Deck 1 Flashcards Preview

AWS Certified Solutions Architect Associate C > Deck 1 > Flashcards

Flashcards in Deck 1 Deck (172):
1

S3 object size

From 1 byte to 5 TB

2

S3 bucket URL format

https://S3-.amazonaws.com/

3

S3 response when upload successful

HTTP 200 response

4

S3 Data consistency model

Read after write for PUTS
Eventual consistency for overwrite PUTS and DELETES

5

S3 objects consist in...

Key
Value (sequence of bytes)
Version ID
Metadata
Subresources (ACL, Torrent)

6

Things to take in account when naming S3 objects

First 16 characters determine node where S3 stores the file
Add randomness to the file name

7

S3 availability and durability

Availability 99,99%
Durability 99,999999999% (11 nines)

8

S3 storage tiers

S3 (default, 99,99% availability 99,999999999% durability)
Infrequent Access (cheaper storage fee, retrieval fee 99,9% availability 99,999999999% durability )
Reduced Redundancy Storage ( 99,99% availability 99,99% durability)
Glazier (Archival, really cheap, 3-5 hours to restore)

9

Is it possible to remove S3 versioning?

No, only disable

10

How much space is occupied when S3 versioning is enabled?

The sum of all versions

11

How to restore a deleted file with versioning enabled in S3?

Delete the delete marker

12

Is it possible to use lifecycle management in conjunction with versioning?

Yes

13

How many days should you wait before deleting an object from Glacier?

Glacier is designed to store objects for at least 90 days. Costs incur for 90 danys

14

What is an edge location in CloudFront?

Location where content will be cached

15

What is an origin in CloudFront?

Origin of all files that the CDN will distribute.
Can be:
-S3 bucket
-EC2 instance
-ELB
-Route 53

16

What is a distribution in CloudFront?

Name given to the CDN.
Consists in a collection of edge locations

17

Types of distributions in CloudFront

-Web distribution
-RTMP (media streaming)

18

Is it possible to write to an edge location?

Yes

19

What determines the amount of time an object is cached in CloudFront?

TTL

20

Is it possible to clear cached objects in CloudFront?

Yes, but you will be charged

21

Is it possible to restrict access to contents in CloudFront?

Yes, you can use signed URLs or signed cookies

22

How to set up access to an S3 bucket?

ACL
Bucket Policies

23

Where can you store access logs for an S3 bucket?

Another bucket
Another AWS account

24

Ways of encrypting data in S3

-In transit:
--SSL/TLS


-At rest:
--Server side encryption:
---SSE-S3 (S3 managed keys)
---SSE-KMS (AWS Key Management Service managed keys)
---SSE-C (Customer provided keys)

--Client side encryption

25

Types of Storage Gateway

-Files Gateway (NFS)
-Volumes Gateway(iSCSI)
--Stored volumes
--Cached volumes
-Tape Gateway (VTL)

26

What you can do with Snowball?

Export data from S3
Import data to S3

27

What is S3 transfer acceleration?

Accelerates uploads to S3 using edge locations.
User uploads to edge location and data is uploaded to S3 through AWS backbone.

28

What do you need to enable S3 cross region replication?

Enable versioning

29

S3 lifecycle management actions permitted

-Transition from standard to IA (128kb and 30 days after creation)
-Archive to glacier (30 days after transfer to IA)
-Permanently delete

30

Snowball types

Snowball
Snowball edge
Snowmobile

31

What is Import / Export?

Allows you to send disks with data to AWS.
Deprecated (currently Snowball)

32

What is S3 multipart upload?

Allows you to accelerate uploads by uploading multiple parts

33

Are you charged for the whole hour when a spot instance is terminated?

If the Spot instance is terminated by Amazon EC2, you will not be charged for a partial hour of usage.
However, if you terminate the instance yourself, you will be charged for any hour in which the instance ran.

34

EC2 instance families

DRMCGIFTPX

35

EC2 instance types

on demand, spot, reserved, dedicated hosts

36

EBS types

General purpose
Provisioned IOPS
Throughput optimized (no boot)
Cold (no boot)
Magnetic standard

37

Is it possible to connect an EBS volume to multiple EC2 instances?

No, you should use EFS instead

38

Is it possible to encrypt an EBS root volume from an AWS AMI?

You can't encrypt a root volume from a created AMI. Instead, you should use a 3rd party tool or create your own AMI and encrypt it during creation

39

Traffic allowed by default in SG

Inbound: None
Outbound: All

40

How many EC2 instances per SG?

Any number

41

Is it possible to attach an EBS volume to an instance I. A different AZ?

No

42

What to do in case you need more IOPS than an EBS volume can provide?

Create more than one volume an create a RAID 0 or 10.
Amazon discourages RAID 5.

43

How to take a consistent snapshot from a RAID?

