Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Aws Developer > Mixed > Flashcards

Mixed Flashcards

1
Q

Iam

A 
Identity federation
PCI payment card industry 
Password rotation
Temp access
Multi factor authentication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Policies

A

Assigned to role, group or user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When a user created we get

A

Access key id

Secret access key

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Password policy

A

Life cycle management

Complexity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

True or false: Link to log in through iam is customizable?

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Role

A

Can be assigned to an Iam user in another account
An aws resource
Application running on the resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

True or false: ec2 is region based

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

5 types of ec2 pricing models

A 
On demand
Reserved 
Spot
Dedicated
Saving plan
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

On demand ec2 pricing model

A

Pay per hour or sec depending on the instance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Reserved ec2 pricing model

A

1 or 3 years of prepaid and commitment
Called RI
For predictable load
RI, convertible RI and scheduled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Convertible RI vs RI vs Scheduled

A

Convertible you can change the power or type of ec2 as long as you are spending the same amount or higher
Scheduled, you scheduled for a certain time

Convertible up to 54% off
RI up to 72%

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Spot ec2 pricing model

A

You bid on it and whenever it matches your bidded price, it assigns you the ec2
If you stop, you gotta pay for the resource, if aws stops you, you don’t pay for the rest of the hour
It’s for tasks that interruption doesn’t matter

Can be used for calcs, parallel computing
Up to 90% discount

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Dedicated ec2 pricing model

A

License and compliance
On demand or reserved
Reserved up to 70% off

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Saving plan pricing model

A

Not just for ec2
Not region based
Dedicated to 1 to 3 years and pay 72% percent off
You can change the type, the region,…

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Ssh port

A

22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Http port

A

Port 80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

True or false: Making ec2 we can decide what happens if we shut down the insurance. Shall it be terminated or stopped

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Different types of ec2 instances

A 
General purpose 
Micro
Compute Optimized
Fpga
Gpu
Machine learning
Memory optimized 
Storage optimized
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

General Purpose instance

A

For general purposes, start with T1, T2

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Micro insurance

A 
Instance for testing or low i/o throughput and low network performance 
First 750 h is free for the first year
1 virtual cpu
Less than one gig memory
Cheapest
Starts with m
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Compute optimized instant type

A

Starts with C
It has the highest rate of Cpu to memory
Good for apps needed analysis and high performance apps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Fpga instance

A

Hardware accelerated instance
Good for parallel computing and finance
Starts with F

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Gpu instance

A

Good for graphics
Starts with G
ImGe rendering and media processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Machine learning instance

A

Good for machine learning, language processing
Uses ASIC (application specific integrated circuit)
Custom build cpu
Chip is called inference
Starts with Inf

