Merge 1 Flashcards

Question

Kinesis

Answer 1

streaming and analyzing real-time data at massive scale

Answer 2

if you need to create search capabilities for website

Answer 3

move data from one place to another

Answer 4

sign in, authenticate, manage users and permissions

Answer 5

agent installed on VMs, inspects and reports on security

Answer 6

free SSL certificate for domains

Answer 7

Using Active Directory, connects active directory to AWS

Answer 8

give application-level protection to your website

Answer 9

compliance documentation in AWS console

Answer 10

monitor performance

Answer 11

document that turn infrastructure into code

Answer 12

audits AWS resources

Answer 13

automates deployments using Chef

Answer 14

monitors/audits environment, can set alerts based on compliance

Answer 15

automated way of scanning environment, giving security tips

Answer 16

coordinating automated and human tasks

Answer 17

door for apps to access backend data

Answer 18

Changes video format to suitable devices

Answer 19

compile code

Answer 20

deploys code to EC2 instances

Answer 21

keep track of all versions of code

Answer 22

design mobile apps

Answer 23

sign in w/ Identity Federation

Answer 24

mobile testing

Answer 25

analyze mobile data

Answer 26

have desktop in cloud

Answer 27

task notification

Answer 28

queue system to decouple apps

Answer 29

send/receive emails

Answer 30

Regions, Availability Zones, Edge Locations

Answer 31

A Region is a geographical area. Each Region consists of 2 or more Availability Zones.

Answer 32

An Availability Zone (AZ) is simply a data center.

Answer 33

They are facilities that are close to each other but not dependent on one another. For example, one AZ in Manhattan, another in New Jersey.

Answer 34

E.g. in case there is a flood in one (e.g. Manhattan), the other (NJ) won't be affected.

Answer 35

Edge locations are CDN endpoints for CloudFront.

Answer 36

To cache large media files in the cloud. Example: if I am a user in NY and if I want to download a video hosted in Australia, the first time, the video has to travel to the edge location in NY prior to downloading. Next time, the video would be cached at the NY edge location.

Answer 37

...a logical datacenter.

Answer 38

Amazon VPC lets you provision a logically isolated section of the AWS cloud where you can launch AWS resources in a virtual network that you define.

Answer 39

You have complete control over your virtual networking environment, including selection of your own IP address range, creation of subnets, and configuration of route tables and network gateways.

Answer 40

Create a public-facing subnet for your webservers that has access to the Internet, and place your backend systems (e.g. databases, application servers) in a private-facing subnet with no internet access

Answer 41

...security groups and Network ACLs to help control access to EC2 instances in each subnet.

Answer 42

1. 10.0.0.0-10.255.255.255 (10/8 prefix) 2. 172.16.0.0-172.31.255.255 (172.16/12 prefix) 3. 192.168.0.0-192.168.255.255 (192.168/16 prefix)

Answer 43

Internet Gateway, Virtual Private Gateway

Answer 44

Allows you to connect to the Internet

Answer 45

Allows you to terminate VPN connections

Answer 46

It routes traffic based on what is defined in the route tables

Answer 47

Internet-accessible subnet

Answer 48

Not Internet-accessible subnet

Answer 49

Webservers, bastion host

Answer 50

Database servers, application servers

Answer 51

1. Launch instances into a subnet of your choosing 2. Assign custom IP address ranges in each subnet 3. Configure route tables between subnets 4. Create internet gateway and attach it to our VPC 5. Much better security control over your AWS resources 6. Instance security groups 7. Subnet network access control lists (ACLs)

Answer 52

Whether a subnet is public or private

Answer 53

If one of the answers is "attach another IGW to the VPC," DON'T PICK THAT ONE!

Answer 54

If you create a rule allowing traffic in, it automatically allows traffic out.

Answer 55

If you create a rule allowing traffic in, you need to create a rule allowing the traffic back out.

Answer 56

1. User friendly, allowing you to immediately deploy instances 2. All subnets in default VPC have a route out to the internet 3. Each EC2 instance has both a public and private IP address 4. If you delete the default VPC the only way to get it back is to contact AWS.

