Review Flashcards Preview

AWS CSA Study > Review > Flashcards

Flashcards in Review Deck (98)
Loading flashcards...
1
Q

S3 offers 256-bit encryption for data-at-rest.

A

S3 offers 256-bit encryption for data-at-rest, which is an option you an turn on/off. AWS manages the keys and will decrypt the data when you request to download it.

2
Q

What feature should you utilize for redundancy if auto scaling and load balancing are not available?

A

Setting up an Elastic IP address and having it ready for failover is a great solution when other services that provide high availability and fault tolerance are not available.

3
Q

The AMI ID used in an Auto Scaling policy is configured in the

A

Launch configuration

4
Q

Which of the following is not a benefit of a decoupled architecture using EC2, Auto Scaling, and SQS?

A

An application does not become unavailable due to the deletion of a single SQS queue
Deletion of an SQS queue used in an application will cause the application to fail.

5
Q

you recently purchased and deployed four reserved EC2 instances in the US-East-1 region’s Availability Zone 1 for a new project. Your supervisor just informed you that this project only requires two EC2 instances. Rather than selling the reserved instances, she asked you to terminate the extra instances and convert two of the on-demand instances already running in Availability Zone 1 to reserved instances. Can this be done?

A

Yes, you can terminate the reserved instances and AWS will automatically begin billing the two on-demand instances as reserved instances

6
Q

Data stored on EBS volumes are automatically and redundantly stored in multiple physical volumes in the same Availability Zone as part of the normal operations of the EBS service and at no additional charge.

A

true

7
Q

Which of the following AWS services allow you access to the underlying operating system?

A

Amazon EMR, Amazon EC2

8
Q

You are building a system to distribute confidential training videos to employees. Using CloudFront, what method would be used to serve content that is stored in S3 but not publicly accessible from S3 directly?

A

Create an Origin Access Identify (OAI) for CloudFront and grant access to the objects in your S3 bucket to that OAI

9
Q

You have 8 instances running on your VPC and all 10 of your users (5 production and 5 development) currently have access to all the instances. However, you have been told that because 4 of the instances are used for production and 4 are used for development, you will need to set up access so that the 5 production people can only access the production server and the 5 development people can only access the development server. Using policies, which of the following would be the best way to accomplish this?

A

Define the tags on the test and production servers, and add a condition to the IAM policy which allows access to specific tags

10
Q

Amazon Auto Scaling is not meant to handle instant load spikes but is built to grow with a gradual increase in usage over a short time period.

A

true

11
Q

You recently purchased hardware to run a decoupled application in your on-premises datacenter. The application is working great but has seen an increased workload in recent weeks that makes you concerned that your hardware cannot handle the load. Your supervisor asks you to analyze the possibility of expanding the application using cloud resources. You cannot completely migrate the application to AWS because of the investment you have already made in on-premises hardware. What items will most likely be included in your analysis?

A

You can leverage SQS to utilize both on-premises servers and EC2 instances for your decoupled application, You can leverage SWF to utilize both on-premises servers and EC2 instances for your decoupled application

12
Q

When designing an application architecture utilizing EC2 instances and the ELB, to determine the instance size required for your application, what questions might be important?

A

Determining the minimum memory requirements for an application, Determining the required I/O operations

13
Q

Stripping Options

A

Raid 0 and 1(common type); Raid 5 and 6(not recommended because of the extended stipe

14
Q

Raid 0 Disadvantage

A

Performance of the stripe is limited to the worst performing volume in the set.. Loss of a single volume results in a complete data loss of the array

15
Q

Raid 1 Disadvantage

A

Does not provide a write performance improvement; requires more Amazon EC2 to Amazon EBS bandwidth than non-RAID configurations because the data is written to multiple volumes simultaneously.

16
Q

Raid 5 and Raid 6

A

are not recommedned for amazon EBS because the parity write operations of these RAID modes consume some of the IOPS available to your volumes.. Increased cost.

17
Q

Is creating a Read replica of another read replica supported?

A

only with MySQL based RDS

18
Q

If I want my instance to run on a single-tenant hardware, which value do I have to set the instance’s tenancy attribute to?

A

Dedicated

19
Q

maximum response time for a Business level Premium Support case?

A

1 hour

20
Q

Sharding

A

Sharding embodies the “share-nothing” architecture and essentially just involves breaking a
larger database up into smaller databases. Common ways to split a database are:
Splitting tables that are not joined in the same query onto different hosts Duplicating a table across multiple hosts and then splitting where a row goes.

