Technology Flashcards

Question

What benefits does Amazon EC2 provide over using non-cloud servers? (choose 2) 1. Complete control of the hypervisor layer 2. Elastic web-scale computing 3. Inexpensive 4. Fault tolerance 5. High-availability with an SLA of 99.99%

Answer 1

2. Elastic web-scale computing 3. Inexpensive * Elastic Web-Scale computing– you can increase or decrease capacity within minutes not hours and commission one to thousands of instances simultaneously * Inexpensive – Amazon passes on the financial benefits of scale by charging very low rates and on a capacity consumed basis * Amazon EC2 does not provide any control of the hypervisor or underlying hardware infrastructure * EC2 offers a highly reliable environment where replacement instances can be rapidly and predictably commissioned with SLAs of 95% for each region

Answer 2

2. Network Load Balancer * Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data * The NLB and ALB support IP addresses as targets but only the NLB operates at layer 4 * Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request * Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7

Answer 3

1. Used to gain system-wide visibility into resource utilization 4. Can be accessed via API, command-line interface, AWS SDKs, and the AWS Management Console * Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS * CloudWatch is for performance monitoring (CloudTrail is for auditing) * CloudTrail is for auditing (CloudWatch is for performance monitoring) * CloudTrail records account activity and service events from most AWS services

Answer 4

1. Names must be unique across all of AWS 2. Names must be 3 to 63 characters in length • Bucket names must follow the following rules: – Names must be unique across all of AWS – Names must be 3 to 63 characters in length – Names can only contain lowercase letters, numbers and hyphens – Names cannot be formatted as an IP address

Answer 5

2. EBS volumes must be in the same AZ as the instances they are attached to 3. You can attach multiple EBS volumes to an instance * EBS volumes must be in the same AZ as the instances they are attached to * You can attach multiple EBS volumes to an instance * Root EBS volumes are deleted on termination by default * You cannot attach an EBS volume to multiple instances * EBS volumes can be backed up by taking a snapshot

Answer 6

1. Operate at the Availability Zone level * Network ACLS operate at the subnet level * https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-networking/

Answer 7

2. Built-in Distributed Denial of Service (DDoS) attack protection 4. Content is cached at Edge Locations for fast distribution to customers • Benefits include: – Cache content at Edge Location for fast distribution to customers – Built-in Distributed Denial of Service (DDoS) attack protection – Integrates with many AWS services (S3, EC2, ELB, Route 53, Lambda) • https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/content-delivery-and-dns-services/

Answer 8

3. AWS DMS * AWS Database Migration Service helps you migrate databases to AWS quickly and securely * AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS * AWS Key Management Service (KMS) is used for managing encryption keys * AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions

Answer 9

2. IAM Policy * IAM Policies are documents that define permissions and can be applied to users, groups and roles * IAM policies can be written to grant access to Amazon S3 buckets * IAM Roles are created and then “assumed” by trusted entities and define a set of permissions for making AWS service requests * IAM Groups are collections of users and have policies attached to them

Answer 10

2. AWS IAM * IAM is used to securely control individual and group access to AWS resources * The AWS Security Token Service (STS) is a web service that enables you to request temporary, limited-privilege credentials for IAM users or for users that you authenticate (federated users) * AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data * Amazon EC2 is used for running operating systems instances in the cloud

Answer 11

1. Elastic Transcoder * Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or “transcode”) video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs * AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud

Answer 12

4. Take a snapshot to capture the point-in-time state of the instance * You can take snapshots of EC2 instances which creates a point-in-time copy of the instance. Snapshots are stored on S3 * There is no backup console to take full and incremental backups * There is no way of taking application-consistent backups using any AWS tools * Cross Region Replication is used to replicate Amazon S3 buckets are across regions

Answer 13

2. AWS Storage Gateway Volume Gateway • AWS Storage Gateway Volume Gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored mode • AWS Storage Gateway Volume Gateway operates in 2 modes: – Stored Volume mode – the entire dataset is stored on-site and is asynchronously backed up to S3 (EBS point-in-time snapshots). Snapshots are incremental and compressed – Cached Volume mode – the entire dataset is stored on S3 and a cache of the most frequently accessed data is cached on-site

Answer 14

2. Bootstrapping 4. Infrastructure as code * With infrastructure as code AWS assets are programmable, so you can apply techniques, practices, and tools from software development to make your whole infrastructure reusable, maintainable, extensible, and testable * With bootstrapping you can execute automated actions to modify default configurations. This includes scripts that install software or copy data to bring that resource to a particular state * Snapshotting is about saving data, not instantiating resources. Fault tolerance is a method of increasing the availability of your system when components fail. Performance monitoring has nothing to do with instantiating resources

Answer 15

1. AWS OpsWorks * AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet. With Chef, you use code templates, or cookbooks, to describe the desired configuration of instances or on-premises server * AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS * AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resource * AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers

Answer 16

4. Amazon EMR * Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances * Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information * AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics * Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL

Answer 17

1. Identification of objects in images and videos * Amazon Rekognition makes it easy to add image and video analysis to your applications. You just provide an image or video to the Rekognition API, and the service can identify the objects, people, text, scenes, and activities, as well as detect any inappropriate content * Amazon Comprehend identifies the language of the text; extracts key phrases, places, people, brands, or events; understands how positive or negative the text is; analyzes text using tokenization and parts of speech; and automatically organizes a collection of text files by topic * Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for developers to add speech-to-text capability to their applications * AWS Artifact is your go-to, central resource for compliance-related information that matters to you. It provides on-demand access to AWS’ security and compliance reports and select online agreements

Answer 18

3. Amazon CloudTrail * CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket * CloudTrail is for auditing (CloudWatch is for performance monitoring) * CloudFormation is used for deploying infrastructure through code * CloudHSM is a hardware security module for generating, managing and storing encryption keys

Answer 19

1. Each region consists of 2 or more availability zones 3. Each region is designed to be completely isolated from the other Amazon Regions * A region is not a collection of VPCs, it is composed of at least 2 AZs. VPCs exist within accounts on a per region basis * Availability Zones (not regions) have direct, low-latency, high throughput and redundant network connections between each other * Edge locations are (not regions) are Content Delivery Network (CDN) endpoints for CloudFront

Answer 20

4. Amazon EC2 • https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-compute/

Answer 21

3. AWS Auto Scaling * Auto Scaling automates the process of adding (scaling up) OR removing (scaling down) EC2 instances based on the traffic demand for your application * ELB automatically distributes incoming application traffic across multiple targets, such as Amazon EC2 instances, containers, and IP addresses * Amazon Redshift is a fast, scalable data warehouse that makes it simple and cost-effective to analyze all your data across your data warehouse and data lake

Answer 22

2. Amazon EC2 instances 4. Amazon RDS instances • Some resource types can be launched from a golden image. A golden image is a snapshot of a particular state for that resource. Examples are EC2 instances, RDS instances and EBS volumes

Answer 23

1. Folders 4. Objects * You can create folders within buckets and can also upload objects * As S3 is an object store you create objects not files * Tables and queues cannot be created on S3

Answer 24

2. Direct Connect 3. VPN CloudHub * You can connect from your on-premise data center to a VPC via Direct Connect or VPN CloudHub * AWS Direct Connect is a network service that provides an alternative to using the Internet to connect a customer’s on premise sites to AWS * If you have multiple VPN connections, you can provide secure communication between sites using the AWS VPN CloudHub * Internet gateways and VPC routers are components of a VPC and are not used for connecting from external locations

Answer 25

4. Aurora * MariaDB and MySQL can be used on RDS but they are not Amazon proprietary * DynamoDB is an Amazon proprietary DB but it is not an RDS DB

Answer 26

3. By default new users are created without access to any AWS services * By default new users are created with NO access to any AWS services – they can only login to the AWS console * https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/identity-and-access-management/

Answer 27

1. Domain registration 3. Domain Name Service (DNS) * Route 53 services include domain registration, DNS, health checking (availability monitoring) and traffic management * https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/content-delivery-and-dns-services/

Answer 28

4. JSON • You manage access in AWS by creating policies and attaching them to IAM identities or AWS resources. A policy is an object in AWS that, when associated with an entity or resource, defines their permissions. AWS evaluates these policies when a principal, such as a user, makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents

Answer 29

3. AWS TCO Calculator * The TCO calculator is a free tool provided by AWS that allows you to estimate the cost savings of using the AWS Cloud vs. using an on-premised data center * The AWS Cost Explorer is a free tool that allows you to view charts of your costs * The AWS Simple Monthly Calculator helps customers and prospects estimate their monthly AWS bill more efficiently * AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed

Answer 30

2. Amazon Lightsail * Lightsail includes everything you need to launch your project quickly – a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP * CloudFormation is used to deploy resources through code, as a service it does not include preconfigured servers * Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances

Answer 31

3. General Purpose (gp2) * General purpose SSD provides a good balance of price to performance, is suitable for most workloads and can be used as a system boot volume * Provisioned IOPS SSD is a high-performance volume type that is more expensive and should be used for apps that require the higher performance * Cold HDD cannot be used as a boot volume and is good for throughput oriented storage for infrequently accessed data * Throughput Optimized volumes are ideal for streaming workloads with fast throughput such as big data and data warehouses

