Technology Flashcards

Question

A company has designed a hybrid architecture and needs to connect its on-premises database to an application running on an EC2 instance in the AWS cloud using a fast, private, and secure manner. Which method allows the company to securely connect on-premises to the cloud?

Answer 1

Direct Connect is a private (bypasses the public internet), dedicated physical network connection from your on-premises data center to AWS. Since the connection is private, it is extremely fast.

Answer 2

Any object uploaded to S3 is automatically stored in multiple Availability Zones in the Region in which it was uploaded. This means that if any single AZ in a Region is experiencing issues, objects stored in S3 will still be available. Although objects in S3 can be made to be accessible globally, by default they are always stored in a redundant fashion in only the Region they were uploaded, ruling out the other answers

Answer 3

DMS supports homogeneous migrations like Oracle to Oracle and heterogeneous migrations like Oracle to Aurora, with minimal downtime.

Answer 4

The Pricing Calculator provides an estimate of AWS fees and charges. Since the company knows the workload details, the AWS Pricing Calculator can also help with calculating the total cost of ownership.

Answer 5

Organizations allows you to centrally manage multiple AWS accounts under 1 umbrella. You can allocate resources and apply policies across accounts. Control Tower helps you ensure your accounts conform to company-wide policies. Control Tower actually sits on top of Organizations.

Answer 6

Using Lambda you are charged based on the duration and number of requests.You have access to 1 million free Lambda calls each month.

Answer 7

You are only responsible for your application code. AWS manages servers, coding environment, and language support

Answer 8

Lambda is a sever less compute service that lets you run code without managing servers.

Answer 9

The key features of Lambda are: - the support of popular programming languages such as Java, Powershell and Python - coding via IDEs or in the console - Lambda can execute in response to events - Lambda functions have a 15 minute timeout

Answer 10

Lambda is a serverless compute function that runs code in response to events and requests without managing servers

Answer 11

Fargate is a serverless compute engine for containers. Fargate allows you to manage containers. It is serverless and scales automatically

Answer 12

Lightsail is a service that allows you to quickly launch all the resources needed for small projects. Lightsail enables the deployment of preconfigured applications such as WordPress websites and comes with a VM, a static IP, SSD based storage and more.

Answer 13

AWS Batch allows you to process large workloads in smaller chunks (or batches). AWS Batch can run hundreds / thousands of smaller batch processing jobs and can dynamically provision instances based on volume.

Answer 14

S3 Access logs are used to track the access to your buckets and objects

Answer 15

S3 is a regional service but bucket names must be globally unique

Answer 16

Durability means your objects are never lost or compromised. Amazon S3 Standard is designed for 99.999999999% (11 9’s) of durability.

Answer 17

Availability means you can access your data quickly when you need it. Amazon S3 Standard is designed for 99.99% availability.

Answer 18

S3 Standard is recommended for frequently accessed data

Answer 19

S3 Intelligent Tiering is recommended for data with unknown or changing access patterns

Answer 20

S3 Infrequent Access is recommended for long-lived data that is not frequently accessed yet gives millisecond access when needed

Answer 21

S3 One Zone IA is recommended for re-creatable data, infrequently accessed with millisecond access but where availability and durability is not essential

Answer 22

S3 Glacier is recommended for long term backups and cheaper storage options

Answer 23

S3 Glacier Deep Archive is used for long-term data archival accessed once or twice a year, or retaining data for regulatory compliance needs.

Answer 24

S3 Outposts is recommended for data that needs to be kept local or has demanding application performance needs.

Answer 25

4 common real world usage scenarios include: - Static websites (deploy to S3 and distribute with Cloudfront) - Data archival ( store in S3 Glacier) - Analytics systems (store in S3 and use analytic services like Redshift and Athena) - Mobile applications (App users can upload to S3 buckets)

Answer 26

S3 is secure, durable and highly scaleable object storage.

Answer 27

The S3 tiers are: - S3 standard - S3 IA (infrequently accessed) - S3 one zone IA - S3 intelligent tiering (moves objects around based on how you use/access your data) - S3 glacier - S3 glacier deep archive

Answer 28

You can restrict S3 bucket access in the following ways: - Bucket policies (that apply across the whole bucket) - Object policies (that apply to individual files) - IAM policies to users and groups

Answer 29

S3 Transfer Acceleration improves content uploads and downloads to and from S3 buckets.

Answer 30

S3 Transfer Acceleration provides: - improved speed in the transfer of files over long distances - enables customers worldwide to upload to a central bucket - uses CloudFront's globally distributed edge locations

Answer 31

S3 versioning allows you to create multiple versions of your file in order to protect against accidental deletion or to use previous versions.