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Memory optimized instance type
Cheapest Ram per G Starts with Z, X or R For DB applications and memcache
26
Storage optimized insrance
``` Start with H, I or D Good apps need higher io or storage capacity I3 is good for nosql D3 is for warehouse Directly attach storage blocks to ec2 ```
27
True or false: ebs is region based
True
28
Whats Ebs
Disk on the cloud Availability zone sensitive Replicate themselves into other zones, to avoid single point of failure
29
Different types of EBS
``` General purpose Provisioned iops Provisioned iops 2 Throughput optimized HHD Cold HHD Magnetic Storage ```
30
General purpose ebs
It’s for development or not latency sensitive 3 iops per g Max iops 16000 Burst 3000 iops
31
Provisioned iops
SSD 50 iops per g Max 64000 iops per g Good for io intensive apps - DB or Io sensitive Durability: 99.9%
32
Iops SSD 2 EBS
500 iops per G 64000 iops per G max Higher durability 99.999%
33
HHD - throughout optimized ebs
``` Good for big data, data warehouse and log files Cannot be boot Good for Low frequency accessed data 40 mb per sec per T Burst 250 mb per sec per T Max 500 mb per sec per T ```
34
Cold HHD Ebs
``` Good for archive Can’t be boot The cheapest 12 mbs per T Burst 80 mbs per T Max 250mbs per T ```
35
True or false: encrypted EBS image is always encrypted
True
36
True or false: Changing ebs type or zone or adding a new ebs takes time time to take effect
False - it’s immediate and requires no down time
37
Different kind of load balancer
Application load balancer Network load balancer Classic load balancer
38
Application load balancer
Later 7 SSL / TLS level Application aware Routes the traffic to specific page
39
Network load balancer
``` Layer 4 Most expensive Routs TCP traffic pretty fast Can handle a mil per sec Fast speed used for extreme performance ```
40
Classic load balancer
Both layer 4 and 7 (x forward and sticky seasion) Hard to debug 504 error. Which level is the error Not as smart as other load balancer
41
How to find ip address when using load balancer
X-forwarded-for-header
42
What is 504 error
Means the gateway has timed out | Application is not responding within the timeout time
43
Https port
443
44
True or false: Load balancer target can be all Availability Zones
True
45
True or false: Adding roles to an instance or changing policies assigned to a role requires a reboot to take effect
No, no need to reboot. It takes effect immediately
46
What is Aurora?
Amazon relational DB | It doesn’t support free tier
47
OLAP VS OLTP
Olap is for extensive data analysis. Data warehouse. Redshift is an olap Oltp: for small frequent queries
48
Different kind of cache supported by elasticache
Memcache | Redis
49
Widely adapted memory object cache
Memcache
50
Which elasticache engine supports complicated data structures
Redis
51
Which elasticache engine supports multi az
Redis
52
Redis
Open source, in memory Key value Cache engine It supports multi az, and data lists and other data types Redis clusters are stateful entities
53
Memcache
Object caching system | Widely adapted
54
What elasticache engine to use if primary goal is object caching?
Memcache
55
What elasticache engine to use if primary goal is simplicity?
Memcache
56
What elasticache engine to use if primary goal is running large caching nodes and multi threaded performance?
Memcache
57
What elasticache engine to use if primary goal is expanding your cache horizontally?
Memcache
58
What elasticache engine to use if primary goal is using advanced data types?
Redis
59
What elasticache engine to use if primary goal is using leaderboards or sorting and ranking data sets?
Redis
60
What elasticache engine to use if primary goal is persistence of the key?
Redis
61
What elasticache engine to use if primary goal is running on multiple availability zones?
Redis
62
What elasticache engine to use if primary goal is having pub sub capability?
Redis
63
If DB is under stress and load is read only mostly what we should do to help?
Caching - elasticache
64
Def port for connecting to DB is
3306
65
To open RDS port to an ec2 what needs to be done?
Open inbound rules to ex2 sec group - port 3306
66
True or false: When RDS is created, you only get endpoint url not ip address
True
67
Rds backup types:
Automatic - by def on Retention time is 0 to 35 days - def is 7 says You can back up to any time of the day When rds instance is deleted, backup is deleted Back up being saved on S3 - free s3 with tge size of backup Time of getting backup is changeable Manual Manually triggered Doesn’t del the back up when rds instance deleted
68
How to restore from rds backup
Create a new instance from the backup. That gives you a new endpoint
69
True or false: you can encrypt an unencrypted rds instance
False - you have to get a snapshot, create a new instance and make that encrypted
70
How an rds instance get encrypted
At rest - using KMS
71
True or false: once an rds instance is encrypted, the backup (automated and manual) is encrypted too
True
72
Encryption at rest is supposed for what RDS types
Sql, mysql, Aurora, mariadb, postgres, oracle
73
Read replica vs elasti cache
Elasticache, data can get old, only available if it’s been seen before. While replica, data gets updates on replicas more frequently. If you have many frequently changing dara, replica is better.
74
Difference between milti az and read replica for rds
Multi az is for disaster recovery Read replica is for performance Multi az is sync Read replica is async
75
Multi az for rds
It means data is being replicated in different availability zones in case one fails the other takes over Endpoint never changes but ip changes. That’s why we deal with endpoint It can be turned kn from the beginning or when changing an rds instance
76
Read replica
We can have up to 5 replicas Good for heavy read loads Update happens async We can have read replica of multi az We can have multi az of read replica Read replica can turn into a real db. If we have too many or need a copy of db Not available for sql and oracle Replicas can be in different regions and zones Automatic back shall be on when using read replica Read replica can be encrypted even if the main version of rds is not encrypted Copies are read only
