Deck 1 Flashcards
1
Q
S3 object size
A
From 1 byte to 5 TB
2
Q
S3 bucket URL format
A
https://S3-.amazonaws.com/
3
Q
S3 response when upload successful
A
HTTP 200 response
4
Q
S3 Data consistency model
A
Read after write for PUTS
Eventual consistency for overwrite PUTS and DELETES
5
Q
S3 objects consist in…
A
Key Value (sequence of bytes) Version ID Metadata Subresources (ACL, Torrent)
6
Q
Things to take in account when naming S3 objects
A
First 16 characters determine node where S3 stores the file
Add randomness to the file name
7
Q
S3 availability and durability
A
Availability 99,99%
Durability 99,999999999% (11 nines)
8
Q
S3 storage tiers
A
S3 (default, 99,99% availability 99,999999999% durability)
Infrequent Access (cheaper storage fee, retrieval fee 99,9% availability 99,999999999% durability )
Reduced Redundancy Storage ( 99,99% availability 99,99% durability)
Glazier (Archival, really cheap, 3-5 hours to restore)
9
Q
Is it possible to remove S3 versioning?
A
No, only disable
10
Q
How much space is occupied when S3 versioning is enabled?
A
The sum of all versions
11
Q
How to restore a deleted file with versioning enabled in S3?
A
Delete the delete marker
12
Q
Is it possible to use lifecycle management in conjunction with versioning?
A
Yes
13
Q
How many days should you wait before deleting an object from Glacier?
A
Glacier is designed to store objects for at least 90 days. Costs incur for 90 danys
14
Q
What is an edge location in CloudFront?
A
Location where content will be cached
15
Q
What is an origin in CloudFront?
A
Origin of all files that the CDN will distribute. Can be: -S3 bucket -EC2 instance -ELB -Route 53
16
Q
What is a distribution in CloudFront?
A
Name given to the CDN.
Consists in a collection of edge locations
17
Q
Types of distributions in CloudFront
A
- Web distribution
- RTMP (media streaming)
18
Q
Is it possible to write to an edge location?
A
Yes
19
Q
What determines the amount of time an object is cached in CloudFront?
A
TTL
20
Q
Is it possible to clear cached objects in CloudFront?
A
Yes, but you will be charged
21
Q
Is it possible to restrict access to contents in CloudFront?
A
Yes, you can use signed URLs or signed cookies
22
Q
How to set up access to an S3 bucket?
A
ACL
Bucket Policies
23
Q
Where can you store access logs for an S3 bucket?
A
Another bucket
Another AWS account
24
Q
Ways of encrypting data in S3
A
- In transit:
- -SSL/TLS
- At rest:
- -Server side encryption:
- –SSE-S3 (S3 managed keys)
- –SSE-KMS (AWS Key Management Service managed keys)
- –SSE-C (Customer provided keys)
–Client side encryption
25
Types of Storage Gateway
- Files Gateway (NFS)
- Volumes Gateway(iSCSI)
- -Stored volumes
- -Cached volumes
- Tape Gateway (VTL)
26
What you can do with Snowball?
Export data from S3
| Import data to S3
27
What is S3 transfer acceleration?
Accelerates uploads to S3 using edge locations.
| User uploads to edge location and data is uploaded to S3 through AWS backbone.
28
What do you need to enable S3 cross region replication?
Enable versioning
29
S3 lifecycle management actions permitted
- Transition from standard to IA (128kb and 30 days after creation)
- Archive to glacier (30 days after transfer to IA)
- Permanently delete
30
Snowball types
Snowball
Snowball edge
Snowmobile
31
What is Import / Export?
Allows you to send disks with data to AWS.
| Deprecated (currently Snowball)
32
What is S3 multipart upload?
Allows you to accelerate uploads by uploading multiple parts
33
Are you charged for the whole hour when a spot instance is terminated?
If the Spot instance is terminated by Amazon EC2, you will not be charged for a partial hour of usage.
However, if you terminate the instance yourself, you will be charged for any hour in which the instance ran.