Answer 32

S3 access logs allow you to track the access to your buckets and objects.

Answer 33

You would use Athena to query historical data in S3.

Answer 34

EBS (Elastic Block Store) is a high-performance, block-storage service to store data on the cloud. It can be seen as a virtual hard disk in the Cloud.

Answer 35

You can take a snapshot of your volumes to create images to provision new EC2 instances.

Answer 36

EBS volumes are stores that are created from an Amazon EBS snapshot.

Answer 37

A use case maybe for large enterprise apps to use EBS to store self-managed relational and NoSQL databases. They may then run big data analytics engines against this information that work at lightning speed.

Answer 38

No, block storage contains no metadata. Object-based storage has metadata

Answer 39

EBS's biggest strengths are its reliable performance and flexibility. It's ideal for apps that need low latency with many IO operations like database servers. It's scalable, so you can add extra block storage volumes without dropping performance.

Answer 40

(EFS) is a fully managed and scalable NFS file system (for Linux) that can be mounted to EC2 instances and on-premises compute resources.

Answer 41

Storage Gateway is a device used to transfer data from your on premise site to AWS Cloud-based storage to provide seamless integration.

Answer 42

The different types of Storage Gateway are: - File Gateway - Volume Gateway - Tape Gateway

Answer 43

AWS Backup is a service that lets you manage data backups across multiple AWS Services.

Answer 44

AWS Backup integrates with EC2, EBS, EFS and more. Backup plans can include both frequency of backup and retention period

Answer 45

4 key attributes of CloudFront are: - makes content available globally or restricts it based on location - provides security features like DDoS protection and geo-restriction - speeds up delivery of static and dynamic web content - uses edge locations to cache content

Answer 46

A CDN is a mechanism to deliver content quickly and efficiently based on geographic location.

Answer 47

Latency is the time it takes to respond to a request.

Answer 48

CloudFront: - makes content available globally or restricts it based on location - uses edge locations to cache content - speeds-up delivery of static and dynamic web content

Answer 49

2 use cases for CloudFront are: - S3 Static websites- Prevent attacks (can stop DDOS attacks) - IP address blocking (geo-restrictions prevents users in certain areas accessing content)

Answer 50

CloudFront is a fast content delivery network (CDN) that delivers data and applications globally with low latency.

Answer 51

Global Accelerator sends your users through the AWS global network when accessing content, speeding up delivery.Global Accelerator provides low latency.

Answer 52

Global Accelerator provides: - improved latency and availability of single-region applications - 60% performance boost - sending traffic through AWS infrastructure - re-routing of traffic to healthy available regional endpoints

Answer 53

Route 53 is a DNS service that routes users to applications.

Answer 54

An endpoint enables instances in your VPC to use their private IP addresses to communicate with resources in other services. Your instances do not require public IP addresses, and you do not need an Internet gateway, a NAT device, or a virtual private gateway in your VPC.

Answer 55

A VPC is a Virtual Private Cloud - a virtual data centre where you can deploy your Cloud assets.

Answer 56

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you create a private connection between AWS and your data centre, office, or colocation environment.

Answer 57

Direct Connect provides: - a dedicated physical network connection - a means for data to travel over a private network - connects on premise and AWS - supports a hybrid model

Answer 58

AWS VPN creates a secure connection between your internal networks and your AWS VPCs.

Answer 59

AWS VPN provides: - connectivity between your on-premise data to AWS - similar features to Direct Connect but the data travels over the public internet - encrypted data - support for a hybrid model

Answer 60

An API Gateway is a mechanism to build and manage APIs.

Answer 61

RDS is Amazon Relational Database Service that makes it easy to launch and manage relational databases.

Answer 62

The key features of RDS are: - it supports popular database engines - AWS manages the databases with automated patching, backups and maintenance etc - it offers high availability and fault tolerance using multi-AZ deployment options - Read replicas can be used across regions to provide enhanced performance and durability.

Answer 63

Amazon Aurora is a relation db compatible with MySQL and PostgreSQL created by AWS.

Answer 64

The key features of Aurora are: - it supports MySQL and PostgreSQL - it scales automatically while providing durability and high availability - its is 5x faster than normal MySQL and 3x faster than PostgreSQL - it is managed by RDS

Answer 65

DynamoDB is a fully managed NoSQL key-value and document database

Answer 66

The key features of DynamoDB are: - it is a NoSQL key-value database - it is non-relational - it is fully managed and serverless - it scales automatically to massive workloads and fast performance

Answer 67

Amazon DocumentDB is a fully managed document database that supports MongoDB.

