Exam Flashcards

Question

Exam Tip:

Answer 1

- Edge Locations are not just read only, you can also write to them and you can put an object to them, which is what we looked at when we, were looking at transfer acceleration. - Remember also that objects are cached for the life of the Time To Live (TTL) and is always in seconds. You can clear cached objects from your Edge Locations but you will still be charged for the service.

Answer 2

Basic - N/A Developer - General Guidance: < 24 business hours - System Impaired: < 12 business hours Business - General Guidance: < 24 hours - System Impaired: < 12 hours - Production System Impaired: < 4 hours - Production System Down: < 1 hour Enterprise - General Guidance: < 24 hours - System Impaired: < 12 hours - Production System Impaired: < 4 hours - Production System Down: < 1 hour - Business-Critical system Down: < 15 minutes

Answer 3

On-Demand: pay by the hour Reserved: contract terms of 1 or 3 years, the more you pay upfront the bigger the discount Spot: allows you to bid whatever price that you want for instance capacity and if it hits your Spot price then it will provision the service for you, if the price goes up you lose instances but only pay for the minutes you use (but if you terminate the instance you pay for the full hour of usage) Dedicated Hosts: physical servers dedicated just to you (really useful for server-bound software licenses)

Answer 4

``` F is for FPGAs I is for IOPS G is for Graphics, H is for High Disk Throughput, T is for General Purpose, so that's what we've been using throughout the course T2 Micros D is for Density R is for Ram M is the main choice for general purpose apps, C if for Compute, P is for Graphics so think Pics, X is for Extreme Memory and Z is for Extreme Memory and CPU. ```

Answer 5

An EBS volume is best described as a virtual hard-disk in the cloud. EBS is split into SSD as well as Magnetic Storage. SSD consists of two, so we've got General Purpose SSD this is referred to as GP2. And we then have Provisioned IOPS SSD, this is for very high performance SSD volumes so its often referred to as IO1. Then on our Magnetic we have Throughput Optimized so we have ST1, this is low cost hard disk volume designed for frequently accessed throughput-intensive workloads. We then have Cold Hard Disk Drive, this is the lowest cost Hard Disk Drive volume that are designed for less frequently accessed workloads so think of File Servers and then we also have Magnetic which is previous generations and will probably be phased out at some point.

Answer 6

Linux SSH/22 Microsoft RDP: 3389 HTTP: 80 HTTPS: 443 Basically, to let everything in, we open up 0.0.0.0/0. If we just want one IP address in, we're going to do the individual IP address and the a /32. Security Groups are basically virtual firewalls in the cloud.

Answer 7

Things fail all the time and you should always have one EC2 instance in each availability zone, so if there is a failure you're not going to have an outage.

Answer 8

Amazon Elastic Compute Cloud (Amazon EC2). EC2 is a compute service and requires a private key to connect to EC2. Storing credentials on our EC2 instance is probably not a good idea because if that EC2 instance is hacked, basically, people could use that credentials to access our AWS environment anywhere in the world.

Answer 9

1. Console 2. Command Line Interface (CLI) 3. Software Development Kit (SDK)

Answer 10

Roles are much more secure than using access key IDs and secret access keys, and they're much easier to manage. And you can apply a role to an EC2 instance at any time. When you do this, the change takes place immediately. Roles are universal. You do not have to specify what regions they're in. Similar to users, they are a product of IAM, which is a global service.

Answer 11

1. Layer 7 - make intelligent routing decisions, can see the traffic 2. Network Load Balancers - static IP addresses, extreme performance 3. Classic Load Balancers - low cost, test/dev

Answer 12

RDS - (SQL/OLTP) or online transaction processing database. These consist of six different technologies or database engines (Microsoft SQL Server, MySQL, PostgreSQL, Oracle, Aurora, MariaDB). DynamoDB - Amazon's NoSQL database technology Redshift (OLAP) - used for business intelligence or data warehousing, used for online analytics processing ElastiCache - speed up performance of existing databases by caching very frequently used database queries, and it consists of two different types, Memcached and Redis. Neptune - graph databases, highly scalable and highly available

Answer 13

When we started provisioning out RDS instances we have Multiple Availability Zones. This is used solely for disaster recovery. If you need to increase your performance you wanna use Read Replicas. So Multi-AZs for DR, Read Replicas is for performance.

