Mixed

Question 1

Iam

Answer 1

Identity federation
PCI payment card industry 
Password rotation
Temp access
Multi factor authentication

Question 2

Policies

Answer 2

Assigned to role, group or user

Question 3

When a user created we get

Answer 3

Access key id

Secret access key

Question 4

Password policy

Answer 4

Life cycle management

Complexity

Question 5

True or false: Link to log in through iam is customizable?

Answer 5

True

Question 6

Role

Answer 6

Can be assigned to an Iam user in another account
An aws resource
Application running on the resources

Question 7

True or false: ec2 is region based

Answer 7

True

Question 8

5 types of ec2 pricing models

Answer 8

On demand
Reserved 
Spot
Dedicated
Saving plan

Question 9

On demand ec2 pricing model

Answer 9

Pay per hour or sec depending on the instance

Question 10

Reserved ec2 pricing model

Answer 10

1 or 3 years of prepaid and commitment
Called RI
For predictable load
RI, convertible RI and scheduled

Question 11

Convertible RI vs RI vs Scheduled

Answer 11

Convertible you can change the power or type of ec2 as long as you are spending the same amount or higher
Scheduled, you scheduled for a certain time

Convertible up to 54% off
RI up to 72%

Question 12

Spot ec2 pricing model

Answer 12

You bid on it and whenever it matches your bidded price, it assigns you the ec2
If you stop, you gotta pay for the resource, if aws stops you, you don’t pay for the rest of the hour
It’s for tasks that interruption doesn’t matter

Can be used for calcs, parallel computing
Up to 90% discount

Question 13

Dedicated ec2 pricing model

Answer 13

License and compliance
On demand or reserved
Reserved up to 70% off

Question 14

Saving plan pricing model

Answer 14

Not just for ec2
Not region based
Dedicated to 1 to 3 years and pay 72% percent off
You can change the type, the region,…

Question 15

Ssh port

Answer 15

22

Question 16

Http port

Answer 16

Port 80

Question 17

True or false: Making ec2 we can decide what happens if we shut down the insurance. Shall it be terminated or stopped

Answer 17

True

Question 18

Different types of ec2 instances

Answer 18

General purpose 
Micro
Compute Optimized
Fpga
Gpu
Machine learning
Memory optimized 
Storage optimized

Question 19

General Purpose instance

Answer 19

For general purposes, start with T1, T2

Question 20

Micro insurance

Answer 20

Instance for testing or low i/o throughput and low network performance 
First 750 h is free for the first year
1 virtual cpu
Less than one gig memory
Cheapest
Starts with m

Question 21

Compute optimized instant type

Answer 21

Starts with C
It has the highest rate of Cpu to memory
Good for apps needed analysis and high performance apps

Question 22

Fpga instance

Answer 22

Hardware accelerated instance
Good for parallel computing and finance
Starts with F

Question 23

Gpu instance

Answer 23

Good for graphics
Starts with G
ImGe rendering and media processing

Question 24

Machine learning instance

Answer 24

Good for machine learning, language processing
Uses ASIC (application specific integrated circuit)
Custom build cpu
Chip is called inference
Starts with Inf

Question 25

Memory optimized instance type

Answer 25

Cheapest Ram per G
Starts with Z, X or R
For DB applications and memcache

Question 26

Storage optimized insrance

Answer 26

Start with H, I or D
Good apps need higher io or storage capacity 
I3 is good for nosql
D3 is for warehouse
Directly attach storage blocks to ec2

Question 27

True or false: ebs is region based

Answer 27

True

Question 28

Whats Ebs

Answer 28

Disk on the cloud
Availability zone sensitive
Replicate themselves into other zones, to avoid single point of failure

Question 29

Different types of EBS

Answer 29

General purpose 
Provisioned iops
Provisioned iops 2
Throughput optimized HHD
Cold HHD
Magnetic Storage

Question 30

General purpose ebs

Answer 30

It’s for development or not latency sensitive
3 iops per g
Max iops 16000
Burst 3000 iops

Question 31

Provisioned iops

Answer 31

SSD
50 iops per g
Max 64000 iops per g
Good for io intensive apps - DB or Io sensitive

Durability: 99.9%

Question 32

Iops SSD 2 EBS

Answer 32

500 iops per G
64000 iops per G max
Higher durability 99.999%

Question 33

HHD - throughout optimized ebs

Answer 33

Good for big data, data warehouse and log files 
Cannot be boot
Good for Low frequency accessed data
40 mb per sec per T
Burst 250 mb per sec per T
Max 500 mb per sec per T

Question 34

Cold HHD Ebs

Answer 34

Good for archive
Can’t be boot
The cheapest 
12 mbs per T
Burst 80 mbs per T
Max 250mbs per T

Question 35

True or false: encrypted EBS image is always encrypted

Answer 35

True

Question 36

True or false: Changing ebs type or zone or adding a new ebs takes time time to take effect

Answer 36

False - it’s immediate and requires no down time

Question 37

Different kind of load balancer

Answer 37

Application load balancer
Network load balancer
Classic load balancer

Question 38

Application load balancer

Answer 38

Later 7
SSL / TLS level
Application aware
Routes the traffic to specific page

Question 39

Network load balancer

Answer 39

Layer 4
Most expensive 
Routs TCP traffic pretty fast
Can handle a mil per sec
Fast speed used for extreme performance

Question 40

Classic load balancer

Answer 40

Both layer 4 and 7 (x forward and sticky seasion)
Hard to debug 504 error. Which level is the error
Not as smart as other load balancer

Question 41

How to find ip address when using load balancer

Answer 41

X-forwarded-for-header

Question 42

What is 504 error

Answer 42

Means the gateway has timed out

Application is not responding within the timeout time

Question 43

Https port

Answer 43

443

Question 44

True or false: Load balancer target can be all Availability Zones

Answer 44

True

Question 45

True or false: Adding roles to an instance or changing policies assigned to a role requires a reboot to take effect

Answer 45

No, no need to reboot. It takes effect immediately

Question 46

What is Aurora?