Answer 57

Allows you to connect one VPC with another via a direct network route using private IP addresses

Answer 58

Connect: VPC for monitoring services, VPC for Active Directory, Administration VPC, Production VPC, Dev VPC, Test VPC

Answer 59

Peer VPCs with Dev account, Test account, Production account

Answer 60

Star configuration (1 central VPC peers with 4 other VPCs)

Answer 61

1. IGWs (or Virtual Private Gateways) 2. Route Tables 3. Network Access Control Lists 4. Subnets 5. Security Groups

Answer 62

A\> Configure web server VPC security groups to allow traffic from your customers’ IPs B\> Configure your web servers to filter traffic based on the ELB’s “X-forwarded-for” header A is obviously correct as security group can be configured to accept traffic from predefined customer IPs You can leverage AWS WAF to configure your webserver and filter the traffic based of HTTP header passed by load balancer. Hence #B is correct The security group can be configured to only allow the inbound or outbound traffic. When you allow certain inbound traffic in security group, the outbound traffic is automatically allowed because of the stateful nature. Hence #C is wrong In case if you deny all outbound traffic in NACL it will accept the inbound traffic but outbound hence #D is wrong.

Answer 63

This can be summed up quite simply. The /16 or /24 is the number of mask bits in the CIDR address. The 16 signifies that should mask the first two octets. Leaving two additional octets for addressing needs. Each octet contains 255 addresses. Therefore a mask of /16 is 255 X 255 addresses or 65535.A /24 address is only masking 8 bits or 255 addresses. So in essense a mask of /16 is a lot more than a mask of /24.

Answer 64

a)amazon vpc supports vpcs from /16 to /28(in cidr)

Answer 65

a)main route table is created along with with vpcb)the main route table can be replaced with a custom route tableExplanations: A is correct, as per AWS doc: "When you create a VPC, it automatically has a main route table." B is correct, as per AWS doc: "You cannot delete the main route table, but you can replace the main route table with a custom table that you've created" C is totally wrong D is wrong, as per AWS doc: "Each subnet must be associated with a route table, which controls the routing for the subnet. If you don't explicitly associate a subnet with a particular route table, the subnet is implicitly associated with the main route table."

Answer 66

The outbound tab is relevant where traffic originates from within the security group, whereas inbound rules are relevant from traffic originating from clients outside the security group.Taking your wordpress site example, assuming it is deployed on an instance secured by a security group for inbound traffic, say from a web browser you would want http 80 and https 443 open on inbound part of the security group whereas for Wordpress to pull updates to plugins you would want http 80 open on the outbound portion of the security group so it can poll remote plugin sites (either directly or via a nat). By default, there are no restrictions on outbound traffic, but if you wanted to limit the way in which your instance could reach out to the internet the this is one area in which you could do it.

Answer 67

Your approach to achieve HA for the use case you have described is ideal. if you wanted to take it a step further I'd also add an auto-scaling group so that if an instance dies in an AZ the auto-scaling group will recover it, but you'll discover that anyway as you go through the course.Given you want to load-balance the backend instances, you have to think about which subnet(s) you'll be launching them into, and here are 2 possible ways I have seen done: 1 - launch them into the frontend subnets; give the frontend instances access to hit the LBs via the LB security group, and give the LBs access to the backend instances via the backend's SG. 2 - have another pair of subnets just for the LBs, and again do something similar with the SGs. You'll need to adjust your route tables in order to put these new subnets in-between the other 2 sets. This of course presumes your VPC has enough spare IPs to allow for more subnets. Similar to 1, it is possible to launch the LBs into the backend subnets. Usually it depends on which subnets you have room free for the LBs. Don't forget to lock everything down security-wise with your SGs and network ACLs.

Answer 68

a) yes but only dedicated placement option which is seperately billable

Answer 69

VPC peering is simply a connection between two VPCs that enables you to route traffic between them using private IP addresses.

Answer 70

...as if they are within the same network.

Answer 71

between your own VPCs, or with a VPC in another AWS account within a single region

Answer 72

AWS uses the existing infrastructure of a VPC

Answer 73

False; VPC peering must occur between VPCs within a single region.

Answer 74

It will not work since VPCs with matching or overlapping CIDRs cannot be peered.

Answer 75

...is NOT supported!

Answer 76

1. Create VPC, which creates a main route table, default security group, and default network ACL. 2. Create 2 subnets. 3. Create and attach an IGW to the VPC. 4. Create another route table. 5. Associate the IGW and one of the subnets to the custom route table. 6. Launch instance in the public subnet with a security group allowing HTTP, HTTPS, SSH. 7. Launch instance in the private subnet with a security group allowing SSH, ICMP, . 8. Launch NAT instance or create NAT gateway or Bastion. 9. Create Network ACL mirroring security groups

Answer 77

Specifies IP address ranges

Answer 78

Between /16 and /28

Answer 79

Determines whether VPC and its assets are deployed onto shared hardware or dedicated hardware. Default is shared hardware.

