AWS Software

Question 1

Accelerated Computing Instances

Compute Services/Families

Answer 1

Uses hardware accelerators to perform some functions more efficiently than is possible in software running on CPUs (floating-point number calculations, graphics processing, data pattern matching).

Question 2

Amazon Athena

Answer 2

An serverless, interactive query service to analyze data directly in Amazon S3, using standard SQL.

Question 3

Amazon Aurora

Answer 3

Enterprise-class RDS, high availabilty, replicates up to six copies of data across three availability zones, continuous backup to S3.

Question 4

Amazon CloudFront

Answer 4

A service that delivers data, video, apps, and APIs to customers using low latency and high transfer speeds.

Accelerates communication with Edge Locations.

A global content delivery service.

Question 5

AWS CloudTrail

Monitoring and Analytics

Answer 5

API auditing tool that captures the ID of the API caller, time of the API call, source IP address of the API caller, what action was taken or denied, etc.

Question 6

Amazon CloudWatch

Monitoring and Analytics

Answer 6

Enables monitoring and managing various metrics and configures automatic alarm actions based on data from the metrics.

Dashboards provide a single location to access all metrics.

Question 7

Amazon Cognito

Security, Identity, and Compliance Service

Answer 7

Allows user sign-up, sign-in, and access control to web and mobile apps quickly and easily with authentication through identity providers (Apple, Facebook, Google, Amazon) and enterprise identity providers via SAML 2.0 and OpenID Connect.

Question 8

Amazon Detective

Security, Identity, and Compliance Service

Answer 8

A service that makes it easy to analyze, investigate, and quickly identify the root cause of potential security issues or suspicious activities.

Automatically collects log data from AWS resources and uses machine learner, statistical analysis, and graph theory to build a linked set of data that enables you to easily conduct faster and more efficient security investigations.

Question 9

Amazon Direct Connect

Answer 9

A services that establishes a dedicated private connection between an on-premise data center and a VPC or AWS. No shared public internet.

Question 10

Amazon DynamoDB

Storage and Database Services

Answer 10

A key-value database system, fast and flexible NoSQL datable for any scale.

Delivers single-digit millisecond performance at any scale.

Serverless with automatic scaling, great for high performance while scaling with granular API access.

Use case for RDS: business analytics

Use case for DynamoDB: everything else without overhead.

Question 11

Amazon DynamoDB Accelerator

Answer 11

An in-memory cache for DynamoDB.

Question 12

Amazon EBS

Storage Services

Answer 12

Amazon Elastic Block Store

Provides block level storage volumes for EC2 instances that can be attached and access when an EC2 instances is started.

Stores data in a single AZ - instances and EBS must be in the same AZ.

User can select the size and type of storage, provision it and back it up with snapshots.

An EBS snapshot is an incremental backup in which only blocks of data that have changed are saved.

Question 13

Amazon EC2

Compute and Serverless

Answer 13

Amazon Elastic Compute Cloud

A virtual server, or instance, that can be accessed when needed and returned when finished.

Data centers that contain servers that have already been built, installed, secured, and online ready for usage.

The customer is responsible for the OS, passwords or keys, and any data stored in the account.

Billing starts when the instance starts and is in a running state. The customer is not billed if an instance is in a stopped state.

Coffee shop analogy:

Barista = virtual server/instance. Only pay for the number of baristas working, if the baristas are not being used, they are not paid.

Question 14

Amazon EC2 AutoScaling

Answer 14

Automatically add or remove Amazon EC2 instances in response to changing application demand.

At any minute of the day, there are always enough instances.

Beginning with needed resources and designing architecture to automatically respond to changing demands by scaling out or in.

Coffee shop analogy:

As more customers arrive and order coffee, more baristas are supplied to handle the register and making of drink orders. When customers leave and business dies down, baristas are sent home.

Question 15

Amazon EC2 Instance Type: Dedicated Hosts

Billing and Pricing

Answer 15

Physical services dedicated for a company’s use.

The most expensive purchase option for instances.

Question 16

Amazon EC2 Instance Type: On-Demand

Billing and Pricing

Answer 16

Instance that runs continuously until stopped.