77
True or false: read replicas are read only
True
78
True or false: read replicas are only in one region and zone
False. Can be in multiple regions and zones
79
True or false: to have a read replica encrypted the main copy must be encrypted
False.
80
True or false: you must have auto backup on if want to have read replica in
True
81
How many read replica can we have
5
82
True or false: Multi az is for performance improvement of rds
False only for disaster recovery
83
True or false: read replicas get updated immediately
False- it happens async
84
Is s3 bucket object based or block based?
Object. Ebs is block based.
85
True or false: s3 is only used for objects not for os or db
True
86
True or false: high availability and disaster recovery is built in s3 bucket
True
87
S3 bucket file size range? And max size it can handle in one upload
0-5 t | 5 g
88
Size range for Multi part upload for S3
5meg to 5 t | Recommend for over 100meg
89
Api response after successfully uploading a file into s3
200
90
True or false: s3 is not scaleable and has storage limit
False | It’s scalable and it has unlimited storage
91
S3 bucket, reading models
Eventually consistent- put (update) and del | Read after write consistent- put for new file
92
S3 availability and durability
Availability 99.9 guarantied built for 99.99 | Durability 9.9 (11X)
93
Access control vs bucket policy
Access control- individual files | Bucket policy for the whole bucket
94
Different kinds of S3 bucket
S3 Durability 99.9 x11 Availability: 99.99 S3 IA - the same D A: 99.9 - paid retrieval S3 one zone IA - Availability: 99.5 Durability the same - 20% cheaper S3 glacier - archive - retrieval configurable mins to hours 99.99 S3 intelligent tiering - it decides based on 30 days frequency of access - same D, A: 99.9 .0025 usd for for managing a 1000 files S3 deep archive glacier - min 12 h retrieval- the cheapest - A:99.99 Outposts - on premise local access Redundancy reduced - when data can be retrieved easily
95
Charges involved with s3
``` Access requests Storage space Moving files Tagging - storage management Transfer acceleration ```
96
True or false: S3 can have access log and versioning enabled
True- you can see who called apis
97
We made a file public on s3 but still not accessible what can be wrong
You need to allow public access on policy
98
Encryption on S3
In transit - ssl tls transport layer At rest Aes 256 - Sse - aws is responsible for key management and protection Kms - kms does the key management and generation Sse-c client key is being used for encryption Client side client does the encryption and send the data
99
S3 request header for encryption
X-amz-server-side-encryption
100
Expect in s3 bucket request
Don’t send the msg is header is rejected
101
What’s the s3 bucket url format
S3-region-amazonaws.com/ bucketname
102
What’s CORS
For cross origin resource sharing When you want to give access of a resource in two different buckets Under permission you need to give access to the website url - endpoint Stops Cross scripting attack
103
S3 website url format
Bucketname-s3-website-region-amazonaws.com
104
Cdn vs content acceleration
Content acceleration uses cdn edges to expedite uploading files into s3 bucket
105
What’s cdn
Content delivery network There are edges in different regions and zones Edges are readable and writeable Distribution is a group of edges
106
What’s distribution and how many types we have?
Group of edges Web distribution for web content Rtmp real time messaging protocols for steaming and adobe
107
True or false: we can have different resources per cdn edge
True - load balancer, ec2, s3, route 53 and tour own server
108
True or false: after activating cdn, you should remove direct access to the resource
True
109
What’s ttl and is it changeable
Ttl is expiration date for cdn content | You can manually request the edges to refresh the data, but costs you money
110
How many edges in how many countries
More than 100 in 25 counties
111
What to do if we want to have restricted access
Setup cdn to Use signed url - signed cookies
112
Can cdn have it’s own domain
Yes
113
Waf
Web firewall application Works like firewall- application layer layer 7. Avoids sql injection and ddos Block cross scripting attack Blocking IP addresses
114
Cdn default and max ttp
24 h and 365 days
115
Whbe to optimize performance of s3 by cdn?
If more than 5500 get or 3500 put / list /del it’s time to use cdn to optimize
116
What’s lambda
Serverless computing service
117
What languages lambda supports
``` C# Java Go Python Node.js ```
118
Lambda pricing model
Requests: First 1 mil requests are free After .20 per mil Duration of execution - per G per secrounds up to 100ms
119
Example of serverless services
S3, lambda, dynamodb, api gateways
120
True or false: lambda is region-based but can work globally
True
121
True or false: Xray is for debugging lambda system
True
122
True or false: api gateway can have def url or custom
True
123
Does aws support ssl certificate
Yes, and it’s free
124
Does api connects to cloudwatch
Yes, to log calls and stuff
125
Does api gateway has caching?
Yes and ttl.
126
What security mechanisms can you use for api gateway
Aws Iam Open Open with key
127
Does api have versioning?
Yes it does. Latest label is for the last one.
128
True or false: after creating an api we need to deploy it
True
129
True or false: we can’t have versioning in lambda
False | Each version of lambda function has a label and a unique Arn.
130
True or false: lambda functions are immutable
True. Meaning any change must happen on new version
131
True or false: lambda functions can be run concurrently
True There is a limit per account per region. 1000 per reg per acc If you go over, 429 error is returned Toomanyrequestsexception You can go with reserved concurrency, but to make sure a function always get it’s own required number. Not a good idea though because it cannot go above that number
132
What’s reserved concurrency for lambda functions
It means we have a certain capacity out of 1000 assigned to a specific func to ensure it always runs. Not good cause it makes the function limited to that number
133
If we want to do ab testing on lambda what’s the process
