Practice Test #1 Flashcards
1
Q
For EFS on an EC2 instance, how many days since last access do you do you choose for your lifecycle policy to automatically move files to IA storage?
A
7 days since last access
2
Q
After cloud migration from on-prem, which are fully managed AWS services?
A
DynamoDB & RDS
3
Q
What would you use to provide a library of metabolism assessment functions to developers to share?
A
Lambda
4
Q
Company in NY needs S3 bucket in SF that is same of current prod S3 bucket. What 2 things should you configure?
A
S3 Bucket Versioning, Cross-Region Replication (requires the versioning!)
5
Q
What does Amazon S3 Glacier Vault Lock guarantee?
A
Non-rewriteable && non-erasable format (Write-Once-Read-Many)
6
Q
What service do you use to ensure that users in Europe are directed to this website. www.poopbutthole.com ?
A
Route53 - Geolocation routing allows you to use the location of users
7
Q
What two services does AWS Instance Scheduler help with?
A
RDS and EC2 Instances
8
Q
Need a highly available de-coupled web application. What 3 services should you use?
A
SQS, EC2, and Elastic Load Balancer
9
Q
In Change Controls, for S3 Eventual Consistency, what does updating ‘DelaySeconds’ attribute mean?
A
DelaySeconds = new message is added to a SQS queue, it will be hidden from consumers instances for fixed period.
10
Q
When are the messages hidden for a VisibilityTimeout in a SQS queue?
A
After it is consumed from the queue
11
Q
What is the minimum size of an S3 Object?
A
0 bytes
12
Q
What type of routing policy allows for multiple servers to be sent traffic randomly?
A
Multivalue Routing (basically Simple Routing - multiplied)
13
Q
Of RDS, DynamoDB, EC2, and S3, which ones need you to design redundancy into them?
A
EC2 & RDS
14
Q
What is RAID 0 vs RAID 1?
A
RAID is a configuration to use with a traditional bare metal server for EBS.
RAID 0 = for greater I/O performance with a single volume
RAID 1 = on-instance redundancy, mirror 2 volumes together
DO NOT BOOT FROM RAID VOLUME
15
Q
Is Elastic Load Balancer stateful?
A
YES BITCH
16
Q
What do you need to create a second copy of prod env in US-EAST-1 and copy needs to be in US-EAST-2 ?
A
Route53 Private Hosted Zone records, VPC, Security Groups
17
Q
Confidential data in S3 but need it available in different geographical location?
A
Enable Cross-Region Replication for the S3 bucket
18
Q
Oracle software license?
A
Dedicated Hosts
19
Q
A Multi-AZ RDS deployment will automatically fail-over as a result of what?
A
Loss of availability in primary AZ & Loss of network connectivity to Primary
20
Q
Is S3 Transfer Acceleration a HIPAA compliant program?
A
YES mam, also S3 TA won’t take more than a week
21
Q
What is proactive event-based scaling vs. cyclic scaling?
A
Cyclic scaling - occurs at a fixed interval
22
Q
What is supported by the Basic Support plan?
A
Service Limit Increase, Account and Billing Support (other is Technical Support only higher levels)
23
Q
What service allows you to store files as objects in Amazon S3?
A
AWS Storage Gateway
24
Q
How can you avoid error of max object size exceeded when uploading a HD video to S3 bucket?
A
Use Multipart Upload API to copy to S3
25
What service enables on-prem to use AWS storage?
AWS Storage Gateway
26
What service is serverless interactive query service to analyze data in S3?
Amazon Athena
27
Which port does Amazon EC2 throttle traffic to all EC2 instances?
Port 25
28
Which layers of DDoS attacks does AWS automatically address?
Layer 3 & Layer 4
29
What 2 things do you need to deploy code to the CLl?
Access Key and Secret Access Key in CLI config
30
If you don't want to use or maintain client-side encryption library, what S3 encryption option can you use to secure data at rest?
SSE-C - Customer controlled
31
What can you use to bypass existing web server for uploads to avoid increasing load on server?
