Review Deck Flashcards

Question

TRUE/FALSE: CPU% and MEM% metrics are readily available in the Amazon RDS console.

Answer 1

The record of an activity in an AWS account.

Answer 2

...an action taken by a user, role, or service that is monitorable by CloudTrail.

Answer 3

...API and non-API account activity in AWS Management Console, AWS SDKs, command-line tools, and other AWS services.

Answer 4

Management events and data events.

Answer 5

By default, CloudTrail will log management events, but not data events.

Answer 6

FALSE--CloudTrail trails can be applied to all regions or a single region.

Answer 7

It is considered best practice to create a trails that apply to all regions in the AWS partition you are working.

Answer 8

All regions

Answer 9

AWS Identity and Access Management (IAM), AWS STS, Amazon CloudFront, and Route 53 (and maybe others...)

Answer 10

...it will only cover activity occurring in regional services (EC2, S3, RDS etc.), not global services.

Answer 11

--include-global-service--

Answer 12

...provides simple, scalable, elastic file storage for use with AWS Cloud services and on-premises resources, and when mounted on Amazon EC2 instances, EFS provides a standard file system interface and access semantics, which seamlessly integrate with existing applications and tools.

Answer 13

Yes, when used by multiple EC2 instances, EFS can serve as a common data source and shared file system for multiple workloads and applications on separate EC2 instances, making file sharing much faster.

Answer 14

Yes, EC2 instances can share EBS volumes, but no, they cannot share EBS volumes across AZs. However, EC2 instances can share an EFS across AZs.

Answer 15

No, is mainly used for “object storage”, and S3 does not provide the notion of “folders” too.

Answer 16

Yes, The first time you create or update Lambda functions that use environment variables in a region, a default service key is created for you automatically within AWS KMS. This key is used to encrypt environment variables.

Answer 17

No, you must create your own KMS key and choose it instead of the default key. The default key will give errors. Creating a new key also offers more flexibility, including the ability to create, rotate, disable, and define access controls, and to audit the encryption keys used to protect your data.

Answer 18

...is an optional layer of security that acts as a firewall, controlling traffic in and out of a VPC network, protecting one or more subnets. A network ACL is great for temporary or ad hoc protection, because you can easily add and remove restrictions in a matter of minutes.

Answer 19

FALSE, security groups act as firewalls at the instance-level. Adding a rule to a security group cannot influence traffic in/out of a VPC.

Answer 20

...is both a service and a virtual software appliance deployed into an on-premises environment as a virtual machine (VM) using VMware ESXi, Microsoft Hyper-V, or Linux Kernel-based Virtual Machine (KVM) hypervisor. It serves as a file interface into S3, allowing customers to store and retrieve objects using industry-standard protocols, e.g., Network File System (NFS) and Server Message Block (SMB).

Answer 21

– store and retrieve files directly using the NFS version 3 or 4.1 protocol. – store and retrieve files directly using the SMB file system version, 2 and 3 protocol. – access data directly in S3 from any AWS Cloud application or service – manage S3 data using lifecycle policies, cross-region replication, and versioning

Answer 22

S3 Standard, Amazon S3 Standard-Infrequent Access, Amazon S3 One Zone-Infrequent Access and Amazon Glacier

Answer 23

TRUE--Objects stored in any storage class can be transitioned/archived to Glacier using a Lifecycle Policies. Although you can write directly to S3, lifecycle policies are recommended.

Answer 24

...an ordered flow of information about changes to items in an Amazon DynamoDB table. When you enable a stream on a table, DynamoDB captures information about every modification to data items in the table.

Answer 25

...writes a stream record with the primary key attribute(s) of the items that were modified.

Answer 26

...contains information about a data modification to a single item in a DynamoDB table. You can also configure streams so that stream records capture additional information, such as the “before” and “after” images of modified items.

Answer 27

Amazon DynamoDB is integrated with AWS Lambda so that you can create triggers—pieces of code that automatically respond to events in DynamoDB Streams. With triggers, you can build applications that react to data modifications in DynamoDB tables.

Answer 28

...you can associate the stream ARN with a Lambda function that you write. New records appear in the stream immediately after a table item changes. AWS Lambda invokes the Lambda function synchronously when it detects new stream records. The Lambda function can perform any actions you specify, such as sending a notification or initiating a workflow.

