EC2 Flashcards
1
Q
What are the different EC2 pricing models?
A
- On-Demand - allows paying fixed rate by the hour (or even second)
- Reserved - provides you with a capacity reservation and offers a significant discount to the hourly charge (contract terms are 1-3 years)
- SPot - enables you to bid whatever price you want for instance capacity, providing even greater savings if your applications have flexible start and end times
- Dedicated Hosts - physical ec2 instances dedicated to you
2
Q
What is on demand EC2 useful for?
A
- Users that want the low cost and flexibility of ec2 without any up-front payment tor long-term commitment
- application with short term, spiky, or unpredictable workload that cannot be interrupted
- applications that are being developed or tested on ec2 for the first time
3
Q
What is reserved pricing useful for?
A
- applications with steady state or predictable usage
- apps that require reserved capacity
- users able to make upfront payments to reduce their total computing costs even further
4
Q
What is spot pricing useful for?
A
- apps that have flexible start and end times
- apps that are only feasible at very low compute prices
- users with urgent computing needs for large amounts of additional capacity
5
Q
What are dedicated hosts useful for?
A
- Useful for regulatory requirements that may not support multi-tenant virtualization
- great for licensing which does not support multi-tenancy or cloud deployments
- can be purchased hourly (on-demand)
- can be purchased as reservation for up to 70% off on-demand price
6
Q
What is the mnemonic for all the EC2 instances? Not needed for the test, but helpful to know
A
F - for FPGA
I - for IOPS
G - graphics
H - high disk throughput
T - cheap general purpose, think T2 micro
D - for density
R - for RAM
M - main choice for general-purpose apps
C - for compute
P - graphics (think pics)
X - extreme memory
Z - extreme memory AND CPU
A-arm based workloads
U - bare metal
7
Q
True or False. If you turn off a spot instance you will not get charged.
A
False. You will get charged for that run. You will not get charged if AWS turns off the instance.
8
Q
How many different types of hard drives can the root volume launch on? List them.
A
2
- Magnetic
- SSD (General, Provisioned)
9
Q
What are security groups?
A
Virtual firewall, how you direct various types of traffic.
10
Q
Can you encrypt root device volume on EC2?
A
Yes
11
Q
True or False. Termination protection is turned off by default.
A
True. You must turn it on.
12
Q
True or False. On an EBS backed instance, the default action is for the root EBS volume to be deleted. Additionally, all additional volumes default action is to be deleted as well.
A
Partially True, but overall False. The additional volumes default action is not to be deleted.
13
Q
True or False. EBS Root Volumes DEFAULT AMIs CAN NOT be encrypted.
A
False. They can be encrypted.
14
Q
How long does it take for a security group change to take place?
A
It happens instantanously.
15
Q
Can you block individual addresses using security groups?
A
Not really. Can’t explicitly block any IP, but can not allow it. Nothing is allowed until you allow it.
16
Q
True or False. All outbound traffic is allowed on security groups.
A
True. Outbound traffic is stateful.
17
Q
True or False. You can have any number of EC2 instances within a security group.
A
True.
18
Q
True or False. You can have multiple security groups attached to EC2 instances.
A
True.
19
Q
What does STATEFUL mean?
A
Means that if you create an inbound rule for something, an outbound rule is automatically created for it.
20
Q
True or False. You can block specific IP addresses using Security Groups.
A
False. You cannot block specific IP addresses using Security groups, instead you need to use Network Access Control Lists.
21
Q
True or False. You can deny rules in a security group.
A
False. You cannot do that in security groups but can do it in Network Access Control Lists.
22
Q
What is EBS?
A
Elastic Block Storage. Essentially a virtual hard disk in the cloud.
23
Q
What are the differences in the types of EBS drives?
A
- General Purpose SSD (gb2) - 16,000 iops/volume
- Provisioned Purpose SSD (io1) - 64,000 iops /volume
- Throughput Optimized HDD (st1) - 500 iops / volume
- Cold HDD (sc1) - 250 iops / volume
- EBS Magnetic (Standard) - 40-200 iops / volume
24
Q
What are the use cases for General Purpose SSD?Description?
A
Most Work Loads. Up to 16,000 IOPS.