Answer 46

Amazon relational DB

It doesn’t support free tier

Question 47

OLAP VS OLTP

Answer 47

Olap is for extensive data analysis. Data warehouse.
Redshift is an olap

Oltp: for small frequent queries

Question 48

Different kind of cache supported by elasticache

Answer 48

Memcache

Redis

Question 49

Widely adapted memory object cache

Answer 49

Memcache

Question 50

Which elasticache engine supports complicated data structures

Answer 50

Redis

Question 51

Which elasticache engine supports multi az

Answer 51

Redis

Question 52

Redis

Answer 52

Open source, in memory Key value Cache engine
It supports multi az, and data lists and other data types
Redis clusters are stateful entities

Question 53

Memcache

Answer 53

Object caching system

Widely adapted

Question 54

What elasticache engine to use if primary goal is object caching?

Answer 54

Memcache

Question 55

What elasticache engine to use if primary goal is simplicity?

Answer 55

Memcache

Question 56

What elasticache engine to use if primary goal is running large caching nodes and multi threaded performance?

Answer 56

Memcache

Question 57

What elasticache engine to use if primary goal is expanding your cache horizontally?

Answer 57

Memcache

Question 58

What elasticache engine to use if primary goal is using advanced data types?

Answer 58

Redis

Question 59

What elasticache engine to use if primary goal is using leaderboards or sorting and ranking data sets?

Answer 59

Redis

Question 60

What elasticache engine to use if primary goal is persistence of the key?

Answer 60

Redis

Question 61

What elasticache engine to use if primary goal is running on multiple availability zones?

Answer 61

Redis

Question 62

What elasticache engine to use if primary goal is having pub sub capability?

Answer 62

Redis

Question 63

If DB is under stress and load is read only mostly what we should do to help?

Answer 63

Caching - elasticache

Question 64

Def port for connecting to DB is

Answer 64

3306

Question 65

To open RDS port to an ec2 what needs to be done?

Answer 65

Open inbound rules to ex2 sec group - port 3306

Question 66

True or false: When RDS is created, you only get endpoint url not ip address

Answer 66

True

Question 67

Rds backup types:

Answer 67

Automatic - by def on
Retention time is 0 to 35 days - def is 7 says
You can back up to any time of the day
When rds instance is deleted, backup is deleted
Back up being saved on S3 - free s3 with tge size of backup
Time of getting backup is changeable

Manual
Manually triggered
Doesn’t del the back up when rds instance deleted

Question 68

How to restore from rds backup

Answer 68

Create a new instance from the backup. That gives you a new endpoint

Question 69

True or false: you can encrypt an unencrypted rds instance

Answer 69

False - you have to get a snapshot, create a new instance and make that encrypted

Question 70

How an rds instance get encrypted

Answer 70

At rest - using KMS

Question 71

True or false: once an rds instance is encrypted, the backup (automated and manual) is encrypted too

Answer 71

True

Question 72

Encryption at rest is supposed for what RDS types

Answer 72

Sql, mysql, Aurora, mariadb, postgres, oracle

Question 73

Read replica vs elasti cache

Answer 73

Elasticache, data can get old, only available if it’s been seen before. While replica, data gets updates on replicas more frequently.
If you have many frequently changing dara, replica is better.

Question 74

Difference between milti az and read replica for rds

Answer 74

Multi az is for disaster recovery
Read replica is for performance
Multi az is sync
Read replica is async

Question 75

Multi az for rds

Answer 75

It means data is being replicated in different availability zones in case one fails the other takes over
Endpoint never changes but ip changes. That’s why we deal with endpoint
It can be turned kn from the beginning or when changing an rds instance

Question 76

Read replica

Answer 76

We can have up to 5 replicas
Good for heavy read loads
Update happens async
We can have read replica of multi az
We can have multi az of read replica
Read replica can turn into a real db. If we have too many or need a copy of db
Not available for sql and oracle
Replicas can be in different regions and zones
Automatic back shall be on when using read replica
Read replica can be encrypted even if the main version of rds is not encrypted
Copies are read only

Question 77

True or false: read replicas are read only

Answer 77

True

Question 78

True or false: read replicas are only in one region and zone

Answer 78

False. Can be in multiple regions and zones

Question 79

True or false: to have a read replica encrypted the main copy must be encrypted

Answer 79

False.

Question 80

True or false: you must have auto backup on if want to have read replica in

Answer 80

True

Question 81

How many read replica can we have

Answer 81

5

Question 82

True or false: Multi az is for performance improvement of rds

Answer 82

False only for disaster recovery

Question 83

True or false: read replicas get updated immediately

Answer 83

False- it happens async

Question 84

Is s3 bucket object based or block based?

Answer 84

Object. Ebs is block based.

Question 85

True or false: s3 is only used for objects not for os or db

Answer 85

True

Question 86

True or false: high availability and disaster recovery is built in s3 bucket

Answer 86

True

Question 87

S3 bucket file size range? And max size it can handle in one upload

Answer 87

0-5 t

5 g

Question 88

Size range for Multi part upload for S3

Answer 88

5meg to 5 t

Recommend for over 100meg

Question 89

Api response after successfully uploading a file into s3

Answer 89

200

Question 90

True or false: s3 is not scaleable and has storage limit

Answer 90

False

It’s scalable and it has unlimited storage

Question 91

S3 bucket, reading models

Answer 91

Eventually consistent- put (update) and del

Read after write consistent- put for new file

Question 92

S3 availability and durability

Answer 92

Availability 99.9 guarantied built for 99.99

Durability 9.9 (11X)

Question 93

Access control vs bucket policy

Answer 93

Access control- individual files

Bucket policy for the whole bucket

Question 94

Different kinds of S3 bucket

Answer 94

S3 Durability 99.9 x11 Availability: 99.99
S3 IA - the same D A: 99.9 - paid retrieval
S3 one zone IA - Availability: 99.5 Durability the same - 20% cheaper
S3 glacier - archive - retrieval configurable mins to hours 99.99
S3 intelligent tiering - it decides based on 30 days frequency of access - same D, A: 99.9
.0025 usd for for managing a 1000 files
S3 deep archive glacier - min 12 h retrieval- the cheapest - A:99.99
Outposts - on premise local access
Redundancy reduced - when data can be retrieved easily