Answer 80

Security concerns, e.g. regulatory requirements

Answer 81

Main route table, default security group, default network ACL

Answer 82

Subnets, Internet Gateway

Answer 83

1 Availability Zone

Answer 84

...create and attach an Internet Gateway, associate it with a route table, and associate the subnet with that route table. Additionally, enable auto-assign IP on that subnet.

Answer 85

Yes, it will be associated with the main route table by default

Answer 86

If there is a route out to the Internet from the main route table, all subnets in that route table will automatically be public, which is a security risk.

Answer 87

...when you launch an EC2 instance you can enable auto-assign there.

Answer 88

...you can allocate an Elastic IP address to it

Answer 89

...traffic will be sourced from the public subnet.

Answer 90

...you need to copy/paste your keypair into the public instance and chmod 600

Answer 91

...allow ICMP on the private instance and ping the private IP from the public instance

Answer 92

...you need a way for that instance to access the Internet (NAT instance or NAT gateway)

Answer 93

...use a NAT instance or a NAT gateway and allow a route out from the private route table \> NAT \> Internet.

Answer 94

...search "nat" in the Community AMIs

Answer 95

...disable Source/Dest check

Answer 96

Public subnet

Answer 97

You create an Elastic IP since it is required to create one or use an existing one. In addition, a message pops up that explains that you need to edit your main route table to include a route with a target = NAT gatway.

Answer 98

By default, EC2 instances are either the source or destination of any traffic, and traffic does not go through an EC2 instance.

Answer 99

The NAT instance is a single point of failure, so you will lose any internet access to everything in the private subnet.

Answer 100

...set it behind an Auto Scaling group, set min number = 1, or use multiple public subnets and deploy NAT instances in each

Answer 101

Increase the instance size, change instance family so you can support more traffic

Answer 102

...use Auto Scaling Groups, multiple subnets in different AZs, and a script to automate failover.

Answer 103

No, but the reverse is possible.

Answer 104

All traffic inbound and outbound.

Answer 105

No traffic inbound or outbound.

Answer 106

You will need another rule that opens up ephemeral ports in order to cover the different types of clients that might initiate traffic to the public-facing instances in your VPC

Answer 107

...the subnet is automatically associated with the default network ACL

Answer 108

...the previous association is removed.

Answer 109

Numerical order starting with the lowest number

Answer 110

...use network ACLs not security groups

Answer 111

If there's no peering needed

Answer 112

You can assign and unassign IPv4 and IPv6 IP addresses on each network interface. Leave the IP address field blank and an available address will be assigned or enter an IP address that you want to assign. To add or edit an IPv4 public IP Allocate an Elastic IP to this instance or network interface.Yes I think so ! Elastic IP's can be allocate to an Private Instance through the Manage IP section even after the Instance is up and running

Answer 113

There is a better way indeed. If you connect to the first host with -A, it enables SSH Key forwarding, and your local ssh key will be used to connect to the second host

Answer 114

...you need two public subnets to make it highly available

Answer 115

NAT: routes traffic from Internet to EC2 instances in private subnets and is Linux, so can SSH but cannot RDP Bastion: used to securely administer EC2 instances using SSH/RDP in private subnets

Answer 116

Administration only

Answer 117

Need multiple public subnets. can have a bastion in each public subnet. implement Autoscaling groups

Answer 118

Think of the webserver created in the lab, where we ssh into public and then private instance

Answer 119

NAT gateways take a while to delete and they are a dependency

Answer 120

...a logical datacenter in AWS

Answer 121

...stateful

Answer 122

...stateless

Answer 123

...disable Source/Destination Check on the instance

Answer 124

...must have elastic IP address, must be a route out of the private subnet to the NAT instance

Answer 125

Depends on the instance size. If bottlenecking, increase the instance size

Answer 126

...AutoScaling Groups, multiple subnets in different AZs, a script to automate failover

Answer 127

...scale automatically up to 10 Gbps, no need to patch, not associated with security groups, automatically assigned a public IP, do not need to disable source/dest check

Answer 128

...automatically created with a VPC and by default it allows all inbound and outbound traffic

Answer 129

...denies all inbound and outbound traffic until you add rules

Answer 130

...the subnet is automatically associated w/ default network ACL

Answer 131

Yes, but a subnet can only be associated with one NACL at a time

Answer 132

...the previous association is removed

Answer 133

...evaluated in order, starting with the lowest numbered rule

Answer 134

...separate. Each rule can either allow or deny traffic

Answer 135

...responses to allowed inbound traffic are subject to the rules of outbound traffic (and vice versa)

Answer 136

...NACLs not Security Groups

Answer 137

...provide internet traffic to EC2 instances in private subnets

Answer 138

...securely administer EC2 instances using SSH or RDP in private subnets

Answer 139

...always have 2 public subnets and 2 private subnets. Make sure each subnet is in different AZs