Customer only pays for what was used - no upfront cost or minimum contract.

Ideal for short-term, irregular workloads for less than a year.

Question 17

Amazon EC2 Instance Type: Reserved Instances

Billing and Pricing

Answer 17

A standard reserve and convertible reserved instance or scheduled reserve instance.

1 to 3 year commitment with a billing discount for on-demand instances.

Question 18

Amazon EC2 Instance Type: Savings Plan

Billing and Pricing

Answer 18

A consistent usage of instances.

1 to 3 year commitment with a 72% discount for on-demand rates.

Question 19

Amazon EC2 Instance Type: Spot

Billing and Pricing

Answer 19

Instances that are unused until Amazon needs them.

Designed for workloads that are flexible and can withstand interruptions.

Offers a 90% discount for on-demand instances.

Question 20

Amazon ECS

Containers

Answer 20

Amazon Elastic Container Service

A highly scalable, high-performance container management system that enables you to run and scale containerized workloads on a managed cluster of Amazon EC2 instances.

You manage the EC2 instances.

Supports docker containers = a platform to build, test, and deploy apps quickly.

Question 21

Amazon EFS

Answer 21

Amazon Elastic File System

A scalable file system used with AWS cloud services and on-premise resources.

Scales on-demand with petabytes without disrupting services.

Is a regional service and stores data in multiple AZs.

Access can be done concurrently across all AZs.
On-premise servers can access EFS with direct connect.

Question 22

Amazon ElastiCache

Security, Identity, and Compliance Service

Answer 22

Adds caching layers on top of databases to help improve the read times of common requests.

Question 23

Amazon GuardDuty

Security, Identity, and Compliance Service

Answer 23

Provides intelligent threat detection by continuously monitoring the network activity and account behavior.

Question 24

Amazon Inspector

Answer 24

Improves security and compliance by running automated security assessments.

Question 25

Amazon Kinesis

Answer 25

A scalable and durable real-time data streaming service that can continuously capture gigabytes for real-time data such as video, audio, application logs, website clickstreams, and IoT telemetry data for machine learning, analytics, and other applications. Captures and automatically loads streaming data Amazon S3 and Amazon Redshift, allowing for near-real-time analytics with business intelligence tools.

Question 26

Amazon Lightsail

Answer 26

A virtual private server (VPS) or instance provider in which users can run websites and web applications in a highly secure and available environment. Provides developers with compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud. A low-cost, pre-configured cloud resource for simple workloads just starting on AWS.

Question 27

Amazon RDS

Answer 27

Relational Database Service Service that enables running relational databases in the AWS Cloud. Automates tasks such as hardware provisioning, DB setup, patching, and backups. A database service that makes it easy to set up, operate, and scale a relational database in the cloud.

Question 28

Amazon Redshift ## Footnote **Database**

Answer 28

A large scale, managed data warehouse service used for big data analytics with Amazon S3. Collects data from many sources and helps you understand relationships and trends across your data.

Question 29

Amazon Route 53 ## Footnote **Network Service Category**

Answer 29

A DNS web service that gives developers and businesses a reliable way to route and users to internet applications hosted in AWS, as EC2 instances and load balancers. Also **manages DNS records for domain names**.

Question 30

Amazon S3 ## Footnote **Storage Service**

Answer 30

Amazon Simple Storage Service A data store that allows storage and retrieval of an unlimited amount of data at any scale. Stores data as objects in buckets. Six different storage types exist: - S3 Standard - S3 Standard Infrequent Access - S3 One Zone Infrequent Access - S3 Intelligent Tiering - S3 Glacier - S3 Glacier Deep Archive

Question 31

Amazon S3 Glacier ## Footnote **Storage Service**

Answer 31

Retrieval of objects that may take a few minutes to a few hours. Low cost storage for data archiving.

Question 32

Amazon S3 Glacier Deep Archive ## Footnote **Storage Service**

Answer 32

Object retrieval in 12 hours. Lowest cost object storage class.