We can’t use latest. We need ti create two versions and then name them with aliases then do ab testing
134
Lambda and vpc what do we need for setting up the connection
We need to setup eni (elastic network interface) We need security group and private subnet ip - - vpc-config subnetid=xyz,security-group=secgro
135
What is step In lambda
It’s used to trigger the function, log and visualize the info and what happens and it can do sequential, branching or parallel
136
What’s xray
It’s added to code for logging all interactions between resources, and logs all api calls and all responses to log all the info.
137
What do we need to integrate with xray on our server or system
Xray sdk and daemon Sdk for gathering info and sending them to daemon Daemon for queuing them and send batching them them back to aws
138
X-ray is configurable with what services?
Ex2 or on promises on ec2 or your system Elastic Beanstalk - on ec2 Container - separate container is needed for xray
139
Annotations on logging
Extra data we can send along with a request. They are key pairs, can be used with filter expression to fund the data.
140
Can we import batch of Apis
Yes, apis are importable in case we are moving to aws
141
Can you change the max number of concurrent lambda functions?
Yes through support
142
How can you upload api file into aws
Swagger 2 | Openapi v2 and v3
143
What’s the highest number of api call?
5000 concurrent 10000 per sec If it goes over 428 error will be returned
144
What to do if we have old soap requests? For legacy systems
You can configure api gateway as a soap web service pass through
145
To creat a new api what’s the api call
Post - with swagger in payload - and endpoint configs
146
What’s the api call for updating / replacing
Put api and swagger in the payload. | Mode query param, You can decide if you want to replace or update existing api.
147
What’s dynamo db
Fast and flexible nosql db
148
Where do the dynamo db collections sit?
Ssd
149
How dynamo db avoids single point of failure?
The underlying hardware supporting dynamo is speared through 3 regions
150
What are dynamo db consistency model?
Strongly consistent | Eventually consistent - consistency reaches within a sec - good for read performance
151
Different types of primary key in dynamo db
Partition key - hash func to define physical partition Composite key - partition key and sort key
152
How to control access on dynamo db
Iam role Iam condition to give partial access to the table LeadingKeys param is used
153
Is partition key value in dynamo db collection changeable?
No
154
Different indexes on dynamo db
Local secondary index - created when table is being created - cannot change - it has the same partition key - sort key is different Global secondary- it can he added or changed later - it has a different partition key as well as sort key
155
Languages supported by dynamo db document
Hml, xml, and json
156
Query cs scan
Query returns all the results that we can filter - scan returns based on criteria- projection expression
157
Are Query results showing up ascending or descending?
Ascending - if we want to change the order we have to make scanindexforward false
158
Can we change the results order on scan
No, only query result order is changeable
159
How to improve performance of dunamodb
Decrease the size of the results for each page Call queries rather than scan Use large queries n higher number rather than small
160
Api to get items - query
Getbatchitem
161
How can you improve scan speed on dynamo db
By making the process parallel. Parallel scanning can happen by changing the config however if another process is already doing it, you should avoid By def scanning happens sequential. Meaning 1m then another 1m.
162
Dynamo db capacity unit:
1k per sec for writing 4k for reading strongly consistent 4k *2 for reading eventually consisten
163
Dynamo db pricing models
Provisioned - specific capacity unit | On demand - pay as you use. Good when using serverless, or you have unpredictable spike
164
What’s dax
``` Dynamo db specific cache. Fully managed in memory cache Micro sec performance over 1 mil request 10x performance Write through cache Eventual consistent If we want strongly it’s not good ```
165
True or false: dax is good if we want strongly consistent read from caching
False - it’s eventual consistent
166
True or false: dax is cluster based
True
167
True or false: memcache is cluster based
False
168
Strategies for caching:
Lazy loading When user requests, if the data doesn’t exist, it will be retrieved. Advantage: unnecessary, unused data won’t be saved in db Disadvantages: Data can get old - need ttl Read penalty - cache miss Write through It writes every time we write new data or update data Advantages: Data is new always updated User can tolerate wait on write rather than read ``` Disadvantages: Not used data gets saved When data is deleted, db doesn’t know to replace. We must use lazy load a long with it Write penalty ```
169
True or false: memcache support multi az
False - that’s why it’s not good if we care about not losing data
170
What does atomic transaction mean in acid
Means either all transactions happen, or none
171
What the period for data to be delete from db after ttl reaches
48 hours
172
Ttl is good for
Log data Session data Temp data
173
What’s ttl unit
Epox - unix posix From jan 1 1970
174
What’s dynamodb stream api
It’s timebased item level modifications - del, add update... It’s great for serverless system and for trigger based systems It has it’s own domain endpoint By def, primary key is recorded Logs are encrypted at rest
175
True or false: dynamodb stream api is good for serverless services
True. Good for triggering system
176
How long dynamodb stream api log is saved encrypted
24 h
177
What is Provisionthroughputexceeded
When you send too many read or write requests to dynamodb
178
How dynamodb sdk or our app deals with provisionthroughputexceeded
Either we use sdk, it keeps sending and decreases the sending rate. Or our application exponential back off. Meaning every time it gives 2x sec delay If it keeps failing for 1 min, it exceeds the throughput capacity
179
Is exponential backoff only for dynamodb