Answer 140

...they are in 2 public subnets in 2 different AZs

Answer 141

...put them behind an autoscaling group w/ a minimum size of 2. Use Route53 (round robin or health check) to automatically fail over

Answer 142

...need one in each public subnet, each with their own public IP, and you need to write a script to fail between the two. Instead, where possible, use NAT gateways

Answer 143

...you've used DNS

Answer 144

...human friendly domain names into an IP address

Answer 145

...computers to identify each other on the network

Answer 146

IPv4, IPv6

Answer 147

...we were running out of IPv4 addresses

Answer 148

".com" in google.com

Answer 149

second level domain name

Answer 150

...Internet Assigned Numbers Authority (IANA) in a root zone database (DB of all available top level domains)

Answer 151

ensure that domain names aren't duplicated. Each domain name becomes registered in a central database known as the WhoIS database

Answer 152

Start of Authority Records

Answer 153

- the name of the server that supplied the data for the zone - the administrator of the zone (contact details, owner name) - current version of the data file-number of seconds a secondary name server should wait before checking for updates - the number of seconds a secondary name server should wait before retrying a failed zone transfer - the maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire - the default number of seconds for the time-to-live file on resource records

Answer 154

stands for Name Server records, used by Top Level Domain servers to direct traffic to the Content DNS server which contains the authoritative DNS records

Answer 155

Address Record. A record used by computer to translate the name of the domain to the IP address

Answer 156

No, they have just a DNS name.

Answer 157

No, use an Alias Record

Answer 158

The length that a DNS record is cached on either the Resolving Server or the user's own local PC is equal to the value of the Time To Live in seconds.

Answer 159

...the faster changes to DNS records take to propagate throughout the internet

Answer 160

...DNS change required, will take time to propagate to all end users. Decrease TTL to 300 seconds

Answer 161

resolve one domain name to another

Answer 162

map record resource sets in your hosted zone to ELBs, CloudFront distributions, or S3 buckets that are configured as websites

Answer 163

CNAME can't be used for naked domain names (zone apex). A records or Alias Records can

Answer 164

...Route53 automatically recognizes changes in the record sets that the alias resource record set refers to

Answer 165

Alias resource record set for example.com points to an ELB at lb1-1234.us-east-1.elb.amazonaws.com. If IP of ELB changes, Route53 will reflect those changes in the DNS answers for example.com w/o any changes to the hosted zone that contains resource record sets for example.com

Answer 166

No, you resolve to them using a DNS name

Answer 167

...will be associated w/ a charge. On the other hand, Alias Records won't

Answer 168

1. Domains \> Registered Domains \> Register Domain 2. Enter a domain name and click "Check" Note: Prices! 3. Click "Add to Cart" 4. Fill out contact details 5. Review and Purchase

Answer 169

A hosted zone, NS records, SOA records

Answer 170

Simple, Weighted, Latency, Failover, Geolocation

Answer 171

This is the default routing policy when you create a new record set.

Answer 172

When you have a single resource that performs a given function for your domain. For example, one web serves content for the http://acloud.guru website

Answer 173

User makes DNS request \> Request hits Route53 \> Route53 forwards request to EC2 instances in your region

Answer 174

For redundancy

Answer 175

...create a record set in Route53, specify whether you want an alias record. If you specify an alias record, select an endpoint (either ELB, S3 bucket, or CloudFront distribution). Select routing policy

Answer 176

A (IPv4), AAAA (IPv6)

Answer 177

User makes DNS request \> request hits Route53 \> send a percentage of traffic to one region, send another percentage of traffic to another

Answer 178

Business in California. 80% of orders come from California, so route 80% of traffic to US-WEST-1. However, some orders are mail order throughout the US, so maybe send 20% of traffic to US-EAST-1.Performing A and B testing for a website, ie flip production website to a new site. Continue to send most of users to new site, while send some to the new site for testing

Answer 179

No, it is Global

Answer 180

...you actually need to create 2 record sets, set separate endpoints, and assign weights to each.

Answer 181

...the lowest network latency for your end user (ie which region will give them the fastest response time)

Answer 182

...create a latency resource record set for the EC2 or ELB resource in each region that hosts your website

Answer 183

...it selects the latency resource record set for the region that vies the user the lowest latency. Route53 then responds with the value associated with that record set.

