Technology Flashcards

Question

What are EBS volumes?

Answer 1

EBS volumes are stores that are created from an Amazon EBS snapshot.

Answer 2

ENI is an Elastic Network Interface - essentially a virtual network card.

Answer 3

EN is Enhanced Networking. EN uses single root I/O virtualisation to provide high-performance networking on supported instance types.

Answer 4

Elastic Fabric Adapter is a network device that can be attach to your EC2 instance to accelerate High Performance Computing (HPC) and machine learning applications.

Answer 5

Spot Instances let you take advantage of unused EC2 capacity in the Cloud. Spot instances are available at uptown a 90% discount.

Answer 6

Spot instances are useful for: - Big data and analytics - Containerised workloads - CI / CD testing - Web services

Answer 7

Spot Fleets are a collection of Spot Instances. Spot Fleets attempt to launch the number of Spot Instances and On-Demand instances to meet the target capacity specified.

Answer 8

Grafana is an open source visualisation tool that can be used on top of a variety of data stores providing dashboards.

Answer 9

IMA uses Groups (to which users can be assigned), and Roles to manage access.

Answer 10

Kinesis Firehose is a tool to load streaming data into data lakes, data stores and analytics tools. Firehose can capture, transform and load data enabling real-time analytics.

Answer 11

Lambda is a serverless compute function that runs code in response to events and requests without managing servers

Answer 12

Load Balancers are used to balance load across internet-facing web servers.

Answer 13

The three types of Load Balancers are: - Application Load Balancers - Network Load Balancers - Classic Load Balancers

Answer 14

Application Load Balancers are best suited for http and https traffic. They are application aware and send specific requests to specific web servers.

Answer 15

Network Load Balancers are best suited for load balancing of TCP traffic where extreme performance is required.

Answer 16

Classic Load balancers are used to balance http and https traffic but are not application aware. Classic Load balancers are typically used as a cheap option when you don't care how the load is distributed.

Answer 17

NAT Gateways allow your private subnets to communicate out to the internet without becoming public.

Answer 18

An AWS Region is a geographical area

Answer 19

Availability Zones are close proximity, but separate, data centres within AWS Regions.

Answer 20

Edge Locations are endpoints that are used for caching content.

Answer 21

Edge Locations uses CloudFront (which is Amazons CDN) to cache content.

Answer 22

A VPC is a Virtual Private Cloud - a virtual data centre where you can deploy your Cloud assets.

Answer 23

Amazon Relational Database Service is a managed service to setup and operate a relational DB in the Cloud.

Answer 24

Quicksight is a business analytics service to build visualisations and perform ad-hoc analysis from your data.

Answer 25

S3 is secure, durable and highly scaleable object storage.

Answer 26

The S3 tiers are: - S3 standard - S3 IA (infrequently accessed) - S3 one zone IA - S3 intelligent tiering (moves objects around based on how you use/access your data) - S3 glacier - S3 glacier deep archive -S3 Outposts

Answer 27

You can restrict S3 bucket access in the following ways: - Bucket policies (that apply across the whole bucket) - Object policies (that apply to individual files) - IAM policies to users and groups

Answer 28

DataSync is used to move large amounts of data from on-premise to AWS. Replication can be done hourly, daily or weekly

Answer 29

Snowball is a petabyte-scale transport solution to get data in / out of AWS

Answer 30

Snowball Edge is a 100TB data transfer device with compute capabilities. It can act as either a transport vehicle or support work in offline locations because it can run lambda functions etc. Snowmobile is for data transfer 100PB and is a shipping container on a truck.

Answer 31

Storage Gateway is a device used to transfer data from your on premise site to AWS Cloud-based storage to provide seamless integration.

Answer 32

The different types of Storage Gateway are: - File Gateway - Volume Gateway - Tape Gateway

Answer 33

File Gateways are used to store your on-premise data as files within S3. Once uploaded the files are treated as native S3 objects.

Answer 34

A Volume Gateway provides cloud-backed storage volumes that you can mount as Internet Small Computer System Interface (iSCSI) devices from your on-premises application servers.

