- Convertible
- Scheduled
27
Which of the RIs offers the largest discount?
All Upfront RIs
28
Standard RIs for EC2 can be modified, but only if they are in the same _______ and only if the ______ factors are equal and only for the Linux operating system.
Family; Normalization;
29
You can switch EC2 RIs between \_\_\_\_\_\_, but not between \_\_\_\_\_\_.
AZs; Regions
30
EC2 RIs [can/cannot] be sold on the marketplace.
can
31
Can you have reserved RDS instances?
Yes
32
With RDS reserved instances, you can move ______ but not \_\_\_\_\_\_\_.
AZ's but not regions.
33
Elastic Beanstalk [can/cannot] provision RDS instances.
can
34
Elastic Beanstalk [does/does not] support IAM.
does
35
You have ___ access to the resources under Elastic Beanstalk.
full
36
Elastic Beanstalk code is stored in \_\_\_.
S3
37
With Elastic Beanstalk, ________ environments are allowed to support version control.
multiple
38
Elastic Beanstalk [can/cannot] roll back changes.
can
39
With Elastic Beanstalk, ______ the changes from ____ repositories are replicated.
Only the changes from Git repositories
40
Amazon Elastic Beanstalk supports which AMIs?
Linux AMI & Windows 2012 R2
41
OpsWork consists of ________ and \_\_\_\_\_\_\_\_.
Stacks; Layers
42
OpsWorks runs on \_\_\_\_\_.
Chef
43
In OpsWork, layers contain AWS resources such as...
EC2 ELB RDS
44
In OpsWork, layers are like \_\_\_\_\_, \_\_\_\_\_\_, and _______ layer.
Web; Application; Database
45
In OpsWork, each stack will have how many layers?
1 or more
46
What happens to any EC2 instance added outside of the OpsWork stack in ELB?
OpsWork will remove
47
CloudFormation uses ________ to resolve dependency between resource creation.
wait condition
48
What is mandatory for a CloudFormation template?
Resources
49
With CloudFormation, you can create multiple ____ inside of one template.
VPCs
50
If you wanted to connect VPCs in your CloudFormation template. You can enable _____________ using CloudFormation.
VPC Peering
51
CloudFormation supports \_\_\_\_\_, \_\_\_\_\_\_\_\_, and _____ scripts.
Chef; Puppet; Bootstrap
52
With CloudFormation, you can use ________ to output data.
Fn:GetAtt
53
By default, the _______________ feature is enabled in CloudFormation.
"automatic rollback on error"
54
CloudFormation itself costs what?
Nothing
55
\_\_\_\_\_\_\_ is completely supported with CloudFormation. This includes creating new hosted zones or updating existing ones.
Route53
56
If you are accessing services using HTTPs endpoints (think DynamoDB, S3) use public \_\_\_\_.
VIFs
57
Direct Connect. If you are accessing VPCs using private IP address ranges, use private \_\_\_\_\_\_.
VIFs
58
In the US, you need ___ direct connect connection(s) to connect to all 4 US regions.
1
59
Does data transferred between regions go over public internet?
No
60
Layer 2 connections [are/are not] supported by direct connect.
Are not
61
What is the difference between a Customer Gateway and a Virtual Private Gateway?
Customer Gateway - Customer side Virtual Private Gateway - AWS Side
62
Which ports does EC2-VPC ELB support?
1-65536
63
Can you assign an Elastic IP to an Elastic Load Balancer?
No
64
You can load balance to the _________ of your domain name with ELBs.
Zone Apex
65
If you have multiple SSL certifications you should use ________ Elastic Load Balancers, unless you have a wildcard certificate.
Multiple
66
A placement group [can/cannot] span availability zones but it [can/cannot] span subnets, provided that they are in the same VPC.
cannot; can
67
You [can/cannot] move existing instances to placement groups.
cannot
68
How can you reduce bottlenecks with NATs?
Scale up and Scale out; If you scale out, add an additional NAT & subnet and migrate half your workload to the new subnet.
69
Can you peer VPCs from different regions?
YES
70
If you peer two VPCs, what needs to be updated?
Security groups & make sure that a route table has been created in both VPCs to allow traffic.
71
If your application is more oriented toward indexing and querying data, it may be better to use this Amazon DB for your needs.
DynamoDB
72
If your application has number BLOB data (binary large objects) then what would be a good choice for storage?
S3
73
If you need fully automated scaling, which DB is best?
DynamoDB
74
If you're looking to scale your database up you should use \_\_\_\_\_\_\_\_, if you're looking to scale out use \_\_\_\_\_\_\_\_.
RDS; DynamoDB
75
Databases that require Joins and/or complex transactions should look to utilize what database options with AWS?
Amazon RDS or Amazon EC2 with self-managed database
76
If you plan to store very large amounts of data that are infrequently accessed (Low I/O rates) where should you store that data?
S3
77
Use _______ to optimize both GETs & PUTs with S3.
Parallelization
78
S3 stores data in __________ order so you have to __________ the data.
Lexicographical; randomize
79
You can secure S3 by doing what 3 things?
- Using Bucket policies
- Using MFA Delete
- Backing your Bucket Up to Another S3 Bucket Owned by a separate account
80
CloudHSM is _____ tenanted.