Answer 29

...is Windows, Linux, and macOS accessible, fully managed Windows file servers and native Windows file system with the features, performance, and compatibility to easily lift and shift enterprise applications to the AWS Cloud. Thousands of compute instances and devices can access a file system concurrently.

Answer 30

...provides fully managed Microsoft Windows file servers, backed by a fully native Windows file system. FSx offers features, performance, and compatibility ideal for lift and shift to the AWS Cloud. It is accessible from Windows, Linux, and macOS compute instances and devices. Thousands of compute instances and devices can access a file system concurrently.

Answer 31

...is a network file sharing protocol that allows applications on a computer to read/write to files and request services from server programs in a computer network. The SMB protocol can be used on top of its TCP/IP protocol or other network protocols.

Answer 32

...enables you to easily and securely share AWS resources with any AWS account or within your AWS Organization. You can share AWS Transit Gateways, Subnets, AWS License Manager configurations, and Amazon Route 53 Resolver rules resources with RAM.

Answer 33

Authenticating users in an organization’s network, and then providing them access to AWS without creating new AWS identities for them and requiring separate credentials.

Answer 34

...open standards like Security Assertion Markup Language (SAML) 2.0, which is compatible with Microsoft AD FS, allowing organizations to leverage existing Microsoft Active Directory. You can also use SAML 2.0 to manage your own solution for federating user identities.

Answer 35

...provides users the ability to create, edit, and share content, and stored centrally on AWS, the content is accessible from anywhere on any device.

Answer 36

FALSE--There is no direct integration between WorkDocs and S3. WorkDocs is simply a managed content creation service.

Answer 37

...acts as a virtual firewall at the instance-level--NOT the subnet-level--to control inbound and outbound traffic.

Answer 38

...one IP address...the entire network.

Answer 39

...TCP and port 22.

Answer 40

...object storage built to store/retrieve any amount of data from anywhere on the Internet that offers high durability, availability, performance, security, and virtually unlimited scalability at very low cost. S3 is also highly flexible, allowing users to store any volume or type of data; read data a million times or only for emergency disaster recovery; build a simple FTP app or a sophisticated web app; etc.

Answer 41

...can speed up content transfers to/from S3 as much as 50-500% for long-distance transfer of larger objects.

Answer 42

15 minutes

Answer 43

About one week

Answer 44

...used to establish a secure connection between an on-premises network and Amazon VPC.

Answer 45

...designed for globally distributed applications, allowing a single Amazon Aurora database to span multiple AWS regions. It replicates data with no impact on database performance, enables fast local reads with low latency in each region, and provides disaster recovery from region-wide outages.

Answer 46

...sub-1-second storage-based replication latency.

Answer 47

...a feature of Aurora Global Database that allows an assigned database in a secondary to be promoted to take over read/write capabilities in less than, in the event of an unplanned outage.

Answer 48

...AWS's NoSQL database.

Answer 49

...a networking service that simplifies traffic management and improves application performance.

Answer 50

...the storage that keeps frequently accessed data ( hot data ).

Answer 51

...the storage that keeps less frequently accessed data ( warm data ).

Answer 52

...the storage that keeps rarely accessed data ( cold data ).

Answer 53

...the cheaper it is to store, and the costlier it is to access when needed.

Answer 54

...a high-performance file system for fast processing of workloads. Lustre is a popular open-source parallel file system which stores data across multiple network file servers to maximize performance and reduce bottlenecks.

Answer 55

...is a fully managed Microsoft Windows file system with full support for the SMB protocol, Windows NTFS, Microsoft Active Directory ( AD ) Integration.

Answer 56

...a fully-managed file storage service that makes it easy to set up and scale file storage in the Amazon Cloud.

Answer 57

...a service that enables governance, compliance, operational auditing, and risk auditing of an AWS account. CloudTrail enables logging, continuous monitorinmg, and retention of account-wide AWS infrastructure activity. CloudTrail is enabled by default on account creation. AWS account activity is recorded as a CloudTrail event. Recent events are easily viewed in the CloudTrail console "Event History".

Answer 58

...AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, API calls, and other AWS services. This event history simplifies security analysis, resource change tracking, and troubleshooting.

Answer 59

...helps debug and analyze microservices applications with request tracing to find the root cause of issues and poor performance.

