General

Question 1

What 3 AWS services can be used to manage/automate code changes to AWS workloads?

Answer 1

AWS CodeCommit
AWS CodeDeploy
AWS CodePipeline

Question 2

What does AWS Config do?

Answer 2

Allows you to record and evaluate changes to your resources

Question 3

What 5 AWS services support detective work? (CCCSG)

Answer 3

Cloudtrail
Cloudwatch
Config
S3
Glacier

Question 4

What are the 3 steps to securing your 3 tier app?

Answer 4

Allow HTTP/HTTPS traffic to the web server
Allow only SSH traffic on App server
Allow only App Server access on Database server

Question 5

What 3 services are good for a stateless architecture?

Answer 5

RDS
Elasticache
DynamoDB

Question 6

What 4 services are good for a serverless architecture?

Answer 6

API Gateway
Lambda
S3
DynamoDB

Question 7

What is Redis Auth used for?

Answer 7

Security

Question 8

What are 3 acceptable sources for a security group?

Answer 8

Specific IP
CIDR block
Another Security Group id

Question 9

Which load balancer provides a static IP address which can be whitelisted by clients?

Answer 9

Network Load Balancer

Question 10

What is Cloudfront Origin Access Identity

Answer 10

A Special Cloudfront user associated with your distribution

Question 11

What is a signed url?

Answer 11

A url with an expiration dat, used with Cloudfront for accessing S3

Question 12

What is a better option over Cloudfront if the data changes often?

Answer 12

S3 Cross region replication

Question 13

Is FTP, TCP or UDP?

Answer 13

TCP

Question 14

What is RTO?

Answer 14

Recovery time objective - Time it takes for a service to recover

Question 15

What is RPO?

Answer 15

Recovery Point Objective - Acceptable amount of data loss in time before disaster occurs

Question 16

How does your application securely connect to RDS?

Answer 16

SSL, not encrypted keys

Question 17

What 4 options be a Route53 alias?

Answer 17

S3 static site
ELB
Cloudfront
Elastic BEanstalk

Question 18

What is the difference between an Availability Zone and a Region?

Answer 18

A Region is a specific geographical area

An Availability Zone is an isolated location within a region

Question 19

What is the availability of S3, S3-IA and S3-RRS?

Answer 19

99.99%

Question 20

What is the availability of S3 One-Zone IA?

Answer 20

99.5%

Question 21

Are EC2 instances limited to 20 per region or AZ?

Answer 21

per region

Question 22

What is Direct Connect?

Answer 22

A dedicated line between your on-premise data center and AWS that does not involve the internet.

Question 23

What does Security Token Service do?

Answer 23

Grants user limited and temporary access to AWs resources using Federation

Question 24

What are the 3 steps to setup STS to authenticate users against active directory?

Answer 24

Develop Identity Broker to communicate with LDAP and AWS STS
Make Identity Broker communicate with LDAP first, then AWS STS
Then provide App with temp access to resources.

Question 25

Can I authenticate using active directory?

Answer 25

Yes, using SAML

Question 26

What service is used to process large amounts of data for business intelligence?

Answer 26

Redshift

Question 27

What service is used to process large amounts of data for big data?

Answer 27

Elastic Map Reduce

Question 28

What are the 3 SWF Actors and what do they do?

Answer 28

Workflow starter initiates workflow Decider Controls the flow of activity tasks Activity Worker carries out tasks

Question 29

What is an Elastic IP address?

Answer 29

A static IP address that can be moved from one server to another

Question 30

What is the difference between High Availability and Fault Tolerance?

Answer 30

High Availability means the system is up and running but may perform in a degraded state. Fault tolerance means the user is not impacted by any fault

Question 31

What are IOPS?

Answer 31

Random access read/writes

Question 32

What does a Virtual Private Gateway do?

Answer 32

Provides VPN access to on-site resources

Question 33

What EBS volume types are good for random access

Answer 33

SSD for random access

Question 34

What EBS volume types are good for sequential access?

Answer 34

HDD for sequential access

Question 35

How can you encrypt credentials stored by a Lambda function?

Answer 35

Create a new KMS key and use it to enable encryption helpers

Question 36

How do you calculate the total number of IP addresses of a given CIDR Block

Answer 36

Subtract the mask number from 32, then raise 2 to the power of the result: /27 = 32 - 27 = 5 2^5 = 32

Question 37

What is a Route Origin Authorization?

Answer 37

Its a document that authorizes Amazon to advertise an address range when you move your IP address to AWS.

Question 38

What is Amazon DynamoDB Accelerator (DAX)?

Answer 38

In memory cache for DynamoDB

Question 39

What are 2 possible ways to increase the write performance of a database hosted in an EC2 instance

Answer 39

Increase the size of the instance | Setup a standard RAID 0 configuration

Question 40

How can you monitor an RDS instance?

Answer 40

Enable Enhanced Monitoring in RDS

Question 41

What is Amazon Redshift workload management (WLM)?

Answer 41

It enables users to manage priorities so that short quick queries dont get stuck behind long-running queries

Question 42

When an EBS snapshot is ongoing, what can/cannot be done?

Answer 42

EBS volume can be used as normal

Question 43

What is Amazon MQ?

Answer 43

A managed message broker service for ApacheMQ to make it easy to migrate to the cloud