AWS Study Cards 2 Flashcards
(74 cards)
How many availability zones are there in an AWS Region?
An AWS Region typically consists of 2 or more AZ (Availability Zones)
How many data centers are there in an AWS Availiability Zone?
An AWS AZ consists of 1 or more data centers
Data replication across Regions is controlled by the customer
Communication between Regions uses AWS backbone network infrastructure
Each Region provides full redundancy and connectivity to the network
What are the 4 factors that should be considered when selecting a Region for your servers, applications, and data?
- Data governance, legal requirements
- Proximity to customers (latency)
- Services available within a particular Region
- Costs (vary by Region)
What are the 7 Service Categories referenced for the AWS cert exam?
1) Cost Management
2) Networking and Content Delivery
3) Database
4) Management and Governance
5) Security, Identity and Compliance
6) Storage
7) Compute
What are the 4 AWS Storage services?
1) Amazon S3 (Simple storage service
2) Amazon EBS (Elastic Block Store)
3) Amazon Elastic File System
4) Amazon S3 Glacier
What are the 8 AWS Compute services?
1) Amazon EC2 (Elastic Compute Cloud)
2) Amazon EC2 Auto Scaling
3) Amazon ECS (Elastic Container Service
4) Amazon EC2 Container Registry
5) AWS Elastic Beanstalk
6) AWS Lambda
7) Amazon EKS (Elastic Kubernets Service)
8) AWS Fargate
What are the 4 Amazon Database services?
1) Amazon RDS (Relational Database Service)
2) Amazon Aurora
3) Amazon Redshift
4) Amazon Dynamo DB
What are the 7 Amazon Networking and Content Delivery services?
1) Amazon VPC (Virtual Private Cloud)
2) Elastic Load Balancing
3) Amazon CloudFront
4) AWS Transit Gateway
5) Amazon Route 53
6) AWS Direct Connect
7)
______ is a networking service provided by Amazon Web Services (AWS) that establishes a dedicated, private network connection between your on-premises network and AWS, bypassing the public internet.
This service allows data to be delivered through a private network connection, which can reduce costs, increase bandwidth, and provide a more consistent network experience compared to internet-based connections.
______ can be used with a variety of AWS services, including Amazon Elastic Compute Cloud (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), and Amazon DynamoDB.
It provides a private, high-bandwidth network connection between on-premises networks and an Amazon VPC, and if needed, can establish private connectivity with multiple VPCs to maintain network isolation.
The service utilizes a regular Ethernet fiber-optic cable to connect your internal network to an ______ site. This cable is attached to your router on one end and to an ______router on the other.
By bypassing internet service providers in your network path, you can construct virtual interfaces to public AWS services using this connection.
______ locations provide access to AWS in the region they are connected to, and a single connection in a public region or AWS GovCloud (US) can be used to access public AWS services in all other public regions.
AWS Direct Connect
What are the 6 Amazon Security, Identity, and Compliance Services?
1) AWS Identity and Access Management (IAM)
2) AWS Organizations
3) Amazon Cognito
4) AWS Artifact
5) AWS Key Management Service
6) AWS Shield
What are the 3 AWS Cost Management Services?
1) AWS Cost and Usage Report (CUR)
2) AWS Budgets
3) AWS Cost Explorer
What are the 8 AWS Management and Governance Services?
1) AWS Management Console
2) AWS Config
3) Amazon CloudWatch
4) AWS Auto Scaling
5) AWS Command Line Interface (CLI)
6) AWS Trusted Adviser
7) AWS Well-Architected Tool
8) AWS CloudTrail
How many bits are there in an IPv4 ip address?
32 bits
How many bits are there in an IPv6 address?
128 bits
A ______ is a service that allows resources in a private subnet to connect to services outside the network, such as the internet, while preventing external services from initiating connections with those resources. It translates private IP addresses to public IP addresses for outbound traffic and back for inbound responses, ensuring secure and efficient communication.
______ are managed services provided by cloud providers like AWS, Azure, and Oracle Cloud Infrastructure (OCI), offering high availability and automatic scaling to meet the needs of applications.
In AWS, a ______ is used in a public subnet to enable outbound internet traffic from instances in a private subnet. It supports TCP, UDP, and ICMP traffic and can handle up to 20 Gbit/s of bandwidth.
A NAT Gateway (Network Address Translation)
______ is a method that allows two virtual private clouds (VPCs) to connect and communicate, enabling traffic routing between them using private IP addresses. This connection can occur within the same or different AWS accounts and can span VPCs located in the same or different regions. ______ enhances security by allowing resources in different VPCs to communicate over a private network, avoiding Internet exposure and protecting against common network attacks.
VPC peering
______ is a networking service provided by Amazon Web Services (AWS) that establishes a dedicated, private network connection between your on-premises network and AWS, bypassing the public internet.