No, any service that the app uses sdk. The sdk does that
180
What to do if dynamo db is stressed?
If too many writes, look at throughput capacity - you can contact support to increase If read, use elasticache or dax
181
What’s CMK
Customer master key which is used for encrypting envelop key / dara key
182
Whats data / envelope key
It’s used for encrypting the data
183
True or false: Deleting a key on kms would del the key immediately?
False. It has 1 week grace time
184
You can schedule key deletion between how many days?
7 days to 30 days. | Key has to be disabled before
185
What does cmk have?
``` Alias Description State Date Content ```
186
True or false: cmk cannot be exported
True
187
True or false: if you want to export the cmk key, you need to use hsm.
True - it’s a dedicated hardware, it’s way more expensive than cmk
188
What’s the first service of aws
Sqs
189
True or false: sqs is auto scaleable
True
190
Is sqs pull based or push bases?
Pull based
191
True or false: if a resource processing a message from sqs dies, msg goes back to sqs so another one takes over?
True
192
Max msg size for sqs
256 k - if bigger msg saves on s3
193
What’s sqs visibility timeout
30sec by def can be increased to 12 h
194
Sqs retention period (keep the msg)
1 to 14 days def 4 d.
195
Sqs data poling type
Long polling- no empty response - waits till msg is in | Short polling if bo msg, returns null. Def option - not good for saving money
196
Different type of sqs
Standard - not guaranteed receiving order - msg can get delivered multiple times - no limitation on the number of msg per min ``` Fifo Good for banks Max 300 per sec Order guaranteed One time delivery guaranteed ```
197
What do you subscribes to when using sns
Topic
198
True or false: sna can fan out msges to multiple methods.
True
199
Pricing for sns
.5 for 1 mil sns requests .06 100k http notifications 2 for 100k email .75 over 100 sms
200
What is sqs delay queue
For delaying messages. 0 sec to 50 min (900 sec)
201
Does changing delay value on sqs, affect the existing messages?
For standard no | For fifo yes
202
What size of the sqs msg is large that needs to be saved on s3
256 k to 2G
203
What do we need to handle large messages on sqs
Sqs extended lib for java Sdk for java S3 bucket
204
Ses
Simple email system - for sending emails or receiving emails Incoming email are being delivered to S3 bucket Can be used to activate lambda or sns
205
Sns vs ses
Sns is for receiving Ses for receiving and sending Sns for fanning out to large number of different recipient They both can trigger lambda Sns needs subscription to a topic Ses only email address needed Sns for all different services ses only email
206
Kinesis
It’s a streaming data service | Gathers and analyze data from different resources
207
Different kinds of kinesis?
Kinesis steaming Kinesis firehose Kinesis analytics
208
What’s the retention for kinesis stream?
24 hours by def. can change up to 7 days
209
What is shard on kinesis?
Data record holder - provides fixed unit of capacity. Can change the capacity by resharding
210
Kinesis stream
It’s for streaming data - we have video streaming too It has shreds which father the data records. consumers which analyze the data and eventually storage to save or cache the data. Realtime analysis
211
What does kinesis consumer have
Kinesis client lib and data record processor Processor processes the data And client lib decides the number of processor needed, recognizing shards when resharding happens and keep track of them
212
What is the ratio of kinesis shard / dara record vs record processor
They are equal. However that doesn’t mean number of consumers have to be the same.
213
What decides the number of kinesis record processor?
Number of shards. Number of consumers is bases on the cpu power. When cpu power is high, we can have multiple record processors on each. The important point is that, number of records has to be equal on consumers
214
True or false: number of shards can be less than number of consumers
False - worst case it’s equal.
215
True or false: number of record processor can be different on multiple kinesis consumers
False
216
Firehose kinesis
It’s the most automated version of kinesis No worries about shard and consumer Data is being analyzed semi real time and then saved to s3 or elastisearch. From S3 it can go to redshift
217
Kinesis analytics
It lets you run queries on data existing on kinesis stream or firehose. The result goes in s3, elastisearch and redshift
218
Elastisearch
It’s for storing, searching and analyzing huge volume of data
219
Different beanstalk deployment policies
``` All at once Rolling Rolling with additional batch Immutable Traffic splitting ```
220
Beanstalk roll at once deployment policy
Deploy in batches - one batch goes down for an update. Not good for mission critical Failure, you need to roll back
221
Beanstalk immutable deployment policy
Meaning create a new batch in a new auto scaling group and have it updated with new revision. Then kill the old one once passed the health check
222
Beanstalk split traffic deployment policy
Means immutable style only config enable canary testing. A/b testing
223
What scripting language beanstalk support
Json and yaml It has to be put in .config file under .ebextension folder. Under root. E
224
Wha are ways of integrating rds with elastic beanstalk
Set it up with the stack on eb. That’s not good. The rds will be dependent to beanstalk lifecycle. Once eb is removed rds is removed Other way would be creating externally and using security group and network info, connect to the beanstalk.
225
What’s file gateway?
It’s like a file system to be mounted on s3 bucket
226
Where to we save the params
Parameter store
227
Aws waf vs shield
Shield are for dds attack | While waf is for application firewall
228
Macie
It’s for data loss prevention and protecting sensitive data | It uses machine learning
229
What’s the max long poll timeout?
20 sec
230
Code integration tool
Code commit
231
Code deployment tool
Code pipeline
232
Code delivery tools
Code build and code deploy
233
True or false: codecommit works with https and ssh and ut can work wuth sns fir notifications
True true
234
Code deploy methods:
Inplace update: The instance will be stopped, new version gets installed Great for first time Bad for capacity sensitive systems Blue green: A new set of instances in a new sec group will be installed. Green color is the new set Pay extra short term for the second term Load balancer switches from blue to green
235
Deploy appspec file
It’s for codedeploy It includes param for deploy Yaml or json if lambda is the target Or yaml only on ec2
236
Code deploy Appspec file format
Version Os Hook Files - scripts
237
Code depoly spec file
Appspec.yml has to be placed in root
238
Code deploy config file hook category
``` Before blocking traffic Block traffic After blocking traffic Application stop Download the files Before install Install After install Application start Health check Before allowing traffic Allowtraffic Afterallowtraffic ```
239
What accesses needed for code deploy
Create iam for ec2 accessing s3 | Create a role codecommit accessing ec2
240
What’s ecs
Elastic container service
241
True or false: for code deploy we beed to have codedeploy agent on our system?
True
242
Ecs features
Scaleable Maintainable Fault tolerance
243
Container parts
Virtual kernel Code Libs
244
Ecr
Elastic container register | Image registey
245
Ecs platforms
On ec2 Or Fargate Serverless
246
Steps to create docker on aws
Create a cluster Create image repo to hold on images Docker build -t, docker tag, docker push Create task definition Create service
247
Codebuild specfile
``` Buildspec.yml Format: Pre-build Build Post-build ``` Has to be in root
248
Can you update buildspec from codebuilt through aws website?
Yes, either buildspec.yml or on the insert console
249
If codebuild fails what shall we check?
Console and cloud watch
250
Can we Deploy docker through elasticbeanstalk?
Yes either one docker or multiple through cluster
251
What format of file is used for cloud formation and where the file is being saved?
Json and yml it grsts saved on s3
252
True or false: Aws to create resources based on cloud formation template calls apis
True
253
True or false: the result of cloud formation is called stack
True
254
What in a cloud formation file is mandatory
Resources
255
What’s the usage of transform in cloud formation
Using external scripts or s3 files
256
Output in cloud formation template
It’s for spitting out output for another stack
257
What’s the process of deleting a stack
Del stack through console and then del the s3 template file
258
What’s sam
Serverless application model - cloud formation for serverless Such as lambda, dynamo db, s3 and apis
259
How to build and deploy sam package?
Sam package to convert cloud formation yml file to Sam friendly format Sam deploy
260
What to add to cloud formation template to define Sam
Transform: aws::serverless-... Resources: Type: aws:: serverless::function Handler: index.handler holds the function
261
Nested stacks
Created stack from another stack | It allows reuse of cloudformation stack template
262
How can we reuse a cloud formation
Nested stack
263
True or false: | When we want to refer to an ec2 when creating a container, we have to use tags
True
264
Nested stacks template parts:
Templateurl: mandatory Timeout: by def no timeout. But timeout is for how long the cf wait until it stops. Notifications ARN: SNS Parameters: what needs to be passed to CF
265
By def, if cloud formation stack creating fails what happens and what are the options
Def: full Roll back | Keep until it’s created.
266
Nested stack indicator
Type: aws::cloudformation::stack
267
Cloudformation template parts
``` Version Description Metadata Parameter Transform Conditions Mapping Resources ```
268
What’s the index.handler on cloudformation templatefor Sam
It’s for the function for the serverless lambda functions
269
What is Web identity federation
Let user login with social media, then get a token and exchange the token with temp creds
270
What’s Cognito
Enables web identity federation for mobile app Syncs user dara between apps Acts as an identity broker Maps a token to an iam role User doesn’t need to keep the user pass locally
271
User pool and identity pool on cognito
User pool let’s user signup or sign in using social media | Identity pool let’s user exchange token with aws creds
272
How does cognito keeps the user data synced between different devices
By sending silent push notifications - sns
273
Different kinds of iam policies
Managed policies - not changeable, managed by aws, recommended policy, can be shared between users, roles and groups Customer policies - managed by customer Inpine policies- only for a single user, group or role. Once that’s deleted, the policy goes away
274
What is Assumerolewithidentity
It’s an api provided by STS (security token service) - it is used with web and creates temp token for signed in users Api returns ARN which can be used when referring ti temp creds, also creds that include access key id, security access key, expiration date and sec token
275
Cross account access
When you are one one account and want ti give access to another account - iam can be used
276
What’s the process on giving access to another user in another account
Create a policy and assign the policy to a role that can be used in another account In other account. Create a user, assign that user to a group. Add a new policy to let the group members use the role. Policy: assumerole
277
Cloudwatch
To watch cpu, disk (just the throughput not consumption) network and status check for ec2 instance
278
What’s the standard frequency of doing cloudwatch monitoring?
5 min, paid 1 min
279
How long cloudwatch log is retained?
Indefinitely unless you changed
280
Can we pull cloudwatch logs after deleting the resource
Yes
281
Dan we have alarms for cloudwatch
Yes, we can use sns to trigger lambda or send sms
282
Can cloudwatch be used on premises?
Yes it can. Ssm agent and cloudwatch agent are needed
283
How do you pull cloudwatch logs
Getmerticsstatistics api or other third party apis
284
Different between cloudwatch vs cloudtrail and config
Cloudwatch is for performance Cloudtrail is for monitoring api calls - who provisioned what... and config is for checking history of permissions and configs such as security groups- state of aws
285