Answer 32

1. S3 Standard * All of the storage tiers listed include a data retrieval fee except for S3 Standard * Availability SLAs are: S3 Standard = 99.99%; S3 Standard-IA = 99.9%; S3 One Zone-IA = 99%; Amazon Glacier = no SLA

Answer 33

2. Amazon Workspaces * Amazon WorkSpaces is a managed desktop computing service running on the AWS cloud * WorkSpaces allows customers to easily provision cloud-based desktops that allow end-users to access documents and applications * WorkSpaces offers bundles that come with a Windows 7 or Windows 10 desktop experience, powered by Windows Server 2008 R2 and Windows Server 2016 respectively

Answer 34

1. Multi-AZ 2. Read Replicas * Multi-AZ RDS creates a replica in another AZ and synchronously replicates to it (DR only) * Read replicas are used for read heavy DBs and replication is asynchronous * DB mirroring, multi-subnet and clustering are not options provided by RDS

Answer 35

4. AWS CloudFormation * AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts * AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers * AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy * AWS Elastic Beanstalk is the fastest and simplest way to get web applications up and running on AWS

Answer 36

1. Amazon S3 * Amazon S3 can be used to host static websites. It is not possible to use dynamic content. You can use a custom domain name if you configure the bucket name to match * https://digitalcloud.training/certification-training/aws-solutions-architect-associate/storage/amazon-s3/

Answer 37

1. Block * Amazon Elastic Block Storage (EBS) is block storage. This means you can mount the volume for operating systems and format and partition as if it is a local disk * File and object are other types of storage that you can use with AWS. File storage is provided by EFS and object storage is provided by Amazon S3 * Relational is not a type of storage, it is typically used to describe a type of database such as RDS

Answer 38

3. Amazon DynamoDB * DynamoDB is fully managed and can be scaled without incurring downtime * S3 is not a fully managed database, it is an object store * Both RDS and ElastiCache use EC2 instances and therefore scaling (vertically) requires downtime

Answer 39

2. Amazon EC2 4. Amazon EMR • In this list only EC2 and EMR allow root level access to the operating system

Answer 40

3. Amazon SQS * Amazon Simple Queue Service (Amazon SQS) is a web service that gives you access to message queues that store messages waiting to be processed. SQS offers a reliable, highly-scalable, hosted queue for storing messages in transit between computers. SQS is used for distributed/decoupled application * Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps * Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices, distributed systems, and serverless applications

Answer 41

2. Elastic IP * An Elastic IP address is a static IPv4 address designed for dynamic cloud computing. An Elastic IP address is associated with your AWS account. With an Elastic IP address, you can mask the failure of an instance or software by rapidly remapping the address to another instance in your account * An Elastic IP is a public IP however in the AWS cloud an elastic IP is the construct used to assign a public IP to an EC2 instance * Static IP and dynamic IP are terms used to describe IP addresses (public or private) that are either statically defined or dynamically obtained (through DHCP)

Answer 42

2. Create an Auto Scaling group 3. Create a launch configuration * To setup Auto Scaling, two of the tasks that need to be performed are to create a launch configuration and an Auto Scaling group * Listeners, listener rules and target groups are associated with Elastic Load Balancing

Answer 43

1. AWS Lambda 3. Amazon S3 * With Amazon S3 you don’t need to specify any capacity at any time, the service scales in both capacity and performance as required * AWS Lambda lets you run code without provisioning or managing servers. You pay only for the compute time you consume – there is no charge when your code is not running * With Amazon EC2 you need to select your instance sizes and number of instances * With RDS you need to select the instance size for the DB * With DynamoDB you need to specify the read/write capacity of the DB

Answer 44

3. Amazon SWF * Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks * Amazon Security Token Service (STS) is used for requesting temporary credentials * Amazon Simple Queue Service (SQS) is a message queue used for decoupling application components * Amazon Simple Notification Service (SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud

Answer 45

1. Simple 4. Latency • Route 53 routing policies include Simple, Weighted, Latency based, Failover, Geo-location, Geo-Proximity, Multi-Value and Traffic Flow

Answer 46

1. Subnets 4. IP CIDR * Within the management console for VPC you can manage items such as subnets and the IP CIDR block for the VPC * The other answers are all items that can be managed within the EC2 management console

Answer 47

3. Amazon S3 4. Amazon EC2 * Both Amazon EC2 and Amazon S3 are managed at a regional level. Note: Amazon S3 is a global namespace but you still create your buckets within a region * CloudFront, Route 52 and IAM and managed at a global level

Answer 48

2. File Gateway 4. Gateway Virtual Tape Library * The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud. It provides low-latency performance by caching frequently accessed data on premises, while storing data securely and durably in Amazon cloud storage services. AWS Storage Gateway supports three storage interfaces: file, volume, and tape * File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3 * The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes * Gateway Virtual Tape Library is used for backup with popular backup software

Answer 49

2. Virtual Private Gateway 5. Customer Gateway * Two of the components you need to connect to your VPC with a VPN connection are a virtual private gateway on the VPC side and a customer gateway on the on-premise network side * VPC routers are not part of the VPN configuration * NAT instances are not used for VPN, they are used by EC2 instances in private subnets to access the Internet * Direct Connect can be used to connect an on-premise network to the cloud however it is not part of the configuration of an Amazon Managed VPN connection

Answer 50

3. Amazon ECS * Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances * AWS Lambda is a serverless technology that lets you run code in response to events as functions * Amazon Elastic Container Registry (ECR) is a fully-managedDocker container registry that makes it easy for developers to store, manage, and deploy Docker container images * Amazon Machine Images (AMI) store configuration information for Amazon EC2 instances

Answer 51

2. Tags • A tag is a label that you assign to an AWS resource. Each tag consists of akey and an optional value, both of which you define. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment

Answer 52

1. AWS Service Catalog * AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS. These IT services can include everything from virtual machine images, servers, software, and databases to complete multi-tier application architectures * AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet * Amazon Cloud Directory enables you to build flexible cloud-native directories for organizing hierarchies of data along multiple dimensions * AWS Organizations offers policy-based management for multiple AWS accounts

Answer 53

2. SQL Server 4. Aurora * RDS supports the following engines: SQL Server, Oracle, MySQL Server, PostgreSQL, Aurora, MariaDB * DynamoDB is Amazon’s NoSQL database * MongoDB is a No SQL database

Answer 54

1. Community AMIs 3. AWS Marketplace AMIs • AMIs come in three main categories: – Community AMIs– free to use, generally you just select the operating system you want – AWS Marketplace AMIs– pay to use, generally come packaged with additional, licensed software – My AMIs– AMIs that you create yourself

Answer 55

2. EBS volumes must be in the same AZ as the instances they are attached to 3. You can attach multiple EBS volumes to an instance * You cannot attach an EBS volume to multiple instances (use Elastic File Store instead) * EBS volume data persists independently of the life of the instance * EBS volumes are block storage

Answer 56

1. A public IP address 5. A route to an Internet Gateway * A public subnet is a subnet that is configured to assign public IP addresses to instances and which has a route to an Internet Gateway (which is created at the VPC level) configured in the route table * NAT instances and NAT gateways are used by EC2 instances in private subnets (without public IPs) to access the Internet * A VPN connection is used to establish a secure connection between the AWS cloud and an on-premise data center or other cloud location. They are not used to access the Internet

Answer 57

3. Elastic Load Balancer 4. EC2 instance • An origin is the origin of the files that the CDN will distribute. Origins can be either an S3 bucket, an EC2 instance, an Elastic Load Balancer, or Route 53 – can also be external (non-AWS)

Answer 58

4. S3 Transfer Acceleration * Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and your Amazon S3 bucket. S3 Transfer Acceleration leverages Amazon CloudFront’s globally distributed AWS Edge Locations * With S3 copy you can create a copy of objects up to 5GB in size in a single atomic operation * Multipart upload can be used to speed up uploads to S3 * S3 can also be used to host static websites

Answer 59

2. Objects are redundantly stored on multiple devices across multiple facilities within a region * Amazon S3 provides a highly durable storage infrastructure designed for mission-critical and primary data storage. Objects are redundantly stored on multiple devices across multiple facilities in an Amazon S3 region * Amazon does not specify how data is replicated across AZs, the use the term facilities instead

Answer 60

2. Read after write consistency for PUTS of new objects 3. Eventual consistency for overwrite PUTS and DELETES • https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-storage/

Answer 61

3. Scheduled RI * With RIs, you can choose the type that best fits your applications needs. * Standard RIs: These provide the most significant discount (up to 75% off On-Demand) and are best suited for steady-state usage * Convertible RIs: These provide a discount (up to 54% off On-Demand) and the capability to change the attributes of the RI as long as the exchange results in the creation of Reserved Instances of equal or greater value. Like Standard RIs, Convertible RIs are best suited for steady-state usage * Scheduled RIs: These are available to launch within the time windows you reserve. This option allows you to match your capacity reservation to a predictable recurring schedule that only requires a fraction of a day, a week, or a month

