Summary Flashcards

Question

Amplify

Answer 1

Facilitate the development and deployment of web and mobile applications. Quickly build full-stack applications

Answer 2

Simplifies your administration and maintenance tasks across multiple accounts and resources for a variety of protections, including AWS WAF, AWS Shield Advanced, Amazon VPC security groups, AWS Network Firewall, and Amazon Route 53 Resolver DNS Firewall. It does not work with Network ACLs Security Hub collects security data across AWS accounts, AWS services, and supported third-party products and helps you analyze your security trends and identify the highest priority security issues

Answer 3

Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. Not enabled by default SCPs offer central control over the maximum available permissions for all accounts in your organization. SCPs help you to ensure your accounts stay within your organization’s access control guidelines SCPs alone are not sufficient in granting permissions to the accounts in your organization. No permissions are granted by an SCP. An SCP defines a guardrail, or sets limits, on the actions that the account's administrator can delegate to the IAM users and roles in the affected accounts. The administrator must still attach identity-based or resource-based policies to IAM users or roles, or to the resources in your accounts to actually grant permissions. The effective permissions are the logical intersection between what is allowed by the SCP and what is allowed by the IAM and resource-based policies

Answer 4

AWS Cost Explorer

Answer 5

CloudFront

Answer 6

S3 Glacier Deep Archive

Answer 7

Governance Perspective

Answer 8

Amazon Lex

Answer 9

Quotas, also referred to as limits in AWS services, are the maximum values for the resources, actions, and items in your AWS account

Answer 10

A VPC can span all Availability Zones within an AWS Region

Answer 11

Facilitates resource search and discovery within AWS accounts

Answer 12

Available through AWS re:Post, offers official articles and videos addressing common questions and requests from AWS customers

Answer 13

You can use it to directly connect to your tape drive on premise and using AWS Storage Gateway backup the data on Amazon S3 Tape Library w/o any code changes

Answer 14

1. SSH (IP is public and key stored on accessing machine) 2. EC2 in private subnet, which talks to bastion host on public subnet which inturn talks to user over internet (key stored on accessing machine) 3. Add MFA on access 4. SSM (No need of bastion host. EC2 in private subnet with access to internet using NAT or VPC endpoint)

Answer 15

Rehosting — “lift-and-shift”(Copy Paste) Replatforming — “lift-tinker-and-shift" (Minor Optimize) Refactoring - Re-architecting (Major Optimize) Relocate - Major move Repurchasing — Moving to a different product Retire — Get rid of Retain — Usually this means “revisit” or do nothing (for now)

Answer 16

Fully managed service introduced by AWS that facilitates secure, one-click access to internal corporate websites for employees Secure access from iOS and Android phones to internal websites and web apps, simplifying the user experience with a single-step process Generates webpage content in the AWS cloud and transfers it to the user's phone

Answer 17

AWS CloudShell is a browser-based shell that allows users to run scripts with the AWS Command Line Interface (CLI) and experiment with service APIs

Answer 18

Visual designer that you can use to build your serverless applications from multiple AWS services

Answer 19

Time Stream DB for IoT

Answer 20

Prevent the deletion or overwriting of objects in Amazon S3 for a specified duration or indefinitely

Answer 21

Fully managed Vs gives admin access to users Less costly Vs More Costly Does not support MongoDB Vs SupportsMongoDB NoSQL Vs NoSQL Key-Value Vs JSON

Answer 22

Compute Optimizer delivers all recommendations regardless of the cost implications wheres Cost Explorer recommends pertaining to cost only

Answer 23

Configuration management service for cloud enterprises, utilizing Puppet or Chef for application configuration and operation Vs Unified view and automates operational tasks on AWS Snow Family devices Vs Capability of AWS systems manager for configuration management of aws resources like firewall settings, anti virus settings, patch update, etc Vs Virtual desktop service

Answer 24

ETL Vs PII Vs Database service powering graph

Answer 25

Create and manage catalogs of IT services that are approved for AWS Vs Assessing, auditing, and evaluating the configurations and relationships of resources

Answer 26

Set up and operate message brokers on AWS Vs message queue(Storing messages as they travel between computers)

Answer 27

Stateless(Separate rules for inbound and outbound Traffic) Vs Statefull(If allowed inbound, outbound is automatically allowed) Allow/Deny Vs Allow Subnet Vs EC2

Answer 28

Governance

Answer 29

Governance

Answer 30

Governance

Answer 31

Operations

Answer 32

Operations

Answer 33

Operations

Answer 34

Operations

Answer 35

Operations

Answer 36

Operations

Answer 37

Operational Excellence

Answer 38

Operational Excellence

Answer 39

Performance Efficiency

Answer 40

Performance Efficiency

Answer 41

Performance Efficiency

Answer 42

Reliability

Answer 43

Reliability

Answer 44

Reliability

Answer 45

Reliability

Answer 46

Cost optimization

Answer 47

Governance

Answer 48

OLTP->Amazon RDS,Amazon DynamoDB OLAP->Amazon Redshift(DW)