Xxx is a sever error, what’s the first digit if the error is client error vs server error?
Server error starts with 5 while client starts with 4.
286
What’s max lambda timeout?
900 sec, 15 min
287
What tool shall you use if you want to figure which iam policies are granting too much access?
Iam policy simulator
288
What’s s3 replication
It’s for automatically and async copying object across aws s3 buckets. It can be on the same region or different region or even a different account You need to provide a destination bucket and iam role to write on the bucket ``` Versioning must be enabled You can replicate within the same storage class or a different storage class ```
289
What does sit in .ebextensions?
Custom variables
290
How to upload and deploy lambda code?
Zip and upload through lambda console Zip and put in s3 and have lambda download from there Copy and paste the code in the editor Write cloudformation template and deploy environment along with your code Lambda is not supported by beanstalk
291
Lambda can be triggered by async and sync. What services call that sync
``` Load balancer Cognito Lex Alexa Api gateway Cloudfront Kinesis ```
292
What if lambda code needs libs that aren’t standard and available
Make a deployment package of code and libs, upload in s3 bucket and then lambda or direct to lambda if less than 50 M
293
What is cloud9
It’s a cloud based integrated ide that let’s you write code and debug
294
What’s codestar
For code develop, build and delivery
295
Permissions for a lambda func connects to a resource in a vpc
- configure sec group allowing the lambda access the resource - giving exec permission role for letting lambda to create eni (elastic network interface) - setup lambda to connect to subnet used by ec2
296
What’s the best option for saving session data / session state?
Dynamo db and elasticache - it’s flexible. Ec2 is not scaleable for session data Lambda can’t save session state.
297
How to calc number of read writes for byte if i have RCU or WCU
Just multiply rcu to 4k and 2 * 4k for read and wcu to 1k
298
What’s the formula for wcu and rcu
Wcu = number of writes * size of item / 1 Rcu = number of reads / 2 (if eventual) * size of item / 4
299
Docker build and tag cmds
Docker push $repourl:latest | Docker build -t $repourl:latest .
300
What are web containers
Passenger, puma and tomcat
301
Elasticbeanstalk supports what languages
Java, node, pho... web containers and docker container with multiple config
302
What’s the way of rolling back for inplace code depoly
Redeploy the prev version of the code to the nodes
303
What service allows you to run applications without knowing the structure
Elasticbeanstalk
304
What service let’s you improve network availability and performance
Global accelerator
305
True or false: cloudfront lets you improve speed if you use it along with api gateway to assist with geo disprate calls
True
306
What’s iam policy simulator usage
You can test and troubleshoot iam and resiurce policies attached to them. You can test which actions are allowed or denied.
307
What’s NAT
Network address translation It’s for letting resources inside the vpc to access outside, at the same time it prevents the internet from accessing or connecting with instances inside
308
True or false: | What’s internet gateway
It provides direct access / connectivity to the public internet Thus it makes the subnet public
309
Basion host vs host
Bastation host allows inbound access to authorized ips and users NAT allows instances within vpc to go out to the internet
310
Nsg
Network security group allows or denies network traffic on port 1433
311
True or false: beat practice is creating rds db on provate subnet
True
312
True or false: cognito is used for multi device log in, handling their sessions and limiting the number of devices on streaming services
True
313
What’s cognito good for
Limiting the access by number of devices Logging kn and identifying the users Track when users access the site and their devices
314
Why it’s good to have ssl installed on load balancer
Because it removes complexity of installing on all instances and easier to remove or disable Removes the load off of ec2
315
How to stop ppl uploading unencrypted file to s3 bucket
Add policy to only allowput operations with x-amz-server-side-encryption
316
Tool to test if the policies work as expected
Iam simulator
317
What is sticky session
Saving sessions on the nodes locally. When load balancer receives the request it routes it to proper web server that already have active session It’s good because it sends the client back to the same web server. It’s bad because if node crashes, session gone. Bad also because if we want to expand, number of node, still load balancer sends the requests to the same old web servers. That makes load balancing unequally spreading the load.
318
What is distributed session management
Key value - in memory. Redis and memcache | Fast and scaleable. It adds network latency and cost are the drawbacks.
319
What’s the api to gain access to a resource
Sts: assumerole returns temp creds to access
320
How to decrease a website cost
Move to serverless is the most cost effective Scale in when not needed Adding cloudfront increases the cost
321
Who on Elastic beanstalk is responsible for applying patches and updates to platform
Aws
322
In beanstalk, application and data sec repressibility is on ?
Developer
323
On elasticbeanstalk. Responsibility for publishing platform policies abd retirement schedule is on
Aws
324
On elasticbeanstalk responsibility for any component that’s required by ur app and that you downloaded is on
You
325
If data us constantly saved on s3 and rds, what’s the most cost effective ec2 price modeling?
Spot
326
You deployed something on lamda, it went wrong, how would you roll back?
Remap PROD aliad to point to prev version of ur func
327
True or false: An ebs backed stopped and restarted without losing data
True
328
True or false: | Using sqs extended lib, you can create an s3 bucket and move messages there
False
329
What’s the sqs extended lib for
For adding msg tocs3, deleting, referencing, deciding if msg is 256k or not
330
Ways to optimize ebs
