Notes Flashcards

Question

What are the 2 types of queues for SQS?

Answer 1

- Standard : Higher throughput, messages delivered at least once, best effort ordering - FIFO: Lower throughput, messages processed exactly once, guarantees order

Answer 2

The visibility timeout is the time it takes for a message to become visible again within the queue. If the consumer takes too long to process the data, then the message will become visible again and can be consumed again. The default is 30s and it can be set as high as 12 hours.

Answer 3

Delay seconds is the amount of time it takes for a message to become visible within the queue. The default is 0 seconds and it can be set as high as 15 minutes.

Answer 4

Long polling reduces the number of polls to the queue from the consumer. It does this by not responding to the consumer until a message is found or a set amount of time has passed.

Answer 5

- HVM (Hardware Virtual Machine): fully virtualized hardware and boot, best performance. - PV (Paravirtual) : uses a special boot loader that runs on hardware that doesn't have support for virtualization. Recommended for older generation instances.

Answer 6

https://169.254.169.254/latest/meta-data

Answer 7

Dedicated Hosts or Dedicated Instances

Answer 8

Dedicated hosts gives you additional visibility and control over the number of instances on your physical server which allows for the use of server bound licenses. Dedicated Instances are less configurable and don't allow added capacity.

Answer 9

An EBS volume is a block level storage devices that you can attach to a SINGLE ec2 instance. That can be used as primary storage for data that requires frequent updates such as storage for a database application.

Answer 10

AWS Snapshots. These are point in time, incremental backups of your data. Each snapshot saves the disk changes since the last snapshot.

Answer 11

False, a snapshot is only available in the region it was created and must be copied to another region before using it to create new volumes

Answer 12

Shut down your EC2 instance and detach the EBS volume. Then take a snapshot

Answer 13

Take a snapshot, encrypt the snapshot, and then create a volume using the encrypted snapshot.

Answer 14

AWS Container Service: This is a container management service that can be used to manage and deploy docker containers across clusters of EC2 instances.

Answer 15

AWS NoSQL database service

Answer 16

Dynamo DB performance is defined using read capacity units and write capacity units.

Answer 17

A read capacity unit means one strongly consistent read per second or two eventually consistent reads per second for up to 4KB in size.

Answer 18

A write capacity unit means one write per second for an item up to 1KB in size.

Answer 19

AWS analytics database. This is often used to do columnar operations on databases (ex. find total number of units sold across all stores). Redshift is commonly used with OLAP (online analytics processing)

Answer 20

- Oracle - Sql Server - MySQL - MariaDB - PostgreSQL - Amazon Aurora

Answer 21

Read Replicas

Answer 22

Eventual Consistency

Answer 23

- MySQL - MariaDB - PostgreSQL - Amazon Aurora

Answer 24

No, you have to create a new database that is encrypted and then manually copy over your data.

Answer 25

Use Multi-AZ deployment which will automatically route traffic to the replica upon failure.

Answer 26

Amazon's Virtual Private Cloud which allows you to create complex private networks in the cloud.

Answer 27

Cloudwatch is a service that allows you to collect metrics, logs, and monitor provisioned resources such as EC2 instances. You can also create dashboards and alerts around these metrics (stored for 15 months by default)

Answer 28

Amazons Simple Workflow Service allows you to define and run workflows with parallel or sequential steps. This is a push based system than can allow for manual (human) steps.

Answer 29

Organizations allow policy based managements for multiple aws accounts, creation of groups of accounts, and a centralized billing location for multiple accounts with consolidated billing.

Answer 30

Volume based pricing can reduce costs for large volumes of use.

Answer 31

Tags can be used for Cost Allocation and Conditional Access Control Policies which define permission based on tags

Answer 32

A collection of resources that share one or more tags

Answer 33

- Distribute the load (ELB) - Scale to absorb the attack (auto scaling) - Use CloudWatch to analyze expected traffic - Safeguard resources by using aliases to hide IPs - Use CloudFront geo restriction - NACLs

Answer 34

False. IAM roles are global

Answer 35

Recovery Time Objective: The time it takes after a disruption to restore a business process to its service level.

