AWS Solutions Architect Flashcards
AWS architecture (34 cards)
What is the difference between containers and virtual machines?
A) Containers share the underlying host system’s OS Kernal
B) Every Container goes through a full OS boot-up cycle
C) Containers can take a long time to start
D) All of the above
A) Containers share the underlying host system’s OS Kernal
Which of the following is true about Docker?
Which of the following is true about Docker?
A) Provides tools to build, manage, and deploy containers
B) Leverages file system layers to be lightweight and fast
C) Creates container images that can be modified by running containers
D) Both A and B
D) Both A and B
What are microservices
Microservices are an architectural organizational approach to speed up scalablility of application services
What are the Characteristics of microservices?
1) Decentralized, evolutinary design
2) Smart endpoints, dumb pipes
3) Independent products, not projects
4) Designed for failure
5) Disposablility
6) Development and production parity
Which of the following is NOT TRUE of microservices architectures?
A) Decomplese monolithic applications into smaller pieces
B) Create faster development and test cycles
C) Work well within container-based workloads
D) require that all applicaitons be developed in the same programming language
D) require that all applicaitons be developed in the same programming language
Which of the following can be public or private storage for Docker images?
A) Image holder
B) Binder
C) Regisry
D) Container box
C) Registry
What are the three Cloud computing deployment models?
1) On-premises
2) Cloud
3) Hybrid
On-premises
What are the Six advantages of cloud computing?
1) Pay-as-you-go
2) Benefit from massive economies of scale
3) Stop guessing capacity
4) Increase speed and agility
5) Realize cost savings
6) go global in minutes
Pay-as-you-go
The cloud computing model is based on paying only for the resources that you use. This is in contrast to on-premises models of investing in data centers and hardware that might not be fully used.
Benefit from massive economies of scale
By using cloud computing, you can achieve a lower cost than you can get on your own. Because usage from hundreds of thousands of customers is aggregated in the cloud, AWS can achieve higher economies of scale, which translates into lower pay-as-you-go prices.
Increase speed and agility
IT resources are only a click away, which means that you reduce the time to make resources available to developers from weeks to minutes. This results in a dramatic increase in agility for the organization, because the cost and time it takes to experiment and develop is significantly lower.
What are Regions?
Regions are geographic locations worldwide where AWS hosts its data centers. AWS Regions are named after the location where they reside. For example, in the United States, the Region in Northern Virginia is called the Northern Virginia Region, and the Region in Oregon is called the Oregon Region. AWS has Regions in Asia Pacific, China, Europe, the Middle East, North America, and South America. And we continue to expand to meet our customers’ needs.
Choosing the right AWS Region
AWS Regions are independent from one another. Without explicit customer consent and authorization, data is not replicated from one Region to another. When you decide which AWS Region to host your applications and workloads, consider four main aspects: latency, price, service availability, and compliance.
What is a Availability Zone (AZ)?
Availability Zones
Inside every Region is a cluster of Availability Zones. An Availability Zone consists of one or more data centers with redundant power, networking, and connectivity. These data centers operate in discrete facilities in undisclosed locations. They are connected using redundant high-speed and low-latency links.
What is the Scope of AWS services?
Scope of AWS services
Depending on the AWS service that you use, your resources are either deployed at the Availability Zone, Region, or Global level. Each service is different, so you must understand how the scope of a service might affect your application architecture.
When you operate a Region-scoped service, you only need to select the Region that you want to use. If you are not asked to specify an individual Availability Zone to deploy the service in, this is an indicator that the service operates on a Region-scope level. For Region-scoped services, AWS automatically performs actions to increase data durability and availability.
On the other hand, some services ask you to specify an Availability Zone. With these services, you are often responsible for increasing the data durability and high availability of these resources.
What is Maintaining resiliency?
Maintaining resiliency
To keep your application available, you must maintain high availability and resiliency. A well-known best practice for cloud architecture is to use Region-scoped, managed services. These services come with availability and resiliency built in. When that is not possible, make sure your workload is replicated across multiple Availability Zones. At a minimum, you should use two Availability Zones. That way, if an Availability Zone fails, your application will have infrastructure up and running in a second Availability Zone to take over the traffic.
What is an Edge location?
Edge locations
Edge locations are global locations where content is cached. For example, if your media content is in London and you want to share video files with your customers in Sydney, you could have the videos cached in an edge location closest to Sydney. This would make it possible for your customers to access the cached videos more quickly than accessing them from London. Currently, there are over 400+ edge locations globally.
What are the three ways you can interact with AWS when creating objects?
1) Console
2) Command Line Interface
3) AWS SDKs
AWS Management Console
One way to manage cloud resources is through the web-based console, where you log in and choose the desired service.
AWS CLI
The AWS CLI is a unified tool that you can use to manage AWS services. You can download and configure one tool that you can use to control multiple AWS services from the command line, and automate them with scripts. The AWS CLI is open source, and installers are available for Windows, Linux, and macOS.