Answer 62

2. MySQL 3. PostgreSQL * Read replicas are available for MySQL, PostgreSQL, MariaDB and Aurora (not SQL Server or Oracle) * DynamoDB is not a type of RDS database and does not support read replicas

Answer 63

2. Multi-AZ * Multi-AZ RDS creates a replica in another AZ and synchronously replicates to it (DR only) * Read replicas are used for read-heavy DBs and replication is asynchronous * DB mirroring and log shipping are not Amazon RDS features, they are methods of replicating data using native database technologies (rather than AWS technology)

Answer 64

4. Amazon SQS * Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications * SQS eliminates the complexity and overhead associated with managing and operating message oriented middleware, and empowers developers to focus on differentiating work * In-flight messages are messages that have been picked up by a consumer but not yet deleted from the queue

Answer 65

2. Amazon RDS * RDS automated backups allow point in time recovery to any point within the retention period down to a second. When automated backups are turned on for your DB Instance, Amazon RDS automatically performs a full daily snapshot of your data (during your preferred backup window) and captures transaction logs (as updates to your DB Instance are made). Automated backups are enabled by default and data is stored on S3 and is equal to the size of the DB * EC2 instances using EBS volumes can be backed up by creating a snapshot of the EBS volume * Amazon S3 objects are replicated across multiple facilities. You can also archive data onto Amazon Glacier and use versioning to maintain copies of older versions of objects

Answer 66

3. Ensure the “DeleteOnTermination” attribute of the EBS volume is set to false while launching the instance * Root EBS volumes are deleted on termination by default * Extra non-boot volumes are not deleted on termination by default * The behavior can be changed by altering the “DeleteOnTermination” attribute

Answer 67

2. Dedicated Hosts * A Dedicated Host is also a physical server that’s dedicated for your use. With a Dedicated Host, you have visibility and control over how instances are placed on the server * Dedicated Instances are Amazon EC2 instances that run in a virtual private cloud (VPC) on hardware that’s dedicated to a single customer * Dedicated tenancy ensures all EC2 instances that are launched in a VPC run on hardware that’s dedicated to a single customer * Dedicated EC2 is not an available tenancy model

Answer 68

3. Apply tags * To help you manage your instances, images, and other Amazon EC2 resources, you can optionally assign your own metadata to each resource in the form of A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value, both of which you define. Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment * Using descriptive hostnames or organizing instances into separate subnets is a messy way to try and organize resources and lacks the power and flexibility of tagging * Storing information in instance meta-data is possible but you need to retrieve the information, tags enable you to do this more easily

Answer 69

2. Amazon Neptune * Amazon Neptune is a fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. With Amazon Neptune, you can create sophisticated, interactive graph applications that can query billions of relationships in milliseconds * Amazon Redshift is a fast, scalable data warehouse that makes it simple and cost-effective to analyze all your data across your data warehouse and data lake * AWS X-Ray helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture * Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL

Answer 70

4. Amazon Elasticsearch * Amazon Elasticsearch Service, is a fully managed service that makes it easy for you to deploy, secure, operate, and scale Elasticsearch to search, analyze, and visualize data in real-time. Elasticsearch is based on open source software * Amazon CloudSearch is a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application * AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet * AWS Elastic Beanstalk is the fastest and simplest way to get web applications up and running on AWS. Developers simply upload their application code and the service automatically handles all the details such as resource provisioning, load balancing, auto-scaling, and monitoring

Answer 71

3. Amazon RedShift * RedShift is a fully managed data warehouse service designed to handle petabytes of data for analysis. Data can be analyzed with standard SQL tools and business intelligence tools. RedShift allows you to run complex analytic queries against petabytes of structured data * RDS is Amazon’s transactional relational database * DynamoDB is Amazon’s non-relational database service * ElastiCache is a data caching service that is used to help improve the speed/performance of web applications running on AWS

Answer 72

4. AWS OpsWorks * OpsWorks lets you use Chef and Puppet to automate how servers are configured, deployed, and managed across your Amazon EC2 instances or on-premises compute environments * OpsWorks is an automation platform that transforms infrastructure into code * Automates how applications are configured, deployed and managed

Answer 73

2. Increased reliability (predictable performance) 4. Increased bandwidth (predictable bandwidth) • AWS Direct Connect is a network service that provides an alternative to using the Internet to connect customers’ on premise sites to AWS • Data is transmitted through a private network connection between AWS and a customer’s datacenter or corporate network • Benefits: – Reduce cost when using large volumes of traffic – Increase reliability (predictable performance) – Increase bandwidth (predictable bandwidth) – Decrease latency • Direct Connect is not fast to implement as it can take weeks to months to setup (use VPN for fast deployment times) • Direct Connect is more expensive than VPN • Direct Connect uses private network connections, it does not use redundant paths over the Internet

Answer 74

1. Kinesis Video Streams 3. Kinesis Data Firehose • Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information • There are four types of Kinesis service: – Kinesis Video Streams makes it easy to securely stream video from connected devices to AWS for analytics, machine learning (ML), and other processing – Kinesis Data Streams enables you to build custom applications that process or analyze streaming data for specialized needs – Kinesis Data Firehose is the easiest way to load streaming data into data stores and analytics tools – Kinesis Data Analytics is the easiest way to process and analyze real-time, streaming data • The other options presented are bogus

Answer 75

3. AMI * An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud. You must specify a source AMI when you launch an instance. You can launch multiple instances from a single AMI when you need multiple instances with the same configuration. You can use different AMIs to launch instances when you need instances with different configurations * EBS is the Elastic Block Store * ARN is the Amazon Resource Name which uniquely identifies AWS resources

Answer 76

4. Use Amazon DLM * You can use Amazon Data Lifecycle Manager (Amazon DLM) to automate the creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes * S3 lifecycle policies apply to data in S3 buckets only, not to EBS volumes * You could write a script but this is not the best method when you have an AWS feature available that performs the exact functions you need * CloudFormation is typically used for deploying and updating resource configurations rather than for performing operational activities

Answer 77

3. Amazon DynamoDB * Amazon Dynamo DB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Push button scaling means that you can scale the DB at any time without incurring downtime * All other databases are based on EC2 instances and therefore you must increase the instance size to scale which will incur downtime

Answer 78

1. AWS CloudTrail * AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is for auditing (CloudWatch is for performance monitoring). CloudTrail is about logging and saves a history of API calls for your AWS account. Provides visibility into user activity by recording actions taken on your account. API history enables security analysis, resource change tracking, and compliance auditing * Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring (CloudTrail is for auditing). Used to collect and track metrics, collect and monitor log files, and set alarms * Amazon Identity and Access Management is an identity service that provide authentication and authorization services * AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud

Answer 79

2. AWS Trusted Advisor * Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment. Trusted Advisor provides real time guidance to help you provision your resources following best practices. Advisor will advise you on Cost Optimization, Performance, Security, and Fault Tolerance * Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS * AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you * Amazon Identity and Access Management is an identity service that provide authentication and authorization services

Answer 80

3. Use AWS Snowball * Snowball is a petabyte-scale data transport solution that uses devices designed to be secure to transfer large amounts of data into and out of the AWS Cloud. Using Snowball addresses common challenges with large-scale data transfers including high network costs, long transfer times, and security concerns * Amazon S3 Transfer Acceleration enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of Amazon CloudFront’s globally distributed edge locations. However, for these volumes of data Snowball is a better choice

Answer 81

2. User data * When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts * You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives * User data is limited to 16KB * Instance metadata is available at http://169.254.169.254/latest/meta-data * The Instance Metadata Query tool allows you to query the instance metadata without having to type out the full URI or category names * AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources

Answer 82

2. Read Replicas * Read replicas are used for read-heavy DBs and replication is asynchronous. Read replicas are for workload sharing and offloading. Read replicas provide read-only access to the DB * Multi-AZ RDS creates a replica in another AZ and synchronously replicates to it (DR only) * Log shipping is not an RDS feature * Global Tables is a feature of DynamoDB

Answer 83

3. Amazon CloudFront * CloudFront is used as the public endpoint for API Gateway. Provides reduced latency and distributed denial of service protection through the use of CloudFront * AWS Direct Connect is a cloud service solution that makes it easy to establish a dedicated network connection from your premises to AWS * Amazon S3 Transfer Acceleration is a bucket-level feature that enables faster data transfers to and from Amazon S3 * AWS Lambda lets you run code without provisioning or managing servers

Answer 84

2. Amazon Elastic Beanstalk * AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Developers upload applications and Elastic Beanstalk handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring. Considered a Platform as a Service (PaaS) solution. Supports Java, .NET, PHP, Node.js, Python, Ruby, Go, and Docker web applications * Amazon EC2 is an IaaS solution that provides unmanaged instances that you can deploy with a variety of operating systems * AWS Auto Scaling provides elasticity for your applications by automatically launching or terminating EC2 instances according to application load or schedules you define * AWS OpsWorks provides a managed service for Chef and Puppet