Answer 36

Recovery Point Objective: Acceptable amount of data loss measured in time before the disaster occurs

Answer 37

- Backup & Restore: Data is backed up and restored. Nothing is running in the meantime - Pilot light: Only minimal critical services while the rest are recreated and scaled - Warm Standby: Fully functional site with minimal configuration is available and can be scaled during recovery - Multi-site: Fully functional site with identical configuration is available and picks up the load

Answer 38

b) Cloudwatch

Answer 39

a) Kinesis

Answer 40

a) CloudFront

Answer 41

a) Snowball

Answer 42

c) Quick Sight - Quick Sight is a fast cloud powered business analytic service that makes it easy to build visualizations, perform analysis, and quickly get business insight from your data.

Answer 43

c) DMS - AWS Database Migration Service

Answer 44

d) Trusted Advisor

Answer 45

a) Networking Services

Answer 46

b) OpsWorks

Answer 47

WorkSpaces

Answer 48

Elastic Beanstalk automatically handles the deployment of your code -- from capacity provisioning, load balancing, auto-scaling to application health monitoring -- based on the code you upload to it, whereas CloudFormation is an automated provisioning engine designed to deploy entire cloud environments via a JSON script.

Answer 49

A distinct location within a geographic area designed to provide high availability to a specific geography.

Answer 50

b) Elastic Beanstalk

Answer 51

c) EMR - a service that makes it easy to process large amounts of data efficiently

Answer 52

c) Storage Gateway

Answer 53

d) Elastic Transcoder

Answer 54

b) Route53

Answer 55

Distinct locations from within an AWS region that are engineered to be isolated from failures.

Answer 56

c) CloudTrail - a service that enables governance, compliance, operational auditing, and risk auditing of you AWS account.

Answer 57

Access to all AWS services except the management of groups and users within IAM

Answer 58

Enact a strong password policy: user passwords must be changed every 45 days, with each password containing a combination of capital letters, lower case letters, numbers, and special symbols.

Answer 59

No access to any AWS services

Answer 60

A document that provides a formal statement of one or more permissions

Answer 61

- Cloudfront Origin Access Identity - CloudFront Signed URLs - CloudFront Signed Cookies

Answer 62

overwrite PUTS and DELETES

Answer 63

It is a virtual appliance that can be used to cache S3 locally at the customers site.

Answer 64

Remove the ability for images to be served publicly to the site and then use signed URLs with expiry dates.

Answer 65

a) S3 One Zone IA

Answer 66

b) and c) | Xen and Nitro

Answer 67

a) Your fleet of EC2 instances requires high network throughput and low latency within a single availability zone.

Answer 68

RAID, short for redundant array of independent disks, is a disk subsystem that stores your data across multiple disks to either increase the performance or provide fault tolerance to your system (some levels provide both).

Answer 69

False. The emphasis is if the snapshot is of a volume that is still registered.

Answer 70

b) Retrieve the instance metadata from http://169.254.169.254/latest/meta-data

Answer 71

a) Only if I specify that it should do so

Answer 72

Route 53: Geoproximity and Geolocation routing policies

Answer 73

True. This is done using Alias or "A" records as opposed to CNAMES which are not able to support naked domain names.

Answer 74

Failover Routing

Answer 75

Latency-based Routing

Answer 76

No, Multi AZ deployment only uses the secondary database in failover events

Answer 77

An interactive query service that makes it easy to analyze data in S3 using SQL commands.

Answer 78

A Bastion host allows you to securely administer via SSH or RDP an EC2 instance located in a private subnet.

Answer 79

Traffic between your VPC and the other service does not leave the Amazon network.

Answer 80

Network Access Control Lists

Answer 81

True, they automatically allow outbound traffic to an IP if the inbound traffic was allowed

Answer 82

False. All outbound traffic must be explicitly allowed.

Answer 83

A collection of related workflows

Answer 84

AWS Simple Email Service

Answer 85

a) Opsworks

Answer 86

d) Memory Usage The default metrics include things like: - CPU utilization - Disk Read/Write - Network In/Out

Answer 87

Versioning on

Answer 88

A system of transferring data over time from standard S3 to infrequently accessed (after 30 days) to Glacier (30 days after IA, if relevant)

Answer 89

- Web distribution : typically used for websites | - RTMP - Used for media streaming

Answer 90

- Standard - Snowball Edge: storage plus compute capabilities - Snowmobile: 100 Petabytes worth of storage

Answer 91

- On demand : pay by the hour - Spot : big a certain price and only turns on when the price is below that threshold - Reserved: reserve capacity for 12-36 months - Dedicated hosts: Typically used for licensing or regulations that don't allow for multi tenanted hardware.

