Questions Flashcards
1
Q
AWS service encryption enabled by default
A
CloudTrail Logs
2
Q
AWS Region as minimum how many AZs
A
3
3
Q
AZs have minimum how many Data Centres
A
1
4
Q
Fault Tolerance is achieved by Scale Up or Scale Out
A
Scale Out
5
Q
Three best practice areas for Reliability in the cloud
A
Foundations(AWS Config - monitors and records your AWS resource configurations),
Change Management(AWS CloudTrail, account activity),
Failure Management(CloudWatch - built for DevOps engineers, developers, site reliability engineers (SREs), and IT managers for monitoring applications and performance)
6
Q
AWS Trusted Advisor
A
Provision your resources following AWS best practices
Cost optimization, security, fault tolerance, service limits, and performance improvement (CSSPF)
7
Q
Amazon GuardDuty
A
Threat detection service that monitors malicious activity and unauthorized behavior
8
Q
Amazon Inspector
A
Security Assessment - Assesses applications for exposure, vulnerabilities, and deviations from best practices
9
Q
AWS CloudWatch
A
For devops engineers
10
Q
AWS CloudTrail
A
For organization for governance,compliance and audit of AWS accounts
11
Q
AWS Basic Support
A
Access to the core Trusted Advisor checks
AWS Health Dashboard
12
Q
AWS Developer Support
A
Email-based technical support during business hours
Access to the core Trusted Advisor checks from Service Quota and basic Security checks
13
Q
AWS Enterprise
A
Customers with concierge-like service
24x7 technical support from high-quality engineers
Designated Technical Account Manager
14
Q
AWS Enterprise On-Ramp Support
A
Expert guidance to grow and optimize in the Cloud
Business Critical downtime < 30 mins
15
Q
AWS Business Support
A
24x7 phone, email and chat access to technical support
Business Critical downtime < 15 mins
16
Q
What provides protection at Amazon API Gateway, Amazon CloudFront or an Application Load Balancer
A
AWS WAF
17
Q
What provides protection at Network layer and Transport layers
A
AWS Sheild
18
Q
Receive alerts when the reservation utilization falls
A
AWS Budgets
19
Q
Allows marketers and developers to deliver customer-centric engagement experiences
A
Amazon Pinpoint
20
Q
Active-active configuration across regions using Managed NoSQL DB
A
Amazon DynamoDB with global tables
21
Q
AWS Partner Network (APN)
A
Global partner program for technology and consulting businesses
22
Q
AWS Systems Manager
A
Gives you visibility and control of your infrastructure on AWS
Unified user interface so you can view operational data from multiple AWS services
Enables to running commands, managing patches, and configuring servers across AWS Cloud as well as on-premises
23
Q
Estimate Cost
A
AWS Pricing Calculator
24
Q
Comprehensive cost report while running AWS services
A
AWS Cost and Usage report
25
High level cost report while running AWS services with historical data
AWS Cost Explorer
26
Set alert for cost and usage(utilization) limits
AWS Budgets
27
Dedicated Host vs Instance
BYOL(Bring your own license, like server-bound software licenses) is supported in dedicated host only
Allows to consistently deploy your instance to the same physical server is supported in dedicated host only
28
AWS encryption SDK
Client-side encryption library that is separate from the language–specific SDKs
29
SSE-S3 vs SSE-KMS
SSE-S3 = Server-side encryption with Amazon S3-Managed Keys (free)
SSE-KMS = Server-side encryption with AWS KMS keys (additional charges and has audit trail)
30
Encryption is enabled by default for all the objects written to Amazon S3. True or False?
True
31
Geolocation vs Geoproximity routing policy
Route traffic base on user location vs location of your resources
32
Multivalue answer routing
Upto 8 healthy records
33
In most cases there is no charge for inbound data transfer or data transfer between other AWS services within the same region. True or False?
True
34
AWS Endpoint vs AWS PrivateLink
At consumer level vs at service provider level. Both work together to provide private connection to AWS services within AWS.
However AWS PrivateLink also provides private connection of AWS services to on-premises applications
35
AWS site to site VPN vs Direct Connect
Connect on premise to AWS services over public internet
Vs
Connect on premise to AWS services over private network
36
CAF - Business perspective what are the roles?