- increase throughout, through joining multiple volumes together in a RAID 0 - for hdd, make sure do it on low traffic time - make sure ec2 instances are optimizable for use with ebs
331
True or fskse: ami id is dependent on regions
True
332
True or false: tags are universal namespace
False
333
True or false: cloudformation stack can be used through different regions and different accounts
True
334
True or false: Ami roles are valid across your account
True
335
True or false: image in one region is not accessible in another region. U will have to copy. Id will change after copying
True
336
Amazon inspector
It does automatic security assessments and find loopholes in specific resources specific to ec2
337
True or false: config keeps track of environment changes based on the rules you define
True it’s a monitoring and governance tool
338
True or false: saving data in s3 and json is serverless but not fast
True
339
True or false: saving data on ec2 is not scaleable
True
340
True or false: saving data i dynamo db is fast, scaleable and key value
True
341
Fir greater scan and query flexibility you can creat up to how many local secondary indexes?
5
342
True or false: route 53 distributes traffic across region s
True
343
Different between application load balancer and classic load balancer?
Both support sticks session and layer 7 (http) laod balancing. The classic one doesn’t work as application aware lb. meaning, it can’t do routing If we have micro services we need to have routing. Then application lb is better.
344
True or false: rds cannot trigger lambda directly
True. It can send a msg to sns then sns can trigger lambda
345
True or false: s3 cannot trigger lambda
False. It can trigger lambda
346
True or false: cloudfront can trigger lambda
True
347
True or false: cloudfront can trigger lambda
True
348
True or false: cognito can trigger lambda
True
349
To do portioning when saving 33 bucket
Use a a random key before date. Or random key prefix
350
True or false: x ray is to find bottle necks of the app
True
351
To create an auto scaling group what’s needed
Iam permission - role to be able to create auto scaling group - create ec2 instances and we need a template with required AMI content.
352
How to manage access to api gateway
1- resource policies - to allow or deny access from a vpc, user or ip address to methods 2- aws iam role and policies - who can create and manage as well as who can invoke api or individual method 3- create and configure lambda authorizer - about who can invoke methods using tokens 4- cognito user pool - can create authentication and authorization solution for who can invoke the methods
353
How can we listen to http request using lambda
Useapi gateway and confit it with proxy integration with lambda function
354
What does api gateway lambda proxy integration do?
It lets a user to call a function from an api
355
True or false: | Subnet within a vpc can communicate with no extra routing required.
True
356
True or false: we don’t need public ip for subnet to communicate
True
357
True or false: | Security groups block all network traffic by default
True
358
True or false: mysql security groups not iam is responsible for controlling traffic
True -port 3306
359
Dead letter sqs
Holds onto problematic messages for the sake of debugging
360
When credentials need to be encrypted and rotated frequently the best practice is
Using iam role is good and they are based on sec tokens
361
Difference between optimistic conditional write vs pessimistic and which one is proper for dynamo
Pessimistic locks the row and table. Not supported by dynamo Optimistic, doesn’t lock. Only ready to make sure it hasn’t changed. It’s good along with conditional writing. Supported ny dunamo
362
True or false: | A sqs can subscribe for an sns topic
True
363
Athena
Serverless interactive query tool makes it easy to analyze data in S3
364
True or false: Elastic beanstalk is good for quickly developing environments including docker
True
365
Opswork
Config management tool - It’s good for when you have multiple stacks and you want to use config tools
366
To update a build file name or location for codebuild what to do
Change buildspec.app, update project or start build | Or update project would let you update the new location.
367
Where does the logs from lambda go
Cloudwatch and it’s already automated | You can see invocation errors too
368
Python writing into logs fir lambda
Stdout - stderr
369
Aws inspector
Assesses security if applications deployed on aws. It checks for exposure , vulnerability and best practices
370
What are Api stage variables oh http request
They are for having one api multiple stages
371
What’s dynamo accelerator
Dax - in memory cache for dynamo only
372
If you want to do blue green deployment what service to use
Code deploy and route 53
373
What’s thr verion of a file if it’s uploaded before versioning activated?
Null. Otherwise 1
374
S3 bucket permissions can be limited to a specific user from a website, how?
S3 bucket policy - get object permissions- referer key
375
True or false: ttl on dynamo db is not enable by def and can be assigned to any attribute with any name
True
376
When to use scan vs query on dynamo db
When you want all the rows use scan. It doesn’t matter if you want all the attributes- because projectionexpression does the job of filter columns.
377
Get item vs query vs batchgetitem
Getitem requires both partition key and sort key Query only requires partition key Batchgetitem allows you send multiple partion keys to a request
378
Lambda concurrency
Up to a 1000 lambda funcs can run concurrently. 900 of them can reserved to guarantee. In case some actions happens at the same time
379
In lambda there is autopublishalias what does that do?
It creates a new alias, creat a new version, point the alias to it and point all event sources to this alias. Good for fast switching
380
Dynamodbcrudpolicy
It’s an aws managed policy, better than full access
381
When to use dead letter queue with lambda
When lambda is overwhelmed and missing processing of data coming from stream
382
In order a lambda to be communicating with an rds in a vpc subnet, what do we need to have
We need to have a role / lambdavpcaccessexecution role

Aws Developer (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions