Everything

Question 1

Region

Answer 1

A cluster of data centers

Question 2

Availability Zones

Answer 2

Each region has many AZs. Each AZ has one or more discrete data centers with redundant power, networking, and connectivity.

Question 3

3 Options to access AWS:

Answer 3

1) AWS Console - protected by password and MFA
2) (CLI) Command Line Interface - protected by access keys
3) (SDK) Software Developer Kit - for CODE, protected by access keys

Question 4

AWS Cloudshell

Answer 4

(Account- Level)
Way to access AWS. An alternative to installing CLI is Cloudshell.

Quicker & easier.

Allows you to run AWS commands from the browser

Question 5

IAM Credentials Report

Answer 5

audit permissions of your account

report lists users and status of credentials

Question 6

IAM Access Advisor

Answer 6

(User-Level)
Shows the service permissions granted to a user and when those services were last accessed (can use this info to revise policies)

Question 7

Is EC2 PaaS, Iaas, or Saas?

Answer 7

IaaS - Infrastructure as a service.

Question 8

EC2

Answer 8

Renting virtual machines (BRAIN)

Question 9

EBS Volumes

Answer 9

“Elastic Block Storage”

Storing data on virtual network drives
(STORAGE for EC2)

Network drive you can attach to your instances while they run & allows you instance to persist data

• One instance at a time (2 EBS can be on 1 instance)(they can also standalone/not attached at all)
• One AZ

Question 10

ELB

Answer 10

Distributing loads across machines

(Scalability) Horizontal

ELBs are servers that forward internet traffic to multiple servers (EC2 instances) downstream

Question 11

ASG

Answer 11

Scaling the services using auto-scaling groups

Horizontal scalability

Question 12

EC2 Reserved Instances

Answer 12

*Like a “soft” version of a dedicated host

75% discount compared to on-demand

reserve a specific instance type

recommended for steady-state usage applications (like databases)

Question 13

EC2 Dedicated Hosts

Answer 13

a PYSICAL server with EC2 instance capacity dedicated to your use

• helps address compliance requirements
• (BYOL) Bring your own license
• more expensive $
• 3 years

Question 14

Security Groups

Answer 14

firewall attached to the EC2 instance

Question 15

Snapshot

Answer 15

To move an EBS volume from one AZ to another, you first have to snapshot it

It’s for a backup anytime you want

Question 16

JSON Documents

Answer 16

IAM - can be assigned to users and groups allowing users to use certain services in AWS

*policies define the permissions to users

Question 17

AMI

Answer 17

“Amazon Machine Image”

A CUSTOMIZATION of an EC2 instance - create ready to use EC2 instances with our customizations

built region specific (1 region)

Question 18

EC2 Image Builder

Answer 18

used to automate the creation of Virtual Machines or container images

Automatically build, test, and distribute AMIs in multiple regions

Free service

Allows to be truly global

Question 19

EFS

Answer 19

“Elastic File System”

NETWORK/Shared file system

Storage that can be mounted to HUNDREDS of instances at a time

Multiple AZs

Highly scalable. No capacity planning

Question 20

EC2 Instance Store

Answer 20

Storage for EC2

High performance hardware disk attached to our EC2 instance

lost if the EC2 instance is stopped/terminated

Question 21

Vertical Scalability

Answer 21

increase the size of the instance

ex: change from t2.micro –> t2.large

Usually a limit on how much you can vertically scale b/c of HARDWARE

Question 22

Horizontal Scalability

Answer 22

increase the NUMBER of instance for an application (rather than size)

ex: auto-scaling group (ASG) & load balancer (ELB)

Question 23

High Availability

Answer 23

Multi-AZs

Goal to survive a data center loss (Disaster)

Question 24

Scalability

Answer 24

ability to accommodate a larger load by making the HARDWARE stronger (scale up) or by adding nodes (scale out)

Question 25

Elasticity

Answer 25

Cloud-friendly, match demand, optimize costs means that there will be some auto-scaling based on load

Question 26

Agility

Answer 26

DISTRACTOR - not related to scalability or elasticity means new IT resources are only a click away in the cloud

Question 27

Is Elastic Load Balancer (ELB) managed or not managed?

