Deck Flashcards
1
Q
Does IAM apply to regional assets?
A
No, IAM is universal across the platform
2
Q
What is the root IAM account?
A
The account created when the AWS instance is first setup
3
Q
Should you use IAM roles or hard coded secrets/keys in programmatic access?
A
IAM roles
4
Q
Do new users have permissions when they are created?
A
No
5
Q
Can you view a new user’s access key id & secret access key after creation?
A
No
6
Q
Can you use the access keys to login to the AWS console?
A
No
7
Q
Should the root account have MFA setup?
A
Yes, always
8
Q
True or False: AWS recommends that EC2 instances have credentials stored on them so that the instances can access other resources (such as S3 buckets).
A
False
9
Q
What is the best way to enable your EC2 instance to read files in an S3 bucket?
A
Create an IAM role with read access to S3 and assign the role to the EC2 instance
10
Q
What is an IAM Policy?
A
A JSON document which defines one or more permissions
11
Q
What IAM entity can you use to delegate access to your AWS resources to users, groups or services?
A
IAM Role
12
Q
What are the EC2 Options
A
On Demand, Reserved, Spot, Dedicated Hosts
13
Q
What is the Reserved EC2 Option
A
provides you with a capacity reservation, and offer a significant discount on the hourly charge for an instance. 1 or 3 year term reservation
14
Q
FIGHTDRMCPX
A
FPGA, IOPS, Graphics, High Disk Throughput, Cheap General Purpose(T2 Micro), Density, Ram, Main choice for general purpose apps(M), Compute, Graphics(Pics), Extreme Memory
15
Q
What is Amazon EBS?
A
Elastic Block Storage (disk)
16
Q
What EBS type would I use for more than 10000 IOPS?
A
IO1 aka, not GP2
17
Q
What EBS type would I use for less than 10000 IOPS?
A
GP2
18
Q
What is the On Demand EC2 Option
A
Allows you to pay a fixed rate by the hour or second with no commitment
19
Q
What is the Spot EC2 option
A
enables you to bid whatever price you want for the instance - instances are brought online when the price drops at or below your bid and then terminated when the price goes back up
20
Q
What is the dedicated hosts EC2 option
A
Physical EC2 server dedicated for your use.
21
Q
True or False: When a sport EC2 instance is terminated by Amazon, you will not be charged for the partial hour of use
A
True
22
Q
What types of SSD storage does Amazon offer for EC2?
A
General Purpose SSD and Provisioned IOPS SSD
23
Q
What types of Magnetic storage does Amazon offer for EC2?
A
Throughput Optimized HDD, Cold HDD, and Magnetic
24
Q
What is an EC2 Security Group
A
Virtual Firewall
25
What types of Load balancers exist on Amazon
Application, Network, and Classic Load Balancer
26
What are application load balancers
Best suited for load balancing HTTP/S traffic and operate at layer 7
27
What are network load balancers
Best suited for TCP traffic where extreme performance is needed, operates at layer 4
28
What are classic load balancers
Legacy elastic load balancers, does both layer 4 and layer 7
29
With a classic load balancer, what happens when your application stops responding
Load balancer responds with a 504 error
30
What is the X-Forwarded-For header
Header that contains the actual client IP Address for a request that came through a classic load balancer
31
What is Amazon Route53
Amazon DNS service
32
What services can you map domain names to with Route53
EC2 instances, Load Balancers, S3 Buckets
33
What do all AWS CLI commands start with
AWS
34
How much access should I grant to CLI users
The least amount needed to do their job
35
Should users be assigned to groups
Yes, this is preferred way of granting permissions
36
How can you access Amazon services from EC2 instances without an access key
Use IAM Roles assigned to the instance
37
What is the preferred way of granting access to Amazon services for EC2 instances
IAM Roles
38
What controls what an IAM Role can do
JSON Policy
39
When do changes to policies on a role take affect
Immediately
40
Can you attach or detach a role from a running EC2 instance
Yes
41
If you create an EBS volume from an encrypted snapshot, is the newly created volume encrypted?
Yes
42
If you create an EBS volume from an unencrypted snapshot, is the newly created volume unencrypted?
Yes
43
If you create an EBS volume from an encrypted snapshot, is the newly created volume unencrypted?
No
44
If you create an EBS volume from an unencrypted snapshot, is the newly created volume encrypted?
No
45
Do your EC2 instances need to be in the same availability zone as the EBS volumes they use?
Yes
46
When creating a volume from a snapshot, can you change whether the drive is encrypted or not?
No, the un/encryption is all based on the snapshot itself and cannot be changed
47
What are the two ways for encrypting a root EBS drive?
Using the OS, like Bitlocker, or by taking a snapshot in AWS Console
48
What is the preferred way of encrypting a root EBS drive?
Using the AWS Console and a snapshot
49
Can you encrypt an unencrypted EBS snapshot?