34
EC2 instance families
DRMCGIFTPX
35
EC2 instance types
on demand, spot, reserved, dedicated hosts
36
EBS types
```
General purpose
Provisioned IOPS
Throughput optimized (no boot)
Cold (no boot)
Magnetic standard
```
37
Is it possible to connect an EBS volume to multiple EC2 instances?
No, you should use EFS instead
38
Is it possible to encrypt an EBS root volume from an AWS AMI?
You can't encrypt a root volume from a created AMI. Instead, you should use a 3rd party tool or create your own AMI and encrypt it during creation
39
Traffic allowed by default in SG
Inbound: None
Outbound: All
40
How many EC2 instances per SG?
Any number
41
Is it possible to attach an EBS volume to an instance I. A different AZ?
No
42
What to do in case you need more IOPS than an EBS volume can provide?
Create more than one volume an create a RAID 0 or 10.
| Amazon discourages RAID 5.
43
How to take a consistent snapshot from a RAID?
Application consistent snapshot.
- Freeze filesystem
- Unmount array
- Stop EC2 instance
44
How to take a snapshot from an EBS root volume?
Stop the EC2 instance first
45
Is it possible to share an encrypted snapshot?
No
46
How to encrypt the snapshot of an encrypted volume?
It is encrypted automatically
47
How to encrypt a volume restored from an encrypted volume?
It is done automatically
48
Is it possible to stop an instance store backed instance?
No
49
What will happen with root volumes on termination?
By default, all will be deleted, but you can chose to keep EBS backed root volumes during creation
50
How to resolve the IP address of an ELB?
It is not possible, AWS gives you a DNS name
51
CloudWatch host level metrics enabled by default
* CPU
* Network
* Disk (read/write, not space consumption)
* Status checks
52
CloudWatch monitoring types and default interval
Default monitoring, enabled by default. No cost and 5 minute interval.
Detailed monitoring, not enabled by default. Has cost and 1 minute interval.
53
Is it possible to us a role in a different region?
Yes, roles are universal
54
Instance meta-data URL
http://169.254.169.254/latest/meta-data/
55
Define warm up and cool down periods
Warm up period: period for the instance to start participating to the metrics
Cooldown period: amount of time between autoscaling events
56
What is a placement group?
A placement group is a logical grouping of instances within a single Availability Zone. Placement groups are recommended for applications that benefit from low network latency, high network throughput, or both. To provide the lowest latency, and the highest packet-per-second network performance for your placement group, choose an instance type that supports enhanced networking.
57
Is it possible to expand a placement group to more than one AZ?
No
58
Is it possible to use the same name in more than one placement group?
No, name must be unique in your AWS account
59
Is it possible to launch any instance type in a placement group?
No, only in compute, GPU, memory or storage optimised instances
60
Is it possible to merge placement groups?
No
61
Is it possible to add an existing instance to a placement group?
No, but you can create an AMI from the instance and launch a new instance from the AMI into the placement group
62
Is it possible to delete an EBS snapshot used as root volume for a registered AMI?
No, you should deregister the AMI first
63
Is it possible to launch an AMI in a different region from where it is stored?
No, AMIs are regional. You can copy an AMI to other region using console, command line or EC2 API
64
How to obtain the IP address of an ELB?
ELBs don't have predefined IPv4 addresses. You resolve to them using a DNS name
65
Differences between alias and CNAME
- Alias allow to resolve a zone apex
| - AWS does not charge for alias resolution
66
Route53 routing policies
- Simple
- Weighted
- Latency
- Failover
- Geolocation
67
Route53 domain name number soft limit
50
68
What do you need in order to create a read replica in RDS?
Enable automatic backups
69
Maximum number of read replicas in RDS
5
70
Is it possible to have a read replica from a read replica?
Yes, but latency problems can appear
71
Is it possible to enable MultiAZ in a read replica?