Answer 92

``` F - Field Programmable Gate Array I - IOPS G - Graphics H - High Disk Throughput T - cheap general purpose D - Density R - RAM M - main choice for general purpose apps C - Compute P - Graphics (Pictures) X - Extreme Memory ```

Answer 93

Bootable: - General Purpose - SSD - Provisioned IOPS - SSD - Magnetic - cheap, infrequently accessed Not Bootable: - Throughput Optimized - HDD - Cold - HDD (less frequently accessed)

Answer 94

Instance Store Volumes can't be stopped

Answer 95

False, you only pay for what you use.

Answer 96

- Cluster Placement groups (also called placement groups) only in one availability zone - Spread Placement Groups: You have critical EC2 instances that you don't want on the same hardware.

Answer 97

A series of EC2 instances that make up an application. It's used to either decrease latency between instances or to spread out instances across different pieces of hardware.

Answer 98

- Simple Routing - Weighted Routing - Latency-based routing - Failover routing - Geolocation Routing - Geoproximity Routing - Multivalue Answer Routing

Answer 99

In Memory Caching of frequently accessed data in the web. Improves performance of web applications by allowing you to retrieve information from fast caches. Supports two open source engines: - Memcached - Redis

Answer 100

Nothing, aurora is self healing and continually scans data block and disks for errors which it repairs automatically.

Answer 101

Dynamo has push button scaling meaning that you can scale with no downtime RDS typically involves downtime by using a bigger instance or adding read replicas

Answer 102

- Single Node (160Gb) - Multi Node: Made up of leader node which manages client connections and queries and compute nodes which store data and perform the computations.

Answer 103

Disable Source/Destination Check By default the instance must be the source or destination of any traffic it sends or receives. However, a NAT instance must be able to send and receive traffic when the source or destination is not itself. Therefore, you must disable source/destination checks on the NAT instance.

Answer 104

False. A NAT instance must be in the public subnet so that it can route traffic FROM the private subnet to the internet.

Answer 105

A route out of the private subnet to the NAT instance

Answer 106

Increase the instance size

Answer 107

The preferred enterprise solution to giving private instances access to the internet. Unlike NAT instance they are automatically scalable, you don't have to patch, they aren't associated with a security group and they are automatically assigned a public ip address.

Answer 108

False, they evaluate sequentially. As soon as a rule matches traffic, it's applied regardless of any higher-numbered rule that may contradict it.

Answer 109

Logs that enable monitoring of all traffic across our elastic network interfaces

Answer 110

- Traffic from instances contacted Amazon's DNS server - Traffic generated by a windows instance - Traffic from the metadata IP - DHCP traffic - Traffic to the reserved IP address for the default VPC router

Answer 111

Create an S3 endpoint/gateway in your private subnet that can communicate with S3 without using the public internet.

Answer 112

- Workflow Starters: An application that initiates the workflow - Deciders: Control the flow of activity tasks in a workflow execution. Deciders choose what to do next - Activity Workers: Carry out the tasks (can be humans or programs)

Answer 113

- HTTP - HTTPS - Email - Email-JSON - SQS - Application - Lambda

Answer 114

- Kinesis Streams: Producers stream data to shards which pipe data to consumers (fleet of ec2 instances) - Kinesis Firehose: Doesn't store data and sends straight to s3. - Kinesis Analytics: sits on top of kinesis and allows you to do sql queries of data and process the data before it is sent to other applications.

Answer 115

An easy way to establish a dedicated network connection from your premises to AWS that doesn't go over the internet. This can reduce network costs, increase bandwidth throughput, and provide a more consistent network experience.

Answer 116

AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.

Answer 117

5 minutes and 1 minute

Answer 118

False, you can change the size of the volume even when it is attached to an instance.

Answer 119

Amazon EMR provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances. Users also have full admin access to the underlying hardware.

Answer 120

1. Subtract 32 with the mask number : (32 - 27) = 5 2. Raise the number 2 to the power of the answer in Step #1 : 2^ 5 = (2 * 2 * 2 * 2 * 2) = 32 The answer to Step #2 is the total number of IP addresses available in the given CIDR netmask. Don't forget that in AWS, the first 4 IP addresses and the last IP address in each subnet CIDR block are not available for you to use, and cannot be assigned to an instance.

Answer 121

/28 netmask and /16 netmask

Answer 122

S3, Redshift, Elasticsearch service, and splunk

Answer 123

Amazon DynamoDB Accelerator (DAX)

Answer 124

In Amazon Redshift, you use workload management (WLM) to define the number of query queues that are available, and how queries are routed to those queues for processing

Answer 125

1. A HTTP/HTTPS load balancer | 2. At least one healthy instance in each availability zone

Answer 126

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0.

Answer 127

A static IPv4 address designed fro dynamic cloud computing. The IP address is associated with your account and you can use it to mask a failure of an instance by rapidly remapping the address to another instance in your account.

Answer 128

False, though you are charged a small hourly fee for associated it with a stopped instance.

Answer 129

DynamoDB, since the application does not have complicated data relationships compared to enterprise web applications.

Answer 130

True. To make the subnet private you have to remove the route to the internet gateway.

Answer 131

It tells the decider the state of the workflow execution

Answer 132

Use expedited retrieval and purchase provisioned retrieval capacity.

Answer 133

A managed DDoS protection service that safeguards applications running on AWS.

Answer 134

This failover configuration when you want all of your resources to be available the majority of the time.

Answer 135

This failover configuration when you want a primary resources/group of resources to be available the majority of the time with secondary resources available in case the primary becomes unavailable.

Answer 136

S3 server access logging

Answer 137

False, they are returned to EC2 when the instances are stopped or terminated

Answer 138