Yes
50
How do you encrypt an unencrypted EBS snapshot?
Create a copy of the snapshot
51
What is Amazon RDS
Relational Database Service
52
What is Amazon Elasticache
Web service that makes it easy to deploy, operate, and scale an in-memory cache
53
What two open-source in-memory caching engines are supported by Elasticache
Memcached and Redis
54
Is Amazon RDS service for OLTP or OLAP
OLTP
55
What is Amazon's NoSQL Db?
DynamoDB
56
What is Amazon's OLAP service?
Redshift
57
By default, can resource security groups talk to one antoher?
No
58
How can you make it so one security group can talk to another?
Define an inbound rule for the target security group from the source security group. i.e. Db group and web server group
59
What are the two types of RDS backups in AWS?
Automated backups and Database snapshots
60
How can you restore a RDS db from an Automated Backup
You can restore to any point within a retention period
61
How long is the retention period for an Automated Backup
one to 35 days
62
True or False: Automated RDS backups take a full snapshot daily
true
63
Do Automated backups store transaction logs throughout the day?
Yes
64
How accurate is a recovery from an Automated Backup for RDS
Down to a second
65
Where does Amazon store the Automated backups
In a S3 bucket
66
Ture or False: When you restore a RDS from a backup,, a new database is created
True
67
True or False: When you restore a RDS from a Automated Backup, a new database is created
True
68
True or False: When you restore a RDS from a snapshot, a new database is created
True
69
Does a RDS instance restored from a backup get a new DNS pointer?
Yes
70
Can you encrypt an existing RDS instance in place?
No, you must create a snapshot
71
In RDS, what is Multi-AZ
When you select to have a database live in multiple availability zones for disaster recovery
72
In RDS, is Multi-AZ designed and used for high availability?
No, for disaster recovery
73
Do you ever use a public IP when working with a RDS database instance?
No, never use public IP - always use the DNS name
74
When should you use the DNS name to connect to a RDS instance?
Always
75
True or False: RDS Multi-AZ is used for disaster recovery only
True
76
True or False: RDS Multi-AZ is used for increasing performance
False
77
How would I increase performance of my RDS instance?
Using a read replica
78
What is a RDS read replica
Automatically updated RDS instances used to increase read throughput for your database instance
79
Can you have read replicas of a read replica?
Yes
80
True or False: RDS Read replica is used for disaster recovery only
False
81
True or False: RDS Read Replica is used for increasing performance
True
82
True or False: Each read replica of a RDS instance will have its own DNS endpoint
True
83
Can you have Multi-AZ for read replicas?
Yes
84
Can you have both Read Replica and Multi-AZ RDS instances?
Yes
85
True or False: A read replica can be promoted to become its own RDS instance?
True
86
What does promoting a read replica to its own database do?
Creates a RDS instance from the read replica and breaks replication
87
True or False: You can't have read replicas in a second region?
False, you can
88
Which Elsticache provider do you use to have Multi-AZ
Redis
89
Does the Memcached Elasticache provider allow for Multi-AZ
No
90
Which Elasticache provider should I use if object caching is my primary goal?
Memcached
91
Which Elasticache provider should I use if I want the simplest possible approach
Memcached
92
Which Elasticache provider should I use if I am planning on running large cache nodes, and require multithreaded performance with utilization of multiple cores?
Memcached
93
Which Elasticache provider should I use if I need to scale my cache horizontally as i grow?
Memcached
94
Which Elasticache provider should I use if I have more advanced datatypes
Redis
95
Which Elasticache provider should I use if sorting and ranking datasets in memory will help me
Redis
96
Which Elasticache provider should I use if persistance of my keystore is important
Redis
97
Which Elasticache provider should I use if I want to run Multi-AZ
Redis
98
If my database is under a lot of stress/load and is read heavy executing many OLTP, what Amazon service should i use to alleviate this?
Elasticache
99
If my database is under a lot of stress/load and is executing OLAP, what Amazon service should I use to alleviate this?
Redshift
100
Which Elasticache provider should I use if I need pub/sub capabilities?
Redis
101
Which Elasticache provider should I use if I am implementing leaderboards?
Redis
102
What is S3?
Simple Storage Service
103
What does S3 provide to customers?
secure, durable, highly-scalabale object storage
104
What is the main purpose of S3?
To store objects, not operating systems or databases
105
Can I use S3 to store/run a database?
No
106
Can I use S3 to store/run an operating system?
No
107
Can I use S3 to store a webpages, files, or images?
Yes
108
Is S3 a safe place to store your files?
Yes
109
Does S3 store your objects across multiple devices and facilities?
Yes
110
Does S3 have high availability built in?
Yes
111
True or False: S3 has an element of disaster recovery built in?
True
112
How big can one file be in S3?
5TB
113
True or False: S3 provides unlimited storage
True
114
True or False: S3 limits your total amount of storage
False
115
If I have a 4.5TB file, can I store this in S3?