21
Q

Enhanced Networking – launch HVM AMI in VPC.

A

Enhanced Networking enables you to get significantly higher packet per second (PPS) performance, lower network jitter and lower latencies. This feature uses a new network virtualization stack that provides higher I/O performance and lower CPU utilization compared to traditional implementations. In order to take advantage of Enhanced Networking, you should launch an HVM AMI in VPC, and install the appropriate driver.

22
Q

Improve Application Throughput

A

You can run and scale applications such as stateless web services, image rendering, big data analytics and massively parallel computations on Spot instances. Since it costs less , you can increase your compute capacity by 2-10x within the same budget.

23
Q

I2

A

Optimized to deliver tens of thousands of low-latency, randon I.O operations per second to applications.
NoSQl, Clustered databases, Online transaction processing(OLTP) systems

24
Q

Billing dashboard elements

A
Bills;
cost Explorer; 
Budgets; 
Reports; 
Cost Allocation Tags; 
Payment Methods; 
Payment History; 
Consolidated Billing; 
Preferences; 
Credits; 
Tax Settings; 
DevPay
25
Q

Read replicas

A

MySQL, MariaDB, PostgreSQL, Amazon Aurora.

26
Q

VM Import/Export

A

VM Import/Export enables customers to import Virtual Machine (VM) images in order to create Amazon EC2 instances. Customers can also export previously imported EC2 instances to create VMs. Customers can use VM Import/Export to leverage their previous investments in building VMs by migrating their VMs to Amazon EC2

27
Q

What is the service used by AWS to segregate control over the various AWS services ?

A

AWS Identity and Access Management (IAM).

28
Q

Instance Family

A

T2/M4/C4 – HVM EBS-Backed;

M3/C3– HVM and PV; EBS and Instance store;

29
Q

Maximum ratio of IOPS to Volume size

A

50:1

30
Q

http://169.254.169.254/latest/meta-data/public-ipv4

A

latest, then meta-data

31
Q

Routed 53 features

A
  • Register domain names – Your website needs a name, such as example.com. Amazon Route 53 lets you register a name for your website or web application, known as a domain name.
  • Route internet traffic to the resources for your domain – When a user opens a web browser and enters your domain name in the address bar, Amazon Route 53 helps the Domain Name System (DNS) connect the browser with your website or web application.
  • Check the health of your resources – Amazon Route 53 sends automated requests over the internet to a resource, such as a web server, to verify that it’s reachable, available, and functional. You also can choose to receive notifications when a resource becomes unavailable and choose to route internet traffic away from unhealthy resources.
32
Q

Golden Image

A

an AMI that has been constructed from a customized image.

33
Q

if DNS hostnames option of the VPC is not set to “YES”

A

then instances launched in the subnet will not get DNS Names.

34
Q

Requirement for cross-region replication

A

• The source and destination buckets must be versioning-enabled.
• The source and destination buckets must be in different AWS regions.
• You can replicate objects from a source bucket to only one destination bucket.
• Amazon S3 must have permission to replicate objects from that source bucket to the destination bucket on your behalf.
• If the source bucket owner also owns the object, the bucket owner has full permissions to replicate the object. If not, the source bucket owner must have permission for the Amazon S3 actions s3:GetObjectVersion and s3:GetObjectVersionACL to read the object and object ACL.
• If you are setting up cross-region replication in a cross-account scenario (where the source and destination buckets are owned by different AWS accounts), the source bucket owner must have permission to replicate objects in the destination bucket.
The destination bucket needs to grant these permissions via a bucket policy.

35
Q

Lambda Resource Limits per Invocation limit

A
512 MB temp space; 
payload size -- 6MB/128k 
number of file descriptors -- 1024 
number of processes and threads -- 1024 
memory allocation range -- 128MB -- 3008 MB 
max execution time per request -- 15 min
36
Q

VPC and Subnet Sizing for IPv4

A

When you create a VPC, you must specify an IPv4 CIDR block for the VPC. The allowed block size is between a /16 netmask (65,536 IP addresses) and /28 netmask (16 IP addresses).

37
Q

Redshift’s columnar storage size

A

1MB(1024KB)

38
Q

Server access log

A

In order to track requests for access to your bucket, you can enable access logging. Each access log record provides details about a single access request, such as the requester, bucket name, request time, request action, response status, and error code, if any. Access log information can be useful in security and access audits.