Question 95

Charges involved with s3

Answer 95

Access requests
Storage space
Moving files 
Tagging - storage management
Transfer acceleration

Question 96

True or false: S3 can have access log and versioning enabled

Answer 96

True- you can see who called apis

Question 97

We made a file public on s3 but still not accessible what can be wrong

Answer 97

You need to allow public access on policy

Question 98

Encryption on S3

Answer 98

In transit - ssl tls transport layer

At rest
Aes 256 - Sse - aws is responsible for key management and protection
Kms - kms does the key management and generation
Sse-c client key is being used for encryption

Client side client does the encryption and send the data

Question 99

S3 request header for encryption

Answer 99

X-amz-server-side-encryption

Question 100

Expect in s3 bucket request

Answer 100

Don’t send the msg is header is rejected

Question 101

What’s the s3 bucket url format

Answer 101

S3-region-amazonaws.com/ bucketname

Question 102

What’s CORS

Answer 102

For cross origin resource sharing
When you want to give access of a resource in two different buckets
Under permission you need to give access to the website url - endpoint
Stops Cross scripting attack

Question 103

S3 website url format

Answer 103

Bucketname-s3-website-region-amazonaws.com

Question 104

Cdn vs content acceleration

Answer 104

Content acceleration uses cdn edges to expedite uploading files into s3 bucket

Question 105

What’s cdn

Answer 105

Content delivery network
There are edges in different regions and zones
Edges are readable and writeable
Distribution is a group of edges

Question 106

What’s distribution and how many types we have?

Answer 106

Group of edges

Web distribution for web content
Rtmp real time messaging protocols for steaming and adobe

Question 107

True or false: we can have different resources per cdn edge

Answer 107

True - load balancer, ec2, s3, route 53 and tour own server

Question 108

True or false: after activating cdn, you should remove direct access to the resource

Answer 108

True

Question 109

What’s ttl and is it changeable

Answer 109

Ttl is expiration date for cdn content

You can manually request the edges to refresh the data, but costs you money

Question 110

How many edges in how many countries

Answer 110

More than 100 in 25 counties

Question 111

What to do if we want to have restricted access

Answer 111

Setup cdn to Use signed url - signed cookies

Question 112

Can cdn have it’s own domain

Answer 112

Yes

Question 113

Waf

Answer 113

Web firewall application
Works like firewall- application layer layer 7. Avoids sql injection and ddos
Block cross scripting attack
Blocking IP addresses

Question 114

Cdn default and max ttp

Answer 114

24 h and 365 days

Question 115

Whbe to optimize performance of s3 by cdn?

Answer 115

If more than 5500 get or 3500 put / list /del it’s time to use cdn to optimize

Question 116

What’s lambda

Answer 116

Serverless computing service

Question 117

What languages lambda supports

Answer 117

C#
Java
Go
Python
Node.js

Question 118

Lambda pricing model

Answer 118

Requests: First 1 mil requests are free
After .20 per mil

Duration of execution - per G per secrounds up to 100ms

Question 119

Example of serverless services

Answer 119

S3, lambda, dynamodb, api gateways

Question 120

True or false: lambda is region-based but can work globally

Answer 120

True

Question 121

True or false: Xray is for debugging lambda system

Answer 121

True

Question 122

True or false: api gateway can have def url or custom

Answer 122

True

Question 123

Does aws support ssl certificate

Answer 123

Yes, and it’s free

Question 124

Does api connects to cloudwatch

Answer 124

Yes, to log calls and stuff

Question 125

Does api gateway has caching?

Answer 125

Yes and ttl.

Question 126

What security mechanisms can you use for api gateway

Answer 126

Aws Iam
Open
Open with key

Question 127

Does api have versioning?

Answer 127

Yes it does. Latest label is for the last one.

Question 128

True or false: after creating an api we need to deploy it

Answer 128

True

Question 129

True or false: we can’t have versioning in lambda

Answer 129

False

Each version of lambda function has a label and a unique Arn.

Question 130

True or false: lambda functions are immutable

Answer 130

True. Meaning any change must happen on new version

Question 131

True or false: lambda functions can be run concurrently

Answer 131

True
There is a limit per account per region. 1000 per reg per acc
If you go over, 429 error is returned
Toomanyrequestsexception

You can go with reserved concurrency, but to make sure a function always get it’s own required number. Not a good idea though because it cannot go above that number

Question 132

What’s reserved concurrency for lambda functions

Answer 132

It means we have a certain capacity out of 1000 assigned to a specific func to ensure it always runs. Not good cause it makes the function limited to that number

Question 133

If we want to do ab testing on lambda what’s the process

Answer 133

We can’t use latest. We need ti create two versions and then name them with aliases then do ab testing

Question 134

Lambda and vpc what do we need for setting up the connection

Answer 134

We need to setup eni (elastic network interface)

We need security group and private subnet ip
- - vpc-config subnetid=xyz,security-group=secgro

Question 135

What is step In lambda

Answer 135

It’s used to trigger the function, log and visualize the info and what happens and it can do sequential, branching or parallel

Question 136

What’s xray

Answer 136

It’s added to code for logging all interactions between resources, and logs all api calls and all responses to log all the info.

Question 137

What do we need to integrate with xray on our server or system

Answer 137

Xray sdk and daemon
Sdk for gathering info and sending them to daemon
Daemon for queuing them and send batching them them back to aws

Question 138

X-ray is configurable with what services?

Answer 138

Ex2 or on promises on ec2 or your system
Elastic Beanstalk - on ec2
Container - separate container is needed for xray

Question 139

Annotations on logging

Answer 139

Extra data we can send along with a request. They are key pairs, can be used with filter expression to fund the data.

Question 140

Can we import batch of Apis

Answer 140

Yes, apis are importable in case we are moving to aws

Question 141

Can you change the max number of concurrent lambda functions?

Answer 141

Yes through support

Question 142

How can you upload api file into aws

Answer 142

Swagger 2

Openapi v2 and v3

Question 143

What’s the highest number of api call?

Answer 143

5000 concurrent
10000 per sec
If it goes over 428 error will be returned

Question 144

What to do if we have old soap requests? For legacy systems

Answer 144

You can configure api gateway as a soap web service pass through

Question 145

To creat a new api what’s the api call

Answer 145

Post - with swagger in payload - and endpoint configs

Question 146

What’s the api call for updating / replacing

Answer 146

Put api and swagger in the payload.