Answer 14

Autoscaling allows you to provision multiple EC2 instances behind a load balancer, and basically, it will automatically scale depending on your demand.

Answer 15

Amazon's domain name system, or DNS service. It's named that way after Route 66, the first interstate highway across America. The reason it's called Route 53 is because DNS is on the port 53. Route 53 is global. It's similar to IAM and S3. And you can use it to direct traffic all around the world, and you can even use it to register a domain name.

Answer 16

With Elastic Beanstalk you just, you basically upload your code. You don't have to worry about the infrastructure that runs those applications. Basically, you upload your application. Elastic Beanstalk will automatically handle the details of capacity provisioning, load balancing, scaling, and application health monitoring. Essentially, developers use Elastic Beanstalk if they don't know how to use AWS.

Answer 17

This helps you model and set up your AWS resources so that you spend less time managing those resources and more time focusing on your applications in AWS. And you just create a template. The template is a JSON template, and it describes all the AWS resources that you want, like your EC2 instances, RDS instances, et cetera, and then CloudFormation will take care of the provisioning and configuring of those resources. You don't need to individually go in and create and configure AWS resources yourself.

Answer 18

Both of them are free services, however, the resources that they provision underneath, such as EC2, are not free. And the main difference is Elastic Beanstalk is limited in what it can provision, it's not programmable. CloudFormation is, by far, the most flexible product, and it can provision almost any AWS service, and it's completely programmable.

Answer 19

``` IAM - When you create a user, or a group, or a role, that is created globally. Route 53 CloudFront SNS SES ```

Answer 20

``` Snowball Snowball Edge Storage Gateway CodeDeploy OpsWorks IoT Greengrass ```

Answer 21

CloudWatch is used to monitor performance. CloudWatch can monitor most of AWS as well as your applications that run on AWS. CloudWatch with EC2 will monitor events every five minutes, by default, and you can have one-minute intervals by turning on detailed monitoring. And you can create CloudWatch alarms which trigger notifications. And CloudWatch is all about performance.

Answer 22

Systems Manager can be used to manage fleets of EC2 instances and virtual machines. A piece of software is installed on each VM. This is sometimes referred to as an agent. And it can be both inside AWS as well as on premise. And then you can use the run command to install, patch, and uninstall software. And it integrates with CloudWatch to give you a dashboard of your entire estate.

Answer 23

You pay as you go, pay for what you use, pay less as you use more, and pay even less when you reserve capacity.

Answer 24

CapEx stands for capital expenditure, which is where you pay up front, and it's fix sunk costs. So it's like buying a server up front, or buying a whole bunch of servers, or buying network, switches or firewalls, or load balancers, et cetera. OpEx stands for operational expenditure, which is where you pay for what you use (utility bills, electricity, gas, etc.)