Answer 85

3. Managed for you by AWS 4. Highly available within each AZ * NAT gateways are managed for you by AWS. NAT gateways are highly available in each AZ into which they are deployed. They are not associated with any security groups and can scale automatically up to 45Gbps * NAT instances are managed by They must be scaled manually and do not provide HA. NAT Instances can be used as bastion hosts and can be assigned to security groups

Answer 86

3. 1 Gbps 4. 10 Gbps * AWS Direct Connect is a network service that provides an alternative to using the Internet to connect a customer’s on premise sites to AWS. Data is transmitted through a private network connection between AWS and a customer’s data center or corporate network * Available in 1Gbps and 10Gbps * Speeds of 50Mbps, 100Mbps, 200Mbps, 300Mbps, 400Mbps, and 500Mbps can be purchased through AWS Direct Connect Partners

Answer 87

2. AWS Lambda * AWS Lambda lets you run code as functions without provisioning or managing servers. Lambda-based applications (also referred to as serverless applications) are composed of functions triggered by events. With serverless computing, your application still runs on servers, but all the server management is done by AWS * Amazon Elastic Container Service (ECS) is a highly scalable, high performance container management service that supports Docker containers and allows you to easily run applications on a managed cluster of Amazon EC2 instances * AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers * Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily

Answer 88

4. Amazon SQS * Amazon Simple Queue Service (Amazon SQS) is a web service that gives you access to message queuesthat store messages waiting to be processed. SQS offers a reliable, highly-scalable, hosted queue for storing messages in transit between computers. SQS is used for distributed/decoupled applications * Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud * Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components * Amazon Kinesis makes it easy to collect, process, and analyze real-time, streaming data so you can get timely insights and react quickly to new information

Answer 89

2. From the AWS CLI 4. Using the REST API * Glacier provides a management console. You can use the console to create and delete vaults. However, all other interactions with Glacier require that you use the AWS Command Line Interface (CLI) or write code * For example, to upload data, such as photos, videos, and other documents, you must either use the AWS CLI or write code to make requests, using either the REST API directly or by using the AWS SDKs

Answer 90

1. Amazon Elastic Transcoder * Amazon Elastic Transcoder is a highly scalable, easy to use and cost-effective way for developers and businesses to convert (or “transcode”) video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs * AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics * Amazon Rekognition makes it easy to add image and video analysis to your applications * Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text

Answer 91

2. Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service * The VPC router performs routing within a VPC * Direct Connect enables hybrid cloud models by extending an organization’s on-premise networks into the AWS cloud * Auto Scaling is a service for distributing incoming connections between a fleet of registered EC2 instances

Answer 92

1. Application Load Balancer (ALB) * ALB is best suited for load balancing of HTTP and HTTPS traffic and provides advanced request routing targeted at the delivery of modern application architectures, including microservices and containers. Operating at the individual request level (Layer 7), Application Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) based on the content of the request * NLB is best suited for load balancing of TCP traffic where extreme performance is required. Operating at the connection level (Layer 4), Network Load Balancer routes traffic to targets within Amazon Virtual Private Cloud (Amazon VPC) and is capable of handling millions of requests per second while maintaining ultra-low latencies * CLB provides basic load balancing across multiple Amazon EC2 instances and operates at both the request level and connection level. Classic Load Balancer is intended for applications that were built within the EC2-Classic network * AWS Auto Scaling is not a type of ELB

Answer 93

3. Amazon RedShift * Amazon Redshift extends data warehouse queries to your data lake, with no loading required. You can run analytic queries against petabytes of data stored locally in Redshift, and directly against exabytes of data stored in Amazon S3 * Amazon RDS is not a data warehouse and cannot query data in S3 at rest * AWS Lambda runs code as functions and is not a data warehouse * Amazon Elastic Map Reduce (EMR) provides a managed Hadoop service and cannot query data in S3 at rest

Answer 94

4. Peering Connections * A peering connection enables you to route traffic via private IP addresses between two peered VPCs * VPC endpoints enable private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies * A VPG is the Amazon side of a VPN connection * Network Address Translation (NAT) is used to translate IP addresses when routing between subnets that do not have a fully routable address space

Answer 95

1. Amazon DynamoDB 3. Amazon SWF * Stateless components include DynamoDB which is often used for storing session state to maintain a stateless architecture and SWF which can be used for a multi-step workflow * Databases such as RDS are considered stateful * Load balancing with session affinity can be used for horizontal scaling of stateful components * Amazon EBS is not a shared storage service so is not ideal for stateless architectures (use S3 or EFS instead)

Answer 96

1. Docker * Docker allows you to package a piece of software in a Docker image, which is a standardized unit for software development, containing everything the software needs to run: code, runtime, system tools, system libraries, etc. * The other options are automation and orchestration tools

Answer 97

1. Key 3. Value • Amazon S3 objects consist of: – Key (name of the object) – Value (data made up of a sequence of bytes) – Version ID (used for versioning) – Metadata (data about the data that is stored)

Answer 98

2. Provisioned IOPS SSD * Provisioned IOPS SSD volumes support up to 32,000 IOPS whereas General Purpose SSD only supports up to 10,000 per volume * Throughput Optimized HDD supports up to 500 IOPS and Cold HDD supports up to 250 IOPS per volume

Answer 99

4. Alias * The Alias record is a Route 53 specific record type. Alias records are used to map resource record sets in your hosted zone to Amazon Elastic Load Balancing load balancers, Amazon CloudFront distributions, AWS Elastic Beanstalk environments, or Amazon S3 buckets that are configured as websites. An Alias record can be used for resolving apex / naked domain names (e.g. example.com rather than sub.example.com) * A CNAME record can’t be used for resolving apex / naked domain name * An A record is a simple address record and an AAAA record is used for IPv6

Answer 100

2. EBS volume 4. Instance Store * The only storage options for a root volume that can be booted from are EBS volumes and Instance Stores * https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/RootDeviceStorage.html

Answer 101

1. Amazon S3 3. Amazon DynamoDB * An event source is an AWS service or developer-created application that produces events that trigger an AWS Lambda function to run. Amazon S3 and DynamoDB are supported event sources for AWS Lambda * https://docs.aws.amazon.com/lambda/latest/dg/invoking-lambda-function.html

Answer 102

3. Weighted * Similar to simple but you can specify a weight per IP address. You create records that have the same name and type and assign each record a relative weight. Numerical value that favors one IP over another and must total 100 * Failover provides failover to a secondary IP address and is used for active-passive configurations * With latency based AWS maintains a database of latency from different parts of the world, focusses on improving performance by routing to the region with the lowest latency * Geo-location Caters to different users in different countries and different languages. Contains users within a particular geography and offers them a customized version of the workload based on their specific needs. Geolocation can be used for localizing content and presenting some or all of your website in the language of your users

Answer 103

1. Multiple Availability Zones * Multi AZ provides a mechanism to failover the RDS database to another synchronously replicated copy in the event of the failure of an AZ * There is no option for multiple region failover of Amazon RDS * Read replicas are used for offloading read traffic from a primary database but cannot be used for writing and cannot be used to failover the primary database * There is no such thing as write replicas

Answer 104

2. AWS Cognito * Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 * AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud * AWS Artifact is your go-to, central resource for compliance-related information that matters to you * AWS CloudHSM is a cloud-based hardware security module (HSM) that enables you to easily generate and use your own encryption keys on the AWS Cloud

Answer 105

2. Amazon Comprehend * Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text. The service identifies the language of the text; extracts key phrases, places, people, brands, or events; understands how positive or negative the text is; analyzes text using tokenization and parts of speech; and automatically organizes a collection of text files by topic * Amazon Transcribe is an automatic speech recognition (ASR) service that makes it easy for developers to add speech-to-text capability to their applications * Amazon Rekognition makes it easy to add image and video analysis to your applications * Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale

Answer 106

3. ARN * Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, Amazon Relational Database Service (Amazon RDS) tags, and API calls * An application programming interface (API) is a set of subroutine definitions, communication protocols, and tools for building software * An Amazon Machine Image (AMI) provides the information required to launch an instance, which is a virtual server in the cloud * Amazon S3 access control lists (ACLs) enable you to manage access to buckets and objects

Answer 107

2. Instance store volumes are ephemeral whereas EBS volumes are persistent storage * EBS-backed means the root volume is an EBS volume and storage is persistent. Instance store-backed means the root volume is an instance store volume and storage is not persistent * Both EBS and Instance store volumes are block-based storage devices * EBS volumes can be used with all EC2 instance types whereas Instance store volumes are more limited in compatibility

Answer 108

2. Amazon EC2 * Amazon EC2 should be used when you need access to a full operating system instance * Amazon Elastic Container Service (ECS) and Amazon Elastic Container Service for Kubernetes (EKS) are used for running software containers, not full operating system instances * AWS Lambda runs code as functions in response to events