Yes
116
If I have a 5.1TB file, can I store this in S3?
No
117
What are folders called in S3?
Buckets
118
What is a bucket in S3?
Location files are stored (folder)
119
True or False: S3 bucket names must be unique globally
True
120
What HTTP code is returned when you successfully upload a file to S3?
200 OK
121
What data consistency does S3 provide for PUTs of new objects?
Read after write
122
How long do I have to wait to access my file in S3 after I have finished uploading it?
You don't have to wait at all
123
What data consistency does S3 provide for overwriting an existing file with a PUT or DELETEs on a file?
Eventual Consistency
124
True or False: S3 is a key-value store
True
125
An S3 object consists of _______
Key, Value, Version ID, Metadata, Subresources
126
Does S3 support versioning of specific files?
Yes
127
Is S3 designed to sustain the loss of 2 facilities at the same time?
Yes
128
What is S3 - IA?
S3 for infrequently accessed data
129
When using S3 - IA, do I pay per data retrieval?
Yes
130
What is S3 - One Zone IA?
S3 for infrequently accessed data that is only in one availability zone
131
What is S3 reduced redundancy storage?
S3 for data that is easy to recreate, like thumbnails
132
What is S3 Glacier?
Very cheap S3 bucket for archiving data.
133
How long do you have to wait before accessing your data in Glacier?
3-5 hours
134
Which S3 storage class has the highest availability and durability?
Standard
135
What is S3 Intelligent tiering?
automatically moves your S3 buckets to the most cost effective tier based on how you access each object
136
What is S3 intelligent tiering used for?
Unknown or unpredictable access patterns
137
What are the two tiers for S3 intelligent tiering?
Frequent and infrequent
138
How long does data have to go unaccessed before it is moved to the infrequent tire in S3 intelligent tiering?
30 consecutive days
139
How much does S3 Intelligent tiering cost?
$0.0025 per 1000 objects/month
140
What do you get charged for in S3
Storage per GB, Requests, Storage management pricing, data management pricing(for moving data out of S3), Transfer Acceleration (using cloudfront)
141
True or False: Newly created buckets in S3 are publicly available?
False
142
True or False: Newly created buckets in S3 are private?
True
143
What are the mechanisms for controlling access to your S3 buckets?
Bucket policies and access control lists
144
What is an S3 Bucket Policy
Access control policy at the bucket level
145
What is a S3 Access Control List
Access control policy at the object level
146
Can I configure my S3 bucket to log accesses?
Yes
147
Can I configure my S3 bucket to log accesses and store those logs in another bucket?
Yes
148
Does S3 support encryption on objects?
Yes
149
Will S3 encrypt your objects for you?
Yes
150
True or False: I must encrypt files myself before uploading them to S3 if I want them to be encrypted
False
151
True or False: I cannot log API actions at the bucket level in S3
False
152
What tool can I use to log actions at the bucket level in S3
CloudTrail, for additional cost
153
Can I monitor the performance of requests into my S3 buckets?
Yes, using CloudWatch
154
Can you upload a publicly available file to a private bucket?
No, the bucket must be publicly available
155
If a bucket is publicly available, are all the objects automatically publicly available?
No
156
What types of encryption does S3 support?
In transit and at rest
157
What types of in transit security are supported by S3?
SSL/TLS
158
What types of at rest encryption does S3 support?
SSE-S3, SSE-KMS, SSE-C
159
Can I encrypt existing objects in my S3 bucket?
Yes
160
Can I provide my own keys for S3 encryption?
Yes
161
How would I enforce S3 object encryption on my bucket for all newly uploaded files?
Using a bucket policy
162
What encryption parameter should you include to encrypt your files at upload time?
x-amz-server-side-encryption: AES256 or ams:kms
163
Does S3 support CORS access?
Yes
164
What is CloudFront?
Amazon's CDN
165
What is an Edge Location in CloudFront?
Geographically dispersed data centers that you can select to host your CDN in
166
What is an Origin in CloudFront?
This is the origin of all the files that the CDN will distribute
167
What are valid Origins for a CloudFront CDN?
S3 Bucket, EC2 instance, Elastic Load Balancer, or Route53
168
What is a CloudFront Distribution
Name given to a CDN which consists of a collection of edge locations
169
What is a CloudFront Web Distribution?
A distribution typically used for WebSites
170
What is RTMP in CloudFront?
A distribution used for media streaming on the CDN
171
What does RTMP stand for in CloudFront
Real Time Messaging Protocol
172
If I want to optimize performance for global users of my S3 backed website, what tool should I use?
CloudFront
173
Can I use CloudFront with any non-AWS Origin server?
Yes
174
Is a CloudFront edge location the same thing as an AWS Region or Availability Zone?
No
175
True or False: CloudFront edge locations are read-only
False
176
How long are objects cached in an edge location?