Answer 184

User makes request to Route53 \> Route53 determines that there is a latency of 50 ms to one region and 300 ms to another region. User then routed to region with lowest latency

Answer 185

...you want to create an active/passive set up. For example, you may want your primary site to be in EU-WEST-2 and your secondary DR site in AP-SOUTHEAST-2

Answer 186

Monitor the health using a health check, which monitors the health of your end points

Answer 187

User makes request \> primary site health check passes so request routed to primary site\> if fails, switches to secondary site

Answer 188

1. configure health check for primary load balancer 2. configure health check for entire website 3. when you create a record set, specify failover 4. primary or secondary 5. evaluate target health = yes 6. associate w/ existing health check = yes, select health check 7. repeat for secondary but don't associate it with health check

Answer 189

...lets you choose where your traffic will be sent based on the geographic location of your users (ie the location from which the DNS queries originate)

Answer 190

all queries from Europe to be routed to a fleet of EC2 instances that are specifically configured for your European customers. These servers may have the local language of your European customers and all prices are displayed in Euros

Answer 191

No, they do not have pre-defined IPv4 addresses, you resolve to them using a DNS name

Answer 192

Alias: can resolve to individual AWS Resources, accept naked domain names Given choice, choose Alias Record over CNAME

Answer 193

Direct Connect makes it easy to establish a dedicated network connection from your premises to AWS

Answer 194

...you can establish private connectivity between AWS and your datacenter, office, or colocation environment, which can reduce your network costs, increase bandwidth throughput, and provide a more consistent network experience than Internet-based connections

Answer 195

reduced costs when using large volumes of traffic, increased reliability, increased bandwidth

Answer 196

VPN connections can be configured in minutes and are a good solution if you have an immediate need, have low to modest bandwidth requirements, and can tolerate the inherent variability in Internet-based connectivity. Direct Connect does not involve the Internet; instead it uses dedicated, private network connections between your intranet and Amazon VPC. Direct Connect takes longer to set up.

Answer 197

...a system of distributed servers (network) that deliver web pages and other web content to a user based on the geographic locations of the user, the origin of the webpage and a content delivery server

Answer 198

location where content will be cached. separate to a region/AZ

Answer 199

origin of all the files that the CDN will distribute. can either be an S3 bucket, an EC2 instance, an ELB or Route53

Answer 200

name given to the CDN which consists of a collection of edge locations

Answer 201

...request goes to edge location first. if desired object is not cached, the request goes to the origin and then pulled down/cached at the edge location

Answer 202

...deliver your entire website, including dynamic, static, streaming, and interactive content using a global network of edge locations.

Answer 203

...automatically routed to the nearest edge location, so content is delivered with the best possible performance

Answer 204

used for websites

Answer 205

used for media streaming

Answer 206

False; they are not just read only, you can write to them too

Answer 207

life of the TTL

Answer 208

1. Speed up distribution of static and dynamic content, for example, .html, .css, .php, and graphics files. 2. Distribute media files using HTTP or HTTPS. 3. Add, update, or delete objects, and submit data from web forms. 4. Use live streaming to stream an event in real time.

Answer 209

...to speed up distribution of your streaming media files using Adobe Flash Media Server's RTMP protocol

Answer 210

either an Amazon S3 bucket or a web server

Answer 211

an Amazon S3 bucket

Answer 212

...create a web distribution

Answer 213

name of the bucket or webserver

Answer 214

way of adding multiple subfolders in the origin (pictures, videos, etc)

Answer 215

name of the origion

Answer 216

Yes or No, example: stop people from using s3 bucket url so that they use CloudFront instead

Answer 217

...you need to create an Origin Access Identity (OAI)

Answer 218

a user. can add permissions to that user

Answer 219

...you will have to manually update the permissions yourself

Answer 220

allows us to set different origin servers

Answer 221

...decrease the TTL

Answer 222

Viewers have to use signed URLs or signed cookies

Answer 223

If you have content you want to restrict to a certain audience, e.g. A Cloud Guru, it checks to make sure users have signed URLs or cookies (ie if users paid)

Answer 224

...private

Answer 225

Always use signed URLs or signed cookies

Answer 226

...Layer 7 protection, so WAF operates at the application layer. Protects against SQL injection, cross-site scripting

Answer 227

Choose this option if you want your users to use HTTPS or HTTP to access your content with the CloudFront domain name (such as https://d111111abcdef8.cloudfront.net/logo.jpg).

Answer 228

Choose this option if you want your users to access your content by using an alternate domain name, such as https://www.example.com/logo.jpg.