Answer 68

The key features of DocumentDB are: - it is a document database - it is fully managed and serverless - it is MongoDB compatible - it is non-relational

Answer 69

Elasticache is a web service to deploy, operate and scale an in-memory cache in the Cloud. The service improves the performance of web applications by retrieving information from managed in-memory caches, instead of relying entirely on slower disk-based databases

Answer 70

The key features of Elasticache are: - it is an in-memory datastore - it is compatible with Redis or Memcached engines - it offers high performance and low latency

Answer 71

Amazon Neptune is a fully managed graph database that supports highly connected datasets.

Answer 72

The key features of Neptune are: - it is a graph database service - it is fully managed and serverless - it supports highly connected datasets like social media networks - it is fast and reliable

Answer 73

RDS is the best choice to migrate an on-premise Oracle db to the cloud

Answer 74

Either RDS or Aurora are the best choices to migrate an on-premise postgreSQL db to the cloud

Answer 75

Elasticache is the best choice to alleviate database load for data that is accessed often

Answer 76

Neptune is the best choice to process large sets of user profiles and social interactions

Answer 77

DynamoDB is the best choice for a NoSQL db that can handle millions of requests a second

Answer 78

DocumentDB is the best choice to operate MongoDB workloads at scale

Answer 79

RDS supports: - Amazon Aurora - PostgreSQL - MySQL - MariaDB - Oracle - SQLServer

Answer 80

DMS helps you to migrate databases to or from AWS.

Answer 81

The key features of DMS are: - it migrates on-premise dbs to AWS - it supports homogeneous and heterogeneous migrations - it provides continuous data replication - it has virtually no downtime

Answer 82

SMS allows you to migrate on-premise servers to AWS.

Answer 83

The Snow family consists of SnowCone, Snowball and Snowball Edge, and SnowMobile

Answer 84

SnowCone is the smallest member of the data transport devices. It provides up to 8TB of storage and can be shipped offline or uploaded using DataSync.

Answer 85

Snowball and Snowball Edge are petabyte scale data transport solutions. Snowball Edge also supports EC2 and Lambda

Answer 86

Snowball is a multi-petabyte or exabyte scale transport solution on a truck. The data can be loaded into S3.

Answer 87

DataSync is used to move large amounts of data from on-premise to AWS. Replication can be done hourly, daily or weekly

Answer 88

ARedshift is a fully managed petabyte scale data warehouse service in the cloud.Redshift allows you to perform business intelligence operations on historical data to answer business questions.

Answer 89

You would use Redshift when you need to consolidate multiple data sources for reporting, or if you want to run a db that doesn't require real-time transactional updates.

Answer 90

Glue is an ETL tool. It prepares your data for analytics. Glue extracts the data from different data sources, transforms it, and then saves it in the data warehouse.

Answer 91

Elastic MapReduce helps you to process large amounts of data. EMR works with big data frameworks and allows you to analyse data with Hadoop.

Answer 92

Data Pipeline helps you move data between compute and storage services running on AWS or on-premise. Data Pipeline moves data at specific intervals and on certain conditions and sends notification of success or failure

Answer 93

QuickSight helps you to visualise your data. QuickSight lets you build interactive dashboards and embed them within your applications

Answer 94

You would use Kinesis to analyse logs.

Answer 95

Recognition is a service that enables the automation of image and video analysis

Answer 96

Comprehend is a natural language processing service that finds relationships in text.

Answer 97

Polly is a service that turns text into speech

Answer 98

SageMaker is a service that helps you build, train and deploy machine learning models quickly.

Answer 99

Translate is a service that provides language translation

Answer 100

Lex is a service that lets you build conversational interfaces like chatbots.

Answer 101

Cloud9 allows you to write code in an IDE within your web browser.

Answer 102

CodeCommit is a source control system for private GIT repos. It is a service similar to GIThub

Answer 103

CodeBuild allows you to build and test your application source code

Answer 104

CodeDeploy manages the deployment of code to compute services in the cloud (EC2, Fargate and Lambda) or on-premises

Answer 105

CodePipeline automates the software release process. CodePipeline integrates with CodeCommit to retrieve source code, with CodeBuild to run builds and tests, and CodeDeploy to deploy the changes.