CEO, CFO, COO, CIO, and CTO
Cloud investments accelerate your digital transformation
37
CAF - People perspective what are the roles?
CIO, COO, CTO, cloud director, and cross-functional and enterprise-wide leaders
(cross-functional and enterprise-wide leaders)
Bridge between technology and business
38
CAF - Governance perspective what are the roles?
CIO, CTO, CFO, CDO, and CRO
(CDO and CRO)
Orchestrate your cloud initiatives while maximizing organizational benefits and minimizing transformation-related risks
39
CAF - Platform perspective what are the roles?
CTO, technology leaders, architects, and engineers
(architects, and engineers)
Build an enterprise-grade, scalable, hybrid cloud platform
40
CAF - Security perspective what are the roles?
CISO, CCO, internal audit leaders, and security architects and engineers
(CISO, CCO)
Achieve the confidentiality, integrity, and availability of your data and cloud workloads
41
CAF - Operations perspective what are the roles?
infrastructure and operations leaders, site reliability engineers, and information technology service managers
(site reliability engineers and IT service managers )
Ensure that your cloud services are delivered at a level that meets the needs of your business
42
Cloud Transformation
Journey
Envision(demonstrating) ->Align(gap analysis)->Launch(delivering pilot)->Scale(expanding pilots)
(EALS)
43
"No upfront payment option with the standard 1-year term"
"All upfront payment option with the standard 1-year term"
"No upfront payment option with the standard 3-years term"
"Partial upfront payment option with the standard 3-years term"
What is % saving in each?
36%
40%
56%
59%
44
AWS SQS and SNS
Used to decouple and scale microservices, distributed systems, and serverless applications
45
AWS Step Functions
Coordinate multiple AWS services into serverless workflows
46
AWS Glue
ETL service
47
VPC Endpoint - Types
Interface(IP based AWS S3 and Others) and Gateway(Route table based supported by AWS S3 and DynamoDB)
48
SG has both Allow and Deny rules. True or False?
False, only Allow
49
NAT ACL has both Allow and Deny rules. True or False?
True
50
NAT ACL works at?
Subnet level. Its stateless
51
Security Group works at?
Instance(VPC) level
52
NAT Gateway/Instances
Allow private subnet instaces to connect to internet or other AWS Services and restrict inbout internet traffic into subnet
53
Services that have reservations to optimize cost
EC2, DocumentDB, RDS, ElastiCache reserved nodes and RedShift
54
PaaS example
EBS
55
IaaS example
EC2
56
SaaS
AWS Rekognition
57
AWS EMR
Bigdata
58
AWS Elastic Bean Stock
Deploying and scaling web applications and services
59
High-performance hardware disks that provide fast I/O performance
Instance Store
60
Object storage service
AWS S3
61
High-performance block storage service
Elastic Block Storage
62
Elastic NFS file system
EFS
63
Amazon Standard S3 IA vs Intelligent Tiering
Similar except IT is more expensive
64
OS vulnerabilities
AWS Inspector
65
PII
AWS Macie
66
Threat Detection
AWS GuardDuty
67
DDoS
AWS Shield
68
Architectural guidance contextual to your specific use-cases. Which support?
Business
69
Architectural guidance contextual to your application. Which support?
Enterprise
70
Architectural guidance contextual to your application (one per year). Which support?
Enterprise on-Ramp up
71
General architectural guidance as you build and test. Which support?
Developer
72
Amazon API Gateway
For developers to create, publish, maintain, monitor, and secure APIs at any scale
73
AWS Shield Advanced on which services?
EC2, ELB, CloudFront, Route53, Global Accelerator
74
Amazon OpenSearch Service
interactive log analytics, real-time application monitoring, website search.