Answer 229

...you can specify either a whitelist (countries where they can access your content) or a blacklist (countries where they cannot)

Answer 230

... removes them from CloudFront edge caches. there is a charge

Answer 231

...a web service that provides resizable compute capacity in the cloud

Answer 232

...minutes, allowing you to quickly scale capacity, both up and down, as your computing requirements change

Answer 233

...allowing you to pay only for the capacity that you actually use

Answer 234

...build failure resilient apps and isolate themselves from common failure scenarios

Answer 235

On Demand, Reserved, Spot, Dedicated Hosts

Answer 236

allow you to pay a fixed rate by the hour with no commitment.

Answer 237

If you're a startup, you can pay for instances by the hour with no long term commitment for experimentation, terminate instances when you are complete.

Answer 238

provide you with a capacity reservation, and offer a significant discount on the hourly charge for an instance. 1-year or 3-year terms

Answer 239

If you need a minimum of 2 webservers to serve your customers

Answer 240

enable you to bid whatever price you want for instance capacity, providing for even greater savings if your apps have flexible start and end times. engineering, pharma companies use these

Answer 241

...instances can be provisioned

Answer 242

...instances will be terminated

Answer 243

physical EC2 server dedicated for your use (hourly rate). Dedicated hosts can help you reduce costs by allowing you to use your existing server-bound software licenses

Answer 244

Users that want the low cost and flexibility of EC2 without any up-front payment or long-term commitmentApps with short term, spiky, or unpredictable workloads that cannot be interruptedApps being developed or tested on EC2 for the first time

Answer 245

Apps with steady state or predictable usageApps that require reserved capacityusers able to make upfront payments to reduce their total computing costs even further

Answer 246

2 webservers = reserved. Need more for Black Friday = on demand

Answer 247

Apps that have flexible start and end timesApps that are only feasible at very low compute pricesUsers with urgent computing needs for large amounts of additional capacity

Answer 248

Large pharma company saves money by using compute capacity during very low demand timesLarge world events, e.g. Brexit, analysts need to find solutions really quickly

Answer 249

Useful for regulatory requirements that may not support multi-tenant virtualizationGreat for licensing which does not support multi-tenancy or cloud deployments (e.g. Microsoft, SQL, Oracle)Can be purchased on demand (hourly)can be purchased as a reservation for up to 70% off the on-demand price

Answer 250

If the spot instance is terminated by Amazon EC2, you will not be charged for a partial hour of usage. However, if you terminate the instance yourself, you will be charged for any hour in which the instance ran