Answer 27

MANAGED by AWS

Question 28

Auto-Scaling Groups

Answer 28

in the cloud you can create and get rid of servers quickly -- as load on your websites and applications change

Question 29

S3

Answer 29

STORAGE infinite scaling!

Question 30

Buckets

Answer 30

S3 allows people to store "objects" (files) in buckets (directories) must have globally unique name defined at the region level buckets are created in a region

Question 31

How to encrypt in S3?

Answer 31

Encrypt objects in Amazon S3 using encryption keys

Question 32

S3 Websites

Answer 32

S3 can host STATIC websites and have them accessible on the www.

Question 33

Why is it best to use S3 Versioning?

Answer 33

- protects against unintended deletes (ability to respond to a version) - easy to roll back to previous version - suspending versions does NOT delete the previous versions

Question 34

S3 Access Logs

Answer 34

* for audit purposes - log all access to S3 buckets - any request make to S3 from any account (authorized or denied) - helpful to figure out the root cause of an issues, audit usage, view suspicious patterns

Question 35

CRR

Answer 35

S3 Replication Cross-region replication Use Cases = compliance, lowering latency access, replication accounts accounts

Question 36

SSR

Answer 36

S3 Replication Same-region replication Use Cases = log aggregation, live replication between production and test accounts

Question 37

S3 Storage Classes: S3 Standard - General Purposes

Answer 37

99.999% availability used for frequently access data low latency sustains 2 concurrent facility failures Use Case = big data analytics, mobile and gaming apps, content distribution

Question 38

S3 Storage Classes: S3 Standard - Infrequent Access (IA)

Answer 38

for data less frequently accessed, but requires rapid access when needed lower 99.9% availability lower cost compared to standard retrieval fee sustains 2 concurrent facility failures Use Case = disaster recovery, backup

Question 39

S3 Storage Classes: S3 Intelligent-Tiering

Answer 39

99.9% availability Cost-Optimized - by automatically moving objects between two access tiers based on changing access patterns: frequent & infrequent Resilient against events that impact entire AZs

Question 40

S3 Storage Classes: S3 One Zone - Infrequent Access (IA)

Answer 40

Same as reg infrequent access, but data stores in a single AZ 99.5% availability lower cost than S3-IA (by 20%) Use Case = storing secondary backup data copies of on-prem data

Question 41

Amazon Glacier

Answer 41

low cost object storage meant for archiving & backup data retained for years various retrieval options of time & fees