Answer 25

1. Pay as you go: 2. Pay less when you reserve 3. Pay even less when using more per unit 4. Pay less as AWS grows 5. Custom Pricing

Answer 26

1. Understand the fundamentals of pricing 2. Start early with cost optimization (it's easiest to put cost visibility and control mechanisms in place before the environment grows large and complex) 3. Maximize the power of flexibility (cost savings by not paying for services that are not running) 4. Use the right pricing model for the job

Answer 27

1. Compute 2. Storage 3. Data Outbound (leaving AWS environment)

Answer 28

- Amazon VPC (Virtual Datacenter) - Elastic Beanstalk (only services, not resources) - CloudFormation (not resources it provisions) - IAM - AutoScaling(not resources it provisions) - Opsworks (not resources it provisions) - Consolidated Billing

Answer 29

- Clock hours of server time - Instance Type - Pricing Model - Number of Instances - Load Balancing Level - Detailed Monitoring - Auto Scaling (more EC2 instances you have the more you pay) - Elastic IP Addresses - Operating Systems and Software Packages

Answer 30

On Demand - allows you to pay a fixed rate by the hour or by the second with no commitment Reserved - provides you with a capacity reservation and offers significant discount on the hourly charge for an instance, and your contract terms of one or three years Spot - enables you to bid whatever price you want, for Instance capacity, which gives you a great amount of savings, but only if your application has a flexible start and end time. If your application always needs to be on always running, then you don't want spots. So it's where you might be doing things like batch processing or you can have the application run in the middle of the night when the prices of the cheapest. But then as soon as it comes 9 a.m. on a Monday morning, it's stops. Dedicated - a physical EC2 server that's dedicated for your use. And dedicated host can help you reduce costs by allowing you to use your existing server bound software licenses

Answer 31

You can use EC2 reserved instances to reserve capacity and receive discounts on your instance usage, compared to running on demand instances. And the more you pay up front, and the longer the contract term, the more you're going to save. The longer the contract term that you sign, and the more money you pay up front to AWS, the more you're going to save versus on demand

Answer 32

Request Pricing - Free Tier: 1 million requests per month and $0.20 per 1 million requests thereafter - Duration Pricing: 400,000 GB-seconds per month free, up to 3.2 million seconds of compute time

Answer 33

A tag is metadata (data about data). It consists of a case-sensitive key-value pair. For example, you could define a tag with 'key = Name' and 'value = Webserver.' A copy of a tag can be applied to volumes, instances or both. Tags will be applied to all instances and volumes. Tags can be inherited.Tag Editor is a global services.

Answer 34

Tags are global, groups are per region

Answer 35

Resource groups make it easy to group your resources using the tags that are assigned to them. You can group resources that share one or more tags.

Answer 36

CloudTrail monitors AWS Management Console actions and API calls in the AWS platform. Is a tool for auditing. CloudTrail works on a per AWS account basis and is enabled per region. And essentially, you can consolidate your logs using an S3 bucket. To do this, you need to turn CloudTrail on in the paying account, create a bucket and a bucket policy that allows cross account access, and then you turn CloudTrail on in the other accounts and you use the bucket in the paying accounts to log all your data.

Answer 37

You're paying account should be used for billing purposes only, do not deploy resources into the paying account,

Answer 38

You can actually only have 20 linked accounts only. It's a soft limit so you can get them to increase it.

Answer 39

When monitoring is enabled on the paying account, the billing data for all linked accounts is included. That's really, really important. And you can still create billing alerts on a per individual account basis. So again, if you have a billing alert turned on for the main paying account, then the billing data for all linked accounts is going to be included in that. But then if you have a, let's say you've got a Test and Dev account, and you create a billing account on that you can also still receive individual billing alerts.

Answer 40

AWS Organizations enables you to centrally apply policy-based controls across multiple accounts in the AWS Cloud. You can consolidate all your AWS accounts into an organization, and arrange all AWS accounts into distinct organizational units.

Answer 41

CloudWatch is used for monitoring performance. AWS Config is used to monitor configurations of your AWS Resources (i.e., global group changes).

Answer 42

Athena is an interactive query service which enables you to analyse and query data located in S3 using standards SQL. - Serverless, nothing to provision, pay per query / per TB scanned - No need to set up complex Extract/Transform/Load (ETL) processes - Works directly with data stored in S3 - Can be used to query log files stored in S3 - Generate business reports on data stored in S3 - Analyse AWS cost and Usage reports - Run queries on click-stream data

Answer 43

Macie is a security service which uses Machine Learning and Natural Language Processing (NLP) to discover, classify, and protect sensitive data stored in S3 - Uses AI to recognize if your S3 objects contain sensitive data such as PII - Dashboards, reporting and alerts 0 Works directly with data stored in S3 - Can also analyze CloudTrail logs - Great for PCI-DSS and preventing ID theft

Answer 44

Used to retrieve compliance reports globally

Answer 45

AWS is responsible for security of the cloud. Users are responsible for security in the cloud.

Answer 46

AWS WAF is a Web Application Firewall, designed to stop hackers. WAF operates down to Layer 7. AWS Shield is a DDOS mitigation service designed to stop DDOS attacks. Only AWS Shield Advanced offers automated application layer monitoring.