Answer 60

...a feature of Redshift that enables queries and analysis of all data in Amazon S3 using the open data formats already in use, with no data loading or transformations needed.

Answer 61

...an on-demand, auto-scaling configuration for Amazon Aurora. An Aurora Serverless DB cluster is a DB cluster that automatically starts up, shuts down, and scales up or down its compute capacity based on an application’s needs. Aurora Serverless provides a relatively simple, cost-effective option for infrequent, intermittent, sporadic or unpredictable workloads.

Answer 62

...it automatically starts up, scales compute capacity to match your application’s usage and shuts down when it’s not in use.

Answer 63

...provisioned DB cluster.

Answer 64

...users define DB instance class size and create Aurora Replicas to increase read throughput. When workload changes, the user can modify the DB instance class size and change the number of Aurora Replicas...the database workload is predictable, because you can adjust capacity manually based on the expected workload.

Answer 65

...workloads are intermittent and unpredictable, when heavy traffic may last a few minutes or it may last hours, or there may be long periods of light or no activity (e.g., retail websites with intermittent sales events, databases used for reports as-needed, dev/test environments, applications with uncertain requirements).

Answer 66

...users can create a database endpoint without specifying the instance class size. Setting the minimum and maximum capacity, the database endpoint connects to a proxy fleet that routes the workload to a fleet of auto scaling resources. Connections are continuous as Aurora Serverless scales based on specified capacity limits.

Answer 67

...it uses a pool of “warm” resources that are always ready for service requests.

Answer 68

To allow processing to scale down to zero, so accounts only pay for storage when compute isn't needed.

Answer 69

...for massively scaled, global applications requiring a fully managed, multi-region, multi-master database with fast, local, read/write performance.

Answer 70

...best used for online analytical processing (OLAP) and not for online transactional processing (OLTP).

Answer 71

...a Redshift feature that automatically and elastically scales a Redshift cluster's query processing power to ensure consistently fast performance for hundreds of concurrent queries.

Answer 72

...CloudFront, the Application Load Balancer (ALB), API Gateway, and AppSync – services commonly used for content delivery to websites and applications.

Answer 73

...rules run in all AWS Edge Locations, located around the world closer to end-users so the added security doesn't compromise security. Requests are blocked before they reach web servers.

Answer 74

...rules run in the same region and can be used to protect both internet-facing and internal resources.

Answer 75

...track the rate of requests from each originating IP address and trigger action on IPs with request rates exceeding a specified limit, which is set as the number of requests per 5-minute time span. This type of rule can be used to block temporarily requests from an IP address sending excessive requests.

Answer 76

Regular and Rate-Based

Answer 77

If using multiple AZs instances will be terminated in the AZ with the most running instances. If more than one AZ have the same number of instances, scale in will favor the AZ with instances running the oldest launch configuration.

Answer 78

...allows users to setup notifications in response to certain events in an S3 bucket.

Answer 79

...add a notification configuration to identify the events S3 should publish and destinations S3 should send those notifications, and store the configuration in the notification sub-resource associated with a bucket.

Answer 80

– Simple Notification Service (SNS) topic – Simple Queue Service (SQS) queue – Lambda

Answer 81

...when a message published to an SNS topic is replicated and pushed to multiple endpoints, such as SQS, HTTP(S) endpoints, or Lambda functions, which allows parallel asynchronous processing.

Answer 82

An application publishes a message to an SNS topic when an order is placed, then all subscribed SQS queues receive identical notifications of the order. EC2 instances attached to the SQS queues process the order.

Answer 83

...a combination of SNS and SQS can be used. The SNS message fanout feature allows multiple SQS queues to subscribe to an SNS topic, so when SNS receives an event notification, it will publish the message to both subscribers.

Answer 84

FALSE--S3 event notifications are designed to be delivered to one destination only; event notifications will not go to more than one destination. SNS receives event notifications and republishes them to resources subscribed to the relevant SNS topic.

Answer 85

...provide strict message ordering and message deduplication. SNS and SQS FIFO capabilities work together, acting as a fully managed service that integrates distributed applications that require near-real-time data consistency.

Answer 86

FALSE--SQS can't poll SNS, SQS queues are configured to subscribe to SNS topics.

Answer 87

...a fully managed, highly available, in-memory cache that can reduce DynamoDB response times from milliseconds to microseconds, even at millions of requests per second.