For the TTL (Time to LIve)
177
True or False: I cannot manually clear an edge location cache
False, you can
178
True or False: Manually clearing an edge location cache is free
False, it costs
179
I have content on my website that I want to restrict to paid users only and I'm using CloudFront for CDN. How do I achieve this?
By using the Signed URLs/Signed Cookies option
180
True or False: The first time a user access a file using cloudfront, the file will load fast
False
181
When does a file get cached in an edge location by cloudfront?
The first time a user access the file
182
How would I optimize performance for my GET-Intensive S3 workloads?
CloudFront CDN
183
How would I optimize performance for my Mixed Request Type workloads
Using a random key name instead of a sequential one
184
What are the S3 storage classes?
S3, S3 - IA, S3 - One Zone IA, S3 - Reduced Redundancy, Glacier
185
What is the default TTL for CloudFront cache?
24 hours
186
True or False: If you want to enable a user to download private data directly from S3, you can use a signed URL
True
187
What is the largest file size you can transfer to S3 using a PUT operation?
5GB
188
What are the ways to trigger an AWS lambda
HTTP Triggers and event triggers
189
What is API Gateway
The API proxy service
190
What languages are supported by Lambda
Node.js, Java, Python, C#, Go
191
If I execute less than 1 million requests per month, will I incur a charge for my lambda functions?
No
192
If I execute more than 1 million requests per month, will I incur a charge for my lambda functions?
Yes, $0.20 per 1 million requests
193
Is there a charge for the duration my lambda functions run?
Yes, $0.00001667 per GB-Second
194
True or False: Lambda scales out (not up) automatically
True
195
Are my lambda functions independent, meaning 1 trigger means 1 function?
Yes
196
Is lambda a compute service?
Yes
197
What services in AWS are serverless?
Lambda, S3, API Gateway, Dynamo Db
198
Can my lambda function trigger other lambda functions?
Yes
199
What service allows you to debug your lambda functions
AWS X-Ray
200
Are lambdas limited to interacting with other services that are in the same region as the lambda itself?
No
201
True or False: An AWS API Gateway exposes HTTPS Endpoints to define a RESTful API
True
202
Can I track and control API usage using an AWS API Gateway?
Yes
203
Can I cache API Responses with API Gateway
Yes, for a specified TTL
204
What are the Lambda triggers?
API Gateway, AWS IoT, Alexa Skills Kit, Alexa Smart Home, CloudFront, CloudWatch events, CloudWatch Logs, CodeCommit, Cognito Sync Trigger, DynamoDb, Kinesis, S3, SNS
205
Does AWS Lambda support versioning
Yes
206
Can I have more than one version of my Lambda published?
Yes
207
What are the ARN types for Lambda functions
Qualified and Unqualified
208
What is a Qualified ARN
The function ARN with the version suffix
209
What is an Unqualified ARN
The function ARN without the version suffix
210
What is a Lambda alias
A name that points to a particular version of your lambda function
211
Can I change a lambda function version after I have published it?
No, you must edit the $LATEST version
212
Can I split traffic across two versions of a lambda?
Yes
213
How would I split traffic across two versions of a lambda?
Using an alias
214
Can I include the $LATEST version in an alias that splits traffic between two versions of a lambda
No, you can only used published versions
215
What are step functions?
These allow you to visualize and test your serverless applications by providing a GUI to arrange and visualize the components of your applications
216
What is AWS X-Ray
A service that collects data about requests that your application serves and provides tools you can use to view, filter, and gain insights into that data to identify issues
217
How does data flow in X-Ray
X-Ray SDK -> X-Ray Daemon -> X-Ray API -> X-Ray Console
218
What services does X-Ray work with?
Elastic Load Balancers, Lambda, API Gateway, EC2, Elastic Beanstalk
219
What programming languages does X-Ray support
Java, Go, Node.js, python, Ruby, .NET
220
True of False: One can import a API definition to API Gateway
True
221
What specification should an API Definition be written in to import it to API Gateway
Swagger v2.0/OpenAPI
222
What is the steady state default throttling setting for API Gateway
10000 requests per second
223
What is the maximum concurrent requests for API Gateway
5000
224
What error will you receive if you exceed your request throttling limits with API Gateway
429 Too Many Requests
225
If a caller submits 10000 requests evenly across a one second time span, will API Gateway process them all?
Yes
226
If a caller submits 10000 requests in the first millisecond of a one second time span, will API Gateway process them all?
No, only 5000 will get handled, the others will get a 429
227
If a caller submits 5000 requests in the first millisecond and then evenly spreads 5000 requests across the remaining 999 milliseconds in a one second time span, will API Gateway process them all?
Yes
228
Can you use API Gateway to pass through SOAP requests?
Yes
229
Can you lift the DynamoDb default throttling limits?
Yes
230
What are the data models supported by DynamoDB
document and key/value pairs
231
What physical storage technology is utilized by DynamoDb
SSDs
232
Do DynamoDBs get spread across regions?
Yes, spread across three geographically distinct data centers
233
What data consistency models does DynamoDb support?
Eventual Consist Reads and strongly consistent reads
234
In DynamoDb, what is Eventually Consistent reads?
Consistency across all copies of data is reached within a second.
235
What DynamoDb consistency model offers the best read performance?
Eventually Consistent Reads
236
In DynamoDB, what is Strongly Consistent Reads?
Reflects all writes that received a successful response prior to the read
237
In DynamoDb, what specifications can i use in a stored document?
JSON, HTML, XML
238
What types of Primary Keys does DynamoDb use?
Partition key and composite key
239
What is a partiion key in dynamodb
A unique attribute(column) on teh data i.e. UserId
240
What is a composite key in dynamodb
A partition key coupled with a sort key
241
When should I use a composite key instead of a partition key
When the partition key is not unique to my table i.e. forum posts
242
If I have multiple records in a DynamoDb table that will have the same partition key, what primary key type should I use?
Composite Key
243
Does DynamoDb allow for restricting users' access to only their own data?
Yes, via an IAM Condition
244
How would I restrict DynamoDb access so that a user can only access their own data?
Using an IAM Condition
245
What does DynamoDb consist of?
Tables, items, and Attributes
246
Hos is general access to a DynamoDb database controlled?
IAM Policies
247
If I want to enable fine grained access control for my dynamoDb, i.e. row level security, what IAM condition parameter would I use?
dynamodb:LeadingKeys
248
What are the types of indexes supported by DynamoDb
Local Secondary Index and Global Secondary Index
249
In dynamodb, what is a local secondary index?
created at table creation time, same partition key as your table, different sort key, increases query performance for the composite key used to define it
250
In dynamodb, what is a global secondary index?
created whenever, different partition and sort key, increases query performance when using the composite key used to define it
251
Does a local secondary index use the same partition key as the table?
Yes
252
Does a local secondary index us the same sort key as the table?
No
253
Does a global secondary index use the same partition key as the table its on?
No
254
Does a global secondary index use the same sort key as the table its on?
No
255
When can you create a local secondary index?
At table creation time
256
When can you create a global secondary index?
Any time
257
Can I create a local secondary index after i have created my table?
No
258
What are the ways to get data out of a dynamodb table?
Scan and Query
259
What is a dynamodb query?
Operation that finds items in a table based on the primary key
260
For a dynamodb query, what is a ProjectionExpression?
The equivalent of the select statement for sql - filters the attributes returned for a given query
261
Can you reverse the order that a query returns results in for DynamoDb?
Yes
262
What parameter would I use to reverse the query results in dynamo db?
ScanIndexForward
263
What consistency model do queries use by default?
Eventually Consistent
264
Can I use a different consistency model for my dynamodb queries?
Yes, can set to Strongly Consistent
265
What is a scan operation in DynamoDb
an operation that examines every item in the table
266
Can you limit attributes returned by a scan operation?
Yes
267
How would I limit the attributes returned by a scan operation?
Use the ProjectExpression parameter
268
Does a scan operation filer the data on the server side?
No, it dumps the data out, then filters it
269
What is the most efficient way to get data out of a dynamodb table?
Query
270
True or False: A scan dumps the entire table to memory, then filters
True
271
Can you page results from a dynamo query or scan
Yes
272
What is the default order of results for a dynamodb data operation?
Ascending Order
273
What is DynamoDb provisioned throughput?
Throttling for Dynamodb measured in capacity units configured when you create your table
274
How do you calculate how many read units are needed for a strongly consistent table?
you take the size of each item / 4KB, round up to the nearest whole number, then multiply by the number of reads per second
275
How do you calculate how many read units are needed for an eventually consistent table?
You take the number needed for a strongly consistent table and divide by two
276
How do you calculate how many write units are needed?
You take the size of each item, divide by 1 KB, round up to the nearest whole number, multiply by the number of writes per second
277
What is one write capacity unit?
1 x 1 KB Write per second
278
What is one read capacity unit?
1 x 4 KB Strongly consistent read OR 2 x 4 KB Eventually consistent reads per second
279
What is the DynamoDb on-demand capacity model?
Allows your DB to automatically scale for the workload
280
If I have unpredictable or unknown capacity needs, what capacity model should I use?
On demand
281
Can I change the capacity model my dynamodb uses after its created?
Yes
282
How often can I change the dyanmodb capacity model
Once per day
283
What is DAX
DynamoDb Accelerator
284
What is DynamoDb Accelerator (DAX)?
A Fully managed, clustered in-memory cache for dynamodb
285
How much faster is DAX?
10x read performance
286
Does DAX improve write performance?
No
287
What consistency model and operation does DAX use if there is a cache miss?