Answer 47

AWS Inspector is used for inspecting EC2 instances for vulnerabilities. AWS Inspector assesses the security and compliance of your EC2 instances. AWS Trusted Advisor inspects your AWS account as a whole (not just EC2). It does more than just security checks. It also does Cost Optimization, Performance, & Fault Tolerance.

Answer 48

Trusted Advisor helps you optimize your entire AWS environment in real time following AWS best practices. It helps you optimize cost, fault-tolerance, and more. AWS Trusted Advisor can help you assess the fault-tolerance of your AWS environment.

Answer 49

Failover Routing and Latency-based Routing are the only two correct options, as they consider routing data based on whether the resource is healthy or whether one set of resources is more performant than another. Any answer containing location based routing (Geoproximity and Geolocation) cannot be correct in this case, as these types only consider where the client or resources are located before routing the data. They do not take into account whether a resource is online or slow. Simple Routing can also be discounted as it does not take into account the state of the resources.

Answer 50

A CloudFront Origin can be an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53.

Answer 51

S3 can be used to host static websites.

Answer 52

Consolidated Billing is a feature of AWS organizations. Once enabled and configured, you will receive a bill containing the costs and charges for all of the AWS accounts within the organization. Although each of the individual AWS accounts are combined into a single bill, they can still be tracked individually and the cost data can be downloaded in a separate file. Using Consolidated Billing may ultimately reduce the amount you pay, as you may qualify for Volume Discounts. There is no charge for using Consolidated Billing.

Answer 53

Lightsail is AWS' Platform-as-a-Service offering.

Answer 54

The Root account should have MFA enabled; you should always create individual users (the Root account should never be used for actual work); and groups should be used to grant permissions to the users you create.

Answer 55

The AWS Support levels are Basic, Developer, Business, and Enterprise.

Answer 56

A Policy is the document used to grant permissions to users, groups, and roles.

Answer 57

CloudFront content is cached in Edge Locations.

Answer 58

In total there are 9 valid sections allowed within a CloudFormation template. In the answers above, only "Parameters", "Resources" and "Outputs" are considered valid. "Options" is not a template section.

Answer 59

False. To restrict access to an entire bucket, you use bucket policies; and to restrict access to an individual object, you use access control lists.

Answer 60

True. The collection of a CDN's Edge Locations is called a Distribution.

Answer 61

False. Bucket Policies are used to make entire buckets (like one hosting an S3 website) public.

Answer 62

False. Objects stored in S3 are stored in multiple servers in multiple facilities across AWS.

Answer 63

True. S3 is object storage suitable for the storage of 'flat' files like Word documents, photos, etc.

Answer 64

Business. The Business and Enterprise support plans offer 24 X 7 technical support via phone or chat.

Answer 65

EC2 and Lambda are AWS Compute Services.

Answer 66

The AWS Storage Gateway service is primarily used for attaching infrastructure located in a Data centre to the AWS Storage infrastructure. The AWS documentation states that; "You can think of a file gateway as a file system mount on S3." Amazon Elastic File System (EFS) is a mountable file storage service for EC2, but has no connection to S3 which is an object storage service. Amazon Elastic Block Store (EBS) is a block level storage service for use with Amazon EC2 and again has no connection to S3.

Answer 67

A Multi-Region deployment will best ensure global availability.

Answer 68

With S3, objects can be accessed from anywhere in the world via a dedicated URL.

Answer 69

In both AWS-Budget & CloudWatch alarms can be set to monitor spending on your AWS Account.

Answer 70

Amazon EMR is a web service that makes it easy to process large amounts of data efficiently.

Answer 71

Lambda is the AWS Function-as-a-Service (FaaS) offering that lets you run code without provisioning or managing servers.

Answer 72

Aurora is AWS' managed database service that is up to 5X faster than a traditional MySQL database.

Answer 73

The AWS Database Migrations Service is the best choice for conventional data migrations.

Answer 74

Redshift is AWS' data warehousing service.

Answer 75

Instance metadata Although you can create a snapshot of an EBS volume attached to an instance, this snapshot will not contain the data described in the scenario. This type of data is stored in Instance metadata.