Description: General purpose SSD volume that balances price and performance for a wide variety of transactional workloads.
25
What are the use cases for Provisioned IOPS SSD? Description?
Databases. Up to 64,000 IOPS.
Description: Highest-performance SSD volume designed for mission-critical applications.
26
What are the use cases for Throughput Optimized HDD?Description?
Big Data & Data Warehouses. Up to 500 IOPS / volume.
Description: Low-cost HDD volume designed for frequently accessed, throughput-intensive workloads.
27
What are the use cases for Cold HDD? Description?
File Servers. Up to 250 IOPS/volume.
Description: Lowest cost HDD volume designed for less frequently accessed workloads.
28
What are the use cases for EBS Magenetic? Description?
Workloads where data is infrequently accessed. Between 40-200 IOPS / volume.
Description: Previous generation HDD.
29
True or False. EBS volumes will always be in the same availability zone as the EC2 instance.
True. By default, this is the case. You always want the EBS volume in the same availability zone as the EC2 instance. Think about it from a hardware perspective. If they are in different availability zones, you're more likely to have lag.
30
How can you distinguish which EBS volume is linked to the root on the EC2?
Under EBS \> Volumes \> the volumes that have the "Snapshot" field populated are the ones that are for the root volume.
31
How do you move an EBS volume from one availability zone to another?
Click on the volume in question. Click Actions \> Create Snapshot \> Type in Title \> Create Snapshot \> Wait for Snapshot to be created
Click Snapshots \> Click on snapshot \> actions \> create image \> label \> create
Click AMIs (under Images) \> actions \> launch \> go through launching of ec2
32
Can you move the image to another region as well?
Yes, first you copy the AMI into the new region and then choose the EC2 you want to launch in that region off that volume.
33
True or False. Additional volumes attached to an EC2 instance are deleted after you terminate the EC2.
False. Only the root volume is terminated after terminating an EC2 instance. Additional volumes will persist.
34
Where are snapshots stored?
On S3.
35
True or False. Snapshots are a point in time copies of volumes. Snapshots are incremental.
True and True. Snapshots are point in time copies of volumes. They are also incremental, which means that only the blocks that have changed since your last snapshot are moved to s3.
36
What is best practice when it comes to taking a snapshot of a root volume?
Always stop the instance before taking the snapshot. You can do it while the instance is running, it's just not best practice.
37
Why are instance store volumes sometimes called Ephermaral storage?
If for some reason it stops, you are going to lose all of your data. They cannot be stopped but if it fails, you will lose all of your data.
38
True or False. If an EBS instance is stopped, you will lose all of your data.
False. EBS instances do not lose all their data when stopped.
39
True or False. Both EBS backed instances and Instance stored volumes lose their root volumes upon termination.
True. HOWEVER, EBS you can ask AWS to keep your root volume.
40
What is ENI?
Elastic Network Interface - virtual network card
41
What is EN?
Enhanced Networking - uses I/O virtuallization to provide high perforamnce networking capbilities
42
What is EFA?
Elastic Fabric Adapter - a network device that you can attach to your Amazon EC2 instance to accelerate high-performance computing (HPC) and machine learning applications or if you want to do an OS by-pass. Only available on Linux instances
43
What is ENI and why use ENI?
ENI is an elastic network interface that is a logical networking component in a VPC that represents a virtual network card. It can include the following attributes: A primary private IPv4 address from the IPv4 address range of your VPC. One or more secondary private IPv4 addresses from the IPv4 address range of your VPC.
* creating a management network
* network and security appliances in your VPIC
* create dual-homed instances with workloads/roles on distinct subnets
* create a low-budget, high availability solution
44
Why use Enhanced Networking?
* speeding up your network
* higher bandwidth
45
True or False. Snapshots of encrypted volumes are encrypted automatically.
True.
46
True or False. You can share snapshots, regardless of encryption.
False. You can only share unencrypted snapshots.
47
What is CloudWatch?
Monitors your AWS resources as well as the applications that you run on AWS
48
What is CloudTrail?
increases visibility into your user and resource activity by recording AWS Management COnold actions and API calls. Identify which users and accounts called AWS, source IP address, and when the calls were made
49
What is the difference between CloudWatch and CloudTrail?