Eventually Consistent GetItem
288
What caching strategies are available in ElastiCache
Lazy Loading and Write Through
289
What is the lazy loading strategy in ElastiCache
Loads the data into the cache only when it's necessary
290
When using the lazy loading strategy in ElastiCache, what happens when there is a cache miss?
ElastiCache returns null and Your application fetches the data from the database and then writes the data into the cache
291
What is write through caching strategy for ElastiCache
Adds or updates data to the cache whenever data is written to the database
292
True or False: DAX only supports write-through caching strategy
True
293
True or False: You can use DAX or ElastiCache with DynamoDb
True
294
How would I avoid stale data in my ElastiCache when using the Lazy Loading strategy?
Using a TTL
295
What are DynamoDb transactions?
ACID Transactions
296
What does ACID stand for?
Atomic, Consistent, Isolated, Durable
297
Can I read/write data across multiple tables in a DynamoDb transaction?
Yes
298
Do DynamoDb transactions allow for me to check a pre-requisite condition before writing to a table?
Yes
299
What is DynamoDb TTL?
TTL attribute defines an expiry time for your data after which the data is marked for deletion
300
How long can it take for an item to be deleted after the TTL expires in dynamodb?
Up to 48 hours
301
What are DynamoDb streams?
Time-ordered sequence of item level modifiations
302
True or False: A dynamoDb stream is like an audit trail for an item
True
303
Are my DynamoDb streams encrypted?
yes, at rest
304
How long are my DynamoDb streams stored?
24 hours
305
What item update lifecycle hooks can I use for dynamodb streams?
Before and after
306
How does my application access dynamodb streams?
Via a separate API from the DynamoDb one
307
True or False: DynamoDb streams are NOT recorded near-real time
False
308
Can I use DynamoDb streams as a Lambda trigger?
Yes
309
If I exceed the provisioned throughput for my DynamoDb, what exception do I get?
ProvisionedThroughputExceededException
310
What is exponential backoff for provisioned throughput in DynamoDB?
Waits progressively longer to retry a request when failed requests happen
311
When using exponential backoff, if your request still has not succeeded after one minute, what does this indicate?
That your request may be too large for the provisioned throughput on your table and that you may need to increase the limits
312
True or False: A local secondary index can be deleted at any time
False
313
True or False: A global secondary index can be deleted at any time
True
314
What service should you use to securely store confidential information like credentials and license codes?
Systems Manager Parameter Store
315
What API Call should you use to get multiple items from a DynamoDb table
BatchGetItem
316
What is KMS
Key Management Service
317
Are KMS Encryption Keys Regional?
Yes
318
True or False: KMS Encryption Keys are globally available
False
319
Can I export my customer master key?
No
320
What does a customer master key consist of?
alias, creation date, description, key state, key material
321
What terminal command do you have to run in order to use the AWS CLI?
aws configure
322
What CLI command do I use to encrypt a file using KMS?
aws kms encrypt
323
What CLI command do I use to decrypt a file using KMS>
aws kms decrypt
324
What does the CLI command aws kms encrypt do
encrypts a local file using KMS
325
What does the CLI command aws kms decrypt do
decrypts a local frile using KMS
326
What does the CLI command aws kms re-encrypt do
re encrypts an already encrypted file by decrypting it to plain text, encrypting, and immediately destroying the plain text
327
What does the CLI command aws kms enable-key-rotation do
Turns on key rotation so that they key is changed every year
328
What is KMS envelope encryption
The process of encrypting your envelope key
329
Describe KMS envelope enccryption
We use the CMK to encrypt the key that is used to encrypt our data
330
How long does it take to delete an encryption key
7 to 30 days
331
What is SQS?
Simple Queue Service
332
How big can my SQS message be?
256 KB
333
What types of queues are available on SQS
Standard queues and FIFO Queues
334
Do standard SQS queues have ordering
No
335
Are standard SQS queues guaranteed to deliver a message at least once?
Yes
336
Are standard SQS queues guaranteed to delivery a message only once?
No
337
True or False: FIFO SQS queues have an order
True
338
True or False: FIFO SQS queues delivery a message exactly once
True
339
I need to guarantee my message is only processed one time - which SQS queue type should I use
FIFO
340
What is the transaction limit for a FIFO SQS queue
300 transaction per second
341
What is the transaction limit for a Standard SQS queue
There isn't one
342
True or False: SQS is Pull based
True
343
True or False: SQS is push based
False
344
What is the time span that a message can live in a SQS queue?
1 minute to 14 days
345
What is the default retention period for SQS messages?
4 days
346
What is visibility timeout in SQS?
The amount of time that the message is invisible in the SQS queue after a reader picks up that message
347
What is the default visibility timeout
30 seconds
348
What is the maximum visibility timeout
12 hours
349
What is SWS Long Polling?
This is a type of polling that doesn't return until a message arrives in the queue or the long poll times out
350
What is amazon SNS?
Simple Notification Service
351
What is SNS used for?