Answer 76

CloudWatch Alarms Elastic Load Balancer are used to balance traffic between EC2 instances, typically in an Auto Scaling Group, A CloudWatch alarm can be set up to monitor CPU utilization and trigger further action. Further action could be an Auto Scaling Group adding another EC2 instance and/or using SNS to notify team members of the occurrence.

Answer 77

AWS Snowball Amazon API Gateway is a fully managed service that makes it easy for developers to create, publish, maintain, monitor, and secure APIs at any scale. APIs act as the "front door" for applications to access data, business logic, or functionality from your backend services. Using API Gateway, you can create RESTful APIs and WebSocket APIs that enable real-time two-way communication applications. API Gateway supports containerized and serverless workloads, as well as web applications. https://aws.amazon.com/api-gateway/ Snowball is a petabyte-scale data transport solution that uses secure appliances to transfer large amounts of data into and out of the AWS cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns. https://aws.amazon.com/getting-started/projects/migrate-petabyte-scale-data/services-costs/#:~:text=Description%3A%20Snowball%20is%20a%20petabyte,transfer%20times%2C%20and%20security%20concerns.

Answer 78

AWS SQS SES is an email service, not a message queueing service. Amazon Simple Email Service (SES) is a cost-effective, flexible, and scalable email service that enables developers to send mail from within any application. You can configure Amazon SES quickly to support several email use cases, including transactional, marketing, or mass email communications. Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message-oriented middleware and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available. https://aws.amazon.com/sqs/

Answer 79

AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Whether you are a growing startup or a large enterprise, Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your AWS accounts. https://aws.amazon.com/organizations/ The AWS Cost & Usage Report contains the most comprehensive set of AWS cost and usage data available, including additional metadata about AWS services, pricing, and reservations (e.g., Amazon EC2 Reserved Instances (RIs)). https://aws.amazon.com/aws-cost-management/aws-cost-and-usage-reporting/

Answer 80

Elastic Load Balancer AWS CloudFormation provides a common language for you to model and provision AWS and third-party application resources in your cloud environment. AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. This gives you a single source of truth for your AWS and third-party resources, but it is not what your design team is looking for. Elastic Load Balancing automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, IP addresses, and Lambda functions. It can handle the varying load of your application traffic in a single Availability Zone or across multiple Availability Zones. Elastic Load Balancing offers three types of load balancers that all feature the high availability, automatic scaling, and robust security necessary to make your applications fault-tolerant. https://aws.amazon.com/elasticloadbalancing/

Answer 81

Cost Explorer AWS Cost Explorer lets you visualize, understand, and manage your AWS costs and usage over time. You can analyze your cost and usage data at a high level (e.g., total costs and usage across all accounts in your organization) or for highly specific requests. https://docs.aws.amazon.com/whitepapers/latest/cost-optimization-reservation-models/aws-cost-explorer.html

Answer 82

AWS Lambda AWS CloudFormation allows you to use programming languages or a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts. It is not what your team is looking for in this instance. AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume. https://aws.amazon.com/lambda/

Answer 83

Bucket Policy S3 bucket policies specify what actions are allowed or denied for which principals on the bucket that the bucket policy is attached to (e.g., allow user Alice to PUT but not DELETE objects in the bucket). https://aws.amazon.com/blogs/security/iam-policies-and-bucket-policies-and-acls-oh-my-controlling-access-to-s3-resources/#:~:text=In%20other%20words%2C%20IAM%20policies,do%20in%20your%20AWS%20environment.&text=S3%20bucket%20policies%20specify%20what,DELETE%20objects%20in%20the%20bucket).

Answer 84

On-Demand. This is not a long enough term to make reserved instances the better option. Plus, the application can't be interrupted, which rules out spot instances.

Answer 85

AWS Acceptable use policy This AWS Customer Agreement (this “Agreement”) contains the terms and conditions that govern your access to and use of the Service Offerings. The policy states that penetration testing may be performed by customers on their own instances with prior approval from AWS.

