New Course Flashcards Preview

AWS Solutions Architect > New Course > Flashcards

Flashcards in New Course Deck (39)
Loading flashcards...
1
Q

What is an IAM Role?

A

A permission/policy assigned to another AWS resource

2
Q

What is an IAM User?

A

An end user, usually an employee

3
Q

What is an IAM Group?

A

A collection of users. Each user will inherit the permissions assigned to the group.

4
Q

What is an IAM Policy?

A

A JSON document detailing what permissions a User/Group/Role has for specific services.

5
Q

Is S3 Block Based or Object Based?

A

Object Based

6
Q

What is a good way to prevent deleting objects from S3?

A

Enable Multi Factor Auth Delete in S3

7
Q

What is S3 Intelligent Tiering?

A

The latest Storage Tier, using Machine Learning to move your data around depending on access frequency.

8
Q

What is S3 Glacier Deep Archive?

A

The lowest cost data archival with 12 hour retrieval time

9
Q

What are the 6 services S3 charges for?

A
Storage
Requests
Storage Management
Data Transfer
Transfer Acceleration
Cross Region Replication
10
Q

What is Reduced Redundancy Storage known as?

A

S3 One Zone IA

11
Q

What is the default security setting for new S3 buckets?

A

New buckets are private

12
Q

In S3, what level do Access Control Lists operate at?

A

The object level. Bucket level uses Bucket Policies

13
Q

Are Cloudfront Edge locations Read Only?

A

No, you can write to them

14
Q

Can I clear the Cloudfront edge location cache?

A

Yes but you will be charged.

15
Q

What is Storage Gateway?

A

It is an AWS virtual/physical device that will replicate your data into AWS and can be used to cache S3 locally at a customers site.

16
Q

What are the 3 type of Storage Gateway?

A

File Gateway
Volume Gateway
Tape Gateway

17
Q

What is a Convertable Instance?

A

Allows you to change the instance type of the reserved instance.

18
Q

What are the API names for the 5 EBS types?

A
General Purpose SDD - gp2
Provisioned IOPS SSD - io1
Throughput Optimized HDD - st1 
Cold HDD - sc1
EBS Magnetic - Standard
19
Q

What are the use cases for the 5 EBS types?

A
General Purpose SDD - Most Workloads
Provisioned IOPS SSD - Databases
Throughput Optimized HDD - Big Data Warehouses
Cold HDD - File Servers
EBS Magnetic - Infrequently accessed
20
Q

What does OLTP stand for?

A

Online transaction processing

21
Q

What does OLAP stand for?

A

Online analytical processing?

22
Q

What is Elasticache used for?

A

To speed up performance of existing databases for frequent identical queries

23
Q

What is the data consistency model in DynamoDB?

A

Eventual Consistent Reads by default

Strong consistency for less than 1 second

24
Q

How does Aurora store your data?

A

2 copies of data in each availability zone, with a minimum of 3 availability zones. 6 copies

25
Q

What is the difference between an Alias Record and a CNAME?

A

An Alias Record will point a naked domain, www.example.com, to an EC2 instance. A CNAME will point an AWS resource to another. Always choose Alias Record.

26
Q

What is Geoproximity Routing Policy?

A

It allows you to route traffic based on the geolocation of your users AND your resources

27
Q

For High Availability, would you choose a Nat Instance or a NAt Gateway?

A

Nat Gateway

28
Q

What happens if you do not explicitly associate a subnet with a Network ACL?

A

It is automatically associated with the default ACL

29
Q

What is the basic requirement when creating an ALB?

A

At least 2 public subnets

30
Q

What is a VPC Flow Log?

A

A feature that allows you to capture IP traffic that goes to and from network interfaces in your VPC

31
Q

What is a VPC Endpoint?

A

Allows you to connect your VPC to supported AWS services without leaving the AWS network.

32
Q

What is scaling out?

A

When we use auto-scaling groups and add extra ec2 instances

33
Q

What is scaling up?

A

When we increase the resources inside the ec2 instances, like t2.micro to m1.large

34
Q

Life-cycle management and Infrequent Access storage is available for what services?

A

S3 and EFS

35
Q

How can you set up a solution that incorporates single sign-on feature from your corporate AD or LDAP directory and also restricts access for each individual user to a designated user folder in an S3 bucket?

A
  • Setup a Federation proxy or Identity provider, and use AWS STS to generate temporary tokens.
  • Configure an IAM Role and an IAM Policy to access the bucket
36
Q

How can you monitor all the COPY and UNLOAD traffic of your Redshift cluster that moves in and out of your VPC?

A

Enable Enhanced VPC routing on your Amazon Redshift cluster

37
Q

Which steps would you take to apply high availability and fault tolerance to an application which requires a static IP address hard-coded into the backend, preventing use of an ALB?

A
  • Assign an Elastic IP address to the instance.
  • Write a script that checks the health of the EC2 instance. If the health check fails, the script will switch the elastic IP to a stand-by instance.
38
Q

Images stored in S3 are being distributed using Cloudfront. Paid users have access to certain images. how do you restrict access to these users without changing the current urls?

A
  • Use Signed Cookies to control who can access the private files.
  • For paid members, send the “Set-Cookie” header to the viewer which will unlock for them.
39
Q

What service would you use if your database should be highly available and provides you with full control over its underlying operating system?

A

EC2 instances with data replication between 2 different AZs