Question 33

Amazon S3 Intelligent Tiering ## Footnote **Storage Service**

Answer 33

Ideal for data with unknown or changing access patterns. Fee per object for monthly monitoring and automation. Tiered between Standard and Standard IA.

Question 34

Amazon S3 One Zone IA ## Footnote **Storage Service**

Answer 34

Amazon S3 One Zone Infrequent Access Stores data in 1 AZ with a lower storage price. Recommended for data that can be easily reproduced.

Question 35

Amazon S3 Standard ## Footnote **Storage Service**

Answer 35

Used to store frequently accessed data. Stored in a minimum of 3 AZs. High availability.

Question 36

Amazon S3 Standard IA ## Footnote **Storage Service**

Answer 36

Amazon S3 Standard Infrequent Access Infrequently accessed data with a lower storage price but a higher retrieval price. Stored in a minimum of 3 AZs.

Question 37

Amazon SNS ## Footnote **Application Integration**

Answer 37

Amazon Simple Notification Service A notification service for the mass delivery of messages to both application-to-application (A2A) and application-to-person (A2P) communications at scale via SMS, mobile push, and email. _Coffee shop analogy:_ Notification can be sent out to customers to let them know their order is ready.

Question 38

Amazon SQS ## Footnote **Application Integration**

Answer 38

Amazon Simple Queue Service A messaging queuing service to send, store and receive messages between software components without losing messages or requiring other services to be available. Use with decoupled applications and microservices. _Coffee shop analogy:_ Coffee orders are displayed on a screen or queue, allowing the cashiers to input orders and baristas to accept the orders when ready.

Question 39

AWS Elastic Beanstalk

Answer 39

A tool to provision and build-out EC2-based environments automatically by providing application codes and desired configurations. Environments can be saved for easy deployment and shifts focus to the business applications vs the infrastructure. - Adjusts capacity - Load balancing - Automatic scaling - Application health monitoring

Question 40

Amazon VPC ## Footnote **Network Service Category**

Answer 40

Amazon Virtual Private Cloud A networking service used to establish boundaries around an AWS resource (barista with security guard example). It can be further sectioned into a subnet which holds resources/EC2 instances and can span multiple availability zones.

Question 41

Amazon VPN ## Footnote **Network Service Category**

Answer 41

Virtual Private Network The connection that encrypts or protects internet traffic from all other requests around it (like a bodyguard). Establishes a connection between the VPC and a private network (on-premise data center or internal corporate network).

Question 42

AWS WAF

Answer 42

AWS Web Application Firewall Allows monitoring of network requests that come into web applications. Works with CloudFront and application load balancer by using a web access control list (ACL). Example: VIP list that excludes blocked IP addresses.

Question 43

Application Load Balancer

Answer 43

The 2nd type of load balancers offered through Elastic Load Balancer. Offers all services of the Classic Load Balancer with additional features: supported protocols, enhanced CloudWatch metrics, enhanced access logs, and health checks.

Question 44

Availability Zone ## Footnote **Infrastructure**

Answer 44

**A single data center or group of data centers in a region,** located tens of miles from each other for low latency between zones. \*A fully isolated portion of the AWS infrastructure. Running apps in multiple zones promotes redundancy in case of a data center failure.

Question 45

AWS Artifact ## Footnote **Security, Identity, and Compliance Service**

Answer 45

Provides on-demand access to AWS Security and compliance reports and select online agreements.

Question 46

AWS Budgets Pricing and Support

Answer 46

Creates budgets to plan for service uses, costs, and instance reservations. **Alerts can be set when a budget has exceeded a threshold.**

Question 47

AWS CLI

Answer 47

AWS Command Line Interface A unified tool to manage Amazon S3 data, buckets, and objects via a command line using commands or scripts.

Question 48

AWS CloudFormation

Answer 48

Allows building environment by writing lines of code. Provisions resources in a safe, repeatable manner by determining the right operations to perform when managing stacks and rolls back changes automatically if it detects errors.