Answer 86

Convertible Can be exchanged during the term for another Convertible Reserved Instance with new attributes including instance family, instance type, platform, scope, or tenancy. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/reserved-instances-types.html

Answer 87

Classic Load Balancer Classic Load Balancer provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. Classic Load Balancer is intended for applications that were built within the EC2-Classic network. https://aws.amazon.com/elasticloadbalancing/

Answer 88

IAM Policy Simulator AWS Inspector actually examines your applications and looks for security vulnerabilities, but it can not examine individual policies. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by levels of severity. These findings can be reviewed directly or as part of detailed assessment reports which are available via the Amazon Inspector console or API. https://aws.amazon.com/inspector/ With the IAM policy simulator, you can test and troubleshoot identity-based policies, IAM permissions boundaries, Organizations service control policies, and resource-based policies. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html

Answer 89

AWS X-Ray AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure. CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services. https://aws.amazon.com/cloudtrail/ AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture. With X-Ray, you can understand how your application and its underlying services are performing to identify and troubleshoot the root cause of performance issues and errors. X-Ray provides an end-to-end view of requests as they travel through your application, and shows a map of your application’s underlying components. https://aws.amazon.com/xray/

Answer 90

Amazon Virtual Private Cloud RDS (Relational Database Service) enables the creation and management of relational databases in AWS. Amazon Virtual Private Cloud (Amazon VPC) lets you provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you define. You have complete control over your virtual networking environment, including the selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways. You can use both IPv4 and IPv6 in your VPC for secure and easy access to resources and applications. https://aws.amazon.com/vpc/

Answer 91

CloudFront Amazon ElastiCache allows you to seamlessly set up, run, and scale popular open-Source compatible in-memory data stores in the cloud. Build data-intensive apps or boost the performance of your existing databases by retrieving data from high throughput and low latency in-memory data stores. It is not for delivery. https://aws.amazon.com/elasticache/ Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.

Answer 92

AWS Kinesis Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information. https://aws.amazon.com/kinesis/

Answer 93

Spot Spot Instances are a great choice for this use case. Amazon EC2 Spot Instances let you take advantage of unused EC2 capacity in the AWS cloud. Spot Instances are available at up to a 90% discount compared to On-Demand prices. You can use Spot Instances for various stateless, fault-tolerant, or flexible applications such as big data, containerized workloads, CI/CD, web servers, high-performance computing (HPC), and other test & development workloads. The key phrase in this question is, “It is alright if there are interruptions in the application”. If the application could not accept interruptions, then the best option would be on-demand.

Answer 94

Glacier is a low-cost storage option for Data Archiving. It can take several hours to retrieve the data, but if this is acceptable, it is the best value for long-term storage of data. https://aws.amazon.com/s3/storage-classes/

Answer 95

Elastic Beanstalk You will have to configure servers, using CloudFormation Templates, to host applications. AWS CloudFormation provides a common language for you to model and provision AWS and third-party application resources in your cloud environment. https://aws.amazon.com/cloudformation/ AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. https://aws.amazon.com/elasticbeanstalk/

Answer 96

Amazon Macie Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. https://aws.amazon.com/macie/

Answer 97

Horizontal Scaling Elasticity is the ability to acquire resources as you need them and release resources when you no longer need them. Think of auto-scaling and adding and removing instances as needed. Horizontal Scaling is the act of changing the number of nodes in a computing system without changing the size of any individual node. So, with horizontal scaling, we would add instances.

Answer 98

Network Load Balancer Network Load Balancer is best suited for load balancing of Transmission Control Protocol (TCP), User Datagram Protocol (UDP) and Transport Layer Security (TLS) traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies. https://aws.amazon.com/elasticloadbalancing/

Answer 99

AWS Personal Health Dashboard The Service Health Dashboard provides a general overview of all of the AWS services, but it does not detail problems that may directly affect your AWS account. AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you. While the Service Health Dashboard displays the general status of AWS services, Personal Health Dashboard gives you a personalized view into the performance and availability of the AWS services underlying your AWS resources. https://aws.amazon.com/premiumsupport/technology/personal-health-dashboard/

Answer 100

AWS Database Migration Service AWS Database Migration Service helps you migrate databases to AWS quickly and securely. The source database remains fully operational during the migration, minimizing downtime to applications that rely on the database. The AWS Database Migration Service can migrate your data both to and from most of the widely used commercial and open-source databases. https://aws.amazon.com/dms/

Answer 101

Macie Amazon Macie is a fully managed data security and data privacy service that uses machine learning and pattern matching to discover and protect your sensitive data in AWS. https://aws.amazon.com/macie/

Answer 102

Route 53 Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. Route 53 can be used for Disaster Recovery by simply shifting traffic to the new region. Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. Amazon Route 53 is fully compliant with IPv6 as well.