``` Cost Optimization Performance Fault Tolerance Security Service Limits ```

Answer 139

A service that provides serverless orchestration for applications. It centrally manages a workflow by breaking it into multiple steps, adding flow logic, and tracking the inputs and outputs between steps.

Answer 140

False, you cant tag egress only internet gateways, VPC flow logs, VPC endpoints, and many others.

Answer 141

Amazon Resource Names. They uniquely identify AWS resources. They are required when you have to specify a resource unambiguously across all of AWS such as in IAM policies, RDS tags, and API calls.

Answer 142

Security Group

Answer 143

Nope, consider using SWF instead.

Answer 144

A service used to trace and analyze user requests as they travel through your Amazon API Gateway APIs to the underlying services. They give you an end to end view of your entire request.

Answer 145

It gets terminated. It can be set to stop or hibernate but not by default.

Answer 146

A service that uses SQL statements to filter the contents of S3 objects and retrieve subsets of the data you need.

Answer 147

Elasticache. You can manage HTTP session data from the web servers using an in memory key/value store

Answer 148

A fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics.

Answer 149

If its within the first hour you wont be charged anything and after the first hour you pay a prorated fee based on the time (ie 90 minutes at $0.04 an hour would cost $0.06)

Answer 150

- The availability zone with the most instances - The instance with the oldest launch configuration - The instance that is closest to the next billing hour

Answer 151

Aurora will attempt to create a new DB instance in the same availability zone and if it is unable to do so it will attempt to create one in a different availability zone.

Answer 152

It will flip the CNAME record to point to the healthy replica, which is promoted to become the new primary.

Answer 153

False, they can change at any time due to scaling or software updates so it is recommended that you use the DNS name and not the IP address.

Answer 154

Enable access logs on the application load balancer.

Answer 155

Sell it on the AWS Reserved Instance Marketplace

Answer 156

The minimum is 24 hours and the maximum is 1 week.

Answer 157

A service of Redshift that allows you to directly query open data formats stored in S3. This eliminates the need for unnecessary data movement.

Answer 158

A service that enables you to assess, audit, and evaluate the configurations of your AWS resources.

Answer 159

A service for older Windows instances that performs tasks during startup and each time you stop or start an instance. It can also perform tasks on demand.

Answer 160

A tool used for managing DB engine configuration for one or more DB instances.

Answer 161

A cloud-based hardware security module that enables you to easily generate and own your own encryption keys on the cloud.

Answer 162

A service that gives you visibility and control of your infrastructure. It provides a unified user interface so you can view operational data from multiple services and allows you to automate operational tasks across your resources.

Answer 163

A service of Systems Manager that lets you remotely and securely manage the configuration of your managed instances. This enables you to automate common administrative tasks and perform ad hoc configuration changes at scale.

Answer 164

A fully managed graph database service that makes it easy to build and run applications that run with highly connected datasets. An example use case for this service would be for social networking sites where users and actions are highly linked.

Answer 165

The instance will start normally with its data intact. A reboot only restarts the OS.

Answer 166

True. Brand new EBS volumes perform well as soon as they are created. However, if they are created from snapshots, reads will be slow the first time a block is read.

Answer 167

A role is something that a user, application or service can "assume" to receive temporary security credentials that provide access to a resource.