Question 49

AWS CloudFront

Answer 49

A service that delivers data, video, aps, and APIs to customers using low latency and high transfer speeds. Accelerates communication with Edge Locations - **a global content delivery service.**

Question 50

AWS Direct Connect ## Footnote **Network Service Category**

Answer 50

A service that establishes a dedicated private connection between a data center and a VPC (private hallway to the coffee example). No public internet is shared.

Question 51

AWS Fargate ## Footnote **Containers**

Answer 51

A serverless compute engine for containers that does not require provisioning or managing of servers, the customer only pays for resources required to run the containers. AWS Fargate manages servers for you. Also works with ECS and EKS.

Question 52

AWS Global Infrastructure ## Footnote **Infrastructure**

Answer 52

A technology infrastructure that delivers high-availability and fault tolerance by distributing datacenters throughout the world into different areas called regions.

Question 53

AWS IAM ## Footnote **Security, Identity, and Compliance Service**

Answer 53

Identity and Access Management Used to create users and manage their respective access to resources, including buckets and objects.

Question 54

AWS Lambda ## Footnote **Compute and Serverless**

Answer 54

A serverless computing service that lets you run code without needing to provision or manage servers - only pay for computing time when your code is running. No containers, no virtualization, only code. *Host short running functions, service-oriented applications, event driven application, no provisioning or managing servers.* Upload code - set code to trigger from event source - code runs when triggered - pay only when code runs.

Question 55

AWS Management Console

Answer 55

Provides a simple web interface to view buckets and objects, upload and download data and manage permissions and security without having to write code. - Max upload 160GB

Question 56

AWS Marketplace

Answer 56

A digital catalog to find, test, and buy software that runs on AWS.

Question 57

AWS Organizations ## Footnote **Security, Identity, and Compliance Service**

Answer 57

A service that offers policy-based management for multiple AWS accounts in a central location.

Question 58

AWS SDK

Answer 58

AWS Software Development Kits

Question 59

AWS Shield ## Footnote **Security, Identity, and Compliance Service**

Answer 59

A service that protects applications against distributed denial-of-service (DDoS) attacks. Standard: automatically protects against attacks, at no cost, using analysis techniques to detect malicious traffic in real time and mitigate it. Advanced: A paid service that provides detailed attack diagnostics and ability to detect and mitigate sophisticated DDoS attacks.

Question 60

AWS Snowball Edge

Answer 60

An offline data transfer service that uses a physical device to physically transport data into and out of AWS to up 80TB. - Snowball Edge Storage Optimized is for large-scale data migration and reoccurring transfer workflows. - Snowball Edge Compute Optimized for powerful computing resources like advanced machine learning, full motion video analysis, analytics, and local computing stacks.

Question 61

AWS Storage Gateway

Answer 61

A set of hybrid cloud storage services that provide on-premises access to virtually unlimited cloud storage.

Question 62

AWS Support Center ## Footnote **Pricing and Support**

Answer 62

A hub for managing support cases.

Question 63

AWS Support Plans ## Footnote **Pricing and Support**

Answer 63

Help with troubleshooting issues at a lower cots and efficiently use AWS services. Basic Support: Free support through white papers, documentation and support communities, personal health dashboard. Developer Support: Best practice guidance, client diagnostic tools, building block architecture support. Business Support: use-case guidance, trusted advisor checks, limited support for third-party software. Enterprise Support: Application architecture guidance, infrastructure event management, technical account manager (TAM, primary point of contact at AWS).

Question 64

AWS WAF ## Footnote **Security, Identity, and Compliance Service**

Answer 64

Web Application Firewall Allows monitoring of network requests that come into web applications. Works with CloudFront and Application Load Balancer by using a web access control list (ACL). For example, a VIP list that excludes blocked IP addresses.

Question 65

AWS Well-Architected Framework

Answer 65

A services that help you understand how to design and operate reliable, secure, efficient, and cost-effective systems in AWS Cloud. Based on 5 Pillars: Operational Excellence Security Reliability Performance Efficiency Cost Optimization

Question 66

Compute Optimized Instances ## Footnote **Compute Services/Families**

Answer 66

Ideal for compute-bound applications that benefit from **high-performance processors** (batch processing, web, application, gaming servers).