Think push notifications
352
True or False: SNS is instantaneous push-based delivery of notification
true
353
What pricing model is used by SNS
Pay as you go
354
If I need to use Pull based messaging which service should I use?
SQS
355
If I need to use push based messaging, which service should I use
SNS
356
True or False: SNS uses a Pub-Sub model
True
357
True or False: SQS uses a Pub-Sub model
False
358
What format of notification can I send using SNS
SMS, Email, SQS, HTTP
359
What is SES
Simple Email Service
360
Can SES be used to receieve emails
Yes
361
True or False: SES can trigger lambda functions or SNS services when email is received
True
362
True or False: SES allows users to send automated emails
True
363
True or False: SES can send more than just email
False
364
What is Amazon Kinesis
An AWS service to send your streaming data to
365
What are Kinesis streams made out of
Shards
366
What is kinesis firehose
Kinesis without streams or shards
367
What are kinesis analytics
Allows you to run SQL queries to send on to a destination
368
What is elasticbeanstalk
A service for deploying and scaling web applications developed in various languages
369
What programming languages does ElasticBeanstalk support?
Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker
370
What web servers does ElasticBeanstalk support
Tomcat, Nginx, Puma, Passenger, and IIS
371
Does ElasticBeanstalk autoscale up and down?
Yes
372
What is an ElasticBeanstalk deployment policy
Method under which ElasticBeanstalk deploys changes or updates
373
What are the options for an ElasticBeanstalk deployment
All at once, rolling, rolling with additional batch, immutable
374
Will I have downtime with an ElasticBeanstalk all at once deployment
Yes
375
How does an all at once ElasticBeanstalk deployment work
It deploys the new version to all instances simultaneously
376
How do you recover from a failed all at once ElasticBeanstalk deployment
You must roll back the changes by re-deploying the original version to all your instances
377
What is an ElasticBeanstalk rolling deployment
Deploys the new version in batches
378
How does a rolling deployment work
Takes each batch of instances out of service while the deployment takes place
379
Will I experience downtime with a rolling deployment?
No
380
What is the negative impact for a rolling deployment
Reduced capacity
381
How do I recover from a rolling deployment failure
You must perform an additional rolling update to roll back the changes
382
What is rolling deployment with additional batch policy
Launches additional batch of instances during update
383
Will I experience downtime during a rolling deployment with additional batch policy
No
384
Will I experience any loss of capacity during a rolling deployment with additional batch policy
No
385
How do I recover from a failure during a rolling deployment with additional batch policy
Perform an additional rolling update to roll back the changes
386
What is immutable deployment in ElasticBeanstalk
Deploys a the new version to a fresh group of instances in their own new autoscaling group
387
Will I experience downtime during an immutable deployment
No
388
How do I recover from a failure during an immutable deployment
Terminate the new auto scaling group, done
389
Can I customize my ElasticBeanstalk environment
Yes
390
How would I customize my ElasticBeanstalk environment
Using an ElasticBeanstalk configuration file
391
What specifications are supported for an ElasticBeanstalk configuration file
YAML and JSON
392
What folder must my ElasticBeanstalk configuration files be in?
.ebextensions
393
Does the name of my ElasticBeanstalk configuraiton file matter?
No
394
What file extension does my ElasticBeanstalk configuration file need to have
.config
395
Where should the .ebextensions folder go for it to configure my ElasticBeanstalk env
In the root of the repo
396
Can I put my .config files for ElasticBeanstalk under source control
Yes
397
What options do I have for launching an RDS instance
Launch within ElasticBeanstalk and Launch outside ElasticBeanstalk
398
Which RDS instance launch strategy should I use for my production instance
Outside ElasticBeanstalk
399
What is the systems manager parameter store
Place to store sensitive information to share across services
400
What types of data are supported by the systems manager parameter store
String, String List, Secure String
401
Does the systems manager parameter store support versioning of parameters?
Yes
402
What API Call would you use to extend the time allowed for a SQS message to be processed by a consumer
ChangeMessageVisibility
403
What is the maximum timeout for visibility of a message in a SQS queue
12 Hours
404
What is the maximum long poll timeout
20 Seconds
405
What is AWS Storage Gateway
Service used for attaching infrastructure located in a data center to the aws storage infrastructure
406
What are all of the DevOps services prefixed with
Code, i.e. CodeCommit, CodeBuild, CodePipeline, CodeDeploy
407
Where can I deploy code using CodeDeploy
EC2, on-premise systems, and lambda functions
408
What are the deployment approaches when using CodeDeploy
In-Place and Blue/Green
409
What deployment targets can I use an in-place deployment strategy from CodeDeploy for?