Answer 103

Create a policy defining the permissions needed. Create an IAM Group and attach the policy to the group. Add the department's members to the group. By creating a group, all like users can be managed all at one time.

Answer 104

AWS Management Console AWS Management Console is a web application for managing Amazon Web Services.

Answer 105

Use an Auto Scaling Group to scale out and in based on demand. The Auto Scaling Group can be used to scale out and scale in the instances as the demand dictates. This will save money and avoid having instances sitting idle for long periods of time. AWS Auto Scaling monitors your applications and automatically adjusts your capacity to maintain steady, predictable performance at the lowest possible cost. Using AWS Auto Scaling, it’s easy to set up application scaling for multiple resources across multiple services in minutes. https://aws.amazon.com/autoscaling/

Answer 106

Availability Zone An Availability Zone (AZ) is one or more discrete data centers with redundant power, networking, and connectivity in an AWS Region. Availability Zones allow you to operate production applications and databases that are more highly available, fault-tolerant, and scalable than would be possible from a single data center. All Availability Zones in an AWS Region are interconnected with high-bandwidth, low-latency networking, over fully redundant, dedicated metro fiber providing high-throughput, low-latency networking between Availability Zones. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html

Answer 107

AWS Organizations AWS Organizations helps you centrally govern your environment as you grow and scale your workloads on AWS. Whether you are a growing startup or a large enterprise, AWS Organizations helps you to centrally manage billing, control access, compliance, and security, and share resources across your AWS accounts. Using AWS Organizations, you can automate account creation, create groups of accounts to reflect your business needs, and apply policies for these groups for governance. You can also simplify billing by setting up a single payment method for all of your AWS accounts. Through integrations with other AWS services, you can use Organizations to define central configurations and resource sharing across accounts in your organization. AWS Organizations is available to all AWS customers at no additional charge. https://aws.amazon.com/organizations/

Answer 108

CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. CloudFront is integrated with AWS – both physical locations that are directly connected to the AWS global infrastructure, as well as other AWS services. https://aws.amazon.com/cloudfront/

Answer 109

Vertical Scaling Horizontal Scaling is the act of changing the number of nodes in a computing system without changing the size of any individual node. So, with horizontal scaling, we would add instances, not increase the size of an instance. Vertical Scaling is increasing the size and computing power of a single instance or node without increasing the number of nodes or instances.

Answer 110

CloudFront Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment. https://aws.amazon.com/cloudfront/

Answer 111

Reliability and Operational Excellence Scalability is certainly a concept that can be achieved with AWS resources, but it is not one of the 5 pillars of a well architected framework: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization. The 5 pillars of a Well Architected Framework - Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization. The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/ The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to improve supporting processes and procedures continually. https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

Answer 112

Vertical Scaling Horizontal Scaling is the act of changing the number of nodes in a computing system without changing the size of any individual node. So, with horizontal scaling, we would add instances, not increase the size of an instance. Vertical Scaling is increasing the size and computing power of a single instance or node without increasing the number of nodes or instances.

Answer 113

CloudFront Amazon ElastiCache allows you to seamlessly set up, run, and scale popular open-Source compatible in-memory data stores in the cloud. Build data-intensive apps or boost the performance of your existing databases by retrieving data from high throughput and low latency in-memory data stores. It is not for delivery. https://aws.amazon.com/elasticache/ Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds, all within a developer-friendly environment.