Answer 49

EFS can be accessed within the same region across all AZs

Answer 50

Capture, process and store(Ingestion service) data for consumers vs Analytical service using SQL service vs Analytical service using SQL KCL (more complex than Anlytical service) vs ETL service to load data in data lakes, data stores, and analytics services

Answer 51

Grouping of accounts for billing and apply custom pricing plans Vs Visualize, understand, forcast and manage your AWS costs and usage over time Vs Publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own. Reports that break down your costs by the hour or day, by product or product resource, or by tags that you define yourself Vs If you create multiple accounts, you can use the consolidated billing feature of AWS Organizations to combine all your member accounts under one management account and receive a single bill

Answer 52

FSx is designed for Windows workloads, offering fully managed Windows file systems, including Windows-native features like Active Directory integration and Windows ACLs (Access Control Lists). Vs EFS is a managed Network File System (NFS) for Linux-based workloads

Answer 53

IoT Core operates in the cloud, while Greengrass is designed for edge computing, allowing devices to perform computations locally

Answer 54

Automates the movement and transformation of data, allowing users to define data-driven workflows Vs scalable and fully managed message queuing service for decoupling components of a cloud application, ensuring reliable and asynchronous communication

Answer 55

Managed services are ongoing and typically contracted, addressing daily IT needs comprehensively Vs Professional services offer expertise for specific projects, ensuring optimal implementation and functionality

Answer 56

Security Hub conducts automated security checks aligned to different industry and regulatory frameworks. Audit Manager automatically collects the findings generated by these Security Hub checks as a form of evidence and combines them with other evidence, such as AWS CloudTrail logs, to help customers generate assessment reports Security Hub is cloud security posture management (CSPM) service Audit Manager helps you manage stakeholder reviews of your controls and enables you to build audit-ready reports with much less manual effort

Answer 57

AWS WorkSpaces is a fully managed desktop-as-a-service (DaaS) solution that lets you provide virtual desktops to your users Vs AWS AppStream is a fully managed application streaming service that lets you stream desktop applications to any computer running a web browser

Answer 58

Configure and more control Vs Ready configured and less control

Answer 59

Service facilitating automated creation, management, and deployment of machine and container images. It simplifies the creation of virtual machines Vs Snapshot of an EC2 instance that includes the operating system and application software EC2 Image Builder can distribute AMIs or container images to any AWS Region

Answer 60

Designed for centralizing configuration data with only one version and with or without encryption using KMS (Mostly non secret data and no additional charge) Vs Securely storing and managing sensitive information, such as API keys and database credentials which always encrypted with multiple versions(additional charge)

Answer 61

Cost, Security, Service Limits, Performance, Fault Tolerance Envision, Align, Launch, Scale Business, Governance, People, Platform, Operations, Security Technology, Process, Organization, Product Cost Optimization, Operational Excellence, Reliability, Performance Efficiency, Security and Sustainability

Answer 62

Encryption keys owned by AWS and NOT stored in customer account and used across multiple customer accounts and stored under default key store. Customer cannot access it Vs Encryption keys created, managed, and used on your behalf by an AWS service that is integrated with AWS KMS and stored in customer account under default key store. Customer can access it. Vs Encryption keys you create, own, and manage and stored in customer account under custom key store. Customer can access it.

Answer 63

Billing and Accounts support Vs TAM provide architectural and operational guidance under enterprise support plans Vs Consists of MSP(Overall), Competency Partners(Technical) , Service Partners(s/w products) and consulting partners (advisory) They are enagaged with customer during the migration into dev/test. For migration to production they involve professional services that work with customer management. After production for continued support they enagage MSP Vs MSP provide end-to-end AWS solutions and services after the migration is completed Vs During cloud Adoption stage provide professional service through APN partner

Answer 64

Automated backup service within AWS Vs Onpremise to AWS sending of data over internet Vs Accessing AWS storage services on premise + data back capabilities

Answer 65

RealTime Threat Detection Vs Post Incident Analysis

Answer 66

AWS Systems Manager’s built-in insights are dashboards that include recent API calls through AWS CloudTrail, recent configuration changes through AWS Config, instance software inventory listings, instance patch compliance views, and instance configuration compliance views

Answer 67

Cannot modify object only recreate Cannot lock object Suitable for huge volume of unstructured data Fast searcheable IoT, Video Surveliance, Emails Vs Can modify file Can lock file Suitable for less volume of structured data Easy access Documents, Archiving Vs Can modify block Cannot lock block Suitable for huge volume Cannor search Databases, Emails, Virtual Machine file system

Answer 68

The billing alarm represents only the amount you have been already charged. In contrast, a budget can alarm you based on forecasted charges, which can give you a bit of head up to figure out what's happening before you get hit with excess bill usage. The other key difference is that Budgets allow you to create filtered alarms, only for some regions and services of interest. Filtering by region is not possible with billing alerts. Another thing is that budget support linked accounts, which again is not possible with the billing alerts.