Question 42

Glacier Deep Archive

Answer 42

cheapest! standard: 12 hours bulk: 48 hours

Question 43

S3 Lifecycle Rules

Answer 43

transition objects between classes

Question 44

S3 Glacier Vault Lock/ S3 Object Lock

Answer 44

WORM - write once read many

Question 45

Snow family

Answer 45

physical device to import data or edge computing

Question 46

OpsHub

Answer 46

Software to manager Snow family devices

Question 47

Storage Gateway

Answer 47

Hybrid solution to extend/bridge on-prem storage to S3

Question 48

Relational Databases

Answer 48

looks like excel spreadsheets "sequal" | perform queries/lookups

Question 49

NoSQLDatabases

Answer 49

``` not sequal not relational FLEXIBLE Scalable High performance ``` ex: JSON is a common form of data in NoSQL

Question 50

If a Database is AWS managed, what is AWS responsibility?

Answer 50

patching automatic backup, restore, upgrades monitoring alerts

Question 51

Elasticache

Answer 51

In memory database helps reduce load of databases for read intensive workloads faster than main RDS database for read/write

Question 52

DynamoDB

Answer 52

Serverless database *Key/value database* NoSQL - not relational scales MASSIVE workloads, low latency

Question 53

DAX

Answer 53

Dynamo DB accelerator use instead of Elasticash for DynamoDB only

Question 54

Redshift

Answer 54

Database OLAP (Online Analytical Processing) Analytics & data warehousing (ex: Tableau integrated with it)

Question 55

EMR

Answer 55

Database Elastic Map Reduce HADOOP CLUSTERS (for big data)

Question 56

Athena

Answer 56

Serverless database SQL used to query data in S3

Question 57

Quicksight

Answer 57

Serverless machine learning to create INTERACTIVE DASHBOARDS on your data

Question 58

Document DB

Answer 58

NoSQL Database for MONGO DB fully managed

Question 59

Amazon Neptune

Answer 59

managed GRAPH database | a social network

Question 60

QLDB

Answer 60

database Financial Transations Ledger $$ CENTRALIZED immunable crytopgraphic

Question 61

Managed Blockchain

Answer 61

database Hyperledger DECENTRALIZED

Question 62

Glue

Answer 62

Managed database | ELT (Extract, Transform, Load) for analytics

Question 63

DMS

Answer 63

Database Migration Service

Question 64

Docker

Answer 64

(other compute) | container technology to run APPLICATIONS

Question 65

ECS

Answer 65

(other compute) | run docker containers on EC2 instances

Question 66

Fargate

Answer 66

(other compute) SERVERLESS - Run docker containers without provisioning the infrastructure no EC2 instance needed

Question 67

ECR

Answer 67

(other compute) "Elastic Container Registry" Private docker image repository

Question 68

Lightsail

Answer 68

(compute) | Simple for those with little cloud experience; simple, low pricing

Question 69

Lambda

Answer 69

Compute SERVERLESS FaaS (Function as a service) Event-driven: Bills by runtime and requests/incidents (per call/per duration) Use Case = create thumbnails of images onto S3 run; run a serverless job

Question 70

CloudFormation

Answer 70

{Deployment} AWS only Infrastructure as CODE works w/almost any AWS resource repeat code across regions and accounts

Question 71

Beanstalk

Answer 71

{Deployment} AWS only Platform as a Service (PaaS)

Question 72

CodeDeploy

Answer 72

HYBRID deploy & upgrade any application onto servers

Question 73

Systems Manager

Answer 73

HYBRID | patch, config, and run commands *at scale*

Question 74

Ops Works

Answer 74

HYBRID | *Chef & Puppet*

Question 75

Route 53

Answer 75

{Leveraging Global Infrastructure} Managed DNS - Domain Name System Great to route users to the closest deployment with least latency

Question 76

CDN (Global Content Delivery Network)

Answer 76

{Leveraging Global Infrastructure} Replicate part of your cloud app to edge locations Decrease latency Cache common requests

Question 77

S3 Transfer Acceleration

Answer 77

{Leveraging Global Infrastructure} Accelerate global uploads & downloads into S3

Question 78

AWS Global Accelerator

Answer 78

{Leveraging Global Infrastructure} Improve global application availability & performance using the AWS global network

Question 79

AWS Outposts

Answer 79

{Leveraging Global Infrastructure} Deploy outposts racks in your own data center on-prem to extend AWS services

Question 80

SQS (Simple Queue Service)

Answer 80