Single Tenanted (1 physical device, for you only)
81
CloudHSM must be used in \_\_\_\_\_.
a VPC
82
You can use ___________ to connect o a CloudHSM from another VPC.
VPC Peering
83
IF you need fault tolerance with your CloudHSM, you need to build a \_\_\_\_\_\_\_\_.
Cluster
84
Which databases & warehouses CloudHSM can integrate with:
* RDS (Oracle & SQL)
* Redshift
85
You monitor CloudHSM via \_\_\_\_\_\_.
Syslog
86
The two types of directory services are ____ and \_\_\_\_\_\_\_\_.
AD Connector; Simple AD
87
By default, CloudWatch Logs will store your log data for how long?
Indefinitely
88
The default CloudWatch Alarm History is only how many days?
14
89
Step 1 of 3 for developing an Identity Broker is:
Develop an Identity Broker to communicate with LDAP & AWS STS
90
Step 2 of 3 for developing an Identity Broker is:
Identity Broker always communicates with LDAP first, THEN with AWS STS
91
Step 3 of 3 for developing an Identity Broker is:
Application then gets temporary access to AWS resources.
92
AWS Security Token Service returns which four values upon request for a federated token?
A Token
A Secret Access Key
Access Key ID
A Duration
93
True or False: To minimize the attack surface area, servers can be placed behind a bastion host, through which all traffic must pass.
False
94
If you want Intrusion Prevention AND Intrusion Detection you should use what?
A IPS tool
95
SNS Can SNS push notification to mobile devices (“Mobile Push”)?
Yes
96
What elements of a CloudFormation template are required?
Resources
97
How can I configure a CloudFormation template to pause while an application is configured on a template-created EC2 instance?
Using wait conditions
Using creation policies
cfn-signal CreationPolicies are the preferred mechanism
98
Can you copy EBS snapshots across regions?
Yes
99
ElasticBeanstalk rolling update types
- based on health
- based on time
- Immutable
100
ElasticBeanstalk environment types
- single-instance
- load-balancing
- autoscaling
101
How to preserve/backup CloudFormation resource when the stack is deleted
DeletionPolicy attribute
102
In which parts of CloudFormation template can intristic function be used?
resource properties,
outputs,
metadata attributes
update policy attributes
103
Simple, automated way to back up data stored on Amazon EBS volumes
Amazon Data Lifecycle Manager (DLM) for EBS Snapshots
104
Two ways to install security update on the running OpsWorks instances
- Create and start new instances to replace your current online instances. Then delete the current instances. - On Linux-based instances in Chef 11.10 or older stacks, run the Update Dependencies stack command
105
What is CFN Hup?
The cfn-hup helper is a daemon that detects changes in resource metadata and runs user-specified actions when a change is detected.
106
Three CI/CD stages
- Source
- Build/test
- Deploy
107
ElasticBeanstalk source bundle requirements
- Consist of a single ZIP file or TAR file
- Not exceed 512 MB
- Not include a parent folder or top-level directory
108
Describe durability in Kinesis
Kinesis synchronously replicates the streaming data across three data centres within single AWS region and preserves the data for up to 24H
109
How do you scale Kinesis?
Adding more shards
110
What's the processing rate of 1 shard in Kinesis
1MB/sec data input and 2MB/sec data output
111
Which CloudFormation resource is used to create nested stacks?
AWS::CloudFormation::Stack
112
Three source repositories of CodeDeploy
- Github
- S3
- Bitbucket
113
Two types of deployments in CodeDeploy
- in-place
- blue/green
114
Directory for awslogs service
/etc/awslogs/
115
What is the maximum amount of data that can be stored in a Gateway-Stored volume?
16TB
116
How to ensure Redshift is capable of parallel processing?
By configuring workload management (WLM) in Amazon Redshift
117
What is HLS?
HTTP Live Streaming - protocol that segments media files for optimization during streaming. HLS enables media players to play segments with the highest quality resolution that is supported by their network connection during playback
118
What is WOWZA Streaming Engine
Wowza Streaming Engine is the gold standard of customizable streaming server software for building and delivering professional-grade streaming at any scale
119
Can you modify DHCP options in VPC?
If you want your VPC to use a different set of DHCP options, you must create a new set and associate them with your VPC.
120
What to do when you receive a capacity error when launching an instance in a placement group
stop and start all of the instances in the placement group, and try the launch again
121
Can read replica of RDS on VMware be assigned ty any region?
YES
122
Two use cases for HLS
view an Amazon Kinesis video stream for: - live playback - view archived video
123
Is retention schedule carried over to the snapshot copy?
NO
124
When can you enable EFS encryption at rest?
When creating EFS file system
125
When can you enable encryption in transit on EFS
When mounting the EFS volume
126
Can you snapshot instance-store volume?
NO. Other method need to be used (backing up to EBS)
127
What is TLS?
Transport Layer Security
128
What is ETL shortcut form?
Extract, transform, load
129
Where you can put policy variables in CF?
- in the Resource element
- in string comparisons in the Condition element
130
Default maximum number of customer managed policies in an AWS account
1500
131
Default maximum number of Groups in AWS account
300
132
Default maximum number of roles in AWS account
1000
133
Maximum number of users in AWS account
5000 (and cannot be changed)
134
3 Support plans in AWS
- Developer
- Business
- Enterprise