Mode query param, You can decide if you want to replace or update existing api.

Question 147

What’s dynamo db

Answer 147

Fast and flexible nosql db

Question 148

Where do the dynamo db collections sit?

Answer 148

Ssd

Question 149

How dynamo db avoids single point of failure?

Answer 149

The underlying hardware supporting dynamo is speared through 3 regions

Question 150

What are dynamo db consistency model?

Answer 150

Strongly consistent

Eventually consistent - consistency reaches within a sec - good for read performance

Question 151

Different types of primary key in dynamo db

Answer 151

Partition key - hash func to define physical partition

Composite key - partition key and sort key

Question 152

How to control access on dynamo db

Answer 152

Iam role
Iam condition to give partial access to the table
LeadingKeys param is used

Question 153

Is partition key value in dynamo db collection changeable?

Answer 153

No

Question 154

Different indexes on dynamo db

Answer 154

Local secondary index - created when table is being created - cannot change - it has the same partition key - sort key is different

Global secondary- it can he added or changed later - it has a different partition key as well as sort key

Question 155

Languages supported by dynamo db document

Answer 155

Hml, xml, and json

Question 156

Query cs scan

Answer 156

Query returns all the results that we can filter - scan returns based on criteria- projection expression

Question 157

Are Query results showing up ascending or descending?

Answer 157

Ascending - if we want to change the order we have to make scanindexforward false

Question 158

Can we change the results order on scan

Answer 158

No, only query result order is changeable

Question 159

How to improve performance of dunamodb

Answer 159

Decrease the size of the results for each page
Call queries rather than scan
Use large queries n higher number rather than small

Question 160

Api to get items - query

Answer 160

Getbatchitem

Question 161

How can you improve scan speed on dynamo db

Answer 161

By making the process parallel. Parallel scanning can happen by changing the config however if another process is already doing it, you should avoid
By def scanning happens sequential. Meaning 1m then another 1m.

Question 162

Dynamo db capacity unit:

Answer 162

1k per sec for writing

4k for reading strongly consistent
4k *2 for reading eventually consisten

Question 163

Dynamo db pricing models

Answer 163

Provisioned - specific capacity unit

On demand - pay as you use. Good when using serverless, or you have unpredictable spike

Question 164

What’s dax

Answer 164

Dynamo db specific cache. Fully managed in memory cache
Micro sec performance over 1 mil request
10x performance 
Write through cache
Eventual consistent 
If we want strongly it’s not good

Question 165

True or false: dax is good if we want strongly consistent read from caching

Answer 165

False - it’s eventual consistent

Question 166

True or false: dax is cluster based

Answer 166

True

Question 167

True or false: memcache is cluster based

Answer 167

False

Question 168

Strategies for caching:

Answer 168

Lazy loading
When user requests, if the data doesn’t exist, it will be retrieved.
Advantage:
unnecessary, unused data won’t be saved in db

Disadvantages:
Data can get old - need ttl
Read penalty - cache miss

Write through
It writes every time we write new data or update data
Advantages:
Data is new always updated
User can tolerate wait on write rather than read

Disadvantages:
Not used data gets saved
When data is deleted, db doesn’t know to replace. 
We must use lazy load a long with it 
Write penalty

Question 169

True or false: memcache support multi az

Answer 169

False - that’s why it’s not good if we care about not losing data

Question 170

What does atomic transaction mean in acid

Answer 170

Means either all transactions happen, or none

Question 171

What the period for data to be delete from db after ttl reaches

Answer 171

48 hours

Question 172

Ttl is good for

Answer 172

Log data
Session data
Temp data

Question 173

What’s ttl unit

Answer 173

Epox - unix posix

From jan 1 1970

Question 174

What’s dynamodb stream api

Answer 174

It’s timebased item level modifications - del, add update…

It’s great for serverless system and for trigger based systems
It has it’s own domain endpoint
By def, primary key is recorded
Logs are encrypted at rest

Question 175

True or false: dynamodb stream api is good for serverless services

Answer 175

True. Good for triggering system

Question 176

How long dynamodb stream api log is saved encrypted

Answer 176

24 h

Question 177

What is Provisionthroughputexceeded

Answer 177

When you send too many read or write requests to dynamodb

Question 178

How dynamodb sdk or our app deals with provisionthroughputexceeded

Answer 178

Either we use sdk, it keeps sending and decreases the sending rate.

Or our application exponential back off. Meaning every time it gives 2x sec delay
If it keeps failing for 1 min, it exceeds the throughput capacity

Question 179

Is exponential backoff only for dynamodb

Answer 179

No, any service that the app uses sdk. The sdk does that

Question 180

What to do if dynamo db is stressed?

Answer 180

If too many writes, look at throughput capacity - you can contact support to increase
If read, use elasticache or dax

Question 181

What’s CMK

Answer 181

Customer master key which is used for encrypting envelop key / dara key

Question 182

Whats data / envelope key

Answer 182

It’s used for encrypting the data

Question 183

True or false: Deleting a key on kms would del the key immediately?

Answer 183

False. It has 1 week grace time

Question 184

You can schedule key deletion between how many days?

Answer 184

7 days to 30 days.

Key has to be disabled before

Question 185

What does cmk have?

Answer 185

Alias 
Description 
State
Date
Content

Question 186

True or false: cmk cannot be exported

Answer 186

True

Question 187

True or false: if you want to export the cmk key, you need to use hsm.

Answer 187

True - it’s a dedicated hardware, it’s way more expensive than cmk

Question 188

What’s the first service of aws

Answer 188

Sqs

Question 189

True or false: sqs is auto scaleable

Answer 189

True

Question 190

Is sqs pull based or push bases?

Answer 190

Pull based

Question 191

True or false: if a resource processing a message from sqs dies, msg goes back to sqs so another one takes over?

Answer 191

True

Question 192

Max msg size for sqs

Answer 192

256 k - if bigger msg saves on s3

Question 193

What’s sqs visibility timeout

Answer 193

30sec by def can be increased to 12 h

Question 194

Sqs retention period (keep the msg)

Answer 194

1 to 14 days def 4 d.