Answer 35

Tape Gateway enables you to replace using physical tapes on premises with virtual tapes in AWS

Answer 36

A VPC Endpoint is essentially a configuration that allows your services in your VPC to access a service made available to you via PrivateLink. A VPC endpoint creates a private connection between your VPC and another AWS service without requiring access over the Internet, through a NAT device, a VPN connection, or AWS Direct Connect.

Answer 37

The two types of VPC endpoints are: - Interface endpoints - Gateway endpoints

Answer 38

Interface endpoints are a type of VPC endpoint that creates an ENI with a private IP address in the subnet to serve as an entry point for traffic destined to another AWS service.

Answer 39

Gateway endpoints are a type of VPC endpoint that you specify as a target for a route in the route table for traffic destined to a supporting AWS service

Answer 40

WAF (Web Application Firewall) allows the monitoring of the http and https requests.

Answer 41

The four primary services for storing data in AWS are: - Elastic Block Store (EBS) - Elastic File System (EFS) - Amazon FSx - S3

Answer 42

A use case maybe for large enterprise apps to use EBS to store self-managed relational and NoSQL databases. They may then run big data analytics engines against this information that work at lightning speed.

Answer 43

No, block storage contains no metadata. Object-based storage has metadata

Answer 44

EBS's biggest strengths are its reliable performance and flexibility. It's ideal for apps that need low latency with many IO operations like database servers. It's scalable, so you can add extra block storage volumes without dropping performance.

Answer 45

(EFS) is a fully managed and scalable NFS file system (for Linux) that can be mounted to EC2 instances and on-premises compute resources.

Answer 46

Amazon GuardDuty is an intelligent threat detection service that continuously monitors for malicious activity and unauthorised behaviour to protect your AWS accounts, workloads, and data stored in Amazon S3. GuardDuty analyzes tens of billions of events across multiple AWS data sources, such as AWS CloudTrail event logs, Amazon VPC Flow Logs, and DNS logs.

Answer 47

AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS. Using AWS Direct Connect, you create a private connection between AWS and your data center, office, or colocation environment.

Answer 48

AWS PrivateLink is a highly available, scalable technology that enables you to privately connect your VPC to services as if they were in your VPC.

Answer 49

The advantages to Cloud Computing are: - Go global in minutes - Stop spending money on running and maintaining data datacentres - Benefit from massive economies of scale - Increase speed and agility - Stop guessing capacity - Trade capital expenses for variable expenses

Answer 50

The 4 benefits are: - High Availability - Elasticity - Agility - Durability

Answer 51

The 3 common Cloud computing models are: - IaaS - PaaS - SaaS

Answer 52

The 3 common Cloud deployment models are: - Private Cloud - Public Cloud - Hybrid Cloud

Answer 53

Another term for Private Cloud is 'on-premises'

Answer 54

Availability Zones are: - Physically separated - Connected through low-latency links - Fault tolerant - Allow high availability

Answer 55

AWS Command Line Interface (CLI) is a service that allows you to programmatically access your AWS account through a terminal or command window

Answer 56

Software Development Kits (SDKs) allow you to access AWS Services from popular programming languages

Answer 57

Using Lambda you are charged based on the duration and number of requests. You have access to 1 million free Lambda calls each month.

Answer 58

Fargate is a serverless compute engine for containers. Fargate allows you to manage containers. It is serverless and scales automatically

Answer 59

Lightsail is a service that allows you to quickly launch all the resources needed for small projects. Lightsail enables the deployment of preconfigured applications such as WordPress websites and comes with a VM, a static IP, SSD based storage and more.

Answer 60

AWS Outposts allows you to run cloud services in your internal data center. Outposts support workloads that need to remain on-premise for latency or data sovereignty needs. AWS delivers and installs the servers in your data center.

Answer 61

AWS Batch allows you to process large workloads in smaller chunks (or batches). AWS Batch can run hundreds / thousands of smaller batch processing jobs and can dynamically provision instances based on volume.

Answer 62

You are only responsible for your application code. AWS manages servers, coding environment, and language support

Answer 63

S3 Access logs are used to track the access to your buckets and objects

Answer 64

S3 is a regional service but bucket names must be globally unique

Answer 65

Durability means your objects are never lost or compromised. Amazon S3 Standard is designed for 99.999999999% (11 9’s) of durability.