Application consistent snapshot.
-Freeze filesystem
-Unmount array
-Stop EC2 instance

44

How to take a snapshot from an EBS root volume?

Stop the EC2 instance first

45

Is it possible to share an encrypted snapshot?

No

46

How to encrypt the snapshot of an encrypted volume?

It is encrypted automatically

47

How to encrypt a volume restored from an encrypted volume?

It is done automatically

48

Is it possible to stop an instance store backed instance?

No

49

What will happen with root volumes on termination?

By default, all will be deleted, but you can chose to keep EBS backed root volumes during creation

50

How to resolve the IP address of an ELB?

It is not possible, AWS gives you a DNS name

51

CloudWatch host level metrics enabled by default

• CPU
• Network
• Disk (read/write, not space consumption)
• Status checks

52

CloudWatch monitoring types and default interval

Default monitoring, enabled by default. No cost and 5 minute interval.
Detailed monitoring, not enabled by default. Has cost and 1 minute interval.

53

Is it possible to us a role in a different region?

Yes, roles are universal

54

Instance meta-data URL

http://169.254.169.254/latest/meta-data/

55

Define warm up and cool down periods

Warm up period: period for the instance to start participating to the metrics
Cooldown period: amount of time between autoscaling events

56

What is a placement group?

A placement group is a logical grouping of instances within a single Availability Zone. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking.

57

Is it possible to expand a placement group to more than one AZ?

No

58

Is it possible to use the same name in more than one placement group?

No, name must be unique in your AWS account

59

Is it possible to launch any instance type in a placement group?

No, only in compute, GPU, memory or storage optimised instances

60

Is it possible to merge placement groups?

No

61

Is it possible to add an existing instance to a placement group?

No, but you can create an AMI from the instance and launch a new instance from the AMI into the placement group

62

Is it possible to delete an EBS snapshot used as root volume for a registered AMI?

No, you should deregister the AMI first

63

Is it possible to launch an AMI in a different region from where it is stored?

No, AMIs are regional. You can copy an AMI to other region using console, command line or EC2 API

64

How to obtain the IP address of an ELB?

ELBs don't have predefined IPv4 addresses. You resolve to them using a DNS name

65

Differences between alias and CNAME

-Alias allow to resolve a zone apex
- AWS does not charge for alias resolution

66

Route53 routing policies

-Simple
-Weighted
-Latency
-Failover
-Geolocation

67

Route53 domain name number soft limit

50

68

What do you need in order to create a read replica in RDS?

Enable automatic backups

69

Maximum number of read replicas in RDS

5

70

Is it possible to have a read replica from a read replica?

Yes, but latency problems can appear

71

Is it possible to enable MultiAZ in a read replica?

No

72

Differences scaling RDS and DynamoDB

-RDS: hard to scale. Bigger instance or read replicas
-DynamoDB: Scales on the fly

73

DynamoDB consistency models

Eventual consistency ( best read performance, default)
Strong consistency

74

Dynamoy billing blocks

Blocks of:
Read:50 (cheap)
Write:10 (expensive)

75

When is suitable to use ElastiCache?

Database with frequent reads and few changes

76

What are the charges for the data transferred from RDS masters to replicas?

None

77

If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines what is the maximum size RDS volume you can have by default?

6Tb

78

Maximum provisioned IOPS capacity on an Oracle and MySQL RDS instance (using provisioned IOPS)

30,000 IOPS

79

How many copies of your data do you have with Aurora?

6, 2 copies in 3 AZ

80

How many copies can Aurora handle loosing?

3 copies without affecting reads
2 copies without affecting writes

81

Types of Aurora replicas

Aurora replicas ( up to 15)
MySQL replicas ( up to 5)

82

Redshift node configuration

-Single node ( 160Gb)
-Multinode:
--Leader node: manages client connections, receives queries
--Compute node:stores data, performs queries and computations (up to 128 compute nodes)

83

Is it possible to expand a subnet to more than one AZ?

No

84

How many IGW per VPC?

1

85

Is it possible to perform transitive peering in VPC?

No, VPC peering is done through star configuration

86

VPC allowed CIDR block ranges?

Between /16 and /28

87

What is created by default when you create a VPC?

Route table
Network ACL
Security Group

88

To which route table is associated a subnet when it is created?

Default

89

What you should disable in a NAT instance?

Source/destination check

90

What to do is NAT instance is the bottleneck ?

Increase instance size

91

How to deploy a NAT instance in HA?

-Two instances in different AZs
-Script to automate failover between them

92

How many NACL per subnet?

1, when you associate a new NACL, old is removed
If not associated, it is associated with default NACL

93

Traffic allowed by default in NACL

Default: all
Custom: any

94

How many subnet per NACL?

Multiple

95

How many VPC per region by default?

5

96

How many subnet to provide HA?