No
72
Differences scaling RDS and DynamoDB
- RDS: hard to scale. Bigger instance or read replicas
| - DynamoDB: Scales on the fly
73
DynamoDB consistency models
```
Eventual consistency ( best read performance, default)
Strong consistency
```
74
Dynamoy billing blocks
Blocks of:
Read:50 (cheap)
Write:10 (expensive)
75
When is suitable to use ElastiCache?
Database with frequent reads and few changes
76
What are the charges for the data transferred from RDS masters to replicas?
None
77
If you are using Amazon RDS Provisioned IOPS storage with MySQL and Oracle database engines what is the maximum size RDS volume you can have by default?
6Tb
78
Maximum provisioned IOPS capacity on an Oracle and MySQL RDS instance (using provisioned IOPS)
30,000 IOPS
79
How many copies of your data do you have with Aurora?
6, 2 copies in 3 AZ
80
How many copies can Aurora handle loosing?
3 copies without affecting reads
| 2 copies without affecting writes
81
Types of Aurora replicas
```
Aurora replicas ( up to 15)
MySQL replicas ( up to 5)
```
82
Redshift node configuration
- Single node ( 160Gb)
- Multinode:
- -Leader node: manages client connections, receives queries
- -Compute node:stores data, performs queries and computations (up to 128 compute nodes)
83
Is it possible to expand a subnet to more than one AZ?
No
84
How many IGW per VPC?
1
85
Is it possible to perform transitive peering in VPC?
No, VPC peering is done through star configuration
86
VPC allowed CIDR block ranges?
Between /16 and /28
87
What is created by default when you create a VPC?
Route table
Network ACL
Security Group
88
To which route table is associated a subnet when it is created?
Default
89
What you should disable in a NAT instance?
Source/destination check
90
What to do is NAT instance is the bottleneck ?
Increase instance size
91
How to deploy a NAT instance in HA?
- Two instances in different AZs
| - Script to automate failover between them
92
How many NACL per subnet?
1, when you associate a new NACL, old is removed
| If not associated, it is associated with default NACL
93
Traffic allowed by default in NACL
Default: all
Custom: any
94
How many subnet per NACL?
Multiple
95
How many VPC per region by default?
5
96
How many subnet to provide HA?
Minimum of 2
97
Difference NAT and bastion instances?
NAT to provide internet traffic to instances in private subnet
Bastion to manage instances in private subnet
98
Does an instance in a public subnet have internet access by default?
No, you have to assign a public address or an EIP to the instance
99
What AWS region(s) can I connect to via a DirectConnect connection?
Each AWS Direct Connect location enables connectivity to the geographically nearest AWS region. You can access all AWS services available in that region.
Direct Connect locations in the US can also access the public endpoints of the other AWS regions using a public virtual interface.
100
How many types of block devices does Amazon EC2 support?
- Instance store
| - EBS
101
What does Amazon EBS stand for?
Elastic Block Store
102
What is SWF?
Simple WorkFlow Service.
| Service to coordinate tasks
103
Main differences between SQS and SWF
- SQS has a retention period of 14 days, SWF up to 1 year for workflow executions
- SQS message oriented API, SWF task oriented API
- SWF ensures task is processed one time
104
SWF actors
- Starters
- Deciders
- Workers
105
Maximum size of an SQS message
256kb of text in any format
106
SQS order
Does not provide FIFO
107
SQS visibility timeout
12 hours
108
How many times a message will be delivered to SQS?
At least 1.
| You should prepare your application so processing message more than one time does not generate errors or inconsistencies
109
How is SQS billed?
- 64kb chunks (each chunk is charged as a request. Example: 1 API call with 256kb payload is charged = 4 requests)
- first 1 million SQS requests are free
- $0,50 per million thereafter
110
How many messages per request in SQS?
10
| Maximum payload of 256kb
111
SNS deliver methods
- Push notification to mobile devices
- SMS
- Email
- SQS
- HTTP endpoint
- Lambda
112
Main difference between SQS and SNS
SQS is pull
| SNS is push
113
What does a "domain" refer to in Amazon SWF?
