Testing Flashcards
(203 cards)
1
Q
IAM Stands for:
A
Identity and Access Management
2
Q
What does a IAM User use to Log in:
A
Username and Password
3
Q
CLI stands for:
A
Command Line Interface
4
Q
API stands for:
A
Application Programming Interface
5
Q
CLI/API uses what to log in
A
Access Keys and Access Key IDs
6
Q
MFA stands for:
A
Multi Factor Authentication
7
Q
SCP Stands for:
A
Service Control Policies
8
Q
IAM Best Prctices:
A
- Lock AWS account user access keys
- Create individual users
- Use groups to assign permissions to users
- Grant least privilege
- Start with AWS managed policies
- Use customer managed policies
- Use access levels to review permissions
- Strong Password policy
- MFA
- Use Roles for apps and to delegate permissions
- do not share keys
- rotate credentials
- remove unnecessary credentials
- Use policy conditions
- Monitor activity
9
Q
EBS stands for:
A
Elastic block store
10
Q
What is Block Storage and what is AWS service
A
Hard drives connected to a system (a C: or D: drive
11
Q
What is Block Storage and what is AWS service
A
Hard drives connected to a system (a C: or D: drive
12
Q
EC2 Stands for:
A
Elastic Compute Cloud
13
Q
What does EC2 do?
A
Runs virtual servers or instances in the cloud
14
Q
What is User Data
A
User Data is code that runs commands
15
Q
What is Meta Data
A
Metadata returns information
16
Q
What is LightSail
A
SUPER SIMPLE cheap cloud server for those with little expertise
17
Q
What is Batch
A
Allows you to run thousands of computing jobs on AWS
It dynamically provisions the optimal quantity and types of resources
18
Q
What is a Docker Container
A
It is a place to store all the steps to run an app including OS, code, settings, etc
It makes the movable from hardware and very efficient
19
Q
What does ECS stand for
A
Elastic Container Service
20
Q
What is a cluster
A
a logical grouping of tasks or services
21
Q
What is ECS Launch Type
A
it is an elastic container that you keep control of
You are charged per instance
You are responsible for optimization and management but get more control
22
Q
What is ECS Fargate
A
it is an elastic container that is managed by AWS
Charged per running tasks
You have limited control
23
Q
EBS Snapshots do what
A
Capture a volume at a point in time
24
Q
where is a snapshot stored
A
Inside a region outside of a AZ
25
Differences between SnapA and SnapB and SnapC
Snap A is the OG while all those after are the changes that are made after the OG
26
What does DLM stand for
Data Lifecycle Manager
27
What does DLM do
automates creation, retention, and deletion of snapshots
28
What does S3 stand for:
Simple Storage Service
29
What kind of storage system is S3
Object storage
30
What are the 6 classes of S3 storage
1. Standard
2. Intelligent Tiering
3. Standard-IA
4. One Zone-IA
5. Glacier
6. Glacier Deep Archive
31
Standard S3 Storage
3 AZ
| common data
32
Intelligent Tiering
3 AZ
| It moves data to the most logical storage class
33
Standard-IA Storage Class
3 AZ
| charged per GB retrieved so it needs to data not regularly accessed
34
One Zone-IA Storage class
Like Standard-IA but in one AZ
| It makes the data less protected at a cheaper price
35
Glacier Storage
3 AZ
| Available in minutes at an updated price
36
Glacier Deep Dive
3 AZ
Available in hours
protected data that you do not need right away
37
S3 Versioning
Keeping multiple variants in the same bucket
| used to preserve, retrieve and restore objects
38
S3 Replication
CRR Replicates data across region
| SRR Replicates data in the same region
39
Storage Gateway uses
Moving data from on premises to the cloud
40
File Gateway
Storage gateway using a file based system
41
Volume Gateway
Block based storage gateway system
42
Backup Gateway
Storage gateway that uses block or file protocols
43
S3 Features
```
Transfer acceleration
Requester pays
Events
Static website hosting
Encryption
Replication
```
44
What is Route 53
It is a DNS or Domain Naming System
45
Route 53 Policies
```
simple
failover
geolocation
geo proximity
latency
Multivalue answer
weighted
```
46
Route 53 features
Domain registration
hosts zones
health checks
monitors Traffic flow
47
Auto scaling Groups
EC2 Status Check
| CloudWatch
48
EC2 Status Check
If one instance fails status check will replace that instance
49
CloudWatch does what
Monitors Metrics
| adds and removes instances based on metrics
50
What does Auto Scaling do?