Minimum of 2

97

Difference NAT and bastion instances?

NAT to provide internet traffic to instances in private subnet
Bastion to manage instances in private subnet

98

Does an instance in a public subnet have internet access by default?

No, you have to assign a public address or an EIP to the instance

99

What AWS region(s) can I connect to via a DirectConnect connection?

Each AWS Direct Connect location enables connectivity to the geographically nearest AWS region. You can access all AWS services available in that region.
Direct Connect locations in the US can also access the public endpoints of the other AWS regions using a public virtual interface.

100

How many types of block devices does Amazon EC2 support?

-Instance store
-EBS

101

What does Amazon EBS stand for?

Elastic Block Store

102

What is SWF?

Simple WorkFlow Service.
Service to coordinate tasks

103

Main differences between SQS and SWF

-SQS has a retention period of 14 days, SWF up to 1 year for workflow executions
-SQS message oriented API, SWF task oriented API
-SWF ensures task is processed one time

104

SWF actors

-Starters
-Deciders
-Workers

105

Maximum size of an SQS message

256kb of text in any format

106

SQS order

Does not provide FIFO

107

SQS visibility timeout

12 hours

108

How many times a message will be delivered to SQS?

At least 1.
You should prepare your application so processing message more than one time does not generate errors or inconsistencies

109

How is SQS billed?

-64kb chunks (each chunk is charged as a request. Example: 1 API call with 256kb payload is charged = 4 requests)
- first 1 million SQS requests are free
-$0,50 per million thereafter

110

How many messages per request in SQS?

10
Maximum payload of 256kb

111

SNS deliver methods

-Push notification to mobile devices
-SMS
- Email
-SQS
-HTTP endpoint
-Lambda

112

Main difference between SQS and SNS

SQS is pull
SNS is push

113

What does a "domain" refer to in Amazon SWF?

A collection of related workflows

114

With which protocols does RDS support SOAP?

Only HTTPS

115

What is bulk copy for SQL Server?

The SQL Server bulk copy feature is an efficient means of copying data from a source database to your DB instance. Bulk copy writes the data that you specify to a data file, such as an ASCII file. You can then run bulk copy again to write the contents of the file to the destination DB instance.

116

In the Amazon RDS which uses the SQL Server engine, what is the maximum size for a Microsoft SQL Server DB
Instance with SQL Server Express edition?

10 Gb

117

Attaching methods for ENIs

You can attach an elastic network interface to an instance when it’s running (hot attach), when it’s stopped (warm attach), or when the instance is being launched (cold attach).

118

If you scale your provisioned storage capacity within the month...

...your bill will be pro-rated.

119

Backup retention period duration?

You can set the backup retention period to between 1 and 35 days.

120

What configuration should be used to ensure the highest network performance (packets per second), lowest latency, and lowest jitter?

Enhanced Networking enables you to get significantly higher packet per second (PPS) performance, lower network jitter and lower latencies. This feature uses a new network virtualization stack that provides higher I/O performance and lower CPU utilization compared to traditional implementations. In order to take advantage of Enhanced Networking, you should launch an HVM AMI in VPC, and install the appropriate driver.

121

The Trusted Advisor service provides insight regarding which four categories of an AWS account?

Security
Fault tolerance
Cost optimizing
Performance

122

Which login types does AWS STS web identity federation support?

AWS STS web identity federation supports Login with Amazon, Facebook, Google, and any OpenID Connect (OICD)-compatible identity provider.

123

Instance types only available as Amazon EBS-backed

T2
C4

124

Main difference between CloudWatch and CloudTrail

CloudWatch: monitoring
CloudTrail: logging

125

Is it possible to move reserved instances from one region to another?

No

126

AWS services related with big data

-Kinesis: consume big data in real time (ex: social media)
-EMR:big data processing
-Redshift: BI

127

What is a resource group?

Which resource groups you can group resources that share one or more tags

128

VPC peering limitations

No multi region
No transitive
No CIDR overlapping

129

Is it possible to authenticate in the AWS console using your AD credentials?

Yes, using SAML authentication

130

Methodologies for encrypting data on S3?

SSE-KMS
SSE-S3
SSE-C

131

4 pillars well architected framework

Security
Reliability
Performance efficiency
Cost optimisation

132

What is needed before you can enable cross-region replication on an Amazon Simple
Storage Service (Amazon S3) bucket?

-Enable versioning on the bucket.
-Create an AWS IAM policy to allow Amazon S3
to replicate objects on your behalf.

133

what you can and cannot change from an instance reservation?

You can change the instance type only within the same instance type family, or
you can change the Availability Zone. You cannot change the operating system nor the
instance type family.

134

What can you do with dhcp option sets?

You can specify the domain name for instances within
an Amazon VPC and identify the IP addresses of custom DNS servers, NTP servers, and
NetBIOS servers

135

What is a VPC endpoint?