Answer 109

3. VPC with a Single Public Subnet 4. VPC with Public and Private Subnets and Hardware VPN Access • The options available in the VPC Wizard are: – VPC with a Single Public Subnet – VPC with Public and Private Subnets – VPC with Public and Private Subnets and Hardware VPN Access – VPC with a Private Subnet Only and Hardware VPN Access

Answer 110

3. Gateway Virtual Tape Library * The AWS Storage Gateway service enables hybrid storage between on-premises environments and the AWS Cloud. The Gateway Virtual Tape Library can be used with popular backup software such as NetBackup, Backup Exec and Veeam. Uses a virtual media changer and tape drives * There is no such thing as a Backup Gateway in the AWS products * File gateway provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3 * The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes

Answer 111

2. Multiple AZs within a region • AWS Auto Scaling is configured within the EC2 console and can launch instances within a VPC across multiple AZs. It cannot launch resources into another region

Answer 112

2. Domain registration 4. Traffic flow * Route 53 features include domain registration, DNS, traffic flow, health checking, and failover * Route 53 does not support DHCP, routing or caching

Answer 113

4. Amazon EFS * EFS is a fully-managed service that makes it easy to set up and scale file storage in the Amazon Cloud. EFS uses the NFSv4.1 protocol. Can concurrently connect 1 to 1000s of EC2 instances, from multiple AZs * EBS volumes can only be attached to a single EC2 instance at a time and are block devices (not NFS) * Amazon S3 is an object store and is connected to using a RESTful protocol over HTTP * Amazon Instance Store is a type of ephemeral block-based volume that can be attached to a single EC2 instance at a time

Answer 114

3. AWS Trusted Advisor * Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment. Trusted Advisor provides real time guidance to help you provision your resources following best practices * Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS * AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you * The AWS Simple Monthly Calculator helps you to estimate the cost of using AWS services

Answer 115

1. Application performance 3. Operational health * Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch performs performance monitoring and can monitor custom metrics generated by applications and the operational health of your AWS resources * Amazon CloudTrail monitors API access * Infrastructure and data center monitoring is not accessible to AWS customers

Answer 116

2. Listener * A listener is a process that checks for connection requests, using the protocol and port that you configure. The rules that you define for a listener determine how the load balancer routes requests to the targets in one or more target groups * Each listener has a default rule, and you can optionally define additional rules. Each rule consists of a priority, one or more actions, an optional host condition, and an optional path condition * Each rule action has a type, an order, and information required to perform the action. The following are the supported action types * There are two types of rule conditions: host and path. Each rule can have up to one host condition and up to one path condition

Answer 117

1. Memcached 3. Redis * ElastiCache is a web service that makes it easy to deploy and run Memcached or Redis protocol-compliant server nodes in the cloud. The in-memory caching provided by ElastiCache can be used to significantly improve latency and throughput for many read-heavy application workloads or compute-intensive workloads * Only the Memcached and Redis database engines can be used with ElastiCache, the others in the list are all in-memory databases but are not supported • https://digitalcloud.training/certification-training/aws-solutions-architect-associate/database/amazon-elasticache/

Answer 118

2. Amazon RedShift * A data warehouse is a specialized type of relational database, optimized for analysis and reporting of large amounts of data. It can be used to combine transactional data from disparate sources making them available for analysis and decision-making. Amazon Redshift is a managed data warehouse service that is designed to operate at less than a tenth the cost of traditional solutions * Amazon Redshift achieves efficient storage and optimum query performance through a combination of massively parallel processing (MPP), columnar data storage, and targeted data compression encoding schemes. RedShift is particularly suited to analytic and reporting workloads against very large data sets * Amazon RDS (and Aurora, which is an RDS DB), is a relational, transactional DB not a data warehouse * Amazon DynamoDB is a NoSQL DB used for transactional systems also

Answer 119

3. CNAME * Both CNAME records and Alias records can be used to map a domain name to a target domain name. However, only a CNAME record can be used to map to a target domain external to AWS. * Alias records are used to map resource record sets in your hosted zone to Amazon Elastic Load Balancing load balancers, Amazon CloudFront distributions, AWS Elastic Beanstalk environments, or Amazon S3 buckets that are configured as websites * An NS record is a Name Server record an identifies DNS servers * An SPF record is a Sender Policy Framework record and identifies the mail servers that are allowed to send mail for a domain

Answer 120

3. Cross-region replication • CRR is an Amazon S3 feature that automatically replicates data across AWS Regions. With CRR, every object uploaded to an S3 bucket is automatically replicated to a destination bucket in a different AWS Region that you choose. CRR is configured at the S3 bucket level. Versioning must be enabled for both the source and destination buckets

Answer 121

3. AWS Migration Hub * AWS Migration Hub provides a single location to track the progress of application migrations across multiple AWS and partner solutions. Using Migration Hub allows you to choose the AWS and partner migration tools that best fit your needs, while providing visibility into the status of migrations across your portfolio of applications. This includes AWS Database Migration Service, AWS Server Migration Service, and partner migration tools * AWS Database Migration Service helps you migrate databases to AWS quickly and securely * AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS * With AWS Batch, you simply package the code for your batch jobs, specify their dependencies, and submit your batch job using the AWS Management Console, CLIs, or SDK

Answer 122

4. AWS Config * AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations * AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet * AWS Service Catalog allows organizations to create and manage catalogs of IT services that are approved for use on AWS * AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment

Answer 123

1. CloudWatch with detailed monitoring * Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. CloudWatch is for performance monitoring (CloudTrail is for auditing). Used to collect and track metrics, collect and monitor log files, and set alarms. Basic monitoring collects metrics every 5 minutes whereas detailed monitoring collects metrics every 1 minute * AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is for auditing (CloudWatch is for performance monitoring). CloudTrail is about logging and saves a history of API calls for your AWS account

Answer 124

2. AWS Device Farm * AWS Device Farm is an app testing service that lets you test and interact with your Android, iOS, and web apps on many devices at once, or reproduce issues on a device in real time * AWS AppSync makes it easy to build data-driven mobile and browser-based apps that deliver responsive, collaborative experiences by keeping the data updated when devices are connected, enabling the app to use local data when offline, and synchronizing the data when the devices reconnect * AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers * AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources

Answer 125

1. Events • AWS Lambda lets you run code as functions without provisioning or managing server. Lambda-based applications (also referred to as serverless applications) are composed of functions triggered by events

Answer 126

3. RTMP distribution * An RTMP distribution is used to distribute streaming media files using Adobe Flash Media Server’s RTMP protocol * Of the answers listed, only web distribution and RTMP distribution are actually types of distribution

Answer 127

1. Subnet 4. Endpoints * You can have configured subnets and endpoints within the VPC section of AWS management console * EBS volumes and ELB must be configured in the EC2 section of the AWS management console * DNS records must be configured in Amazon Route 53 • https://digitalcloud.training/certification-training/aws-solutions-architect-associate/networking-and-content-delivery/amazon-vpc/

Answer 128

4. Relational database * Relation databases such as Structured Query Language (SQL) databases hold data in a structured format. Examples are Amazon RDS and Microsoft SQL Server * File systems, email systems and non-relational databases hold data in an “unstructured” format. This means that though there is some structure to it, the data cannot be easily searched using standard data processing algorithms or structured queries. Unstructured data is more human-friendly than machine-friendly

Answer 129

1. Root EBS volumes are deleted by default 4. Non-root EBS volumes are retained by default * The root EBS device is the volume the OS boots from. Root EBS volumes are deleted on termination by default. * Extra non-boot volumes are not deleted on termination by default

Answer 130

1. You can transfer domains to Route 53 if the Top Level Domain (TLD) is supported 4. You can transfer Route 53 hosted domains to another account * You can transfer domains to Route 53 only if the Top Level Domain (TLD) is supported * You can transfer a domain from Route 53 to another registrar by contacting AWS support, you cannot do it through the console * You can transfer a domain to another account in AWS however it does not migrate the hosted zone by default (optional)

Answer 131

3. You can connect to all AZs within the VPC of the local region 5. You can connect to public services in remote regions * With Direct Connect you have a private connection to a specific region. You can access all resources within the local region over a private virtual interface (VIF). You can also connect to the public services in other regions using a public VIF and IPSec * You can connect to private VPCs in other regions too, though for that you need a Direct Connect Gateway

Answer 132

3. AWS IoT Core * AWS IoT Core is a managed cloud service that lets connected devices easily and securely interact with cloud applications and other devices. AWS IoT Core can support billions of devices and trillions of messages, and can process and route those messages to AWS endpoints and to other devices reliably and securely * AWS Directory Service for Microsoft Active Directory, also known as AWS Managed Microsoft AD, enables your directory-aware workloads and AWS resources to use managed Active Directory in the AWS Cloud * Amazon WorkSpaces is a managed, secure cloud desktop service * AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS

Answer 133

2. AWS Glue * AWS Glue is a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics * Amazon Elastic Map Reduce (EMR) provides a managed Hadoop framework that makes it easy, fast, and cost-effective to process vast amounts of data across dynamically scalable Amazon EC2 instances * Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL * AWS Lambda is a serverless application that runs code as functions in response to events