A collection of related workflows
114
With which protocols does RDS support SOAP?
Only HTTPS
115
What is bulk copy for SQL Server?
The SQL Server bulk copy feature is an efficient means of copying data from a source database to your DB instance. Bulk copy writes the data that you specify to a data file, such as an ASCII file. You can then run bulk copy again to write the contents of the file to the destination DB instance.
116
In the Amazon RDS which uses the SQL Server engine, what is the maximum size for a Microsoft SQL Server DB
Instance with SQL Server Express edition?
10 Gb
117
Attaching methods for ENIs
You can attach an elastic network interface to an instance when it’s running (hot attach), when it’s stopped (warm attach), or when the instance is being launched (cold attach).
118
If you scale your provisioned storage capacity within the month...
...your bill will be pro-rated.
119
Backup retention period duration?
You can set the backup retention period to between 1 and 35 days.
120
What configuration should be used to ensure the highest network performance (packets per second), lowest latency, and lowest jitter?
Enhanced Networking enables you to get significantly higher packet per second (PPS) performance, lower network jitter and lower latencies. This feature uses a new network virtualization stack that provides higher I/O performance and lower CPU utilization compared to traditional implementations. In order to take advantage of Enhanced Networking, you should launch an HVM AMI in VPC, and install the appropriate driver.
121
The Trusted Advisor service provides insight regarding which four categories of an AWS account?
Security
Fault tolerance
Cost optimizing
Performance
122
Which login types does AWS STS web identity federation support?
AWS STS web identity federation supports Login with Amazon, Facebook, Google, and any OpenID Connect (OICD)-compatible identity provider.
123
Instance types only available as Amazon EBS-backed
T2
| C4
124
Main difference between CloudWatch and CloudTrail
CloudWatch: monitoring
CloudTrail: logging
125
Is it possible to move reserved instances from one region to another?
No
126
AWS services related with big data
- Kinesis: consume big data in real time (ex: social media)
- EMR:big data processing
- Redshift: BI
127
What is a resource group?
Which resource groups you can group resources that share one or more tags
128
VPC peering limitations
No multi region
No transitive
No CIDR overlapping
129
Is it possible to authenticate in the AWS console using your AD credentials?
Yes, using SAML authentication
130
Methodologies for encrypting data on S3?
SSE-KMS
SSE-S3
SSE-C
131
4 pillars well architected framework
Security
Reliability
Performance efficiency
Cost optimisation
132
```
What is needed before you can enable cross-region replication on an Amazon Simple
Storage Service (Amazon S3) bucket?
```
-Enable versioning on the bucket.
-Create an AWS IAM policy to allow Amazon S3
to replicate objects on your behalf.
133
what you can and cannot change from an instance reservation?
You can change the instance type only within the same instance type family, or
you can change the Availability Zone. You cannot change the operating system nor the
instance type family.
134
What can you do with dhcp option sets?
You can specify the domain name for instances within
an Amazon VPC and identify the IP addresses of custom DNS servers, NTP servers, and
NetBIOS servers
135
What is a VPC endpoint?
Enables you to create a private connection between your Amazon VPC and another AWS service without requiring access over the Internet or through a NAT
instance, a VPN connection, or AWS Direct Connect. Endpoints support services within
the region only.
136
The default time for an Amazon SQS visibility timeout is...
... 30 seconds
137
The maximum time for an Amazon SQS visibility timeout is ...
...12 hours
138
What is proxy protocol?
You can identify the originating IP address of a client connecting to your servers using TCP load balancing. Client connection information, such as IP address and port, is typically lost when requests are proxied through a load balancer.
139
What is Amazon CloudSearch?
Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application.
140
Can the instances of s SG talk to each other?
Default SG - Yes
| Other SGS - No
141
What is erased when you delete an IAM user?