Answer 106

X-Ray helps you to debug production applications. For example by tracing calls to an RDS database

Answer 107

CodeStar helps developers work collaboratively on development projects.CodeStar can manage the development pipeline of CodeCommit, CodeBuild and CodeDeploy

Answer 108

CloudFormation is a service that allows you to provision AWS resources using IaC

Answer 109

Elastic Beanstalk allows you to deploy your web applications and web services to AWS. For example, after you upload your Java code, Elastic Beanstalk deploys it and handles capacity provisioning, load balancing, and Auto Scaling. Elastic Beanstalk even monitors the health of your application. Elastic Beanstalk deploys to the Cloud only, not on-premises.

Answer 110

OpsWorks allows you to use Chef or Puppet to automate the config of your servers and deploy code. OpsWorks allows you to define software installation scripts and automate configuration for your application servers. OpsWorks can deploy applications on-premises.

Answer 111

Coupling defines the interdependencies or connections between components of a system. Loose coupling helps reduce the risk of cascading failures between components.

Answer 112

SQS is a message queuing service that allows you to build loosely coupled systems. SQS works in a FIFO order

Answer 113

SNS allows you to send emails and text messages from your applications. For example, you can have emails sent when a CPU utilisation goes above 80%. SNS works with CloudWatch when an alarm's metric threshold is breached to send an email.

Answer 114

SES is an email service that allows you to send richly formatted HTML emails from your applications

Answer 115

CloudWatch is a collection of services that help you to monitor and observe your Cloud resources.

Answer 116

CloudTrail tracks user activity and API calls within your account. CloudTrail can: - log and retain account activity - identify which user made changes - track activity through the console, SDKs and CLI - detect unusual activity in your account

Answer 117

CloudTrail can track: - user name - event time and name - IP address - access key - region - error code

Answer 118

The developer is probably in a different Region from where the resources were initially deployed. Resources that aren't global are typically deployed to a specific Region. Since Regions are isolated and resources aren't automatically replicated across them, the developer needs to switch to the correct Region in order to find the resources.

Answer 119

Infrastructure as a Service (IaaS) IaaS includes the fundamental building blocks that can be rented from AWS. AWS manages the infrastructure and provides you a virtual machine that you can use however you'd like to meet your business requirements.

Answer 120

Increase speed and agility. The cloud gives you increased speed and agility. All the services you have access to help you innovate faster, giving you speed to market.

Answer 121

AWS The platform-as-a-service model removes the need for organizations to manage the underlying infrastructure (usually hardware and operating systems) and allows you to focus on the deployment and management of your applications.

Answer 122

- Delete your root access keys. - Activate MFA on the root account - Create individual IAM users - Apply an IAM password policy - Use groups to assign permissions The root user should only be used in emergencies, and therefore there should be no need to have root access keys which allow the root user programmatic access - any programmatic access should use something other than the root account.

Answer 123

- Route 53 - Web Application Firewall (WAF) - AWS Shield - CloudFront

Answer 124

AWS Personal Health Dashboard AWS Personal Health Dashboard focuses on the performance and availability of your AWS services so you can respond accordingly.

Answer 125

Amazon Glacier Flexible Retrieval Amazon Glacier Flexible Retrieval (formerly Amazon S3 Glacier) provides the lowest cost option for long-term storage and is perfectly suited for this scenario. The backups would not need to be retrieved quickly, so Glacier Flexible Retrieval is the best option.

Answer 126

AWS Infrastructure Event Management Infrastructure Event Management offers architecture guidance and operational support during the preparation and execution of planned events, such as shopping holidays, product launches, and migrations. Consulting partner from the AWS Partner Network (APN) Consulting partners offer professional services.

Answer 127

Managed Services helps you efficiently operate your AWS infrastructure and reduces operational risks and overhead.

Answer 128

AWS Infrastructure Event Management (IEM) offers architecture and scaling guidance and operational support during the preparation and execution of planned events, such as shopping holidays, product launches, and migrations.

Answer 129

Professional Services are used to help enterprise customers move to a cloud-based operating model whereas MS augments your internal staff to provide ongoing management of your infrastructure to reduce operational risks and overhead.

Answer 130

The CloudWatch services consist of: - CloudWatch Metrics - CloudWatch Alarms - CloudWatch Logs - CloudWatch Events

Answer 131

Provision resources to the Asia Pacific (Sydney) Region in Australia. A multi-Region deployment solves the issue by deploying the application closest to the user base.

Answer 132

Global Accelerator Global Accelerator can improve the experience by routing player traffic along with the private AWS global network to the fastest instance of your application. Player traffic is not negatively impacted by internet congestion and local outages.

Answer 133

Install the MySQL database directly on an EC2 instance. Installing the database directly to EC2 gives the customer complete control over the database and its management.