Question 195

Sqs data poling type

Answer 195

Long polling- no empty response - waits till msg is in

Short polling if bo msg, returns null. Def option - not good for saving money

Question 196

Different type of sqs

Answer 196

Standard

• not guaranteed receiving order
• msg can get delivered multiple times
• no limitation on the number of msg per min

Fifo
Good for banks
Max 300 per sec
Order guaranteed 
One time delivery guaranteed

Question 197

What do you subscribes to when using sns

Answer 197

Topic

Question 198

True or false: sna can fan out msges to multiple methods.

Answer 198

True

Question 199

Pricing for sns

Answer 199

.5 for 1 mil sns requests
.06 100k http notifications
2 for 100k email
.75 over 100 sms

Question 200

What is sqs delay queue

Answer 200

For delaying messages. 0 sec to 50 min (900 sec)

Question 201

Does changing delay value on sqs, affect the existing messages?

Answer 201

For standard no

For fifo yes

Question 202

What size of the sqs msg is large that needs to be saved on s3

Answer 202

256 k to 2G

Question 203

What do we need to handle large messages on sqs

Answer 203

Sqs extended lib for java
Sdk for java
S3 bucket

Question 204

Ses

Answer 204

Simple email system - for sending emails or receiving emails
Incoming email are being delivered to S3 bucket
Can be used to activate lambda or sns

Question 205

Sns vs ses

Answer 205

Sns is for receiving
Ses for receiving and sending
Sns for fanning out to large number of different recipient
They both can trigger lambda
Sns needs subscription to a topic
Ses only email address needed
Sns for all different services ses only email

Question 206

Kinesis

Answer 206

It’s a streaming data service

Gathers and analyze data from different resources

Question 207

Different kinds of kinesis?

Answer 207

Kinesis steaming
Kinesis firehose
Kinesis analytics

Question 208

What’s the retention for kinesis stream?

Answer 208

24 hours by def. can change up to 7 days

Question 209

What is shard on kinesis?

Answer 209

Data record holder - provides fixed unit of capacity. Can change the capacity by resharding

Question 210

Kinesis stream

Answer 210

It’s for streaming data - we have video streaming too
It has shreds which father the data records. consumers which analyze the data and eventually storage to save or cache the data.
Realtime analysis

Question 211

What does kinesis consumer have

Answer 211

Kinesis client lib and data record processor
Processor processes the data
And client lib decides the number of processor needed, recognizing shards when resharding happens and keep track of them

Question 212

What is the ratio of kinesis shard / dara record vs record processor

Answer 212

They are equal. However that doesn’t mean number of consumers have to be the same.

Question 213

What decides the number of kinesis record processor?

Answer 213

Number of shards. Number of consumers is bases on the cpu power. When cpu power is high, we can have multiple record processors on each.
The important point is that, number of records has to be equal on consumers

Question 214

True or false: number of shards can be less than number of consumers

Answer 214

False - worst case it’s equal.

Question 215

True or false: number of record processor can be different on multiple kinesis consumers

Answer 215

False

Question 216

Firehose kinesis

Answer 216

It’s the most automated version of kinesis
No worries about shard and consumer
Data is being analyzed semi real time and then saved to s3 or elastisearch. From S3 it can go to redshift

Question 217

Kinesis analytics

Answer 217

It lets you run queries on data existing on kinesis stream or firehose.
The result goes in s3, elastisearch and redshift

Question 218

Elastisearch

Answer 218

It’s for storing, searching and analyzing huge volume of data

Question 219

Different beanstalk deployment policies

Answer 219

All at once
Rolling
Rolling with additional batch
Immutable
Traffic splitting

Question 220

Beanstalk roll at once deployment policy

Answer 220

Deploy in batches - one batch goes down for an update. Not good for mission critical
Failure, you need to roll back

Question 221

Beanstalk immutable deployment policy

Answer 221

Meaning create a new batch in a new auto scaling group and have it updated with new revision. Then kill the old one once passed the health check

Question 222

Beanstalk split traffic deployment policy

Answer 222

Means immutable style only config enable canary testing. A/b testing

Question 223

What scripting language beanstalk support

Answer 223

Json and yaml
It has to be put in .config file under
.ebextension folder. Under root. E

Question 224

Wha are ways of integrating rds with elastic beanstalk

Answer 224

Set it up with the stack on eb. That’s not good. The rds will be dependent to beanstalk lifecycle. Once eb is removed rds is removed

Other way would be creating externally and using security group and network info, connect to the beanstalk.

Question 225

What’s file gateway?

Answer 225

It’s like a file system to be mounted on s3 bucket

Question 226

Where to we save the params

Answer 226

Parameter store

Question 227

Aws waf vs shield

Answer 227

Shield are for dds attack

While waf is for application firewall

Question 228

Macie

Answer 228

It’s for data loss prevention and protecting sensitive data

It uses machine learning

Question 229

What’s the max long poll timeout?

Answer 229

20 sec

Question 230

Code integration tool

Answer 230

Code commit

Question 231

Code deployment tool

Answer 231

Code pipeline

Question 232

Code delivery tools

Answer 232

Code build and code deploy

Question 233

True or false: codecommit works with https and ssh and ut can work wuth sns fir notifications

Answer 233

True true

Question 234

Code deploy methods:

Answer 234

Inplace update:
The instance will be stopped, new version gets installed
Great for first time
Bad for capacity sensitive systems

Blue green:
A new set of instances in a new sec group will be installed.
Green color is the new set
Pay extra short term for the second term
Load balancer switches from blue to green

Question 235

Deploy appspec file

Answer 235

It’s for codedeploy
It includes param for deploy
Yaml or json if lambda is the target
Or yaml only on ec2

Question 236

Code deploy Appspec file format

Answer 236

Version
Os
Hook
Files - scripts

Question 237

Code depoly spec file

Answer 237

Appspec.yml has to be placed in root

Question 238

Code deploy config file hook category

Answer 238

Before blocking traffic
Block traffic
After blocking traffic 
Application stop
Download the files
Before install
Install 
After install
Application start
Health check
Before allowing traffic 
Allowtraffic
Afterallowtraffic

Question 239

What accesses needed for code deploy

Answer 239

Create iam for ec2 accessing s3

Create a role codecommit accessing ec2

Question 240

What’s ecs

Answer 240

Elastic container service

Question 241

True or false: for code deploy we beed to have codedeploy agent on our system?