Use Pre-Signed URLs to upload images
32
Requirement for applications to be separate on cloud, but need to exchange data and communicate with the on-prem data centers. What should you use?
Individual VPCs for each app with peering connections between them.
Shared VPC with Direct Connect to the on-prem
33
Application's load balancer will need to always be on same IP Address. Which config do you use for your Load Balancer?
Network Load Balancer in public subnet
34
What are the 3 types of server-side encryption for S3?
SSE-S3, SS3-C, SSE-KMS, or a client library like S3 Encryption Client
35
What can you use to connect your cloud resources to your own IPSec VPN connections?
VPC ya dumb bitch
36
Name the 4 types of EBS volumes and what you should use them for.
gp2 - General Purpose SSD - most workloads
io1 - Provisioned IOPS SSD - Databases
st1 - Throughput Optimized HDD - Big Data & Data Warehouses
sc1 - Cold HDD - File Servers
37
How many Read Replicas of a DB can you have?
5, and each RR will have its own DNS endpoint
38
What kind of storage and how many AZ does a DynamoDB have?
SSD storage && 3 geographically distinct data centers
39
What is an Eventually Consistent Read (DynamoDB)?
Default, consistency usually within a second! Best Read Performance
40
What is an Strongly Consistent Read (DynamoDB)?
Takes < 1 second
| Returns result that reflects all writes that received a successful response prior to read
41
Explain ElastiCache for Memcached and ElastiCache for Redis.
Memecached - scales horziontally, multi-threaded
| Redis - Advanced data types, pub/sub/ sorting, Multi-AZ & restore abilities
42
How is Multivalue Policy different than Simple Routing Policy in Route53?
Multivalue - puts health checks on each record set
| Simple Routing - one record with multiple iP addresses - random order
43
If you have a question on Route53 and it mentions subdomain, which Policy do you use?
C-name, but usually use Alias!
44
Explain the difference between Security Groups and Network ACLs.
Network ACLs - stateless - can block IP addresses (allow and deny rules)
Security Groups = stateful
45
What do you use to access a private subnet from a public subnet?
A Bastion host - SSH into the private subnet from the public subnet
46
What is the largest and smallest subnet Amazon allows in VPC?
```
Largest = /16
Smallest = /28
```
47
What comes with the default VPC?
- All subnets are internet accessible
- each EC2 instance has both public and private IP addresses
- get a NACL, Security Groups & Route Table
48
What is VPC peering?
using private IP addresses to connect VPCs together
49
Is there 1 subnet per 1 Availability Zone?
Yes, only 1 subnet for 1 AZ, but you can have multiple subnets in the same AZ
50
How many IP addresses are actually available in IPv4?
Only 251, Amazon reserves 5 IP addresses
51
Is there 1 Internet Gateway attached to one VPC?
Yes
52
What does a NAT Instance help you do & what is it always behind?
NAT Instance enables you to install software to a private subnet
- NEED to Disable Source/ Destination Check on Instance
- ALWAYS behind a Security Group
- If bottleneck, go up in size
53
What is a NAT Gateway and when do you use it?
NAT Gateway - NAT instance but redundant (scales automatically)
- use for Enterprise
- NO Security Group
- Spread across EC2 instances
54
NACLs are evaluated before Security Groups. True or False bish?
TRUE BISH
55
How many subnets do you need to provision an Elastic Load Balancer?
At least 2 public subnets
56
What do VPC Flow Logs do?
- capture information on the IP traffic going in and out of network interfaces on VPC
- can be stored in CloudWatch Logs
- can be created at VPC, Subnet, or Network Interface Level
57
What is a VPC Endpoint?
- Connects VPC to AWS services powered by PrivateLink (virtual devices)
- Traffic doesn't leave Amazon network
- Interface and Gateway endpoints
58
What are the two types of VPC Endpoints and what do they do?
ENI = Interface Endpoints - attach to an EC2 - work with private IP address to act as entry point for traffic
Gateway Endpoints - just like a NAT Gateway - supports S3 and DynamoDB
59
What is Egress-Only Internet Gateway?