Answer 134

The following services are global: - IAM - Organizations - CloudFront - Route53 - Global Accelerator - Direct Connect - WAF - AWS Shield

Answer 135

Amazon RDS handles routine database tasks, such as provisioning, patching, backup, recovery, failure detection, and repair.

Answer 136

Multiple Availability Zones This solves the requirement for high availability and in the same geographic location.

Answer 137

Infrastructure as a Service (IaaS) IaaS offers building blocks that can be rented. When you pay a web hosting fee, you're using IaaS.

Answer 138

Redshift Redshift allows you to run complex analytic queries against petabytes of structured data, using sophisticated query optimization, columnar storage on high-performance local disks, and massively parallel query execution.

Answer 139

Elastic Beanstalk Elastic Beanstalk monitors application health via a health dashboard. Elastic Load Balancing Load balancers monitor the health of EC2 instances and route the traffic to only instances that are in a healthy state. Route 53 Route 53 can be used to configure DNS health checks to route traffic to healthy endpoints or to monitor the health of your applications.

Answer 140

See diagram

Answer 141

Suggest that the company make Reserved Instance purchases and capitalize them. Many companies capitalize Reserved Instance purchases, especially those with 3-year terms

Answer 142

Instance metadata This type of data is stored in instance metadata.

Answer 143

Checks to determine if an administrative user is used instead of the root account This is not a check provided in Trusted Advisor.

Answer 144

AWS Trusted Advisor Trusted Advisor provides real-time guidance to help you provision your resources following AWS best practices.

Answer 145

Trusted Advisor AWS Trusted Advisor is an online tool that provides you with real-time guidance to help you provision your resources following AWS best practices.

Answer 146

Identities Identities are the IAM resource objects that are used to identify and group. You can attach a policy to an IAM identity. These include users, groups, and roles.

Answer 147

Resource groups You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time. This guide shows you how to create and manage AWS resource groups.

Answer 148

Entities IAM entities are the users (IAM users and federated users) and roles that are created and used for authentication.

Answer 149

Outposts allows you to run cloud services in your internal data centre.

Answer 150

Athena is a query service at scale for Amazon S3.

Answer 151

Kinesis allows you to analyse data and video streams in real time.

Answer 152

Security group controls the traffic that is allowed to reach and leave the resources that it is associated with. SGs act as virtual firewalls for individual instances, controlling inbound and outbound traffic.

Answer 153

Network ACL allows or denies specific inbound or outbound traffic at the subnet level. NACL acts as a firewall for subnets, controlling traffic flow in and out based on a set of rules. Use NACLs as an additional layer of security to your VPC.

Answer 154

Use NACLs to define broad traffic rules that you want to apply to every instance within a subnet, and then fine-tune the internet accessibility of specific instances by applying security groups.

Answer 155

VPC Flow Logs is a feature that enables you to capture information about the IP traffic going to and from network interfaces in your VPC. Use Flow Logs to monitor the IP traffic going to and from a VPC, subnet, or network interface. Flow log data can be published to CloudWatch Logs or S3. Flow log data is collected outside of the path of your network traffic, and therefore does not affect network throughput or latency.

Answer 156

Flow logs can help you with: - Verify success or failure of the data flow. - Verify protocols and ports used to send the data. - Diagnosing overly restrictive security group rules. - Monitoring the traffic that is reaching your instance. - Determining the direction of the traffic to and from the network interfaces.

Answer 157

Network Access Analyzer is a feature that identifies unintended network access to your resources in AWS VPC. Use Network Access Analyzer to specify your network access requirements and to identify potential network paths that do not meet your specified requirements.

Answer 158

AWS PrivateLink establishes private connectivity between VPC and supported AWS services, services hosted by other AWS accounts, and supported AWS Marketplace services. You do not need to use an internet gateway, NAT device, Direct Connect connection, or AWS Site-to-Site VPN connection to communicate with the service.

Answer 159

To use AWS PrivateLink, create a VPC endpoint in your VPC, specifying the name of the service and a subnet. This creates an elastic network interface in the subnet that serves as an entry point for traffic destined to the service. You can create your own VPC endpoint service, powered by AWS PrivateLink and enable other AWS customers to access your service.

Answer 160

AWS WAF is a managed web application firewall service that helps you protect your web applications at the application layer from common web exploits that could affect application availability, compromise security, and/or consume excessive resources. Use WAF to filter any part of the web request, such as IP addresses, HTTP headers, HTTP body, or URI strings to block common attack patterns, such as SQL injection or cross-site scripting.