Answer 241

True

Question 242

Ecs features

Answer 242

Scaleable
Maintainable
Fault tolerance

Question 243

Container parts

Answer 243

Virtual kernel
Code
Libs

Question 244

Ecr

Answer 244

Elastic container register

Image registey

Question 245

Ecs platforms

Answer 245

On ec2
Or
Fargate Serverless

Question 246

Steps to create docker on aws

Answer 246

Create a cluster
Create image repo to hold on images

Docker build -t, docker tag, docker push
Create task definition
Create service

Question 247

Codebuild specfile

Answer 247

Buildspec.yml
Format:
Pre-build
Build
Post-build

Has to be in root

Question 248

Can you update buildspec from codebuilt through aws website?

Answer 248

Yes, either buildspec.yml or on the insert console

Question 249

If codebuild fails what shall we check?

Answer 249

Console and cloud watch

Question 250

Can we Deploy docker through elasticbeanstalk?

Answer 250

Yes either one docker or multiple through cluster

Question 251

What format of file is used for cloud formation and where the file is being saved?

Answer 251

Json and yml it grsts saved on s3

Question 252

True or false: Aws to create resources based on cloud formation template calls apis

Answer 252

True

Question 253

True or false: the result of cloud formation is called stack

Answer 253

True

Question 254

What in a cloud formation file is mandatory

Answer 254

Resources

Question 255

What’s the usage of transform in cloud formation

Answer 255

Using external scripts or s3 files

Question 256

Output in cloud formation template

Answer 256

It’s for spitting out output for another stack

Question 257

What’s the process of deleting a stack

Answer 257

Del stack through console and then del the s3 template file

Question 258

What’s sam

Answer 258

Serverless application model - cloud formation for serverless
Such as lambda, dynamo db, s3 and apis

Question 259

How to build and deploy sam package?

Answer 259

Sam package to convert cloud formation yml file to Sam friendly format
Sam deploy

Question 260

What to add to cloud formation template to define Sam

Answer 260

Transform: aws::serverless-…

Resources:
Type: aws:: serverless::function

Handler: index.handler holds the function

Question 261

Nested stacks

Answer 261

Created stack from another stack

It allows reuse of cloudformation stack template

Question 262

How can we reuse a cloud formation

Answer 262

Nested stack

Question 263

True or false:

When we want to refer to an ec2 when creating a container, we have to use tags

Answer 263

True

Question 264

Nested stacks template parts:

Answer 264

Templateurl: mandatory
Timeout: by def no timeout. But timeout is for how long the cf wait until it stops.
Notifications ARN: SNS
Parameters: what needs to be passed to CF

Question 265

By def, if cloud formation stack creating fails what happens and what are the options

Answer 265

Def: full Roll back

Keep until it’s created.

Question 266

Nested stack indicator

Answer 266

Type: aws::cloudformation::stack

Question 267

Cloudformation template parts

Answer 267

Version
Description 
Metadata
Parameter
Transform
Conditions
Mapping
Resources

Question 268

What’s the index.handler on cloudformation templatefor Sam

Answer 268

It’s for the function for the serverless lambda functions

Question 269

What is Web identity federation

Answer 269

Let user login with social media, then get a token and exchange the token with temp creds

Question 270

What’s Cognito

Answer 270

Enables web identity federation for mobile app
Syncs user dara between apps
Acts as an identity broker
Maps a token to an iam role
User doesn’t need to keep the user pass locally

Question 271

User pool and identity pool on cognito

Answer 271

User pool let’s user signup or sign in using social media

Identity pool let’s user exchange token with aws creds

Question 272

How does cognito keeps the user data synced between different devices

Answer 272

By sending silent push notifications - sns

Question 273

Different kinds of iam policies

Answer 273

Managed policies - not changeable, managed by aws, recommended policy, can be shared between users, roles and groups

Customer policies - managed by customer

Inpine policies- only for a single user, group or role. Once that’s deleted, the policy goes away

Question 274

What is Assumerolewithidentity

Answer 274

It’s an api provided by STS (security token service) - it is used with web and creates temp token for signed in users
Api returns ARN which can be used when referring ti temp creds, also creds that include access key id, security access key, expiration date and sec token

Question 275

Cross account access

Answer 275

When you are one one account and want ti give access to another account - iam can be used

Question 276

What’s the process on giving access to another user in another account

Answer 276

Create a policy and assign the policy to a role that can be used in another account

In other account. Create a user, assign that user to a group. Add a new policy to let the group members use the role. Policy: assumerole

Question 277

Cloudwatch

Answer 277

To watch cpu, disk (just the throughput not consumption) network and status check for ec2 instance

Question 278

What’s the standard frequency of doing cloudwatch monitoring?

Answer 278

5 min, paid 1 min

Question 279

How long cloudwatch log is retained?

Answer 279

Indefinitely unless you changed

Question 280

Can we pull cloudwatch logs after deleting the resource

Answer 280

Yes

Question 281

Dan we have alarms for cloudwatch

Answer 281

Yes, we can use sns to trigger lambda or send sms

Question 282

Can cloudwatch be used on premises?

Answer 282

Yes it can. Ssm agent and cloudwatch agent are needed

Question 283

How do you pull cloudwatch logs

Answer 283

Getmerticsstatistics api or other third party apis

Question 284

Different between cloudwatch vs cloudtrail and config

Answer 284

Cloudwatch is for performance
Cloudtrail is for monitoring api calls - who provisioned what… and config is for checking history of permissions and configs such as security groups- state of aws

Question 285

Xxx is a sever error, what’s the first digit if the error is client error vs server error?

Answer 285

Server error starts with 5 while client starts with 4.

Question 286

What’s max lambda timeout?

Answer 286

900 sec, 15 min

Question 287

What tool shall you use if you want to figure which iam policies are granting too much access?