Answer 69

EBS - GB you provision per month + Additional input/output operations per second (IOPS) + Throughput beyond baseline performance EBS Snapshot - Storage Pricing + Restore Pricing EFS - Storage + Throughput S3 - Storage + Throughput

Answer 70

General guidance: < 24 hours** System impaired: < 12 hours** Support Automation Workflows Prioritized responses on AWS re:Post

Answer 71

General guidance: < 24 hours System impaired: < 12 hours Production system impaired: < 4 hours Production system down: < 1 hour Architectural Guidance Support Automation Workflows AWS Countdown Premium (paid in business) Full set of Trusted Advisor checks Prioritized responses on AWS re:Post 24/7 phone, web, and chat access to Cloud Support Engineers Access to AWS Support App in Slack AWS Support API Third Party Software Support : Interoperability and configuration guidance and troubleshooting

Answer 72

Cost Explorer - With rightsizing recommendation Trusted Advisor - Compare with best practices Cloudwatch - Monitor underutized resources with alarms

Answer 73

Cloud Foundation -> LightSail -> Quick Starts

Answer 74

Provision all AWS resources after event and restore backup (hours) Vs Provision some AWS resourses and scale after event (10s of minutes) Vs Scale after event (minutes) Vs No need to provision and scale after event (real time)

Answer 75

Hardware doesn't change after stop/start of the instance Vs Hardware may change after stop/start of the instance In both hardware is not shared with any other aws accounts

Answer 76

99.99(Std) ---> 99.9(IT) ---> 99.9(IA) ---> 99.5(IA-1 Zone) ---> 99.9(IR)---> 99.99(F)--->99.99(Deep)

Answer 77

NA(Std)--->NA(IT)--->30 days(IA)--->30 Days(IA-1 Zone)--->90 days(IR)--->90 days(F)--->180 days(Deep)

Answer 78

NA(Std)--->NA(IT)--->128 KB(IA)--->128 KB(IA-1 Zone)--->128 KB(IR)--->40 KB(F)--->40 KB(Deep)

Answer 79

1. Extract logs in S3 and use Athena Others are 1. ETL into

Answer 80

Amazon Data Lifescycle Manager

Answer 81

Amazon Global Database

Answer 82

Host Infrequently Accessed Data

Answer 83

CloudWatch with SwapUtilization on

Answer 84

SNS Topic with multiple SQS

Answer 85

Aurora with CRR

Answer 86

Network Load Balancer

Answer 87

Perform S3 select operation using bucket name and object's key

Answer 88

Use S3 multipart upload API. Uploads large objects in part using parallel upload resumable transfer

Answer 89

Use the magic URL after logging into the EC2 instance

Answer 90

Use target tracking scaling in ASG solution

Answer 91

DataSync on Amazon Glacier Deep Archive

Answer 92

Use S3 bucket with cloudfront distribution

Answer 93

Deploy EC2 instances in the same region. Data transfer is not charged at all if they are in the same region

Answer 94

Use AWS Certification Manager or upload it into AWS IAM

Answer 95

Copy snapshots using symmetric customer master key

Answer 96

Create a rate based rule in WAF

Answer 97

Enable versioning and MFA delete

Answer 98

Limit Unnecessary Outbound Data Transfers Cache content in Amazon CloudFront Keep Data Transfer within a Single Region Keep EC2 Data Transfers within a Single Availability Zone

Answer 99

Use AWS Managed Microsoft AD and configure AD connector

Answer 100

Enable EBS encryption to encrypt data at rest

Answer 101

Enable S3 server side or client side encryption

Answer 102

TM=General Purpose RXZ=Memory PGFV=Accelerated Computing IDH=Storage HPC=High Performance Computing

Answer 103

Operation Excellence - IaC, Managed Service, Observability Performance Efficiency - Serverless, Go global in minutes, RightSizing Reliability - DR, Availability, Test Recovery, Stop guessing capacity

Answer 104

AWS Lambda AWS Fargate Amazon DynamoDB Amazon CloudWatch Amazon S3 Amazon API Gateway Amazon Aurora Amazon SNS Amazon SQS Amazon QuickSight

Answer 105

IOPS Vs Throughput Costly Vs Less costly Transactional workloads Vs Large streaming workload

Summary Flashcards

(140 cards)