Answer 134

3. Data is synchronously replicated across 3 facilities in a region • Amazon DynamoDB stores three geographically distributed replicas of each table to enable high availability and data durability. Data is synchronously replicated across 3 facilities (AZs) in a region

Answer 135

4. Amazon S3 * Amazon S3 is an object-based storage system that stores objects that are comprised of key, value pairs * Amazon DynamoDB stores items, not objects, based on key, value pairs * Amazon EBS is a block-based storage system * Amazon EFS is a file-based storage system

Answer 136

3. AWS Personal Health Dashboard * AWS Personal Health Dashboard provides alerts and remediation guidance when AWS is experiencing events that may impact you * Trusted Advisor is an online resource that helps to reduce cost, increase performance and improve security by optimizing your AWS environment * Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS * AWS Shield is a managed Distributed Denial of Service (DDoS) protection service

Answer 137

2. AWS Lambda 3. Amazon API Gateway * AWS Lambda and Amazon API Gateway are both app-facing components of the AWS Serverless infrastructure * Amazon DynamoDB and EFS are database and storage services of the serverless infrastructure * AWS Step Functions is an orchestration service

Answer 138

2. Both non-root and root if launched from an encrypted AMI * You can encrypt non-root volumes at launch time. Root volumes (boot volumes) can only be encrypted if you create the instance from an encrypted AMI * https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/

Answer 139

3. Amazon SageMaker * Amazon SageMaker is a fully-managed platform that enables developers and data scientists to quickly and easily build, train, and deploy machine learning models at any scale. Amazon SageMaker removes all the barriers that typically slow down developers who want to use machine learning * Amazon Comprehend is a natural language processing (NLP) service that uses machine learning to find insights and relationships in text * Amazon Rekognition makes it easy to add image and video analysis to your applications * Amazon MQ is a managed message broker service for Apache ActiveMQ that makes it easy to set up and operate message brokers in the cloud

Answer 140

1. EC2 Container Registry • The EC2 container registry (ECR) is a managed AWS Docker registry service for storing, managing and deploying Docker images

Answer 141

1. ELB nodes have public IP addresses 4. ELB nodes route traffic to the private IP addresses of EC2 instances • ELBs can be configured as public facing or internal only. Public facing load balancers have public IP addresses and require an Internet Gateway to function. The public facing ELBs route traffic to the private IP addresses of EC2 instances

Answer 142

3. Amazon SNS * Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud. SNS can be used to send automated or manual notifications to email, mobile (SMS), SQS, and HTTP endpoints * Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications * Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential step * Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails

Answer 143

2. Object Lifecycle Management * Object lifecycle management can be used with objects so that they are stored cost effectively throughout their lifecycle. Objects can be transitioned to another storage class or expired * All other options are bogus and do not exist

Answer 144

4. By implementing a Multi-Master configuration * Amazon Aurora Multi-Master is a new feature of the Aurora MySQL-compatible edition that adds the ability to scale out write performance across multiple Availability Zones, allowing applications to direct read/write workloads to multiple instances in a database cluster and operate with higher availability * Multi-AZ is not a feature that you can configure with Aurora but data is replicated 6 ways, across 3 AZs by default * Read replicas and cross-region read replicas would not assist with scaling write performance as they only scale read performance

Answer 145

1. Compress large attribute values 3. Store large attributes as objects in Amazon S3 * If an application needs to store more data in an item than the DynamoDB size limit permits, you can try compressing one or more large attributes, or you can store them as an object in Amazon Simple Storage Service (Amazon S3) and store the Amazon S3 object identifier in your DynamoDB item * You cannot store anything in AWS Lambda, it is a service that provides processes (functions) for executing code * You cannot use ElastiCache to cache the large objects as it is not designed for this purpose

Answer 146

2. Using Route 53 health checks * Amazon Route 53 health checks monitor the health and performance of your web applications, web servers, and other resources * None of the other options provide a solution that can check the health and performance of an application

Answer 147

4. Layer 4 & 7 * Classic Load Balancer (CLB) – this is the oldest of the three and provides basic load balancing at both layer 4 and layer 7 * Application Load Balancer (ALB) – layer 7 load balancer that routes connections based on the content of the request * Network Load Balancer (NLB) – layer 4 load balancer that routes connections based on IP protocol data

Answer 148

1. Cluster 4. Spread • Placement groups are a logical grouping of instances in one of the following configurations: – A cluster placement group is a logical grouping of instances within a single Availability Zone. Cluster placement groups are recommended for applications that benefit from low network latency, high network throughput, or both, and if the majority of the network traffic is between the instances in the group – A spread placement group is a group of instances that are each placed on distinct underlying hardware. Spread placement groups are recommended for applications that have a small number of critical instances that should be kept separate from each other

Answer 149

2. AWS Elastic Beanstalk * AWS Elastic Beanstalk can be used to quickly deploy and manage applications in the AWS Cloud. Developers upload applications and Elastic Beanstalk handles the deployment details of capacity provisioning, load balancing, auto-scaling, and application health monitoring * AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositiories * AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers * Amazon Elastic Container Service is a managed service for running Docker containers

Answer 150

3. Amazon CloudWatch Logs * You can use Amazon CloudWatch Logs to monitor, store, and access your log files from Amazon Elastic Compute Cloud (Amazon EC2) instances, AWS CloudTrail, Route 53, and other sources * You can then retrieve the associated log data from CloudWatch Logs * Amazon CloudTrail is used for recording a history of API actions taken on your account. * Amazon Kinesis is a set of services used for collecting, processing and analyzing streaming data

Answer 151

4. Point-in-time recovery • You can restore a DB instance to a specific point in time with a granularity of 5 minutes. RDS uses transaction logs which it uploads to Amazon S3 to do this

Answer 152

* Whenever EC2 is included you need to use Auto Scaling to automatically scale the number of instances which only leaves 2 potential answers. EBS volumes can only be mounted to a single instance and so data cannot be shared therefore that rules out the other potential answer. Therefore EC2 with Auto Scaling and an ELB sitting in front is the correct solution * DynamoDB can be used for storing session state for stateless web applications but is not necessary for the answer

Answer 153

2. Amazon DynamoDB Accelerator (DAX) * Amazon DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second * DAX does all the heavy lifting required to add in-memory acceleration to your DynamoDB tables, without requiring developers to manage cache invalidation, data population, or cluster management

Answer 154

2. Amazon CloudFormation * AWS CloudFormation is a service that gives developers and businesses an easy way to create a collection of related AWS resources and provision them in an orderly and predictable fashion. AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. Think of CloudFormation as deploying infrastructure as code * Elastic Beanstalk is more focussed on deploying applications on EC2 (PaaS) * AWS CodeDeploy is a fully managed deployment service that automates software deployments to a variety of compute services such as Amazon EC2, AWS Lambda, and your on-premises servers * Jenkins deploys infrastructure as code but is not an AWS service

Answer 155

2. You can register domain names via Amazon Route 53 4. Amazon Route 53 supports Alias and CNAME records • Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service • Route 53 offers the following functions: – Domain name registry – DNS resolution – Health checking of resources • Health checks verify Internet connected resources are reachable, available and functional • Routing policies include Simple, Weighted, Latency-based, Failover and Geo-Location • Many record types are supported including Alias and CNAME • Internal elastic load balancing is performed by the Amazon ELB • It does not support connecting on-premises data centers to the cloud – this is done by Direct Connect

Answer 156

3. Amazon S3 4. Amazon DynamoDB * Both S3 and DynamoDB automatically scale as demand dictates. In the case of DynamoDB you can either configure the on-demand or provisioned capacity mode. With on-demand capacity mode DynamoDB automatically adjusts the read and write throughput for you * EC2 cannot scale automatically. You need to use Auto Scaling to scale the number of EC2 instances deployed * EBS and RDS do not scale automatically. You must intervene to adjust volume sizes and database instance types to scale these resources

Answer 157

1. Virtual Private Server 3. Managed MySQL database * Amazon Lightsail provides an easy, low cost way to consume cloud services without needing the skill set for using VPC resources. The product set includes virtual private servers (instances), managed MySQL databases, HA storage, and load balancing * You can connect to other AWS services such as S3, DynamoDB, and CloudFront, however these are not part of the Lightsail product range

Answer 158

1. General Purpose SSD * AWS suggest that the General Purpose SSD is used for the boot volume of most workloads * Provisioned IOPS SSD is for high performance applications that require sustained IOPS * Throughput Optimized HDD is for streaming workloads with fast throughput requirements * Cold HDD is the lowest cost HDD and is for infrequently accessed data

Answer 159

3. The account has reached its On-Demand instance limit for the region * You are limited to running up to a total of 20 On-Demand instances across the instance family, purchasing 20 Reserved Instances, and requesting Spot Instances per your dynamic Spot limit per region * If a user did not have permissions to launch an instance then it would not launch at all, rather than launching and then terminating * If the AZ did not have capacity, or the AMI was deleted the instance would not launch