39
Q

snapshot for EBS Volumes in a RAID configuration

A

it is critical that there is no data I/O to or from the volumes when the snapshots are created. RAID arrays introduce data interdependencies and a level of complexity not present in a single EBS volume configuration.
1. Suspend disk I/O, 2. Start EBS snapshot of volumes, 3. Wait for snapshots to complete, 4. Resume disk

40
Q

Business support plan

A

1) 24x7 access to customer service, documentation, whitepapers, and support forums
2) Access to full set of Trusted Advisor checks
3) 24x7 access to Cloud Support Engineers via email, chat & phone

41
Q

EC2 classic vs VPC

A

For instances launched in a VPC, a private IPv4 address remains associated with the network interface when the instance is stopped and restarted, and is released when the instance is terminated.
For instances launched in EC2-Classic, we release the private IPv4 address when the instance is stopped or terminated. If you restart your stopped instance, it receives a new private IPv4 address

42
Q

Best Practice to monitor EC2 Instance

A

• Make monitoring a priority to head off small problems before they become big ones.<br></br> • Create and implement a monitoring plan that collects monitoring data from all of the parts in your AWS solution so that you can more easily debug a multi-point failure if one occurs. Your monitoring plan should address, at a minimum, the following questions:
◦ What are your goals for monitoring?
◦ What resources you will monitor?
◦ How often you will monitor these resources?
◦ What monitoring tools will you use?
◦ Who will perform the monitoring tasks?
◦ Who should be notified when something goes wrong?
• Automate monitoring tasks as much as possible.
• Check the log files on your EC2 instances.

43
Q

Instance States

A
rebooting
pending
running
shutting-down
terminated
stopping
stopped
44
Q

types of distributions Cloudfront supports

A

S3 Buckets

Custom Origin

45
Q

You have written a CloudFormation template that creates 1 elastic load balancer fronting 2 EC2 instances. Which section of the template should you edit so that the DNS of the load balancer is returned upon creation of the stack?

A

Outputs

46
Q

What is the basic requirement to login into an EC2 instance on the AWS cloud?

A

Key pairs

47
Q

WAF

A

web application firewall that helps protect your web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or block to your web applications by defining customizable web security rules. You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application. New rules can be deployed within minutes, letting you respond quickly to changing traffic patterns. Also, AWS WAF includes a full-featured API that you can use to automate the creation, deployment, and maintenance of web security rules.

48
Q

Maintaining a single snapshot provides the lowest cost for Amazon Elastic Block Store snapshots while giving you the ability to fully restore data

A

Maintain a single snapshot the latest snapshot is both Incremental and complete.

49
Q

EBS Volume Encryption

A

has to be done during volume creation.

50
Q

CloudWatch Metrics now supports the following three retention schedules:

A
  • 1 minute datapoints are available for 15 days
  • 5 minute datapoints are available for 63 days
  • 1 hour datapoints are available for 455 days
51
Q

revoke-security-group-ingress

A

Removes one or more rules from a security groups.

52
Q

Perfect Forward Secrecy is used to offer SSL/TLS cipher suites for which two AWS services?

A

cloudFront and Elastic Load Balancing.

53
Q

Event notification of S3

A

can be sent via SNS, SQS, or Lambda function

54
Q

AWS IOT

A

AWS IoT is a managed cloud platform that lets connected devices easily and securely interact with cloud applications and other devices. AWS IoT can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely. With AWS IoT, your applications can keep track of and communicate with all your devices, all the time, even when they aren’t connected.

55
Q

Your company is moving their entire 20 TB data warehouse to the cloud. With your current bandwidth, it would take 2 months to transfer the data. Which service would allow you to quickly get your data into AWS?

A

Amazon import/Export

56
Q

You are testing an application that uses EC2 instances to poll an SQS queue. At this stage of testing, you have verified that the EC2 instances can retrieve messages from the queue, but your coworkers are complaining about not being able to manually retrieve any messages from the queue from their on-premises workstations. What is the most likely source of this problem?

A

Your coworkers may not have permission to the SQS queue

57
Q

CloudTrail

A

AWS Cloudtrail is the defacto service provided by aws for monitoring all API calls to AWS and is used for logging and monitoring purposes for compliance purposes. Amazon cloudtrail detects every call made to aws and creates a log which can then be further used for analysis.

58
Q

DNS record Type

A

CloudFront distribution
Select A — IPv4 address.

If IPv6 is enabled for the distribution, create two records, one with a value of A — IPv4 address for Type, and one with a value of AAAA — IPv6 address.