Answer 251

``` D = Dense R = Memory-optimized (RAM) M = General Purpose (main choice) C = Compute-optimized G = Graphics-IntensiveI = High Speed Storage (I/O) F = Field Programmable Gate Array T = Lowest Cost, General Purpose (t2 micro) P = Graphics/General Purpose CPU (pics) X = Memory-optimized (extreme RAM) ```

Answer 252

Fileservers/Data Warehousing/Hadoop

Answer 253

Memory Intensive apps/DBs

Answer 254

Application Servers

Answer 255

CPU Intensive apps/DBs

Answer 256

Video Encoding/3D application streaming

Answer 257

Hardware acceleration for your code

Answer 258

Web Servers/small DBs

Answer 259

Machine Learning, Bit Coin Mining, etc

Answer 260

SAP HANA, Apache Spark, etc

Answer 261

EBS allows you to create storage volumes and attach them to EC2 instances.

Answer 262

...you can create a file system on top of these volumes, run a database, or use them in any other way you would use a block device

Answer 263

...in a specific AZ, where they are automatically replicated to protect you from the failure of a single component

Answer 264

storage array

Answer 265

General Purpose SSD (GP2) Provisioned IOPS SSD (IO1) Throughput Optimized HDD (ST1) Cold HDD (SC1) Magnetic (Standard)

Answer 266

General purpose, balances both price and performance Ratio of 3 IOPS per GB with up to 10K IOPS and the ability to burst up to 3000 IOPS for extended periods of time for volumes under 1 Gib

Answer 267

Designed for I/O intensive apps such as large relational or NoSQL databasesUse if you need more than 10K IOPSCan provision up to 20K IOPS per volumeHighest-performance SSD volume designed for mission-critical applications

Answer 268

Big data Data warehousing Log processing Sequential data Cannot be a boot volume

Answer 269

Lowest cost storage for infrequently accessed workloadsFile ServerCannot be boot volumes

Answer 270

Lowest cost per GB of all EBS volumes types that is bootable.Ideal for workloads where data is accessed infrequently, and apps where the lowest storage cost is important

Answer 271

No, use EFS instead

Answer 272

-Recommended for most workloads-System boot volumes-Virtual desktops-Low-latency interactive apps-Development and test environments

Answer 273

- Critical business applications that require sustained IOPS performance, or more than 10,000 IOPS or 160 MiB/s of throughput per volume - Large database workloads, such as: MongoDB Cassandra Microsoft SQL Server MySQL PostgreSQL Oracle

Answer 274

-Streaming workloads requiring consistent, fast throughput at a low price-Big data-Data warehouses-Log processing-Cannot be a boot volume

Answer 275

-Throughput-oriented storage for large volumes of data that is infrequently accessed-Scenarios where the lowest storage cost is important-Cannot be a boot volume

Answer 276

The volume will be deleted since "Delete on Termination" is checked by default

Answer 277

...User Data under "Advanced Details"

Answer 278

Tag everything!

Answer 279

Purchasing Option in Configure Instance Details

Answer 280

Tenancy in Configure Instance Details

Answer 281

Reserved Instances \> Purchased Reserved Instances, add instances to cart

Answer 282

Root volumes cannot be encrypted by default. Other EBS volumes can be encrypted if you check Encrypted

Answer 283

...is turned off by default. You must turn it on yourself if you want it.

Answer 284

The root EBS volume is deleted.

Answer 285

cannot be encrypted, but you can use a third party tool to encrypt the root volume, or this can be done when creating AMIs using the console or API

Answer 286

...a virtual firewall

Answer 287

Multiple. Also, multiple instances can be one security group

Answer 288

...changes take effect immediately

Answer 289

No; since security groups are stateful, the inbound requests will be allowed back out automatically

Answer 290

No, only allow rules are allowed

Answer 291

...allows all inbound and outbound traffic by default

Answer 292

...blocked

Answer 293

...allowed

Answer 294

...make sure it is in the same AZ as your instance, or you will not be able to attach it to your instance

Answer 295

...you need to format and mount it

Answer 296

file -s e.g. file -s /dev/xvdf"data" = no data

Answer 297

mkfs -t ext4 . ext4 is file format for Linux

Answer 298

mount e.g. mount /dev/xvdf /myfileserver

Answer 299

lost+found

Answer 300

...use Force Detach

Answer 301

...only changed data since your last snapshot is sent to S3, since snapshots are incremental

Answer 302

a photograph (point in time copies of volumes)

Answer 303

...it may take some time to create

Answer 304

Redundant Array of Independent Disks (putting together a bunch of disks as one disk)

Answer 305

RAID 0, RAID 1, RAID 5, RAID 10

Answer 306

Striped, No Redundancy (if one disk fails, the entire volume fails), Good Performance (use: gaming)

Answer 307

Mirrored (take one disk, mirror a copy to another disk), Redundancy

Answer 308

at least 3 disks, good for reads, bad for writes, AWS does not recommend ever putting RAID 5's on EBS

Answer 309

Striped & Mirrored, good redundancy, good performance

Answer 310

If you do not get disk I/O you require, add multiple volumes and create RAID array (usually RAID 0 or RAID 10 on AWS)

Answer 311

Create a new keypair for Windows instances, separate from Linux instances

Answer 312

``` User = Administrator Password = upload private key file into "Retrieve Password" window to obtain password ```

Answer 313

Right-click, Disk Management. Right-click on an unallocated volume and choose volume type you want to create, select drive you want the RAID volume assigned to

Answer 314

Problem - Take a snapshot, the snapshot excludes data held in the cache by apps and the OS. This tends not to matter on a single volume; however, using multiple volumes in a RAID array, this can be a problem due to interdependencies of the array. Solution - Take an application consistent snapshot

Answer 315

Stop the application from writing to disk. Flush all caches to the disk.How can we do this? Freeze the file system, unmount the RAID array, shut down the associated EC2 instance (easiest)

Answer 316

AMI provides the info required to launch a virtual server in the cloud. Specify an AMI when you launch an instance, and you can launch as many instances from the AMI you need. You can also launch instances from as many different AMIs as you need

Answer 317

a template for the root volume for the instance launch permissions that control which AWS accounts can use the AMI to launch instances a block device mapping that specifies the volumes to attach to the instance when it's launched

Answer 318

Yes, you can only launch an AMI from the region in which it is stored. However, you can copy AMIs to other regions using the console, command line, or EC2 API

Answer 319

Region, OS, Architecture, Launch Permissions, Storage for the Root Device

Answer 320

Ephemeral Storage

Answer 321

Persistent Storage, fast provisioning times, more durability

Answer 322

No, but you can attach them before launching

Answer 323

No, only reboot or terminate

Answer 324

an EBS snapshot

Answer 325

a template stored in S3

Answer 326

Instance store

Answer 327

No, there are limits on instance families

Answer 328

instance data is gone

Answer 329

You will not lose your data

Answer 330

EBS - Yes Instance store - No

Answer 331

Yes. With EBS, you can tell AWS to keep the root volume

Answer 332

file to test health check i.e. an html file saying that instance is healthy

Answer 333

how long it takes to do a healthcheck

Answer 334

how long to wait between healthchecks

Answer 335

how many consecutive health checks an instance must pass before becoming healthy

Answer 336

how many consecutive health checks an instance must fail before becoming unhealthy