EC2 and on-premise systems
410
Can I do an in-place deployment from CodeDeploy on a Lamdba
No
411
For CodeDeploy, what doe the Blue and Green colors represent
Blue are the active deployment and green are the new release
412
What is a CodeDeploy deployment group
Set of EC2 instances or Lambda functions to which a new version of the software is to be deployed
413
What is a CodeDeploy Deployment
The process and components used to apply a new revision
414
What is a CodeDeploy Deployment Configuration
A set of deployment rules as well as success/Failure conditions used during a deployment
415
What is a CodeDeploy AppSpec File
Defines the deployment actions you want CodeDeploy to do
416
What is a CodeDeploy revision
Everything needed to deploy the new version
417
What is a CodeDeploy Application
Unique Identifier for the application you want to deploy
418
What are the fields in a CodeDeploy app spec file?
Version, resources, hooks
419
What are the CodeDploy Hooks?
BeforeAllowTraffic, AfterAllowTraffic, BeforeInstall, AfterInstall, ApplicationStart, ValidateStart, BeforeBlockTraffic, BlockTraffic, AfterBlockTrffic,ApplicationStop, DownloadBUndle, Install, ApplicationStart, ValidateService, AllowTraffic
420
What fields does an on-premise AppSpec file have
version, os, files, hooks
421
What are the three stages of hooks for a CodeDeploy lifecycle
Traffic Deregistration, Application Upgrade, Traffic Registration
422
What is BigBAADBrazenIconAboutAllVisualBAAmfs
The order of CodeDeploy lifecycle hooks
```
BeforeBlockTraffic
BlockTraffic
AfterBlockTraffic
ApplicationSTop
DownloadBundle
BeforeInstall
Install
AfterInstall
ApplicationStart
ValidateService
BeforeAllowTraffic
AllowTraffic
AfterAllowTraffic
```
423
What is CloudFormation
Allows you to provision infrastructure using code
424
What specifications does CloudFormation support
YAML and JSON
425
Is CloudFormation free to use?
Yes
426
What is the only mandatory section for a CloudFormation template?
Resources
427
What are the main sections for a CloudFormation template
Parameters, Conditions, Resources, Mappings, Transforms
428
What is the serverless appliation model (SAM)
An extension of the CloudFormation used to define serverless applications
429
What are the SAM cli commands
sam package and sam deploy
430
What is a CloudFormation Nested Stack
Allow you to reuse your CloudFormation code
431
If I want to use the output of my CloudFormation stack
| as input to another CloudFormation stack, which section would I use?
Outputs
432
How can you prevent CloudFormation from deleting your entire stack on failure?
Set the Rollback on failure radio button to no in the console or use the --disable-rollback flag with the AWS CLI
433
Which section of the CloudTransformations spec do you use to reference code in an S3 bucket
Transforms
434
What is web identity federation
Allows users to login to AWS using a 3rd part provider like Facebook, Amazon, or Google
435
What is Amazon Cognito
Web Identity Federation provider
436
What is the recommended identity provider for mobile apps running on AWS
Cognito
437
What is a Cognito user pool
Directories used to managed signup and sign-in functionality for mobile and web applications
438
What are Cognito identity pools
These enable you to create unique identifiers for your users and auth them with identity providers
439
What technology does Cognito use to provide a seamless experience for you application
Push Synchronization
440
What are the different types of IAM Policies
Managed Policies, Customer Managed Policies, Inline Policies
441
What is a IAM managed policy
An IAM Policy which is created and administered by AWS
442
What is a IAM Customer Managed Policy
An IAM policy which is created and administered by the customer
443
What is a IAM Inline Policy
An IAM Policy that is embedded within the user, group or role to which it applied
444
Can an Inline policy apply to more than one object?
No
445
What is assume-role-with-web-identity
API Provided by STS that allows you to get temporary security credentials for user authenticated by a mobile or web app
446
What is returned from the STS when making an assume-role-with-web-identity call
The role's ARN and ID along with the toke, access key, and expiration
447
What is cross account access
This grants access to multiple AWS instances using a single identity
448
What is CLoudWatch
A monitoring service that allows you to keep track of your AWS resources and applications running in AWS
449
What does CloudWatch monitor by default on your EC2 instances
CPU, Network, Disk, Status Check
450
I want to Monitor RAM usage on an EC2 instance, how would I do that?
Create a custom CloudWatch Metric
451
What is the default monitoring interval on EC2 for CloudWatch
5 minutes
452
Can I make CloudWatch monitor my EC2 instances on a shorter interval
Yes, you can select detailed monitoring which shortens the interval to 1 minute
453
How long does CloudWatch store your data by default
Indefinitely
454
Can I get data about an EC2 instance after it is terminated?
Yes
455
For custom metrics in CloudWatch, what is the minimum granularity I can have?
1 minute
456
What is a CloudWatch alarm
A noification for a CloudWatch threshold
457
CloudWatch VS CloudTrail
CloudTail is used to track API calls, CloudWatch monitors performance
458
What is AWS Config
Records the state of your AWS environment and will notify you of changes
459
What is the default S3 bucket limit per AWS account?
100