Elastic Beanstalk environment that has regionalized subdomains
Select A — IPv4 address

ELB load balancer
Select A — IPv4 address or AAAA — IPv6 address

Amazon S3 bucket
Select A — IPv4 address

Another record in this hosted zone
Select the type of the record that you’re creating the alias for. All types are supported except NS and SOA.

59
Q

EMR

A

In Amazon EMR , you have the ability to work with the underlying instances wherein the EMR service allows you to associate the EC2 Key pair with the launched instances.

60
Q

VPC configuration Options

A

VPC with a single Public Subnet
VPC with public and private subnets
VPC with public and private and Hardware VPN access
VPC with a Private subnet Only and Hardware VPN Access

61
Q

ClassicLInk

A

within the same region, allows us to link an EC2-CLassic instance to a VPC in our account.

62
Q

AWS Workspaces

A

is used for Virtual desktops

63
Q

CloudWatch Metrics

A
CPU Utilization
Disk Reads 
Disk Read Operations 
Network statistics for Data transfer 
For RDS: 
DB Connections 
Free Storage Space; 
Freeable Memory
64
Q

Trusted Advisor

A
Cost Optimization
Performance 
Security 
Fault Tolerance 
help you identify underutilized resources in AWS. 
and monitor service limit.
65
Q

Error: Server refused our key (or)
Error: No supported authentication methods available

A

Verify that you are connecting with the appropriate user name for your AMI.
You should also verify that your private key (.pem) file has been correctly converted to the format recognized by PuTTY (.ppk).

66
Q

User name in Putty COnfiguration

A

Linux AMI – ec2-user
RHEL– ec2-user or root
Ubuntu AMI – ubuntu or root
Centos AMI – centos

67
Q

best solution to store session data

A

ElastiCache

68
Q

Serverless Platform

A

Compute – Lambda
API Proxy – API Gateway
Storage – S3
Database – DynamoDB

69
Q

CloudWatch Logs Agent

A

provides an automated way to send log data to Cloudwatch Logs from Amazon EC2 instances. The agent is comprised of the following components:

· A plug-in to the AWS CLI that pushes log data to CloudWatch Logs.

· A script (daemon) that initiates the process to push data to CloudWatch Logs.

· A cron job that ensures that the daemon is always running.

70
Q

S3 Cost

A

related to number of request and storage.

71
Q

Auto Scaling cooldown period

A

a configurable setting for your Auto Scaling group that helps to ensure that Auto Scaling doesn’t launch or terminate additional instances before the previous scaling activity takes effect.

72
Q

Kinesis limits

A

retention period – 24 hours by default, max – 7 days

73
Q

encrypted EBS volume

A

Data at rest inside the volume

· All data moving between the volume and the instance

· All snapshots created from the volume

74
Q

Active Directory connector

A

is a directory gateway with which you can redirect directory requests to your on-premises Microsoft Active Directory without caching any information in the cloud. AD Connector comes in two sizes, small and large. A small AD Connector is designed for smaller organizations of up to 500 users. A large AD Connector can support larger organizations of up to 5,000 users.

75
Q

define health check

A

When defining a health check, in addition to the port number and protocol , you have to also define the page which will be used for the health check. If you don’t have the page defined on the web server then the health check will always fail.

76
Q

Temporary security credentials.

A

the temporary security credentials are valid for the duration that you specified when calling AssumeRole, or until the time specified in the SAML authentication response’s SessionNotOnOrAfter value, whichever is shorter. The duration can be from 900 seconds (15 minutes) to a maximum of 3600 seconds (1 hour). The default is 1 hour.

77
Q

GetSessionToken

A

must be called by using the long-term AWS security credentials of the AWS account or an IAM user. Credentials that are created by IAM users are valid for the duration that you specify, from 900 seconds (15 minutes) up to a maximum of 129600 seconds (36 hours), with a default of 43200 seconds (12 hours); credentials that are created by using account credentials can range from 900 seconds (15 minutes) up to a maximum of 3600 seconds (1 hour), with a default of 1 hour.

78
Q

Application Load Balancer vs Classic Load balancer

A

Application Load Balancer does not support the TCP protocol. When you configure the health check for TCP , you need to configure the protocol and port number
Application Load Balancer Support for path-based routing. You can configure rules for your listener that forward requests based on the URL in the request. This enables you to structure your application as smaller services, and route requests to the correct service based on the content of the URL.