Derived from Elasticsearch
75
Amazon S3 vs EFS
S3 does not support file append like EFS
76
AWS Compute Optimzer for which AWS services
EC2, ASGs, EBS and Lambda Functions
77
AWS Neptune
Build and run graph applications
78
6 Pillars
Operational Excellence - Focuses on running and monitoring systems, and continually improving processes and procedures
- Ops as Code, Anticipate and Learn from failure, Use managed services
Performance Efficiency - Focuses on structured and streamlined allocation of IT and computing resources
-Go global in mins, use adv technologies, serverless
Reliability - Focuses on workloads performing their intended functions and how to recover quickly from failure to meet demands
-Stop guessing capacity, Recovery from failure, scale out, manage change through automation
Cost Optimization - Focuses on avoiding unnecessary costs
Security - Focuses on protecting information and systems
Sustainability - Focuses on minimizing the environmental impacts of running cloud workloads
79
AWS Region is differnt from location - True or False?
False
80
AWS AZs vs Local Zones
AZs are isolated locations within a region will all AWS services
Local Zones are an extension of a region, providing low-latency services to specific geographic areas, enhancing availability beyond traditional regions. They provide more services than edge locations but less than a region or AZ
81
For connecting On premise DC to VPC on AWS, what are the options?
1. AWS Direct connect
2. Transit Gateway
3. Site-to-Site VPN
82
AWS Private Link vs VPC Peering
AWS private link allows connecting to AWS services or services in other VPCs privately like a local netowork bypassing the public Internet. If a VPC Endpoint is added to the your VPC then using private link the other VPCs can also use the services of your VPC. Common use cases are Accessing AWS Services, Third-Party Integrations, Multi-account Connectivity
VPC Peering enables connectivity between two VPCs within the same AWS region or across different regions. It allows instances in one VPC to communicate directly with instances in another VPC using private IP addresses. Common use cases Multi-tier Applications, shared services such as logging, monitoring, or security, Disaster Recovery
83
Support Plans
Developer Business Enterprise-on-ramp Enterprise
<12 hrs < 1hr <30 mins <15 mins
- - TAMs 1 TAM
Business 24/7 24/7 24/7
hours email
access
- AWS Sup API AWS Sup API AWS Sup API
Incident detection for
additional fee
AWS Managed Srvs AWS Managed Srvs
for additional fee for additional fee
re:Post:Private re:Post:Private
for additional fee for additional fee
Access to Access to architectural
architectural reviews
reviews
84
MFA devices
1. U2F security key - Plug into a USB port on your computer. Authenticated by tapping the device instead of manually entering a code
2. Virtual Multi-Factor Authentication (AWS MFA) device - Software app that runs on a phone or other device and emulates a physical device. Authenticated by typing a valid code from the device
3. Hardware Multi-Factor Authentication (AWS MFA) device - Hardware device that generates a six-digit numeric code. Authenticated by typing a valid code from the device
4. SMS text message-based Multi-Factor Authentication (AWS MFA) - IAM user settings include the phone number of the user's SMS-compatible mobile device. Authenticated by OTP
85
Disaster Recovery Plans
Automated backups - Same region (Recovery Time Objective is lowest)
Manual snapshots - Cross region (Recovery Point Objective is lowest)
Read replicas - Cross region
86
Amazon EC2 instance user data and metadata
Bootstrap script or configuration parameters while launching your instance
Metadata is data about your instance that you can use to manage the instance
87
AWS Global Accelarators connect to what?
Network Load Balances(non HTTP traffic), Application Load Balances and EC2
88
S3 pricing
There are four cost components to consider for S3 pricing –
storage pricing;
request and data retrieval pricing;
data transfer and transfer acceleration pricing;
and data management features pricing.
Under "Data Transfer", You pay for all bandwidth into and out of Amazon S3, except for the following:
(1) Data transferred in from the internet,
(2) Data transferred out to an Amazon Elastic Compute Cloud (Amazon EC2) instance, when the instance is in the same AWS Region as the S3 bucket,
(3) Data transferred out to Amazon CloudFront (CloudFront).
89
AWS Web Application Firewall (AWS WAF) lets you monitor the HTTP and HTTPS requests that are forwarded to....
1. Application Load Balancer
2. Amazon CloudFront
3. Amazon API Gateway
90
Billing alarms
CloudWatch
91
AWS Shield Advanced provides protection for the following AWS Services
1. EC2,
2. Elastic Load Balances,
3. Amazon CloudFront,
4. Amazon Route 53,
5. AWS Global Accelerator
92
Which of the following is available across all AWS Support plans
AWS Health Dashboard – Your account health
93
Which of the following AWS services offers Lifecycle configuration for cost-optimal storage
S3
94
GeoLocation Vs Geoproximity routing policy Vs Latency?