{Cloud Integrations} to DECOUPLE applications in AWS QUEUE service

Question 81

SNS (Simple Notification Service)

Answer 81

{Cloud Integrations} - 2nd way to decouple (from SQS) - What if you want to send one message to many receivers? - *Event subscribers & event notifications* Email, SMS, or mobile notifications

Question 82

Kinesis

Answer 82

{Cloud Integrations} Real-time data streaming & analysis

Question 83

Amazon MQ

Answer 83

{Cloud Integrations} Managed Apache MQ in the cloud *think apache MQ - like MJ/ Nick apache helicopters

Question 84

Cloud Watch

Answer 84

{Cloud Monitoring} * Metrics - monitor performance & billing * Alarms - automate notification, perform EC2 action, notify to SNS * Logs - collect log filed from EC2 instances, servers, Lambda functions * Events (Eventbridge)- react to events in AWS or trigger rule on schedule

Question 85

CloudTrail

Answer 85

{Cloud Monitoring} to AUDIT API calls made within AWS account

Question 86

CloudTrail Insights

Answer 86

{Cloud Monitoring} | Automated analysis of Cloudtrail events unusual activity

Question 87

X-Ray

Answer 87

{Cloud Monitoring} trace requests made through your distributed applications

Question 88

Service Health Dashboard

Answer 88

{Cloud Monitoring} status of all SERVICES across all regions

Question 89

Personal Health Dashboard

Answer 89

{Cloud Monitoring} AWS events that impact YOU (remediation)

Question 90

Shield

Answer 90

{Security & Compliance} automatic DDoS protection (24/7 for advanced shield)

Question 91

WAF

Answer 91

{Security & Compliance} Web Application FIREWALL

Question 92

KMS

Answer 92

{Security & Compliance} Key Management Service Encryption keys managed by AWS

Question 93

Cloud HSM

Answer 93

{Security & Compliance} Hardware encryption, AWS provisions hardware, but customer manages it (encryption keys)

Question 94

Artifact

Answer 94

{Security & Compliance} Get access to compliance reports

Question 95

GaurdDuty

Answer 95

{Security & Compliance} find malicious behavior w/VPC, DNS, & CloudTrail logs

Question 96

Inspector

Answer 96

{Security & Compliance} for EC2 only - install agent and find vulnerabilities

Question 97

Config

Answer 97

{Security & Compliance} track configuration changes and compliance against rules

Question 98

Macie

Answer 98

{Security & Compliance} SENSITIVE DATA (Personal) in S3 bucket

Question 99

CloudTrail

Answer 99

{Security & Compliance} Track API calls by users in account automate security across accounts

Question 100

AWS Security Hub

Answer 100

{Security & Compliance} gather security findings from many sources IN ONE PLACE

Question 101

Detective

Answer 101

{Security & Compliance} Find root cause of security/suspicious activities

Question 102

AWS Abuse

Answer 102

REPORT IT

Question 103

What are the Root User only privileges?

Answer 103

Root User: - Access owner - access to ALL services - Don't use for everyday tasks Only Root User Can: * ** change account setting * view tax statements * ** close AWS accounts * restore IAM permissions * ** change AWS support plan * ** register as a seller in reserved marketplace * sign up for GovCloud * enable MFA * edit/delete S3 bucket policy

Question 104

Rekognition

Answer 104

{Machine Learning} FACE DETECTION

Question 105

Transcribe

Answer 105

{Machine Learning} Audio to text (ex: subtitles)

Question 106

Polly

Answer 106

{Machine Learning} Text to Audio

Question 107

Translate

Answer 107

{Machine Learning} Translations

Question 108

Lex

Answer 108

{Machine Learning} Chatbots (Conversational/ intention) Powers Alexa

Question 109

Connect

Answer 109

{Machine Learning} Cloud Contact Center used in conjunction with Lex

Question 110

Comprehend

Answer 110

{Machine Learning} Natural language processing

Question 111

SageMaker

Answer 111

{Machine Learning} for developer/data scientist build, train, & deploy ML

Question 112

TCO Calculator

Answer 112

{Billing & Costs} Used to estimate costs for migrations from on-prem

Question 113

AWS Pricing Calculator

Answer 113

{Billing & Costs} used to estimate cost of architecture / solution

Question 114

Billing Dashboard

Answer 114

{Billing & Costs} High level costs for the month

Question 115

Cost Allocation Tags

Answer 115

{Billing & Costs} Detailed logs/categories

Question 116

Cost & Usage Reports

Answer 116

{Billing & Costs} Most Comprehensive!!