CloudWatch monitors all aws services (and helpful for performance updates) whereas CloudTrail is all about auditing.
50
What can you do with CloudWatch? List 4 things
* Dashboards
* Alarms
* Events
* Logs
51
What is the easiest way to add access key & secret access key to ec2?
Using roles. You can add roles to the EC2 instance. They are universal as well.
52
What's the url to get meta-data or user-data of your ec2 instance?
curl http://169.254.169.254/latest/meta-data
curl http://169.254.169.254/latest/user-data
53
What is EFS? When should you use it?
Elastic File System (EFS) is a cloud-based file storage service for applications and workloads that run in the Amazon Web Services (AWS) public cloud. AWS automatically deploys and manages the infrastructure for EFS, which is distributed across an unconstrained number of servers to avoid performance bottlenecks.
Storage service for Amazon EC2 instances. It allows you to use and configure files systems quickly and easily. Allow for growth as needed. Also, ability to share files between two EC2 instances.
When you need distributed, highly resilient storage for Linux instances and Linux based applications.
54
True or False. EFS supports NFSv4 protocol. What does NFSv4 stand for?
True. Network File System version 4.
55
What is Amazon FSx for Windows File Server? When should you use it?
fully managed native file system so you can easily move windows based applications that require storage to AWS.
When you need centralized storage for windows-based applications such as Sharepoint, Microsoft SQL server, workspaces, IIS webserver, or any other native Microsoft application.
56
What is FSx for Lustre? When should you use it?
A file system that is optimized for compute-intensive workloads, such as high performance computing, machine learning, media data process workflows and electronic design automation (EDA).
When you need high-speed, high-capacity distributed storage. This will be for applications that od High-Performance Compute (HPC), financial modeling etc. Remember that FSx for Lustre can store data directly on s3.
57
What are the three different types of EC2 placement groups?
1. Clustered Placement Group
2. Spread Placement Group
3. Partitioned
58
What is clustered placement group?
A grouping of instances within a single availability zone. For low network latency and high network throughput. Only certain instances can be launched into this placement group.
59
What is spread placement group?
A grouping of instances that are each placed on the distinct underlying hardware. For applications that have a small number of critical instances that should be kept separate from each other. Only certain instances can be launched into this placement group.
60
What is the partitioned placement group?
Amazon EC2 divides each group into logical segments called partitions. EC2 ensures that each partition within a placement group has its own sets of racks. Each rack has it's own network and power source. No two partitions within a placement group share the same racks, allowing you to isolate the impact of a hardware failure within your application.
61
True or False:
1. Clustered placement group can span multiple Availability Zones
2. Spread placement and partitioned group can as well span multiple availability zones.
1. False. It cannot.
2. True
62
What is web application firewall?
Lets you monitor the HTTP and HTTPS requests that are forwarded to Amazon CloudFront, an Application Load Balancer or API gateway
63
What are the three different types of behaviors WAF allows?
1. Allow all requests except the ones you specify
2. block all requests except the ones you specify
3. count the requests that match the properties you specify
64
Which of the following features only relate to Spread Placement Groups?
* Instance must be deployed in a single availability zone
* The name of your placement group must be unique within your AWS Account
* The placement group can only have 7 running instances per Availability Zone
* There is no charge for creating a placement group
**The placement group can only have 7 running instances per Availability Zone.** Spread placement groups have a specific limitation that you can only have a maximum of 7 running instances per Availability Zone and therefore this is the only correct option. Deploying instances in a single Availability Zone is unique to Cluster Placement Groups only and therefore is not correct. The last two remaining options are common to all placement group types and so are not specific to Spread Placement Groups.
65
Can I move a reserve instance from one region to another?
No, depending on your type of RI you can modify the AZ, scope, network platform, or instance size (within the same instance type), but not Region. In some circumstances you can sell RIs, but only if you have a US bank account.
66
You need to know both the private IP address and public IP address of your EC2 instance. You should \_\_\_
Retreive the instance metadata from http://169.254.169.254/latest/meta-data
67
If an Amazon EBS volume is an additional partition (not the root volume), can I detach it without stopping the instance?