Answer 160

1. Deploy a bastion host in a public subnet * When you have an EC2 instance in a private subnet you cannot add a public elastic IP address to it or update security group rules to allow connectivity. Instead you must deploy a bastion host server into a public subnet and use that to jump across from the public subnet to the private subnet * A NAT Gateway is used to allow instances in a private subnet to access the Internet, it cannot be used for proxying inbound connections

Answer 161

1. Memory utilization ``` • The AWS/EC2 namespace includes the following instance metrics: – CPUUtilization – DiskReadOps – DiskWriteOps – DiskReadBytes – DiskWriteBytes – NetworkIn – NetworkOut – NetworkPacketsIn – NetworkPacketsOut ```

Answer 162

1. Security group rules configured to allow HTTP/HTTPS 4. A public IP address assigned to the instance * To connect to a web page on a web server you use the HTTP/HTTPS protocol. You therefore need to ensure the instance’s security group allows these protocols in an inbound rule * A public IP address assigned to an instance in a public subnet is required in order to be able to directly access the instance from the Internet. There also needs to be an Internet Gateway attached to the VPC and an entry in the route table for the subnet that points to it * A private IP address will always be assigned to instances in EC2, but these do not enable access from the Internet * An established VPN connection is not required, connections will come through an Internet Gateway to a public subnet

Answer 163

4. AWS DMS * AWS DMS is used for migrating databases into or within AWS * All other options are valid services that are used for transferring large amounts of data into Amazon S3

Answer 164

3. AWS Lambda * AWS Lambda is aserverless compute service that runs your code in response to events and automatically manages the underlying compute resources for you. The code you run on AWS Lambda is called a “Lambda function” * Amazon ECS and EKS are both used for running software containers such as Docker containers * AWS CodeCommit is a fully-managed source control service that hosts secure Git-based repositiories

Answer 165

2. PaaS * Both Elastic Beanstalk and RDS are services that are managed at the platform level meaning you don’t need to manage the infrastructure level yourself. Therefore, tasks like OS management and patching are performed for you * IaaS is a model where the underlying hardware platform and hypervisor are managed for you and you are delivered tools and interfaces for working with operating system instances * SaaS is a model where the whole stack is managed for you right up to the application and you are delivered working software that you can customize and populate with data * Hybrid is a type of cloud delivery model in which you consume both public and private cloud and connect the two together

Answer 166

1. Simple scaling 4. Step scaling * With AWS Auto Scaling the scaling policies include: simple, scheduled, dynamic, and step scaling * The other options are bogus and do not exist * https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/elastic-load-balancing-and-auto-scaling/ * https://digitalcloud.training/certification-training/aws-solutions-architect-associate/compute/aws-auto-scaling/

Answer 167

2. Network Load Balancer (NLB) * NLBs process traffic at the TCP level (layer 4) * ALBs process traffic at the HTTP,HTTPS level (layer 7) * CLBs process traffic at the TCP, SSL, HTTP and HTTPS levels (layer 4 & 7)

Answer 168

3. Using cross-region replication * Cross-region replication(CRR) enables automatic, asynchronous copying of objects across buckets in different AWS Regions. Buckets configured for cross-region replication can be owned by the same AWS account or by different account * Multi-master replication is not something you can do with Amazon S3 (Amazon Aurora has this feature) * Lifecycle actions cannot be configured to move to another storage class in a different region

Answer 169

2. Deploy applications in regions closest to the end-users 4. Use Amazon CloudFront to cache content closer to end-users * To reduce latency, which corresponds with the distance over which network communications travel, you should aim to host your applications closer to your end-users. This means deploying them in the closest regions * Deploying in multiple AZs may create resiliency but won’t change latency much as AZs are geographically close to each other * S3 Transfer Acceleration is used to improve upload speeds for S3 objects and does not affect application performance * CloudFormation is used for deploying resources through code (“infrastructure as code”) * Using a larger instance type for your application may improve application performance but will not reduce latency

Answer 170

4. Amazon RDS * Amazon RDS is a relational database of the SQL type and can be used for complex queries and joins * All other options listed are NoSQL types of database which are not suitable for complex queries and joins

Answer 171

3. Resource groups * Resource groups make it easy to group resources using the tags that are assigned to them. You can group resources that share one or more tags * The other options are bogus and do not exist • https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-billing-and-pricing/

Answer 172

2. Provisioned IOPS SSD * Provisioned IOPS SSD supports up to 50 IOPS per GiB with up to 32,000 IOPS per volume * General purpose SSD supports 3 IOPS per GiB and can burst up to 3000 IOPS (volumes > 334GB), and a maximum of 10,000 per volume * The HDD options provide much lower IOPS per volume (500, 250)

Answer 173

3. Create a snapshot of the volume * All you need to do is create a snapshot as EBS snapshots are stored on S3 * Writing a custom script could work but would not be the easiest method * You cannot apply S3 lifecycle actions to EBS volumes * Amazon Kinesis is used for processing streaming data, not data in EBS volumes

Answer 174

4. Amazon EFS * The Amazon Elastic File System (EFS) storage service can be accessed using the NFSv4 protocol * Amazon EBS and Instance store are both block-based storage systems (not file-based like EFS) * Amazon S3 is an object-based storage system and is accessed by HTTP/HTTPS

Answer 175

4. AWS CloudFormation * AWS CloudFormation provides a common language for you to describe and provision all the infrastructure resources in your cloud environment. CloudFormation allows you to use a simple text file to model and provision, in an automated and secure manner, all the resources needed for your applications across all regions and accounts * AWS Elastic Beanstalk is the fastest and simplest way to get web applications up and running on AWS. It is more of a PaaS service and is focused on web applications not infrastructure * Auto Scaling automates the process of adding (scaling up) OR removing (scaling down) EC2 instances based on the traffic demand for your application * Amazon Simple Notification Service (Amazon SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud

Answer 176

1. Application Load Balancer (ALB) * Application load balancers allow you to use content-based routing to direct traffic to instances based on the host field or URL path of the HTTP header * No other type of load balancer supports path-based routing

Answer 177

1. Changes to an Amazon S3 bucket 4. Messages added to an Amazon SQS queue * Lambda functions can be invoked in response to events. These events include objects being created or deleted in an Amazon S3 bucket or messages being added to an SQS queue * A list of possible event sources is included in the reference link below • https://docs.aws.amazon.com/lambda/latest/dg/invoking-lambda-function.html#supported-event-source-s3

Answer 178

4. Layer 7 * The AWS Web Application Firewall operates up to the application layer (layer 7). You can use AWS WAF to create custom rules that block common attack patterns, such as SQL injection or cross-site scripting, and rules that are designed for your specific application * https://aws.amazon.com/waf/

Answer 179

1. User name and password * You can log into the AWS console using a user name and password * You cannot log in to the AWS console using a key pair, access key & secret ID or certificate

Answer 180

2. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users 4. Enables you to attach IAM permission policies to more than one user at a time * Groups are collections of users and have policies attached to them * A group is not an identity and cannot be identified as a principal in an IAM policy * Use groups to assign permissions to users * Use the principal of least privilege when assigning permissions * You cannot nest groups (groups within groups)

Answer 181

1. Amazon S3 3. Amazon DynamoDB * Kinesis Data Streams enables you to build custom applications that process or analyze streaming data for specialized needs. Producers continually push data to Kinesis Data Streams and Consumers process the data in real time. Consumers can store their results using an AWS service such as Amazon DynamoDB, Amazon Redshift, or Amazon S3 * https://digitalcloud.training/certification-training/aws-solutions-architect-associate/analytics/amazon-kinesis/

Answer 182

2. AD Connector * AD Connector is a directory gateway for redirecting directory requests to your on-premise Active Directory. AD Connector eliminates the need for directory synchronization and the cost and complexity of hosting a federation infrastructure. Connects your existing on-premise AD to AWS * Simple AD is an inexpensive Active Directory-compatible service with common directory features. It is a standalone, fully managed directory in the AWS cloud. It does not connect your on-premise AD to AWS * IAM connector does not exist * Remote Authentication Dial-In User Service (RADIUS) is a networking protocol, operating on port 1812 that provides centralized Authentication, Authorization, and Accounting (AAA or Triple A) management for users who connect and use a network service. It is not an AWS service

Answer 183

1. Application Load Balancer (ALB) * ALBs process traffic at the HTTP,HTTPS level (layer 7) * NLBs process traffic at the TCP level (layer 4) * CLBs process traffic at the TCP, SSL, HTTP and HTTPS levels (layer 4 & 7)

Answer 184

3. Amazon EKS * Amazon Elastic Container Service for Kubernetes (EKS) is a managedKubernetes service that makes it easy for you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane * Amazon Elastic Container Service (ECS) is used for running Docker containers but is not a managed Kubernetes service * Amazon EC2 is used for running operating system instances, not containers (though you could build your own Docker/Kubernetes implementation on an EC2 instance) * Amazon Elastic Block Store (EBS) provides block storage volumes

Answer 185

2. A Customer Gateway * A customer gateway is a physical device or software application on your side of the VPN connection * A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection * NAT devices and firewalls are not required for an AWS managed VPN