GeoLocation - Proximity to user's location
GeoProximity - Proximity to resource's location
Latency - Proximity to region
95
TCO Vs Pricing Calculator
TCO Calculator: Estimates the total cost of moving resources from on-premises to Cloud, considering various factors like infrastructure, maintenance, and migration costs
Pricing Calculator: A tool for calculating the costs of running specific workloads on Azure or AWS, providing detailed estimates based on resource configurations
TCO Calculator: Focuses on the broader picture, encompassing overall expenses related to migration and ongoing operations.
Pricing Calculator: Provides granular insights into the costs associated with specific resources, facilitating budgeting and cost optimization
96
Which one allows to bid for unused instanced by other users?
SPOT
97
Key components of S3 Glacier
1. Access Policy
2. Archive
3. Vault
98
Predictable monthly cost - EC2 or LightSail?
LisghtSail
99
Minimum AZs per region
3
100
Routing algorithm for ALB
ALB selects target based on the routing rule then selects node using round robin strategy
The classic ALB using round robin for TCP listners only
101
Bucket Policies and ACLs wrt to S3
Bucket Policies control access to entire bucket and ACLs to individual object within the bucket
102
URL structure of S3
https../
103
iAM user access options
Programmatic access using command line
SDK access
Management concole access
104
Amazon Glacier components
Archive, Vault(Groups of archives) and Access Policies(to control access to objects within archive and vaults)
105
Identity Federation
Users can access AWS services using their Facebook, Google, Instagram or Active Directory credentials
1. Federation with IAM Identity Center
2. Federation with IAM
3. Federation with Amazon Cognito identity pools
106
Database migration services
Can migrate to and from AWS and on-premise
Can migrate fro EC2 to RDS
Can migrate to Redshift and DynamoDB
107
VPC Peering some facts
It can happen across regions and between different AWS accounts
It also used to store data for fault tolerance, DR and redundnacy
Traffic between different regions is encrypted by default but not encrypted by defualt within same region
108
Encryption at Rest
By Customer, By S3, By KMS
Monitoring capability is with KMS only after intergrating with CloudTrail
109
TCO
Recommendations on resource types based on operational best practices best practices and user inputs
110
Macie facts
Discover, classify and protect
1. It reads through user data and identify sensitive info using AI, ML and NLU
2. It can't prevent the unauthroized access to the information but can alert the admin using CloudTraril
3. Its not a fully managed service but needs to be configured
111
DataSync
Transfer from on-premise to AWS storage services
Between AWS storage services
Between public clouds to AWS storage services
Its for continuous synching vs DMS which is for Database migration only
112
OS Patch management, whoes responsibility?
EC2 - Customer
DynamoDB - AWS
113
Athena some facts
Serverless query service
Interactive query service that makes it easy to analyze unstructured, semi-structured, and structured data stored in Amazon S3 directly in Amazon Simple Storage Service (Amazon S3) using standard SQL
Compatible with CSV, JSON, AVRO or columnar data formats such as Apache Parquet and Apache ORC,
114
DynamoDB Backups, who configures and who takes backup?
Customer configures and AWS takes backups
115
AppSync
Simplify application development with GraphQL APIs by providing a single endpoint to securely query or update data from multiple databases, microservices, and APIs
Consolidate data from multiple databases, APIs, and microservices in a single network call, from a single endpoint, abstracting backend complexity
116
Amplify
Facilitate the development and deployment of web and mobile applications. Quickly build full-stack applications
117
Security Hub
AWS Security Hub provides you with a comprehensive view of your security state in AWS and helps you assess your AWS environment against security industry standards and best practices
118
AWS Firewall Manager
Simplifies your administration and maintenance tasks across multiple accounts and resources for a variety of protections, including AWS WAF, AWS Shield Advanced, Amazon VPC security groups, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall. It does not work with Network ACLs
Security Hub collects security data across AWS accounts, AWS services, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues
119
SCPs
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.