Yes
68
Individual EC2 instances are provisioned \_\_\_\_\_\_\_\_.
in Availability Zones
69
Is it possible to perform actions on an existing Amazon EBS Snapshot?
Yes, through the AWS APIs, CLI, and AWS Console
70
Will an Amazon EBS root volume persist independently from the life of the terminated EC2 instance to which it was previously attached? In other words, if I terminated an EC2 instance, would that EBS root volume persist?
**You can control whether an EBS root volume is deleted when its associated instance is terminated.** The default delete-on-termination behaviour depends on whether the volume is a root volume, or an additional volume. By default, the DeleteOnTermination attribute for root volumes is set to 'true.' However, this attribute may be changed at launch by using either the AWS Console or the command line. For an instance that is already running, the DeleteOnTermination attribute must be changed using the CLI.
71
True or False. Amazon EBS volumes cannot be shared between instances across AZs.
True.
72
True or False. API gateway is used for load balancing connections to Amazon EC2 instances.
False. API gateway is **not** used for load balancing connections to Amazon EC2 instances.
73
True or False. You can launch instances in multiple Regions from a single Auto Scaling group.
False. You **cannot** launch instances in multiple regions from a single Auto Scaling group.
74
True or False. Scaling based on a schedule allows you to set your own scaling schedule for predictable load changes. To configure your Auto Scaling group to scale based on a schedule, you create a scheduled action. This is ideal for situations where you know when and for how long you are going to need the additional capacity.
True.
75
An EC2 status check on an EBS volume is showing as insufficient-data. What is the most likely explanation?
* The checks have failed on the volume
* The volume does not have enough data on it to check properly
* The checks require more information to be manually entered
* The checks may still be in progress on the volume
**The checks may still be in progress on the volume.**
The possible values are ok, impaired, warning, or insufficient-data. If all checks pass, the overall status of the volume is ok. If the check fails, the overall status is impaired. If the status is insufficient-data, then the checks may still be taking place on your volume at the time.
76
What are the three different types of placement groups?
**Cluster** – packs instances close together inside an Availability Zone. This strategy enables workloads to achieve the low-latency network performance necessary for tightly-coupled node-to-node communication that is typical of HPC applications.
**Partition** – spreads your instances across logical partitions such that groups of instances in one partition do not share the underlying hardware with groups of instances in different partitions. This strategy is typically used by large distributed and replicated workloads, such as Hadoop, Cassandra, and Kafka.
**Spread** – strictly places a small group of instances across distinct underlying hardware to reduce correlated failures.
77
True or False. You can only create deny rules with network ACLs, it is not possible with security groups. Network ACLs process rules in order from the lowest numbered rules to the highest until they reach and allow or deny.
True.
78
Network ACL operates at the instance level.
False. Network ACL operates at the subnet level. Security groups operate at the instance level.
79
True or False. Network ACL support allows and deny rules.
True. Security groups, however, support allow rules only.
80
True or False. Network ACL evaluates all rules.
False. Network ACL processes rules in order. Security group evaluates all rules.
81
True or False. Network ACL automatically applies to all instances in the subnets its associated with.
True.
82
What AWS feature can act as an instance-level firewall to control traffic between your EC2 instances?
A security group acts as a virtual firewall for your instance to control inbound and outbound traffic. When you launch an instance in a VPC, you can assign up to five security groups to the instance. Security groups act at the instance level, not the subnet level. Therefore, each instance in a subnet in your VPC can be assigned to a different set of security groups.
83
True or False. EC2 Auto Scaling does support multiple regions.
False. EC2 Auto Scaling does not support multiple regions.
84
True or False. You **can** use passthrough mode with an ALB and terminate SSL on the EC2 instances.
False. You **cannot** use passthrough mode with an ALB and terminate SSL on the EC2 instances.
85
True or False. You cannot use a HTTPS listener with an NLB.
True.
86
True or False. You **can** use a HTTPS listener with an NLB.
False. You **cannot** use a HTTPS listener with an NLB.
87
True or False. Hibernating an instance saves the contents of RAM to the Amazon EBS root volume. When the instance restarts, the RAM contents are reloaded.
True.
88
True or False. While primary ENIs cannot be detached from an instance, secondary ENIs can be detached and attached to a different instance.
True.