Answer 287

Iam policy simulator

Question 288

What’s s3 replication

Answer 288

It’s for automatically and async copying object across aws s3 buckets. It can be on the same region or different region or even a different account
You need to provide a destination bucket and iam role to write on the bucket

Versioning must be enabled 
You can replicate within the same storage class or a different storage class

Question 289

What does sit in .ebextensions?

Answer 289

Custom variables

Question 290

How to upload and deploy lambda code?

Answer 290

Zip and upload through lambda console
Zip and put in s3 and have lambda download from there
Copy and paste the code in the editor
Write cloudformation template and deploy environment along with your code
Lambda is not supported by beanstalk

Question 291

Lambda can be triggered by async and sync. What services call that sync

Answer 291

Load balancer
Cognito
Lex 
Alexa
Api gateway
Cloudfront
Kinesis

Question 292

What if lambda code needs libs that aren’t standard and available

Answer 292

Make a deployment package of code and libs, upload in s3 bucket and then lambda or direct to lambda if less than 50 M

Question 293

What is cloud9

Answer 293

It’s a cloud based integrated ide that let’s you write code and debug

Question 294

What’s codestar

Answer 294

For code develop, build and delivery

Question 295

Permissions for a lambda func connects to a resource in a vpc

Answer 295

• configure sec group allowing the lambda access the resource
• giving exec permission role for letting lambda to create eni (elastic network interface)
• setup lambda to connect to subnet used by ec2

Question 296

What’s the best option for saving session data / session state?

Answer 296

Dynamo db and elasticache - it’s flexible.
Ec2 is not scaleable for session data
Lambda can’t save session state.

Question 297

How to calc number of read writes for byte if i have RCU or WCU

Answer 297

Just multiply rcu to 4k and 2 * 4k for read and wcu to 1k

Question 298

What’s the formula for wcu and rcu

Answer 298

Wcu = number of writes * size of item / 1

Rcu = number of reads / 2 (if eventual) * size of item / 4

Question 299

Docker build and tag cmds

Answer 299

Docker push $repourl:latest

Docker build -t $repourl:latest .

Question 300

What are web containers

Answer 300

Passenger, puma and tomcat

Question 301

Elasticbeanstalk supports what languages

Answer 301

Java, node, pho… web containers and docker container with multiple config

Question 302

What’s the way of rolling back for inplace code depoly

Answer 302

Redeploy the prev version of the code to the nodes

Question 303

What service allows you to run applications without knowing the structure

Answer 303

Elasticbeanstalk

Question 304

What service let’s you improve network availability and performance

Answer 304

Global accelerator

Question 305

True or false: cloudfront lets you improve speed if you use it along with api gateway to assist with geo disprate calls

Answer 305

True

Question 306

What’s iam policy simulator usage

Answer 306

You can test and troubleshoot iam and resiurce policies attached to them. You can test which actions are allowed or denied.

Question 307

What’s NAT

Answer 307

Network address translation
It’s for letting resources inside the vpc to access outside, at the same time it prevents the internet from accessing or connecting with instances inside

Question 308

True or false:

What’s internet gateway

Answer 308

It provides direct access / connectivity to the public internet
Thus it makes the subnet public

Question 309

Basion host vs host

Answer 309

Bastation host allows inbound access to authorized ips and users

NAT allows instances within vpc to go out to the internet

Question 310

Nsg

Answer 310

Network security group allows or denies network traffic on port 1433

Question 311

True or false: beat practice is creating rds db on provate subnet

Answer 311

True

Question 312

True or false: cognito is used for multi device log in, handling their sessions and limiting the number of devices on streaming services

Answer 312

True

Question 313

What’s cognito good for

Answer 313

Limiting the access by number of devices
Logging kn and identifying the users
Track when users access the site and their devices

Question 314

Why it’s good to have ssl installed on load balancer

Answer 314

Because it removes complexity of installing on all instances and easier to remove or disable
Removes the load off of ec2

Question 315

How to stop ppl uploading unencrypted file to s3 bucket

Answer 315

Add policy to only allowput operations with x-amz-server-side-encryption

Question 316

Tool to test if the policies work as expected

Answer 316

Iam simulator

Question 317

What is sticky session

Answer 317

Saving sessions on the nodes locally. When load balancer receives the request it routes it to proper web server that already have active session
It’s good because it sends the client back to the same web server.
It’s bad because if node crashes, session gone. Bad also because if we want to expand, number of node, still load balancer sends the requests to the same old web servers. That makes load balancing unequally spreading the load.

Question 318

What is distributed session management

Answer 318

Key value - in memory. Redis and memcache

Fast and scaleable. It adds network latency and cost are the drawbacks.

Question 319

What’s the api to gain access to a resource

Answer 319

Sts: assumerole returns temp creds to access

Question 320

How to decrease a website cost

Answer 320

Move to serverless is the most cost effective
Scale in when not needed
Adding cloudfront increases the cost

Question 321

Who on Elastic beanstalk is responsible for applying patches and updates to platform

Answer 321

Aws

Question 322

In beanstalk, application and data sec repressibility is on ?

Answer 322

Developer

Question 323

On elasticbeanstalk. Responsibility for publishing platform policies abd retirement schedule is on

Answer 323

Aws

Question 324

On elasticbeanstalk responsibility for any component that’s required by ur app and that you downloaded is on

Answer 324

You

Question 325

If data us constantly saved on s3 and rds, what’s the most cost effective ec2 price modeling?

Answer 325

Spot

Question 326

You deployed something on lamda, it went wrong, how would you roll back?