Answer 66

Availability means you can access your data quickly when you need it. Amazon S3 Standard is designed for 99.99% availability.

Answer 67

S3 Standard is recommended for frequently accessed data

Answer 68

S3 Intelligent Tiering is recommended for data with unknown or changing access patterns

Answer 69

S3 Infrequent Access is recommended for long-lived data that is not frequently accessed yet gives millisecond access when needed

Answer 70

S3 One Zone IA is recommended for re-creatable data, infrequently accessed with millisecond access but where availability and durability is not essential

Answer 71

S3 Glacier is recommended for long term backups and cheaper storage options

Answer 72

S3 Glacier Deep Archive is used for long-term data archival accessed once or twice a year, or retaining data for regulatory compliance needs.

Answer 73

S3 Outposts is recommended for data that needs to be kept local or has demanding application performance needs.

Answer 74

4 common real world usage scenarios include: - Static websites (deploy to S3 and distribute with Cloudfront) - Data archival ( store in S3 Glacier) - Analytics systems (store in S3 and use analytic services like Redshift and Athena) - Mobile applications (App users can upload to S3 buckets)

Answer 75

The supported storage options are : - Elastic Block Store (EBS) - Elastic File System (EFS) - Instance Store

Answer 76

The key attributes of note for EBS are: - The data persists when the instance is not running - It is tied to one AZ - It can only be attached to 1 instance in the same AZ

Answer 77

EBS is recommended for - Quickly accessible data - Running a database on an instance - Long-term data storage

Answer 78

EC2 instance store is local storage that is physically attached to the host computer and cannot be removed.

Answer 79

The key attributes of note for EC2 instance store are: - Storage on disks physically attached to an instance - Storage is temporary with the data being lost when the EC2 is stopped - EC2 instance store is fast with high I/O speeds

Answer 80

EC2 instance stores are recommended for: - temporary storage data needs - data replicated across multiple instances

Answer 81

The key attributes of note for EFS are: - It only supports the Linux file system - It is accessible across different AZ's in the same region - It is more expensive than EBS

Answer 82

EFS is recommended for: - Main directories for business-critical apps - Lift and shift existing enterprise apps

Answer 83

The key attributes of note for storage gateway are: - That it connects on-premise and cloud data - and that it is a hybrid storage model

Answer 84

Storage gateway is recommended for: - Moving backups to the cloud - Reducing costs for hybrid cloud storage - Low latency access to data

Answer 85

AWS Backup is a service that lets you manage data backups across multiple AWS Services.

Answer 86

AWS Backup integrates with EC2, EBS, EFS and more. Backup plans can include both frequency of backup and retention period

Answer 87

4 key attributes of CloudFront are: - makes content available globally or restricts it based on location - provides security features like DDoS protection and geo-restriction - speeds up delivery of static and dynamic web content - uses edge locations to cache content

Answer 88

Global Accelerator sends your users through the AWS global network when accessing content, speeding up delivery. Global Accelerator provides low latency.

Answer 89

Global Accelerator provides: - improved latency and availability of single-region applications - 60% performance boost - sending traffic through AWS infrastructure - re-routing of traffic to healthy available regional endpoints

Answer 90

S3 Transfer Acceleration improves content uploads and downloads to and from S3 buckets.

Answer 91

S3 Transfer Acceleration provides: - improved speed in the transfer of files over long distances - enables customers worldwide to upload to a central bucket - uses CloudFronts globally distributed edge locations

Answer 92

EC2 instances can be accessed by: - AWS Management Console - Secure Shell (SSH) - EC2 Instance Connect (EIC) - AWS Systems Manager

Answer 93

EC2 Instance Connect allows you to use IAM policies to control SSH access to your instances, removing the need to manage SSH keys

Answer 94

Systems Manager allows you to manage your EC2 instances via a web browser or the AWS CLI

Answer 95

The steps to connect to an EC2 using SSH are: - generate a key pair - use the private key to connect to the EC2 (public key)

Answer 96

You should use on-demand instances when: - you care about low cost without upfront payment or long-term commitment - your applications have unpredictable workloads that can't be interrupted - your applications are under development - your workloads will not run any longer than a year

Answer 97

You should use Spot instances when: - you are not concerned about the start or stop time of your application - your workloads can be interrupted - your application is only feasible at very low compute prices

Answer 98

You can save up to 90% by using Spot instances

Answer 99

You should use EC2 Reserved Instances when: - your application has a steady state usage and you can commit to 1 - 3 years - you can pay money upfront in order to receive a discount on on-demand prices - your application requires a capacity reservation (you need to sign a contract)

Answer 100

You can save up to 75% on on-demand prices using reserved instances.

Answer 101

You should use EC2 Dedicated Hosts when: - you want to bring your own server-bound software licences - you have regulatory or corporate compliance requirements around tenancy models

Answer 102

You can save up to 70% on on-demand prices using dedicated hosts.

Answer 103

You should use EC2 Savings Plans when: - you want to lower your bill across multiple compute services. - you want the flexibility to change compute services, instance types, OS's or regions - savings can be shared across various compute services like EC2, Fargate and Lambda

Answer 104

You can save up to 72% on on-demand prices using EC2 Savings Plans.

Answer 105

Elastic Load Balancing automatically distributes your incoming application traffic across multiple EC2 instances.

Answer 106

EC2 auto-scaling adds or replaces EC2 instances automatically across AZs based on need and changing demand.

Answer 107

Horizontal scaling (or scaling out) adds or replaces instances, while vertical scaling (or scaling up) upgrades existing instances.

Answer 108

Lambda is a sever less compute service that lets you run code without managing servers.

Answer 109

The key features of Lambda are: - the support of popular programming languages such as Java, Powershell and Python - coding via IDEs or in the console - Lambda can execute in response to events - Lambda functions have a 15 minute timeout

Answer 110

S3 versioning allows you to create multiple versions of your file in order to protect against accidental deletion or to use previous versions.

Answer 111

S3 access logs allow you to track the access to your buckets and objects.

Answer 112

A CDN is a mechanism to deliver content quickly and efficiently based on geographic location.

Answer 113

Latency is the time it takes to respond to a request.

Answer 114

CloudFront: - makes content available globally or restricts it based on location - uses edge locations to cache content - speeds-up delivery of static and dynamic web content

Answer 115

3 use cases for CloudFront are: - S3 Static websites - Prevent attacks (can stop DDOS attacks) - IP address blocking (geo-restrictions prevents users in certain areas accessing content)

Answer 116

A Network ACL is an access control list to ensure that the proper traffic is allowed into a subnet.

Answer 117

An internet gateway allows public traffic to the internet from a VPC.

Answer 118

DNS stands for Domain Name System and directs internet traffic by connecting domain names with servers.

Answer 119

Route 53 is a DNS service that routes users to applications.

Answer 120

Direct Connect provides: - a dedicated physical network connection - a means for data to travel over a private network - connects on premise and AWS - supports a hybrid model

Answer 121

AWS VPN creates a secure connection between your internal networks and your AWS VPCs.

Answer 122

AWS VPN provides: - connectivity between your on-premise data to AWS - similar features to Direct Connect but the data travels over the public internet - encrypted data - support for a hybrid model

Answer 123

A Virtual Private Gateway is a VPN connector on the AWS side.

Answer 124

A Customer Gateway is a VPN connector on the customer side.

Answer 125

An API Gateway is a mechanism to build and manage APIs.

Answer 126

RDS is Amazon Relational Database Service that makes it easy to launch and manage relational databases.

Answer 127

The key features of RDS are: - it supports popular database engines - AWS manages the databases with automated patching, backups and maintenance etc - it offers high availability and fault tolerance using multi-AZ deployment options - Read replicas can be used across regions to provide enhanced performance and durability.

Answer 128

Amazon Aurora is a relation db compatible with MySQL and PostgreSQL created by AWS.

Answer 129

The key features of Aurora are: - it supports MySQL and PostgreSQL - it scales automatically while providing durability and high availability - its is 5x faster than normal mySQL and 3x faster than PostgreSQL - it is managed by RDS

Answer 130

DynamoDB is a fully managed NoSQL key-value and document database

Answer 131

The key features of DynamoDB are: - it is a NoSQL key-value database - it is non-relational - it is fully managed and serverless - it scales automatically to massive workloads and fast performance

Answer 132

Amazon DocumentDB is a fully managed document database that supports MongoDB.

Answer 133

The key features of DocumentDB are: - it is a document database - it is fully managed and serverless - it is MongoDB compatible - it is non-relational

Answer 134

Elasticache is a web service to deploy, operate and scale an in-memory cache in the Cloud. The service improves the performance of web applications by retrieving information from managed in-memory caches, instead of relying entirely on slower disk-based databases

Answer 135

The key features of Elasticache are: - it is an in-memory datastore - it is compatible with Redis or Memcached engines - it offers high performance and low latency

Answer 136

Amazon Neptune is a fully managed graph database that supports highly connected datasets.

Answer 137

The key features of Neptune are: - it is a graph database service - it is fully managed and serverless - it supports highly connected datasets like social media networks - it is fast and reliable

Answer 138

RDS is the best choice to migrate an on-premise Oracle db to the cloud

Answer 139

Either RDS or Aurora are the best choices to migrate an on-premise postgreSQL db to the cloud

Answer 140

Elasticache is the best choice to alleviate database load for data that is accessed often

Answer 141

Neptune is the best choice to process large sets of user profiles and social interactions

Answer 142

DynamoDB is the best choice for a NoSQL db that can handle millions of requests a second

Answer 143

DocumentDB is the best choice to operate MongoDB workloads at scale

Answer 144

RDS supports: - Amazon Aurora - PostgreSQL - MySQL - MariaDB - Oracle - SQLServer

Answer 145

DMS helps you to migrate databases to or from AWS.

Answer 146

The key features of DMS are: - it migrates on-premise dbs to AWS - it supports homogeneous and heterogeneous migrations - it provides continuous data replication - it has virtually no downtime

Answer 147

SMS allows you to migrate on-premise servers to AWS.

Answer 148

The Snow family consists of SnowCone, Snowball and Snowball Edge, and SnowMobile

Answer 149

SnowCone is the smallest member of the data transport devices. It provides up to 8TB of storage and can be shipped offline or uploaded using DataSync.

Answer 150

Snowball and Snowball Edge are petabyte scale data transport solutions. Snowball Edge also supports EC2 and Lambda

Answer 151

Snowball is a multi-petabyte or exabyte scale transport solution on a truck. The data can be loaded into S3.

Answer 152

A data warehouse is a data storage solution that aggregates massive amounts of historical data from disparate sources. Data Warehouses support querying, reporting, analytics and business intelligence.

Answer 153

A Redshift is a fully managed petabyte scale data warehouse service in the cloud. Redshift allows you to perform business intelligence operations on historical data to answer business questions.

Answer 154

You would use Redshift when you need to consolidate multiple data sources for reporting, or if you want to run a db that doesn't require real-time transactional updates.

Answer 155

Glue prepares your data for analytics. It extracts the data from different data sources, transforms it, and then saves it in the data warehouse.

Answer 156

Elastic MapReduce helps you to process large amounts of data. It works with big data frameworks and allows you to analyse data with Hadoop.

Answer 157

Data Pipeline helps you move data between compute and storage services running on AWS or on-premise. Data Pipeline moves data at specific intervals and on certain conditions and sends notification of success or failure

Answer 158

QuickSight helps you to visualise your data. It lets you build interactive dashboards and embed them within your applications

Answer 159

You would use Athena to query historical data in S3.

Answer 160

You would use Kinesis to analyse logs.

Answer 161

Recognition is a service that enables the automation of image and video analysis

Answer 162

Comprehend is a natural language processing service that finds relationships in text.

Answer 163

Polly is a service that turns text into speech

Answer 164

SageMaker is a service that helps you build, train and deploy machine learning models quickly.

Answer 165

Translate is a service that provides language translation

Answer 166

Lex is a service that lets you build conversational interfaces like chatbots.

Answer 167

Cloud9 allows you to write code in an IDE within your web browser.

Answer 168

CodeCommit is a source control system for private GIT repos. It is a service similar to GIThub

Answer 169

CodeBuild allows you to build and test your application source code

Answer 170

CodeDeploy manages the deployment of code to compute services in the cloud (EC2, Fargate and Lambda) or on-premises

Answer 171

CodePipeline automates the software release process. CodePipeline integrates with CodeCommit to retrieve source code, with CodeBuild to run builds and tests, and CodeDeploy to deploy the changes.

Answer 172

X-Ray helps you to debug production applications. For example by tracing calls to an RDS database

Answer 173

CodeStar helps developers work collaboratively on development projects. CodeStar can manage the development pipeline of CodeCommit, CodeBuild and CodeDeploy

Answer 174

CloudFormation is a service that allows you to provision AWS resources using IaC

Answer 175

Elastic Beanstalk allows you to deploy your web applications and web services to AWS. For example, after you upload your Java code, Elastic Beanstalk deploys it and handles capacity provisioning, load balancing, and Auto Scaling. Elastic Beanstalk even monitors the health of your application. Elastic Beanstalk deploys to the Cloud only, not on-premises.

Answer 176

OpsWorks allows you to use Chef or Puppet to automate the config of your servers and deploy code. OpsWorks allows you to define software installation scripts and automate configuration for your application servers. OpsWorks can deploy applications on-premises.

Answer 177

Coupling defines the interdependencies or connections between components of a system. Loose coupling helps reduce the risk of cascading failures between components.

Answer 178

SQS is a message queuing service that allows you to build loosely coupled systems. SQS works in a FIFO order

Answer 179

SNS allows you to send emails and text messages from your applications. For example, you can have emails sent when a CPU utilisation goes above 80%. SNS works with CloudWatch when an alarm's metric threshold is breached to send an email.

Answer 180

SES is an email service that allows you to send richly formatted HTML emails from your applications

Answer 181

CloudWatch is a collection of services that help you to monitor and observe your Cloud resources.

Answer 182

CloudTrail tracks user activity and API calls within your account. CloudTrail can: - log and retain account activity - identify which user made changes - track activity through the console, SDKs and CLI - detect unusual activity in your account

Answer 183

CloudTrail can track: - user name - event time and name - IP address - access key - region - error code

Answer 184

Shield is a managed Distributed Denial of Service (DDOS) protection service

Answer 185

Shield provides DDoS protection and works with: -CloudFront -Route 53 -Elastic Load Balancing -AWS Global Accelerator.

Answer 186

Inspector works with EC2 instances (only) to uncover and report vulnerabilities

Answer 187

Artefact offers on-demand access to AWS security and compliance reports Artifact provides a central repository for AWS' security and compliance reports via a self-service portal.

Answer 188

Data encryption encodes data so it cannot be read by unauthorized users.

Answer 189

Key Management Service (KMS) allows you to generate and store encryption keys

Answer 190

CloudHSM is a hardware security module (HSM) used to generate and manage encryption keys. CloudHSM allows you to meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated hardware in the cloud.

Answer 191

Secrets Manager allows you to manage and retrieve secrets (passwords or keys) It integrates with services such as RDS, Redshift and DocumentDB and encrypts secrets at rest

Answer 192

The Application Discovery Service helps you plan migration projects to the AWS Cloud.

Answer 193

The AWS Price List API allows you to query the price of AWS Services

Answer 194

The Pricing Calculator can be used to calculate the TCO

Answer 195

The 4 support plan levels are: - basic - developer - business - enterprise

Answer 196

You can open the following types of case with AWS Support: - account and billing - service limit increase - technical support

Answer 197

Budgets allows you to set custom budgets that alert you when your costs or usage exceed your budgeted amount.

Answer 198

The 3 budget types are: - cost budgets - usage budgets - reservation budgets

Answer 199

The Cost and Usage Report contains the most comprehensive set of cost and usage data. The Cost and Usage Report gives you the ability to do a deep dive into your AWS cost and usage data. Once set up, you can download the report using the Amazon S3 console.

Answer 200

Cost Explorer allows you to visualize and forecast your costs and usage over time.

Answer 201

Cost Allocation Tags allow you to label resources using key value pairs and then report on those labels.

Answer 202

Organizations allows you to save money using Reserved Instance (RI) sharing. RI sharing allows all accounts in the organization to receive the hourly cost-benefit of RIs purchased by any other account. You can always turn off RI sharing using the master payer (or root) organization.