79
Q

CloudTrail deliver to

A

S3, Cloudwatch Logs

80
Q

trail applies to all region advantage

A
  • -The configuration settings for the trail apply consistently across all regions.
  • -You receive CloudTrail events from all regions in a single S3 bucket and optionally in a CloudWatch Logs log group.
  • -You manage trail configuration for all regions from one location.
  • -You immediately receive events from a new region. When a new region launches, CloudTrail automatically creates a trail for you in the new region with the same settings as your original trail.
  • -You can create trails in regions that you don’t use often to monitor for unusual activity
81
Q

All data moving between the volume and S3

A

not encrypted

82
Q

Elastic Beanstalk

A

can be used to create web server environment and Worker environments.

83
Q

AWS Certificate Manager

A

The AWS Certificate manager can be used to generate SSL certificates that can be used to encrypt traffic in transit, but not at rest

84
Q

API Gateway with STS

A

used for issuing tokens when using API gateway for traffic in transit.

85
Q

NGINX

A

NGINX is an open source software for web serving, reverse proxying, caching, load balancing etc. It complements the load balancing capabilities of Amazon ELB and ALB by adding support for multiple HTTP, HTTP/2, and SSL/TLS services, content-based routing rules, caching, autoscaling support, and traffic management policies.

It can be hosted on an EC2 instance. Launch an EC2 instance through console. SSH into the instance and use the command yum install -y nginx to install nginx and make sure that it is configured to restart automatically after a reboot.

It can also be installed with an Elastic Beanstalk service.
To enable the Nginx proxy server with your Tomcat application, you must add a configuration file to .ebextensions in the application source bundle that you upload to Elastic Beanstalk.

86
Q

Flow Logs

A

is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Flow log data is stored using Amazon CloudWatch Logs. After you’ve created a flow log, you can view and retrieve its data in Amazon CloudWatch Logs.

87
Q

If you need low-latency access to your entire dataset, first configure your on-premises gateway to store all your data locally. Then asynchronously back up point-in-time snapshots of this data to Amazon S3. This configuration provides durable and inexpensive offsite backups that you can recover to your local data center or Amazon EC2.

A

Configure Storage gateway stored volume

88
Q

multivalue answer record

A

If you want to route traffic approximately randomly to multiple resources, such as web servers, you can create one multivalue answer record for each resource and, optionally, associate an Amazon Route 53 health check with each record. For example, suppose you manage an HTTP web service with a dozen web servers that each have their own IP address. No one web server could handle all of the traffic, but if you create a dozen multivalue answer records, Amazon Route 53 responds to DNS queries with up to eight healthy records in response to each DNS query. Amazon Route 53 gives different answers to different DNS resolvers. If a web server becomes unavailable after a resolver caches a response, client software can try another IP address in the response.

89
Q

spot instance use case

A

stateless web services, image rendering, big data analytics and massively parallel computations

90
Q

Auto scaling options

A

Scheduled Scaling ;
Dynamic scaling;
manual scaling

91
Q

Resource Limits

A
  • -Access keys assigned to an IAM user 2
    • Access keys assigned to the AWS account root user 2
    • Aliases for an AWS account 1
  • -Groups an IAM user can be a member of 10
  • -Identity providers (IdPs) associated with an IAM SAML provider object 10
  • -Keys per SAML provider 10
  • -Login profiles for an IAM user 1
    • Managed policies attached to an IAM group 10
    • Managed policies attached to an IAM role 10
    • Managed policies attached to an IAM user 10
    • MFA devices in use by an IAM user 1
    • MFA devices in use by the AWS account root user 1
    • Roles in an instance profile 1
    • SAML providers in an AWS account 100
    • Signing certificates assigned to an IAM user 2
    • SSH public keys assigned to an IAM user 5
    • Versions of a managed policy that can be stored 5
92
Q

What is the command line instruction for running the remote desktop client in Windows?

A

mstsc

93
Q

If I want to run a database in an Amazon instance, which is the most recommended Amazon storage option?

A

EBS

94
Q

: http://status.aws.amazon.com/?

A

AWS Service Health Dashboard

95
Q

can not be tagged

A

A. key pairs
B. Elastic IP addresses
C. placement groups

96
Q

key pairs
B. Elastic IP addresses
C. placement groups

A

1, 000 to 10, 000

97
Q

max key length of a tag

A

128 Unicode Characters

98
Q

IOP throughputput

A

1, 000 to 10, 000