Answer 88

...an app testing service that lets you test and interact with your Android, iOS, and web apps on many devices at once, or reproduce issues on a device in real time.

Answer 89

...automate capacity management for your tables and global secondary indexes.

Answer 90

E.g., ad hoc queries; online analytical processing

Answer 91

E.g., web-scale applications like social networks, gaming platforms, media sharing, and IoT

Answer 92

...well defined schemas that normalize data in tables, organizing variables in rows and columns.

Answer 93

...is schema-less. Each table has a primary key to uniquely identify each data element, but non-key attributes should not share any similar constraints. DynamoDB can manage structured or non-structured data, including JSON documents.

Answer 94

...Structured Query Language

Answer 95

...storage, so performance depends on the disk subsystem. Performance is optimized by managing queries, indexes, and table structures.

Answer 96

...compute, so performance is a function of the hardware and network latency, but it's a managed service, so customer applications are insulated from these implementation details.

Answer 97

...migrating to faster hardware, or it is also possible to leverage a distributed system and configuring tables to span across multiple hosts, but RDbs have constraints on the number and size of files, limiting scalability.

Answer 98

...distributed hardware clusters, which allows for increased throughput w/o impacting latency. Customers simply specify throughput requirements and DynamoDB allocates resources to meet those requirements. There are no limits on the number of table items or the total size of a table.

Answer 99

– Normalize data and stores multiple tables and require multiple queries to write to disk – Generally incur performance costs of ACID-compliant transaction systems – Use expensive joins to reassemble required views of query results

Answer 100

– Its schema flexibility lets DynamoDB store complex hierarchical data within a single item – Composite key design lets it store related items close together on the same table

Answer 101

No, the very definition of a schema is just the model or structure of data. Data in DynamoDB has a structure.

Answer 102

...a fully managed service that makes publishing, maintaining, monitoring, and securing APIs easier at any scale, using AWS Management Console to create APIs that act as the “front door” for applications to access data, business logic, or functionality from back-end services. API Gateway handles all tasks involved in accepting and processing up to hundreds of thousands of concurrent API calls, including traffic management, authorization and access control, monitoring, and API version management.

Answer 103

API Gateway provides throttling at multiple levels, including global and by service call, that can be set for standard rates and bursts. For example, API owners can set a rate limit of 1,000 requests per second for a specific method in their REST APIs, and also configure Amazon API Gateway to handle a burst of 2,000 requests per second for a few seconds.

Answer 104

...increased protection against attacks targeting applications running on EC2, ELB, CloudFront, and Route 53 resources, beyond the network and transport layer protections that come with Standard. Shield Advanced provides additional detection and mitigation against large and sophisticated DDoS attacks, near real-time visibility into attacks, integration with AWS WAF, 24×7 access to the AWS DDoS Response Team (DRT), and protection against charges caused by DDoS related spikes in EC2, ELB, CloudFront, and Route 53 resource activity.

Answer 105

...simplify your AWS WAF administration and maintenance tasks across multiple accounts and resources.

Answer 106

...SQL injection or cross-site scripting...sophisticated DDoS attacks, for which customers should use Shield Advanced.

Answer 107

...combines the control provided by CloudHSM with KMS's ease of integration, allowing customers to configure and maintain a CloudHSM cluster authorized for use by KMS as a dedicated key store into which KMS will generate key material, so the key material will never be exposed as plaintext.

Answer 108

...a fully managed cryptographic service for creating and maintaining hardware security modules (HSMs) in the AWS environment.

Answer 109

...computing devices that process cryptographic operations and provide secure storage for cryptographic keys.

Answer 110

...offload SSL/TLS processing for web servers, protect private keys linked to an issuing certificate authority (CA), or enable Transparent Data Encryption (TDE) for Oracle databases.

Answer 111

- Generate, store, import, export, and manage cryptographic keys, including symmetric keys and asymmetric key pairs - Use symmetric and asymmetric algorithms to encrypt and decrypt data - Use cryptographic hash functions to compute message digests and hash-based message authentication codes (HMACs) - Sign data (including code signing) and verify signatures - Generate secure random data

Answer 112

...FIPS 140-2 validated cryptographic modules

Answer 113

...operational events such as DB instance events, DB parameter group events, DB security group events, and DB snapshot events...using native functions or stored procedures.

Review Deck Flashcards

(142 cards)