Answer 168

Provision more throughput than is required. You can now provision throughput independently from the amount of data stored.

Answer 169

Public Virtual Interface. It allows you to connect to all of your public AWS endpoints.

Answer 170

OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. These are automation platforms that allow you to use code to automate how servers are configured, deployed, and managed across your instances or on premise environments.

Answer 171

- Network Load Balancers make routing decisions at the transport layer (TCP/SSL) and can handle millions of requests per second. - Application Load Balancers make routing decisions at the application layer (HTTP/HTTPS), support path-based routing, and can route requests to one or more ports on each container instance. - Classic Load Balancers support both HTTP/HTTPS and TCP/SSL. They require a fixed relationship between the load balancer port and the instance port meaning instances cannot have different port routes than each other.

Answer 172

They can be in different availability zones and can be resized

Answer 173

Trust policies

Answer 174

It allows supported instance types to provide high-performance networking capabilities. It provides higher I/O performance and lower CPU utilization when compared to traditional virtualized network interfaces.

Answer 175

The Load Balancers targets which will be available to handle requests. Target groups can contain instances with any kind of characteristics.

Answer 176

TTL is the time to live in the cache for CloudFront, meaning that a resources will remain cached for the duration of the TTL before hitting the server again for the resource. High TTL times can cause lags to files that are updated frequently

Answer 177

A device is installed in the client on premise servers (customer gateway) that will connect to a device on the AWS side (Virtual Private Gateway) over the internet. This connection is authenticated on both side and encrypted to ensure a private connection. The connection is used to communicate privately between on premise resources and AWS resources.

Answer 178

Cross-zone load balancing. Without cross zone load balancing a load balancer will distribute the load at an availability zone record. So if you had 10 ec2 instances in one AZ and 3 instances in another, the 3 instances would get as much load as the 10 instances, without cross-zone load balancing.

Answer 179

Enable versioning on the file so the request will ask for the new version and not receive the old version.

Answer 180

CodeDeploy is a deployment service that automates application deployments to Amazon EC2 instances, on-premises instances, or serverless Lambda functions. It allows you to rapidly release new features, update Lambda function versions, avoid downtime during application deployment, and handle the complexity of updating your applications, without many of the risks associated with error-prone manual deployments.

Answer 181

There are no default credentials, you have to create them specifically.

Answer 182

Enable throttling limits

Answer 183

API calls to AWS services

Answer 184

True. This includes storage gateways and customer gateways used for hardware VPN connections.

Answer 185

Inbound and Outbound

Answer 186

An Elastic Network Interface that represents a network card. This can be used to add private or public IP addresses to an instance, as well as security groups and mac addresses

Answer 187

- Hot attach when the instance is running - Warm attach when the instance is stopped - Cold attach when the instance is being launched

Answer 188

Use AWS Data Lifecycle Manager

Answer 189

Primarily for mail servers

Answer 190

It is similar to an A record in that it makes an IP address to a DNS name, but AAAA is used for ipv6

Answer 191

Mapping an ipv4 address to a DNS name.

Answer 192

AWS Certificate Manager or IAM certificate store

Answer 193

Configure an inter region VPC peer between the VPCs and communicate using the private IP addresses

Answer 194

Internet Small Computer Systems Interface. It is an IP based storage networking standard for linking data storage facilities. Storage Gateway uses iSCSI to connect to on premise datacenters.

Answer 195

True, which makes them not resistant to AZ outages

Answer 196

Add a condition to the policies specifying the IP address registered for each user.

Answer 197

Port 22 for the request and a dynamic port for the response in the high ephemeral port range (1024-65535)

Answer 198

The S3 console

Answer 199

- ec2 instances - lambda functions - kinesis streams - ecs tasks - systems manager - sns topics - sqs queues - built in api calls like rebooting instances

Answer 200

False, they are attached at the VPC level and therefore are resilient to AZ outages

Answer 201

Simple AD is used when you require an inexpensive AD service running in AWS. AD connector is used when you want to connect an existing AD database to AWS

Answer 202

A managed ActiveMQ that involves topics and consumers. Similar to Apache Kafka consumers read messages off the topic. This is not a serverless architecture however like SQS and doesn't guarantee deliver of messages.

Answer 203

A serverless back end for mobile, web, and enterprise applications. AppSync manages data management takes like data access, data synchronization, and data manipulation across multiple sources. It uses GraphQL.