Answer 203

Control Tower helps you ensure your accounts conform to company-wide policies by enabling cross-account security audits or preventing or detecting security issues through mandatory or optional guardrails.

Answer 204

Systems Manager gives you visibility and control over your AWS resources. For example, Systems Manager allows you to auto-patch software running on EC2 instances according to a schedule.

Answer 205

AWS Trusted Advisor provides recommendations that help you follow AWS best practices. Trusted Advisor evaluates your account by using checks. These checks identify ways to optimize your AWS infrastructure, improve security and performance, reduce costs, and monitor service quotas.

Answer 206

Licence Manager helps you manage software licences.

Answer 207

Certificate manager helps you to provision and manage SSL/TLS certificates

Answer 208

AWS Managed Services is a set of services and tools that automate infrastructure management tasks for Amazon Web Services (AWS) deployments.

Answer 209

Professional Services helps enterprise customers move to a cloud-based operating model.

Answer 210

APN is a global community of approved partners that offer software solutions and consulting services for AWS.

Answer 211

Marketplace is a digital catalog of prebuilt solutions you can purchase or license. You may also sell your own solutions to others via Marketplace.

Answer 212

Personal Health Dashboard alerts you to events that might impact your AWS environment.

Answer 213

An endpoint enables instances in your VPC to use their private IP addresses to communicate with resources in other services. Your instances do not require public IP addresses, and you do not need an Internet gateway, a NAT device, or a virtual private gateway in your VPC.

Answer 214

An internet gateway is used by EC2 instances in a public subset to access the internet. EC2 instances in a private subnet cannot use an internet gateway to access the internet, instead they need to use a NAT Gateway.

Answer 215

NAT Gateways allow EC2 instances in Private subnets to access the internet but they are themselves located in Public Subnets.

Answer 216

WAF protects against SQL injection and cross-site scripting attacks.

Answer 217

CloudWatch can monitor the state of your AWS resources and can notify you when an EC2 is approaching 100% utilization

Answer 218

IAM allows you to create and manage access keys for an IAM user.

Answer 219

AWS maintains the configuration of its infrastructure devices. Don't forget AWS is responsible for its global infrastructure elements: Regions, edge locations, and Availability Zones.

Answer 220

This Performance Efficiency pillar focuses on the effective use of resources to meet demand. In this pillar, you would use the information gathered through the evaluation process to actively drive adoption of new services or resources. You would also define a process to improve workload performance, and you would need to stay up-to-date on new resources and services.

Answer 221

IAM policy Policies can be attached to a group to ensure all users in the group have the same access. AWS even has a managed policy, Administrator Access, you can use.

Answer 222

Service control policies (SCPs) AWS Organizations provides central governance and management for multiple accounts. Organization SCPs allow you to create permissions guardrails that apply to all accounts within a given organization. Service control policies (SCPs)

Answer 223

AWS Auto Scaling will ensure you have the optimal number of EC2 instances to handle your application's load, based on rules you specify. The other services mentioned can help distribute load amongst existing resources, but they do not have the ability by themselves to create new resources. Reference: AWS Auto Scaling

Answer 224

Direct Connect is a private (bypasses the public internet), dedicated physical network connection from your on-premises data center to AWS. Since the connection is private, it is extremely fast.

Answer 225

Any object uploaded to S3 is automatically stored in multiple Availability Zones in the Region in which it was uploaded. This means that if any single AZ in a Region is experiencing issues, objects stored in S3 will still be available. Although objects in S3 can be made to be accessible globally, by default they are always stored in a redundant fashion in only the Region they were uploaded, ruling out the other answers

Answer 226

DMS supports homogeneous migrations like Oracle to Oracle and heterogeneous migrations like Oracle to Aurora, with minimal downtime.

Answer 227

The Pricing Calculator provides an estimate of AWS fees and charges. Since the company knows the workload details, the AWS Pricing Calculator can also help with calculating the total cost of ownership.

Answer 228

Organizations Organizations allows you to centrally manage multiple AWS accounts under 1 umbrella. You can allocate resources and apply policies across accounts. Control Tower Control Tower helps you ensure your accounts conform to company-wide policies. Control Tower actually sits on top of Organizations.