Not enabled by default
SCPs offer central control over the maximum available permissions for all accounts in your organization. SCPs help you to ensure your accounts stay within your organization’s access control guidelines
SCPs alone are not sufficient in granting permissions to the accounts in your organization. No permissions are granted by an SCP. An SCP defines a guardrail, or sets limits, on the actions that the account's administrator can delegate to the IAM users and roles in the affected accounts.
The administrator must still attach identity-based or resource-based policies to IAM users or roles, or to the resources in your accounts to actually grant permissions.
The effective permissions are the logical intersection between what is allowed by the SCP and what is allowed by the IAM and resource-based policies
120
If an instance store reboots, does the data in the instance persist?
Yes
121
Which tool lets you visualise and manage your AWS costs?
AWS Cost Explorer
122
Containers are an essential concept in microservice architectures.
True
123
Which AWS service reduces network latency?
CloudFront
124
Which Amazon S3 storage class has the lowest cost?
S3 Glacier Deep Archive
125
What are Edge Locations?
Data centers that deliver data fast to the users
126
Which perspective of the AWS Cloud Adoption Framework focuses on minimizing the business risks?
Governance Perspective
127
Which AWS service helps you build text chatbots?
Amazon Lex
128
AWS Elastic Block Store Snapshot is:
Incremental data backup
129
What is Service Quotas in AWS?
Quotas, also referred to as limits in AWS services, are the maximum values for the resources, actions, and items in your AWS account
130
Scope of VPC
A VPC can span all Availability Zones within an AWS Region
131
AWS Resource Explorer
Facilitates resource search and discovery within AWS accounts
132
AWS Knowledge Center
Available through AWS re:Post, offers official articles and videos addressing common questions and requests from AWS customers
133
AWS CloudShell
Browser-based shell provided by Amazon Web Services (AWS) that allows users to run scripts with the AWS Command Line Interface (CLI) and experiment with service APIs
133
Individual Amazon S3 objects range?
0 to 5TB
134
Route table components
Destination (IP address CIDR range) = The destination IPs to which the instances in the VPC is sending traffic to. It value is 0.0.0.0/0 for IPv4 and ::/0 for IPv6
Target (local or gateway ID or network instance) = The gateway/NAT through which the traffic should pass for the list of IPs
135
AWS Tape Gateway
You can use it to directly connect to your tape drive on premise and using AWS Storage Gateway backup the data on Amazon S3 Tape Library w/o any code changes
136
Securing EC2
1. SSH (IP is public and key stored on accessing machine)
2. EC2 in private subnet, which talks to bastion host on public subnet which inturn talks to user over internet (key stored on accessing machine)
3. Add MFA on access
4. SSM (No need of bastion host. EC2 in private subnet with access to internet using NAT or VPC endpoint)
137
Encryption of Data at Rest by default
S3
ECR
138
Migration strategies
Rehosting — Otherwise known as “lift-and-shift”
Replatforming — I sometimes call this “lift-tinker-and-shift"
Repurchasing — Moving to a different product
Refactoring / Re-architecting
Retire — Get rid of
Retain — Usually this means “revisit” or do nothing (for now)
139
Amazon WorkLink
Fully managed service introduced by AWS that facilitates secure, one-click access to internal corporate websites for employees
Secure access from iOS and Android phones to internal websites and web apps, simplifying the user experience with a single-step process
Generates webpage content in the AWS cloud and transfers it to the user's phone
140
AWS Service Catalog
Create and manage catalogs of IT services and Self-service discovery and launch
Users browse listings of products (services or applications) that they have access to, locate the product that they want to use, and launch it all on their own as a provisioned product
Deployment of multi-tier application architectures
141
AWS CloudShell
AWS CloudShell is a browser-based shell that allows users to run scripts with the AWS Command Line Interface (CLI) and experiment with service APIs
142
AWS Application Composer
Visual designer that you can use to build your serverless applications from multiple AWS services
143
Amazon Timestream
Time Stream DB for IoT
144
Amazon S3 Object Lock
Prevent the deletion or overwriting of objects in Amazon S3 for a specified duration or indefinitely