AWS SDKs
API calls to AWS can also be performed by running code with programming languages. You can do this by using AWS SDKs. SDKs are open source and maintained by AWS for the most popular programming languages, such as C++, Go, Java, JavaScript, .NET, Node.js, PHP, Python, Ruby, Rust, and Swift.
What are the responsibility of AWS vs Customer security?
AWS responsibility
AWS is responsible for security of the cloud. This means that AWS protects and secures the infrastructure that runs the services offered in the AWS Cloud. AWS is responsible for the following:
Protecting and securing AWS Regions, Availability Zones, and data centers, down to the physical security of the buildings Managing the hardware, software, and networking components that run AWS services, such as the physical servers, host operating systems, virtualization layers, and AWS networking components
Customer responsibility
Customers are responsible for security in the cloud. When using any AWS service, the customer is responsible for properly configuring the service and their applications, in addition to ensuring that their data is secure.
The customers’ level of responsibility depends on the AWS service. Some services require the customer to perform all the necessary security configuration and management tasks. Other more abstracted services require customers to only manage the data and control access to their resources. Using the two categories of AWS services, customers can determine their level of responsibility for each AWS service that they use.
What is the AWS root user?
AWS root user
When you first create an AWS account, you begin with a single sign-in identity that has complete access to all AWS services and resources in the account. This identity is called the AWS root user and is accessed by signing in with the email address and password that were used to create the account.
AWS root user credentials
The AWS root user has two sets of credentials associated with it. One set of credentials is the email address and password that were used to create the account. This allows you to access the AWS Management Console. The second set of credentials is called access keys, which allow you to make programmatic requests from the AWS Command Line Interface (AWS CLI) or AWS API.
What are the root user best practices?
To ensure the safety of the root user, follow these best practices:
1) Choose a strong password for the root user.
2) Enable multi-factor authentication (MFA) for the root user.
3) Never share your root user password or access keys with anyone.
4) Disable or delete the access keys associated with the root user.
5) Create an Identity and Access Management (IAM) user for administrative tasks or everyday tasks.
What is MFA (Multi-factor authentication)?
When you create an AWS account and first log in to the account, you use single-factor authentication. Single-factor authentication is the simplest and most common form of authentication. It only requires one authentication method. In this case, you use a user name and password to authenticate as the AWS root user. Other forms of single-factor authentication include a security pin or a security token.
What Three categories does MFA pull from?
1) Something you know
2) Something you have
3) Something you are
Something you know, such as a user name and password or pin number
Something you have, such as a one-time passcode from a hardware device or mobile app
Something you are, such as a fingerprint or face scanning technology
What are the supported MFA devices?
1) Virtual MFA
2) Hardware TOTP token
3) FIDO security keys
Virtual MFA
A software app that runs on a phone or other device that provides a one-time passcode. These applications can run on unsecured mobile devices, and because of that, they might not provide the same level of security as hardware or FIDO security keys.
Hardware TOTP token
A hardware device, generally a key fob or display card device, that generates a one-time, six-digit numeric code based on the time-based one-time password (TOTP) algorithm.
FIDO security keys
FIDO-certified hardware security keys are provided by third-party providers such as Yubico. You can plug your FIDO security key into a USB port on your computer and enable it using the instructions that follow.
True or False: you can apply IAM policies to the root user?
False; you can only apply the IAM policy to a IAM Group or User
What is IAM?
What is IAM?
AWS Identity and Access Management (IAM) is an AWS service that helps you manage access to your AWS account and resources. It also provides a centralized view of who and what are allowed inside your AWS account (authentication), and who and what have permissions to use and work with your AWS resources (authorization).
With IAM, you can share access to an AWS account and resources without sharing your set of access keys or password. You can also provide granular access to those working in your account, so people and services only have permissions to the resources that they need. For example, to provide a user of your AWS account with read-only access to a particular AWS service, you can granularly select which actions and which resources in that service that they can access.
What are the features of IAM?
Global
IAM is global and not specific to any one Region. You can see and use your IAM configurations from any Region in the AWS Management Console.
Integrated with AWS services
IAM is integrated with many AWS services by default.
Shared access
You can grant other identities permission to administer and use resources in your AWS account without having to share your password and key.
Multi-factor authentication
IAM supports MFA. You can add MFA to your account and to individual users for extra security.
Identity federation
IAM supports identity federation, which allows users with passwords elsewhere—like your corporate network or internet identity provider—to get temporary access to your AWS account.
Free to use
Any AWS customer can use IAM; the service is offered at no additional charge.
What are IAM user credentials?
IAM user credentials
An IAM user consists of a name and a set of credentials. When you create a user, you can provide them with the following types of access:
Access to the AWS Management Console Programmatic access to the AWS CLI and AWS API