Question 67

Compute Services Categorized

Question 68

Cost Explorer

Answer 68

A tool that enables you to visualize, understand, and manage AWS costs and usage over time.

Question 69

EC2 Instance Types ## Footnote **Compute Services/Families**

Answer 69

* General purpose instances * Compute optimized instances * Memory optimized instances * Accelerated computing instances * Storage optimized instances

Question 70

Edge Locations ## Footnote **Infrastructure**

Answer 70

A site that Amazon CloudFront uses to store cached copies of content closer to customers for faster delivery (Brazil and China example).

Question 71

Amazon EKS ## Footnote **Containers**

Answer 71

Amazon Elastic Kubernetes Services A fully managed service that you can use to run Kubernetes on AWS. You manage the EC2 instances. Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications.

Question 72

Elastic Load Balancers

Answer 72

**Ensures that no single Amazon EC2 instance has to carry the full workload on its own.** Automatically distributes incoming application traffic across multiple resources, such as EC2 instances, ensuring no single Amazon EC2 instance has to carry the full workload on its own. Evenly distributes requests to EC2 instances when demand increases. _Coffee shop analogy:_ Host that directs customers to lines to ensure even distribution of customers to cashiers.

Question 73

General Purpose Instances ## Footnote **Compute Services/Families**

Answer 73

**Provides a balance of compute, memory, and networking resources** (application servers, gaming servers, backend servers for enterprise applications, small and medium databases).

Question 74

IAM Group

Answer 74

Identity and Access Management Group A collection of IAM users that are granted the same permissions specified by the IAM policy.

Question 75

IAM Policy

Answer 75

Identity and Access Management Policy A document that allows or denies permissions to AWS services and resources. - Recommends to follow the security principle of least privilege when granting permissions.

Question 76

IAM Roles

Answer 76

Identity and Access Management Roles An identity that can be assumed to gain temporary access to permissions.

Question 77

IAM User

Answer 77

Identity and Access Management User An identity created in AWS with specific permissions. - Default user has no permissions. - Each user has their own set of security credentials.

Question 78

Memory Optimized Instances ## Footnote **Compute Services/Families**

Answer 78

**Ideal for high-performance databases.** Designed to deliver fast performance for workloads that process large datasets in memory.

Question 79

Regions ## Footnote **Infrastructure**

Answer 79

**A geographical area that contains AWS resources** with multiple locations that are isolated from each other. They are designed and built closest to where business traffic demands: Paris, Tokyo, Sao Paulo, Dublin, Ohio. There are multiple data centers within each region. Regions are connected by high-speed fiber network. 4 key factors to selecting a region: 1. Compliance - Does your data need to physically reside within specific boundaries? 2. Proximity - Latency increases the further away the data is from the customer. 3. Availability - Where do the AWS services reside? 4. Pricing - Pricing is determined by factors that include the country's tax structure.

Question 80

Storage Optimized Instances ## Footnote **Compute Services/Families**

Answer 80

**Suitable for data warehouse applications.** Designed for workloads that require high, sequential read and write access to large datasets on local storage (distributed file systems, data warehousing applications, high-frequency online transaction processing systems).

Question 81

AWS Cost Explorer ## Footnote **Pricing and Support**

Answer 81

A tool that enables you to visualize, understand, and manage AWS costs and usage over time.

Question 82

AWS Outposts

Answer 82

Extends AWS infrastructure and services to your on-premises data center.

Question 83

AWS KMS Security and Compliance

Answer 83

Key Management Service **Enables encryption operations through the use of cryptographic keys.** A cryptographic key is a random string of digits used for locking (encrypting) and unlocking (decrypting) data.

Question 84

AWS Trusted Advisor

Answer 84

A web service that inspects your AWS environment and provides real-time recommendations in accordance with AWS best practices. Includes **security checks, such as Amazon S3 buckets with open access permissions**. Best practice recommendations: * **cost optimization** * **performance** * **security** * **fault tolerance** * **service limits**

Question 85

AWS Config

Answer 85

**A service that enables you to assess, audit, and evaluate the configurations of your AWS resources.** Continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.