This service can reduce costs, increase bandwidth, and provide a more consistent network experience compared to internet-based connections.
The connection is typically established using a regular Ethernet fiber-optic cable that connects your internal network to an AWS ______ site, where it is attached to an AWS ______ router.
AWS ______ can be used to connect to various AWS services, including Amazon Elastic Compute Cloud (EC2), Amazon Virtual Private Cloud (VPC), Amazon Simple Storage Service (S3), and Amazon DynamoDB.
It also allows for private connectivity to multiple VPCs to maintain network isolation.
Since the network traffic stays on the AWS global network, it never enters the open internet, which lowers the likelihood of encountering bottlenecks or other issues.
AWS Direct Connect
An AWS ______ is a service offered by AWS VPC that lets customers privately connect to supported AWS services and ______ services powered by AWS PrivateLink, without requiring public IP addresses for Amazon VPC instances to communicate with the resources of the service.
This network traffic between an Amazon VPC and an AWS service does not leave the Amazon network, enhancing security and privacy.
______ are virtual devices that are horizontally scaled, redundant, and highly available Amazon VPC components that allow communication between instances in an Amazon VPC and services without imposing availability risks or bandwidth constraints on network traffic.
They provide a secure and private communication between the resources within the Amazon VPC and AWS Services without the need for internet access.
VPC endpoint
There are two main types of VPC endpoints:
______ Endpoint: Suitable for most AWS services and establishes a connection through an Elastic Network Interface with a private IP address from the VPC subnet range.
It charges $0.01 per VPC endpoint hours and data processing.
______ Endpoint: Supports only S3 and DynamoDB and creates a connection through a VPC endpoint gateway.
Its usage is free but it charges only for the data that is transferred out of Amazon S3.
VPC endpoints enable you to privately access services by using private IP addresses and do not require a public IP address, access over the Internet, NAT device, a VPN connection, or any other service.
Interface, Gateway
AWS ______ are virtual firewalls that control inbound and outbound traffic to AWS resources, such as EC2 instances, based on defined rules.
They act as the first layer of defense against malicious attackers by providing security at the port and protocol level.
______ are stateful, meaning that they track the state of network connections and automatically allow return traffic for established connections.
They operate at the instance level and only accept “Allow” rules, making them a primary defense mechanism for securing your AWS environment.
AWS ______ are crucial for maintaining a secure environment and are managed through the AWS Management Console or programmatically using tools like Terraform.
Security Groups
What are the 7 supported routing methods utilized by Amazon Route 53?
1) Simple Routing - used in single server environments
2) Weighted routing - assign weights to resource record sets to specify the frequency
3) Latency routing - help improve your global applications
4) Geolocation routing - Route traffic based on location of your users
5) Geoproximity routing - Rout traffic based on location of your resources
6) Failover routing - Fail over to a backup site if your primary becomes unreachable
7) Multivalue answer routing - Respond to dns queries with up to 8 healthy records selected at random
What are the 7 layers of the OSI model?
7) Application - means for an application to access a computer network (HTTP(s), FTP, DHCP, LDAP
6) Presentation - ensures that the application layer can read the data; encryption (ASCII, ICA)
5) Session - enables orderly exchange of data (NetBios, RPC)
4) Transport - Provides protocols to support host-to-host communication (TCP, UDP)
3) Network - Routing and packet forwarding (routers); (IP)
2) Data Link - Transfer data in the same lan network (bridges and switches); (MAC)
1) Physical - Transmission and reception of raw bit streams over a physical medium (hubs); (Signals; 1’s and 0’s)
For each CIDR block that you specify, Amazon will reserve 5 IP addresses. They are utilized for:
1) Network Address
2) VPC local router
3) DNS resolution
4) Future use
5) Network broadcast address
______ Instances are default Amazon EC2 instances that are instantly available for purchase without any long-term contract or upfront payment. You can modify them in real-time to meet workload changes, increasing or decreasing compute capacity as needed. They are ideal for short-term workloads, testing and development, and applications requiring uninterrupted compute power.
______ Instances offer a pay-as-you-go model with a fixed hourly rate that changes based on factors such as AWS Region, instance type, and more. Billing is per second or hour, with a minimum usage requirement of 60 seconds.
These instances provide full control over the lifecycle, allowing you to decide when to launch, stop, hibernate, start, reboot, or terminate them.
______ Instances are suitable for unpredictable workloads, short-term tasks, and applications that cannot tolerate interruptions. They are also beneficial for organizations that prefer flexible access to compute resources without any upfront payment or long-term commitment.
However, ______ Instances are generally more expensive compared to Reserved and Spot Instances due to their guaranteed availability and predictability.
In summary, ______ Instances offer flexibility, scalability, and guaranteed performance, making them a reliable choice for various applications.
On-Demand