Question 117

Cost Explorer

Answer 117

{Billing & Costs} Used to FORCAST Visual/detailed

Question 118

{Account Best Practices} To operate multiple accounts, use ____

Answer 118

Organizations

Question 119

{Account Best Practices} Use ___ to restrict account power

Answer 119

SCP (Service Control Policies)

Question 120

{Account Best Practices} Easily set up multiple accounts with best practices with the ____

Answer 120

AWS Control Tower

Question 121

{Account Best Practices} Use _____ for easy management and billing.

Answer 121

Tags & Cost Allocation tags

Question 122

{Account Best Practices} What are the IAM guidelines?

Answer 122

* MFA * Least privilege * password policy * password rotation

Question 123

If your account is compromised you should ...

Answer 123

Change the root password. Delete & rotate all passwords/keys Contact AWS Support

Question 124

IAM

Answer 124

Identity & access management inside your AWS account for users that you trust & belong to your company

Question 125

Organizations

Answer 125

manage multiple AWS accounts

Question 126

Cognito

Answer 126

to create a database of users for your mobile and web applications ex: Facebook users

Question 127

Directory Services

Answer 127

to integrate Microsoft Active Directory in AWS

Question 128

Single SignOn (SSO)

Answer 128

provides one login for multiple AWS accounts & applications

Question 129

Workspaces

Answer 129

{Other Random Services to know} DESKTOP as a Service (DaaS) to provision Windows or Linex desktops for it someone wants a desktop in the cloud *Virtual Desktop Infrastructure (VDI)

Question 130

AppStream 2.0

Answer 130

{Other Random Services to know} Desktop application service app delivered from a browser no need to connect to VDI works with any device!

Question 131

Sumerian

Answer 131

{Other Random Services to know} create and run virtual reality (VR) and augmented reality (AR) 3D MODELS! (animate them to look alive) ex: bird example in course

Question 132

AWS IoT Core

Answer 132

{Other Random Services to know} "Internet of Things" The network on internet connected devices that are able to connect to the cloud serverless Ex: Cars, light, Boat, etc.

Question 133

Elastic Transcoder

Answer 133

{Other Random Services to know} used to convert media filed stores in S3 into media files compatible with playback devices (Phones, tablets)

Question 134

What are the Well Architected Framework, General Guiding Principles?

Answer 134

1. stop guessing capacity needs 2. test system at production scale 3. automate to make experimentation easier 4. allow for evolutionary architectures 5. drive using data 6. improve through gam days (simulate)

Question 135

What are the Best Practices - Design Principles?

Answer 135

1. Scalability - vertical & horizontal 2. Disposable Resources - servers should be disposable and easily configured 3. Automation - serverless, auto-scaling 4. Lose Coupling - smaller, loosely coupled components (no cascading failure) 5. Think "Services" not Servers

Question 136

``` #1 Pilar Operational Excellence ```

Answer 136

``` operation as code annotate documentation make frequent, small, reversible changes refine operational procedures frequently anticipate failure learn from failure ```

Question 137

``` #2 Pilar Security ```

Answer 137

Protect through risk assessment and migration strategies ``` strong identity foundation enable traceability apply security to all layers automate security protect data in transit and at rest keep people away from data prepare for security events ```

Question 138

``` #3 Pilar Reliability ```

Answer 138

agility to recover from disruptions ``` test recovery principles automate recovery auto-scaling (stop guessing capacity) scale horizontally manage in automation (use automation to make changes to infrastructure) ```

Question 139

``` #4 Pilar Performance Efficiency ```

Answer 139

adapting & providing the best performance ``` advanced technologies server less global in mins experiment more often mechanical sympathy - be aware of all services that exist ```

Question 140

``` #5 Pilar Cost Optimization ```

Answer 140

Business value at lowest cost point pay only for what you use measure efficiency: CloudWatch stop spending $ on data center operations use tags for billing use manages services (reduce cost of ownership)