Allows IPv6 within a VPC to access internet
60
Which Layers do Application, Network and Classic Load Balancers work on, respectively?
Application Load Balancer = works on Layer 7 & application aware
Network Load Balancer - extreme performance - Layer 4
Classic - Layer 7-specific features, x-forwarded, sticky sessions + Strict Layer 4
61
What does a X-forwarded-for header get? (Classic Load Balancer)
A user's public IPv4 address
62
How are instances monitored by ELBs reported as?
InService/OutOfService
63
What do you use for Disaster Recovery and for Performance?
```
Multi-AZ - DR
Read Replicas (Caching) - Performance
```
64
What are the JSON files that CloudFormation is based off of?
STACKS BITCH
65
What is AWS Quick Start?
Quick Start is a bunch of CloudFormation templates already built to create complex environments quickly
66
Can you use the secondary database as an independent read node if you have deployed an RDS database into Multi-AZ?
NO YA BOOB
67
Describe SQS vs SNS.
SQS - pull based - polling, messaging queue for web service - DECOUPLING
SNS - push-based, notifications to subscribers
68
How long can messages in a SQS queue be kept?
1 minute - 14 days, default retention is 4 days
69
In terms of SQS, what is the visibility timeout?
Time a message is invisible in the queue to the instance
- if message is processed before this amount, its deleted
- if you get duplicate messages, increase this time limit
- max value is 12 hours
70
For SWF (Simple Workflow Service), can a task be duplicated?
No, a task is assigned only once and is never duplicated
- SWF = coordination of tasks
- may have human component
- Actors, starters, deciders, activity workers
71
API Gateway is...
fully managed service to publish and manage API to scale access data or functionality from back-end services
- think LAMBDA
- FRONT DOOR to aws
72
What does CORS do?
- enables the browser to request a resource outside of the domain of the first resource
- use when js/ajax
- enable on Api Gateway
73
What do you enable if you see "Origin policy cannot be read at the remote resource."
CORS on the API Gateway
74
What is Amazon Kinesis?
helps you continuously stream media
| - can use Kinesis Analytics on both types of Kinesis flows
75
Explain Kinesis Streams
- Streams persistently store data 24hrs - 7 days
| - uses Shards to save data
76
Explain Kinesis Firehouse
- analyzes data immediately as it comes in
- no persistent storage
- best for Transforming and loading data into S3, data stores
77
What is always recommended for mobile apps in terms of sign up and sign in?
AWS Cognito, a Web Identity Federation Service
| - sign in/up w Facebook, google, etc via token exchange
78
What are the two different types of Cognito Pools?
Cognito User Pools = user directory - manages username, passwords and actual user sign in via JWT
Cognito Identity Pools = gives AWS credentials to services themselves (S3 or DynamoDB)
79
How does Lambda scale?
One request to one lambda function
80
What 2 factors does Lambda pricing depend on?
1. Amount of memory - Number of requests (first million are free)
2. Duration - how long function runs
81
Which service is an asynchronous (non-direct) trigger for Lambda and which cannot trigger Lambda?
Non-direct = S3
| Can't use trigger Lambda = RDS
82
What can you use to identity a Lambda?
ARN id
83
Name 3 services that super hyper-threading on one or more virtual CPUs.
EC2, ECS, Lambda
84
What is Amazon Lightsail?
Creates virtual private servers on the cloud
85
Are IAM Roles and Route53 global across a console?
Ya betch ur ass
86
DynamoDB uses parallel processing to have predictable performance and does so by utilizing these two things:
- SSD storage
| - partitioned across multiple nodes
87
Name 2 things that AWS provide when you are launching a new instance from a copied AMI
- Launch permissions
- user-defined tags
- S3 bucket permissions from source AMI to new AMI
88
What metric does CloudWatch NOT have? (What metric do you need to make custom to track with CloudWatch)
Memory Usage
89
Explain Virtual Style, Path Style, Legacy Global, and Static Hosting Style Path naming conventions.