Answer 326

Remap PROD aliad to point to prev version of ur func

Question 327

True or false: An ebs backed stopped and restarted without losing data

Answer 327

True

Question 328

True or false:

Using sqs extended lib, you can create an s3 bucket and move messages there

Answer 328

False

Question 329

What’s the sqs extended lib for

Answer 329

For adding msg tocs3, deleting, referencing, deciding if msg is 256k or not

Question 330

Ways to optimize ebs

Answer 330

• increase throughout, through joining multiple volumes together in a RAID 0
• for hdd, make sure do it on low traffic time
• make sure ec2 instances are optimizable for use with ebs

Question 331

True or fskse: ami id is dependent on regions

Answer 331

True

Question 332

True or false: tags are universal namespace

Answer 332

False

Question 333

True or false: cloudformation stack can be used through different regions and different accounts

Answer 333

True

Question 334

True or false: Ami roles are valid across your account

Answer 334

True

Question 335

True or false: image in one region is not accessible in another region. U will have to copy. Id will change after copying

Answer 335

True

Question 336

Amazon inspector

Answer 336

It does automatic security assessments and find loopholes in specific resources specific to ec2

Question 337

True or false: config keeps track of environment changes based on the rules you define

Answer 337

True it’s a monitoring and governance tool

Question 338

True or false: saving data in s3 and json is serverless but not fast

Answer 338

True

Question 339

True or false: saving data on ec2 is not scaleable

Answer 339

True

Question 340

True or false: saving data i dynamo db is fast, scaleable and key value

Answer 340

True

Question 341

Fir greater scan and query flexibility you can creat up to how many local secondary indexes?

Answer 341

5

Question 342

True or false: route 53 distributes traffic across region s

Answer 342

True

Question 343

Different between application load balancer and classic load balancer?

Answer 343

Both support sticks session and layer 7 (http) laod balancing. The classic one doesn’t work as application aware lb. meaning, it can’t do routing
If we have micro services we need to have routing. Then application lb is better.

Question 344

True or false: rds cannot trigger lambda directly

Answer 344

True. It can send a msg to sns then sns can trigger lambda

Question 345

True or false: s3 cannot trigger lambda

Answer 345

False. It can trigger lambda

Question 346

True or false: cloudfront can trigger lambda

Answer 346

True

Question 347

True or false: cloudfront can trigger lambda

Answer 347

True

Question 348

True or false: cognito can trigger lambda

Answer 348

True

Question 349

To do portioning when saving 33 bucket

Answer 349

Use a a random key before date. Or random key prefix

Question 350

True or false: x ray is to find bottle necks of the app

Answer 350

True

Question 351

To create an auto scaling group what’s needed

Answer 351

Iam permission - role to be able to create auto scaling group - create ec2 instances and we need a template with required AMI content.

Question 352

How to manage access to api gateway

Answer 352

1- resource policies - to allow or deny access from a vpc, user or ip address to methods

2- aws iam role and policies - who can create and manage as well as who can invoke api or individual method

3- create and configure lambda authorizer - about who can invoke methods using tokens

4- cognito user pool - can create authentication and authorization solution for who can invoke the methods

Question 353

How can we listen to http request using lambda

Answer 353

Useapi gateway and confit it with proxy integration with lambda function

Question 354

What does api gateway lambda proxy integration do?

Answer 354

It lets a user to call a function from an api

Question 355

True or false:

Subnet within a vpc can communicate with no extra routing required.

Answer 355

True

Question 356

True or false: we don’t need public ip for subnet to communicate

Answer 356

True

Question 357

True or false:

Security groups block all network traffic by default

Answer 357

True

Question 358

True or false: mysql security groups not iam is responsible for controlling traffic

Answer 358

True -port 3306

Question 359

Dead letter sqs

Answer 359

Holds onto problematic messages for the sake of debugging

Question 360

When credentials need to be encrypted and rotated frequently the best practice is

Answer 360

Using iam role is good and they are based on sec tokens

Question 361

Difference between optimistic conditional write vs pessimistic and which one is proper for dynamo

Answer 361

Pessimistic locks the row and table. Not supported by dynamo Optimistic, doesn’t lock. Only ready to make sure it hasn’t changed. It’s good along with conditional writing. Supported ny dunamo

Question 362

True or false:

A sqs can subscribe for an sns topic

Answer 362

True

Question 363

Athena

Answer 363

Serverless interactive query tool makes it easy to analyze data in S3

Question 364

True or false: Elastic beanstalk is good for quickly developing environments including docker

Answer 364

True

Question 365

Opswork

Answer 365

Config management tool - It’s good for when you have multiple stacks and you want to use config tools

Question 366

To update a build file name or location for codebuild what to do

Answer 366

Change buildspec.app, update project or start build

Or update project would let you update the new location.

Question 367

Where does the logs from lambda go

Answer 367

Cloudwatch and it’s already automated

You can see invocation errors too

Question 368

Python writing into logs fir lambda

Answer 368

Stdout - stderr

Question 369

Aws inspector

Answer 369

Assesses security if applications deployed on aws. It checks for exposure , vulnerability and best practices

Question 370

What are Api stage variables oh http request

Answer 370

They are for having one api multiple stages

Question 371

What’s dynamo accelerator

Answer 371

Dax - in memory cache for dynamo only

Question 372

If you want to do blue green deployment what service to use

Answer 372

Code deploy and route 53

Question 373

What’s thr verion of a file if it’s uploaded before versioning activated?

Answer 373

Null. Otherwise 1

Question 374

S3 bucket permissions can be limited to a specific user from a website, how?

Answer 374

S3 bucket policy - get object permissions- referer key

Question 375

True or false: ttl on dynamo db is not enable by def and can be assigned to any attribute with any name

Answer 375

True

Question 376

When to use scan vs query on dynamo db

Answer 376

When you want all the rows use scan. It doesn’t matter if you want all the attributes- because projectionexpression does the job of filter columns.

Question 377

Get item vs query vs batchgetitem

Answer 377

Getitem requires both partition key and sort key

Query only requires partition key

Batchgetitem allows you send multiple partion keys to a request

Question 378

Lambda concurrency

Answer 378

Up to a 1000 lambda funcs can run concurrently. 900 of them can reserved to guarantee. In case some actions happens at the same time

Question 379

In lambda there is autopublishalias what does that do?

Answer 379

It creates a new alias, creat a new version, point the alias to it and point all event sources to this alias.
Good for fast switching

Question 380

Dynamodbcrudpolicy

Answer 380

It’s an aws managed policy, better than full access

Question 381

When to use dead letter queue with lambda

Answer 381

When lambda is overwhelmed and missing processing of data coming from stream

Question 382

In order a lambda to be communicating with an rds in a vpc subnet, what do we need to have

Answer 382

We need to have a role / lambdavpcaccessexecution role