When you use the AWS Management Console to delete an IAM user, IAM automatically deletes the following information for you:
The user
Any group memberships—that is, the user is removed from any IAM groups that the user was a member of
Any password associated with the user
Any access keys belonging to the user
All inline policies embedded in the user (policies that are applied to a user via group permissions are not affected)
Any associated MFA device
142
Can I delete a snapshot of the root device of an EBS volume used by a registered AMI?
Note that you can't delete a snapshot of the root device of an EBS volume used by a registered AMI. You must first deregister the AMI before you can delete the snapshot.
143
Pare meters retained when you promote a read replica
The new DB instance that is created when you promote a Read Replica retains the backup retention period, backup window period, and parameter group of the former Read Replica source.
144
Public IP address remains associated when instance is stopped?
For instances launched in EC2-Classic, we release the private IPv4 address when the instance is stopped or terminated. If you restart your stopped instance, it receives a new private IPv4 address.
For instances launched in a VPC, a private IPv4 address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated.
145
If you add a tag that has the same key as an existing tag on that resource...
...If you add a tag that has the same key as an existing tag on that resource, the new value overwrites the old value.
146
Are Reserved Instances available for Multi-AZ Deployments?
Yes
147
When should I choose Provisioned IOPS over Standard RDS storage?
If you use production online transaction processing (OLTP) workloads.
148
What is an instance profile?
An instance profile is a container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.
149
How many active access keys we IAM user?
IAM permits users to have no more than two active access keys at one time.
150
How to improve performance of API Gateway?
Use caching
151
How to scale API Gateway?
It scales automatically
152
How to prevent attacks in API Gateway?
Use throttling
153
How to solve API Gateway error: "origin policy cannot be read at the remote resource"
Enable CORS
154
Differences between Kinesis streams and Kinesis firehose?
```
Streams:
-uses shards
-data is sent to consumers first
Firehose:
-analizes dará automatically using lambda
```
155
Can I encrypt connections between my application and my DB Instance using SSL?
Yes, this option is currently supported for the MySQL, MariaDB, SQL Server, PostgreSQL, and Oracle engines.
156
Is the SQL Server Audit feature supported in the Amazon RDS SQL Server engine?
No
157
If your DB instance runs out of storage space or file system resources, its status will change to_____ and your
DB Instance will no longer be available.
Storage-full
158
Which Amazon storage do you think is the best for my database-style applications that frequently encounter
many random reads and writes across the dataset?
EBS
159
How to expose a snapshot only to selected accounts?
SelectPrivate, enter the IDs of those AWS accounts, and clickSave.
160
Define Query requests
Query requests are HTTP or HTTPS requests that use the HTTP verb GET or POST and a Query parameter named Action.
161
Does AWS Direct Connect allow you access to all Availabilities Zones within a Region?
Yes
162
Does Amazon SQS keep track of all tasks and events in an application?
No, with SQS, you must implement your own application-level tracking, especially if your application uses multiple queues.
163
When editing permissions (policies and ACLs), to whom does the concept of the "Owner" refer?
The "Owner" refers to the identity and email address used to create the account AWS account.
164
Once a VPC is set to Dedicated hosting, is it possible to change the VPC or the instances to Default hosting?
No, yvou must re-create the VPC.
165
Is it possible to read Route53 internal resources from external sources?
Route53 has a security feature that prevents internal DNS from being read by external sources. The work around is to create a EC2 hosted DNS instance that does zone transfers from the internal DNS, and allows itself to be queried by external servers.
166
Permissions to host a website on S3
- Modify object ACL (no bucket ACL)
| - Create bucket policy
167
It is possible to have a read replica in a different region in RDS?
Yes, for MySQL, MariaDB and Postgres instances
168
To access public resources in a remote region...
...you must set up a public virtual interface and establish a border gateway protocol (BGP) session.
169
ASG default termination policy
AZ with more instances
Oldest LC
Instance nearer to next billing hour
170
Is it compulsory to have AWS credentials in order to use WorkSpaces?
No, if AWS WorkSpaces is integrated with an AD
171
Is WorkSpaces persistent?
Yes
172
On WorkSpaces, all data on D:/ is backed up every...
12 hours