Virtual = bucketname.s3.region
Path = s3-bucket_name.region
Global - no region
Static = given DNS name.s3.region
90
What are the default rates for logging metrics in CloudWatch for an EC2 instance?
every 5 minutes default,
| every 1 minute detailed
91
Do you need to make DynamoDB MultiAZ (no the answer is no, its regional)
No its Regional service (better for stateless)
92
Which Storage Gateway Configuration would you use to store files on AWS with low-latency?
- File Gateways
| - Gateway-Cached
93
What is Amazon Workspaces?
Serves virtual cloud-based desktop sessions to your desktop/laptop users (windows or linux)
- Browser can be used from WorkSpaces to access web servers & use a NAT Gateway because traffic is initiated from the laptop itself
- provides creating an authentication directory and an ENI for each session inherently
94
Which two services allows you root-level access to underling OS?
EMR and EC2 (hEE heEEE)
| - can SSH to access the OS
95
Can you enable hibernation on an existing instance? Ex. to re-use it later?
NO, Hibernation can be enabled only at instance launch and not when running or stopped
96
Is encrypting an existing RDS DB instance currently supported? Will an outage be required?
NO! You have to create a new DB instance with encryption enabled and manually migrate your data into.
And yes, an outage will be required
97
How do you reduce the number of empty responses in terms of SQS ?
Use long polling by setting "RecieveMessageWaitTimeSeconds" > 0
98
What should you use to upload files that are greater than 100 Mb ?
Multipart Upload! Its required for files 5 GB and larger
99
List the two ways RDS provides to back up and restore DB instances:
1. Automatic Backups
| 2. database snapshots
100
How do you encrypt data on S3 at rest?
- Enable Server Side Encryption on bucket - automatically apply AES-256 encryption
- Encrypt data locally using encryption keys and transfer encrypted data to S3
101
What 2 fucking things do you need to SSH into the EC2 instance?
Access Key and Secret Access Key in the CLI configuration
102
What is AWS Firewall Manager?
Service to mange firewall rules across accounts in AWS Organizations. Manager must be Administrator account
103
Can you peer two VPCs with overlapping CIDR ranges assigned?
Absu-fucking-lootly not ya ASS HOLE
104
Does Route53 support DNSSEC or DNSKEY? Hmm hmn does it?
NO YOU FUCKING IDIOT
105
How many Elastic IP addresses can you have in a region?
5
106
What happens when an EC2 instance with an Elastic IP is stope and restarted?
1. Lose all instance store data
| 2. underlying host for the instance may be changed
107
Elastic IP Addresses CANNOT be used with ELB, ALB or RDS. True or False
TRUE RTURURUUEUUEE
108
Perfect Forward Secrecy is used to offer SSL/TLS cipher suites for which 2 services?
CloudFront and Elastic Load Balancing
109
Using Classic Load Balancer, you need to secure application to allow many domains to serve SSL traffic on same IP address.
1. Make SSL certificate in AWS Certificate manager
2. Create CloudFront web distribution
3. Link certificate to distribution and enable SNI (Server Name Indication)
110
What events will make an Multi-AZ RDS automatically failover to the standby replica?
Loss of availability in primary AZ && Storage failure on primary DB
111
What happens when all primary resources are unhealthy?
Route53 will include only healthy secondary resources in response to DNS queries
112
What types of data would you want to store in EFS storage?
Big Data analytics, enterprise applications, database backups, developer tools, container storage
113
What 2 requirements must be met to integrate an standard S3 bucket and web domain name registered with Route53?
S3 bucket name must == domain name
| Registered domain name
114
What do you need to log into an EC2 instance?
Key pairs
115
Which EBS storage class for large, sequential I/O operations?
sc1 = Cold HDD
116
What is the unique Amazon Cognito Identifier that ti returns as a temporary, limited-privilege credential?
Cognito ID
117
What are the 3 services that are destinations for S3 to publish events when enabling notifications?
Lambda, SQS, SNS