Answer 337

No, a DNS name is given instead since the IP address may change

Answer 338

In service or out of service

Answer 339

they check the instance health by talking to it

Answer 340

Metrics are monitored every 5 minutes

Answer 341

Metrics are monitored every 1 minute

Answer 342

CPU, Disk, Network, Status Check

Answer 343

Instance, host

Answer 344

you need to create a custom metric

Answer 345

...help you respond to state changes in your AWS resources

Answer 346

...you can go into application layer and log different events (as opposed to host layer for dashboards). helps you to aggregate, monitor, and store logs

Answer 347

performance monitoring

Answer 348

auditing whatever happens with AWS account

Answer 349

AWS Service Roles, Role for Cross-Account Access, Role for Identity Provider Access

Answer 350

Configure Instance Details (IAM role)

Answer 351

You need to configure AWS credentials using access key ID and secret access key, Region

Answer 352

Not using console, but can using CLI. You can also modify a role

Answer 353

attach a policy

Answer 354

The role is gone. You cannot add a new role; you must terminate and launch a new instance with desired role

Answer 355

Roles; they are also easier to manage

Answer 356

curl http://169.254.169.254/latest/meta-data/

Answer 357

No, it throws an error

Answer 358

a logical grouping of instances within a single AZ.

Answer 359

...enables apps to participate in a low-latency, 10 Gbps network

Answer 360

...apps that benefit from low network latency, high network throughput, or both.

Answer 361

No, it's a single point of failure

Answer 362

...must be unique within your AWS account.

Answer 363

Compute Optimized, GPU, Memory Optimized, Storage Optimized

Answer 364

No. Create an AMI from your existing instance, and launch a new instance from the AMI into a placement group

Answer 365

SQL Server, Oracle, MySQL Server, PostgreSQL, Aurora, MariaDB

Answer 366

Web service that makes it easy to deploy, operate, and scale an in-memory cache in the cloud

Answer 367

Memcached, Redis

Answer 368

If web app constantly requests the top 10 products, cache that information in Elasticache

Answer 369

allows you to migrate your production database to AWS

Answer 370

AWS manages complexities of the migration processes like data type transformation, compression, and parallel transfer, while ensuring that data changes to the source database that occur during the migration process are automatically replicated to the target

Answer 371

automatically converts the source DB schema and a majority of the custom code, including views, stored procedures, and functions, to a format compatible with the target DB.

Answer 372

Automated Backups, Database Snapshots

Answer 373

allow you to recover your DB to any point in time within a retention period. they will take a full daily snapshot and will store transaction logs throughout the day

Answer 374

1-35 days, 7 days by default

Answer 375

AWS will choose the most recent daily backup, and then apply transaction logs relevant to that day

Answer 376

Free storage space = size of your database

Answer 377

within a defined window

Answer 378

may be suspended

Answer 379

They are deleted.

Answer 380

They are stored

Answer 381

the restored version of the DB will be a new RDS instance with a new end point.

Answer 382

MySQL, Oracle, SQL Server, PostgreSQL, MariaDB

Answer 383

No, you will need to create a new DB instance and migrate your data into it.

Answer 384

take a snapshot, restore snapshot to larger instance size

Answer 385

failover/disaster recovery only.

Answer 386

No. You need Read Replicas.

Answer 387

If DB has a lot of reads performed to it, you can change the connection of the EC2 instances to read from read replicas instead of the main DB

Answer 388

All except Aurora, which has it by default.

Answer 389

MySQL Server, PostgreSQL, MariaDB

Answer 390

scaling, not DR

Answer 391

you must have automatic backups turned on

Answer 392

Yes, but watch out for latency

Answer 393

asynchronous

Answer 394

synchronous

Answer 395

No. You can create read replicas of Multi-AZ source dbs though.

Answer 396

Yes, but this breaks replication

Answer 397

DynamoDB offers push button scaling, so you can scale your DB on the fly, w/o any down time.RDS is not so easy and you usually have to use a bigger instance size or add a read replica

Answer 398

fast and flexible NoSQL database service for all apps that need consistent, single-digit millisecond latency at any scale.

Answer 399

Document, key-value

Answer 400

mobile, web, gaming, ad-tech, IoT

Answer 401

SSD Storage