Enables you to create a private connection between your Amazon VPC and another AWS service without requiring access over the Internet or through a NAT
instance, a VPN connection, or AWS Direct Connect. Endpoints support services within
the region only.

136

The default time for an Amazon SQS visibility timeout is...

... 30 seconds

137

The maximum time for an Amazon SQS visibility timeout is ...

...12 hours

138

What is proxy protocol?

You can identify the originating IP address of a client connecting to your servers using TCP load balancing. Client connection information, such as IP address and port, is typically lost when requests are proxied through a load balancer.

139

What is Amazon CloudSearch?

Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application.

140

Can the instances of s SG talk to each other?

Default SG - Yes
Other SGS - No

141

What is erased when you delete an IAM user?

When you use the AWS Management Console to delete an IAM user, IAM automatically deletes the following information for you:

The user
Any group memberships—that is, the user is removed from any IAM groups that the user was a member of
Any password associated with the user
Any access keys belonging to the user
All inline policies embedded in the user (policies that are applied to a user via group permissions are not affected)
Any associated MFA device

142

Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?

Note that you can't delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first deregister the AMI before you can delete the snapshot.

143

Pare meters retained when you promote a read replica

The new DB instance that is created when you promote a Read Replica retains the backup retention period, backup window period, and parameter group of the former Read Replica source.

144

Public IP address remains associated when instance is stopped?

For instances launched in EC2-Classic, we release the private IPv4 address when the instance is stopped or terminated. If you restart your stopped instance, it receives a new private IPv4 address.

For instances launched in a VPC, a private IPv4 address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated.

145

If you add a tag that has the same key as an existing tag on that resource...

...If you add a tag that has the same key as an existing tag on that resource, the new value overwrites the old value.

146

Are Reserved Instances available for Multi-AZ Deployments?

Yes

147

When should I choose Provisioned IOPS over Standard RDS storage?

If you use production online transaction processing (OLTP) workloads.

148

What is an instance profile?

An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.

149

How many active access keys we IAM user?

IAM permits users to have no more than two active access keys at one time.

150

How to improve performance of API Gateway?

Use caching

151

How to scale API Gateway?

It scales automatically

152

How to prevent attacks in API Gateway?

Use throttling

153

How to solve API Gateway error: "origin policy cannot be read at the remote resource"

Enable CORS

154

Differences between Kinesis streams and Kinesis firehose?

Streams:
-uses shards
-data is sent to consumers first
Firehose:
-analizes dará automatically using lambda

155

Can I encrypt connections between my application and my DB Instance using SSL?

Yes, this option is currently supported for the MySQL, MariaDB, SQL Server, PostgreSQL, and Oracle engines.

156

Is the SQL Server Audit feature supported in the Amazon RDS SQL Server engine?

No

157

If your DB instance runs out of storage space or file system resources, its status will change to_____ and your
DB Instance will no longer be available.

Storage-full

158

Which Amazon storage do you think is the best for my database-style applications that frequently encounter
many random reads and writes across the dataset?

EBS

159

How to expose a snapshot only to selected accounts?

SelectPrivate, enter the IDs of those AWS accounts, and clickSave.

160

Define Query requests

Query requests are HTTP or HTTPS requests that use the HTTP verb GET or POST and a Query parameter named Action.

161

Does AWS Direct Connect allow you access to all Availabilities Zones within a Region?

Yes

162

Does Amazon SQS keep track of all tasks and events in an application?

No, with SQS, you must implement your own application-level tracking, especially if your application uses multiple queues.

163

When editing permissions (policies and ACLs), to whom does the concept of the "Owner" refer?

The "Owner" refers to the identity and email address used to create the account AWS account.​​

164

Once a VPC is set to Dedicated hosting, is it possible to change the VPC or the instances to Default hosting?

No, yvou must re-create the VPC.

165

Is it possible to read Route53 internal resources from external sources?

Route53 has a security feature that prevents internal DNS from being read by external sources. The work around is to create a EC2 hosted DNS instance that does zone transfers from the internal DNS, and allows itself to be queried by external servers.

166

Permissions to host a website on S3

-Modify object ACL (no bucket ACL)
-Create bucket policy

167

It is possible to have a read replica in a different region in RDS?

Yes, for MySQL, MariaDB and Postgres instances

168

To access public resources in a remote region...

...you must set up a public virtual interface and establish a border gateway protocol (BGP) session.

169

ASG default termination policy

AZ with more instances
Oldest LC
Instance nearer to next billing hour

170

Is it compulsory to have AWS credentials in order to use WorkSpaces?

No, if AWS WorkSpaces is integrated with an AD

171

Is WorkSpaces persistent?

Yes

172

On WorkSpaces, all data on D:/ is backed up every...

12 hours