Answer 114

AWS maintains the underlying OS and performs software patching on the database. This is not true as a general statement. Amazon Aurora is up to 5 times faster than MySQL RDS. Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching, and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security, and the compatibility they need. https://aws.amazon.com/rds/

Answer 115

Elastic Beanstalk You will have to configure servers, using CloudFormation Templates, to host applications. AWS CloudFormation provides a common language for you to model and provision AWS and third-party application resources in your cloud environment. https://aws.amazon.com/cloudformation/ AWS Elastic Beanstalk is an easy-to-use service for deploying and scaling web applications and services developed with Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker on familiar servers such as Apache, Nginx, Passenger, and IIS. https://aws.amazon.com/elasticbeanstalk/

Answer 116

Reliability and Operational Excellence Scalability is certainly a concept that can be achieved with AWS resources, but it is not one of the 5 pillars of a well architected framework: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization. The 5 pillars of a Well Architected Framework - Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization. The reliability pillar includes the ability of a system to recover from infrastructure or service disruptions, dynamically acquire computing resources to meet demand, and mitigate disruptions such as misconfigurations or transient network issues. https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/ The operational excellence pillar includes the ability to run and monitor systems to deliver business value and to improve supporting processes and procedures continually. https://aws.amazon.com/blogs/apn/the-5-pillars-of-the-aws-well-architected-framework/

Answer 117

Network ACL A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. You might set up network ACLs with rules similar to your security groups to add an additional layer of security to your VPC. https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html

Answer 118

Amazon GuardDuty Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts and workloads. With the cloud, the collection and aggregation of account and network activities is simplified, but it can be time-consuming for security teams to continuously analyze event log data for potential threats. With GuardDuty, you now have an intelligent and cost-effective option for continuous threat detection in the AWS Cloud. https://aws.amazon.com/guardduty/

Answer 119

Deploy in Multiple Availability Zones Deploying in Multiple Availability zones will protect against downtime should an Availability Zone be lost.

Answer 120

AWS CloudFormation AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. https://aws.amazon.com/cloudformation/

Answer 121

Create multi-factor authentication for the root account and Add IP restrictions for all accounts This will add an additional layer of security to the root account. This would greatly limit who can access your environment and from where.

Answer 122

AWS IAM You can not assign permissions with tagging. Amazon Web Services allows customers to assign metadata to their AWS resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources by purpose, owner, environment, or other criteria. AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. https://aws.amazon.com/iam/

Answer 123

Auto Scaling Elastic Beanstalk can create EC2 instances automatically, and it can also create Auto Scaling Groups, but it does not interact with EC2 in adding and removing instances elastically. AWS Auto Scaling monitors your applications and automatically adjusts capacity to maintain steady, predictable performance at the lowest possible cost. In this way, the necessary EC2 instances will expand and contract based on the current demands placed on the application.

Answer 124

Business The Business Plan is the cheapest plan that will still provide the full set of Trusted Advisor checks. https://aws.amazon.com/premiumsupport/plans/

Answer 125

Configure the Load Balancer to serve traffic to multiple Availability Zones. Load Balancing can be set up to serve traffic across multiple availability zones (not multi-region). You would set up the load balancer to deliver traffic across multiple availability zones. https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/enable-disable-az.html

Answer 126

Deploy in Multiple Availability Zones Deploying in Multiple Availability zones will protect against downtime should an Availability Zone be lost.

Answer 127

AWS CloudFormation AWS CloudFormation is a service that helps you model and set up your Amazon Web Services resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. https://aws.amazon.com/cloudformation/

Answer 128

AWS IAM You can not assign permissions with tagging. Amazon Web Services allows customers to assign metadata to their AWS resources in the form of tags. Each tag is a simple label consisting of a customer-defined key and an optional value that can make it easier to manage, search for, and filter resources by purpose, owner, environment, or other criteria. AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely. Using IAM, you can create and manage AWS users and groups, and use permissions to allow and deny their access to AWS resources. https://aws.amazon.com/iam/

Answer 129

AWS Trusted Advisor AWS Trusted Advisor is an online tool that provides you real-time guidance to help you provision your resources following AWS best practices. Trusted Advisor checks help optimize your AWS infrastructure, increase security and performance, reduce your overall costs, and monitor service limits. Whether establishing new workflows, developing applications, or as part of ongoing improvement, take advantage of the recommendations provided by Trusted Advisor on a regular basis to help keep your solutions provisioned optimally. https://aws.amazon.com/premiumsupport/technology/trusted-advisor/

Answer 130

Access Keys Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API. https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html

Exam Flashcards

(156 cards)