Answer 186

3. Across Availability Zones • An AZ spans one or more data centers and each AZ is physically isolated from other AZs and connected by high speed networking. If you want to deploy a highly available application you should spread your instances across AZs and they will be resilient to the failure of a single DC • Subnets are created within AZs. Therefore, if you deploy resources into multiple subnets within an AZ and a data center fails, you may lose all of your instances • You could deploy your instances across separate regions but this is not necessary to create a highly available application and introduces complexity and cost. For example you may need multiple ELBs (one per region), complex name resolution and potential data transfer charges

Answer 187

1. HTTP 3. HTTPS * The Classic Load Balancer (CLB) supports health checks on HTTP, TCP, HTTPS and SSL * The Application Load Balancer (ALB) only supports health checks on HTTP and HTTPS

Answer 188

2. User Data * When you launch an instance in Amazon EC2, you have the option of passing user data to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts * You can pass two types of user data to Amazon EC2: shell scripts and cloud-init directives * User data is data that is supplied by the user at instance launch in the form of a script * User data is limited to 16KB * User data and meta data are not encrypted

Answer 189

3. Create a VPC peering connection * A VPC peering connection helps you to facilitate the transfer of data. For example, if you have more than one AWS account, you can peer the VPCs across those accounts to create a file sharing network. You can also use a VPC peering connection to allow other VPCs to access resources you have in one of your VPCs * An internal ELB will not help you to transfer data between accounts * You cannot peer subnets * Configuring matching CIDR address ranges will not mean you can route between accounts. Also, you cannot peer with an account with a matching (or overlapping) address range

Answer 190

1. 200 * A HTTP 200 codes indicates a successful upload * A HTTP 300 code indicates a redirection * A HTTP 400 code indicates a client error * A HTTP 500 code indicates a server error

Answer 191

1. The identity of the API caller 4. The request parameters • AWS CloudTrail is a web service that records activity made on your account and delivers log files to an Amazon S3 bucket. CloudTrail is about logging and saves a history of API calls for your AWS account • CloudTrail records account activity and service events from most AWS services and logs the following records: – The identity of the API caller – The time of the API call – The source IP address of the API caller – The request parameters – The response elements returned by the AWS service • All other options are metrics that can be recorded using CloudWatch • https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/monitoring-and-logging-services/

Answer 192

4. Amazon DynamoDB * Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Push button scaling means that you can scale the DB at any time without incurring downtime. DynamoDB is schema-less * All other options are SQL type of databases and therefore have a schema. They also rely on EC2 instances so cannot be scaled dynamically without incurring downtime (you have to change instance types)

Answer 193

1. Within an Availability Zone 5. Cross-Availability Zone * Read replicas are used for offloading read traffic from the primary RDS database. You can configure read replicas to be within an AZ, across AZs, and across regions * You cannot specify the subnet or data center to deploy a read replica in

Answer 194

3. Scaling Policy * Scaling policies determine when, if, and how the ASG scales and shrinks (on-demand/dynamic scaling, cyclic/scheduled scaling) * Scaling Plans define the triggers and when instances should be provisioned/de-provisioned * A launch configuration is the template used to create new EC2 instances and includes parameters such as instance family, instance type, AMI, key pair and security groups * An IAM policy is not used to control Auto Scaling • https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/elastic-load-balancing-and-auto-scaling/

Answer 195

4. Expedited * You can use the expedited access to retrieve data within 1-5 minutes * Standard takes 3-5 hours * The other options are bogus and do not exist

Answer 196

3. Stored volume mode • The volume gateway represents the family of gateways that support block-based volumes, previously referred to as gateway-cached and gateway-stored modes – Stored Volume mode – the entire dataset is stored on-site and is asynchronously backed up to S3 (EBS point-in-time snapshots). Snapshots are incremental and compressed – Cached Volume mode – the entire dataset is stored on S3 and a cache of the most frequently accessed data is cached on-site • A file gateway is not a mode but a different type of AWS Storage Gateway that provides a virtual on-premises file server, which enables you to store and retrieve files as objects in Amazon S3 • Virtual Tape Library is not a mode but a gateway that is preconfigured with a media changer and tape drives

Answer 197

2. Amazon RedShift * Amazon Redshift is a fast, fully managed data warehouse that makes it simple and cost-effective to analyze all your data using standard SQL and existing Business Intelligence (BI) tools. RedShift is a SQL based data warehouse used for analyticsapplications * Amazon RDS is a transactional DB, not an analytics DB * Amazon DynamoDB is a NoSQL type of database and is not suited to analytics using SQL queries * Amazon S3 is an object storage solution not a database

Answer 198

2. AWS Step Functions * AWS Step Functions lets you coordinate multiple AWS services into serverless workflows so you can build and update apps quickly. AWS Step Functions lets you build visual workflows that enable fast translation of business requirements into technical requirements * Amazon SWF helps developers build, run, and scale background jobs that have parallel or sequential steps. SWF is not a visual workflow tool * Amazon Simple Notification Service (SNS) is a highly available, durable, secure, fully managed pub/sub messaging service * Amazon Simple Email Service (Amazon SES) is a cloud-based email sending service designed to help digital marketers and application developers send marketing, notification, and transactional emails • https://aws.amazon.com/step-functions/

Answer 199

3. Amazon SWF * Amazon Simple Workflow Service (SWF) is a web service that makes it easy to coordinate work across distributed application components. SWF enables applications for a range of use cases, including media processing, web application back-ends, business process workflows, and analytics pipelines, to be designed as a coordination of tasks * Amazon Security Token Service (STS) is used for requesting temporary credentials * Amazon Simple Queue Service (SQS) is a message queue used for decoupling application components * Amazon Simple Notification Service (SNS) is a web service that makes it easy to set up, operate, and send notifications from the cloud * SNS supports notifications over multiple transports including HTTP/HTTPS, Email/Email-JSON, SQS and SMS

Answer 200

2. VMware vSphere VMs 4. Hyper-V VMs • AWS Server Migration Service (SMS) is an agentless service which makes it easier and faster for you to migrate thousands of on-premises workloads to AWS. AWS SMS allows you to automate, schedule, and track incremental replications of live server volumes, making it easier for you to coordinate large-scale server migrations. Currently, you can migrate virtual machines from VMware vSphere and Windows Hyper-V to AWS using AWS Server Migration Service

Answer 201

4. Amazon Elasticsearch Service * For operational analytics such as application monitoring, log analytics and clickstream analytics,Amazon Elasticsearch Service allows you to search, explore, filter, aggregate, and visualize your data in near real-time * For big data processing using the Spark and Hadoop frameworks,Amazon EMR provides a managed service that makes it easy, fast, and cost-effective to process vast amounts data * For interactive analysis,Amazon Athena makes it easy to analyze data directly in S3 and Glacier using standard SQL queries * For dashboards and visualizations,Amazon QuickSight provides you a fast, cloud-powered business analytics service, that that makes it easy to build stunning visualizations and rich dashboards that can be accessed from any browser or mobile device • https://aws.amazon.com/big-data/datalakes-and-analytics/

Answer 202

1. A Virtual Private Gateway * A virtual private gateway is the VPN concentrator on the Amazon side of the VPN connection. You create a virtual private gateway and attach it to the VPC from which you want to create the VPN connection * A customer gateway is a physical device or software application on your side of the VPN connection * NAT devices and firewalls are not required for an AWS managed VPN

Answer 203

4. On Amazon S3 * Snapshots capture a point-in-time state of an instance. Snapshots are stored on S3 * https://digitalcloud.training/certification-training/aws-certified-cloud-practitioner/aws-storage/

Answer 204

3. Classic Load Balancer (CLB) * CLBs process traffic at the TCP, SSL, HTTP and HTTPS levels (layer 4 & 7) * ALBs process traffic at the HTTP,HTTPS level (layer 7) * NLBs process traffic at the TCP level (layer 4)

Answer 205

2. Amazon CloudWatch Logs 4. Splunk * Amazon CloudWatch is a monitoring service for AWS cloud resources and the applications you run on AWS. Used to collect and track metrics, collect and monitor log files, and set alarms * Options for storing logs include CloudWatch Logs, Amazon S3 by using a custom script, and a centralized logging system such as Splunk

Answer 206

1. The most recent snapshot only • if you make periodic snapshots of a volume, the snapshots are incremental, which means that only the blocks on the device that have changed after your last snapshot are saved in the new snapshot. Even though snapshots are saved incrementally, the snapshot deletion process is designed so that you need to retain only the most recent snapshot in order to restore the volume

Answer 207

1. DynamoDB Table 4. CloudWatch * The Amazon S3 notification feature enables you to receive notifications when certain events happen in your bucket * Notifications can be sent to: SNS Topics, SWS Queues, and Lambda functions

Answer 208

4. Amazon Glacier • Only Amazon Glacier has a minimum storage duration charge of 90 days. Standard-IA and One Zone-IA both have a minimum storage duration charge of 30 days

Technology Flashcards

36% of Exam