```
Launches and terminates instances automatically
scales horizontally
Responds to checks and metrics
can scale on demand or by a schedule
set policies on how to respond
```
51
What does ELB stand for:
Elastic Load Balancer
52
4 types of Elastic Load Balancers
Application
Network
Classic
Gateway
53
Application Load Balancer
Operates at request level (level 7)
54
Network Load Balancer
Operates at the connection level (level 4)
55
Classic Load Balancer
Older generation that uses both level 4 and 7
56
Gateway Load Balancer
used in front of virtual apps such as firewalls
57
Scaling Policies
Target Tracking
Simple Scaling
Step Scaling
Scheduled scaling
58
Benefits of Serverless services
```
No instances
No hardware
No management
Capacity provisioning and patching
Provides auto scaling
```
59
Serverless services
```
Lambda
Fargate
EventBridge
Step Function
SQS
SNS
S3
API Gateways
DynamoDB
```
60
Lambda Functions
Executes code when needed
| only pay when code runs
61
Lambda function benefits
no servers
Continuous Scaling
millisecond billing
integrates with services
62
SQS stands for what
Simple Queue Service
63
SQS does what
It decouples the App tier from the Web tier.
| pull based. the app will pull the info from the queue
64
MQ is a what
Message broker service
65
MQ does what
It works like sqs EXCEPT:
it works with industry standards like apache
and
it is a push based system
66
SNS stand for what
Simple Notification Service
67
What does SNS do?
Pushes out information out instead of pull like SQS
| pushes info to topic which will be sent to all accounts attached to that topic
68
Step Functions
Coordinates workflows automatically
| Uses visual workflows and run state machines
69
SWF stands for what?
Simple Workflow Service
70
SWF does What?
Works like Step functions but in workflows that require human interaction
71
EventBridge Does what?
It is a serverless event bus
| it takes data that triggers an event to signal to the right server
72
API stands for what?
Application Programming Interface
73
API Gateways do what?
It is the front door for applications
Connects multiple ways
forwards requests to Lambda or VPCs
74
VPC Stands for?
Virtual Private Cloud
75
What are Security Groups
Firewall for Instances
76
What does ACL stand for
Access Control List
77
What is ACLs purpose
A firewall at the Subnet level
78
3 types of IP addresses
Public
Private
Elastic
79
Qualities of a Public IP address
Dynamic
lost when instance stops
cannot be moved between instances
80
Qualities of a Private IP
Attached to ALL instances
| Retained when instance stops
81
Qualities of an Elastic IP
Static public address
Retained when instance stops
can be moved between instance
Pay if not in use
82
What does NAT stand for
Network Address Translation
83
NAT Instances and Gateways uses and their difference
used for accessing internet from private subnets
Instances managed by you
Gateways managed by AWS
84
VPC Peering
Routes made between VPC and IP address
85
VPN stands for what
Virtual Private Network
86
Managed VPN
VPN connection between on premises sites and AWS
87
Direct Connect
Private connection from on premises to AWS
88
Transit Gateway
Connects VPCs and on premises through a central hub
89
Outposts
Deploy actual infrastructure on premises to connect to AWS
90
What is CloudFront
Content delivery Network
91
What does CloudFront do?
Sends data to edge locations
| Allows customers to access data quickly
92
What does Global Accelerator do?
Routes connections to app endpoints
| improves availability and performance of apps
93
What does CloudFormation do?
Infrastructure provisioned automatically through code
| allows you to provision consistently
94
What does CDK stand for
Cloud Development Kit
95
What does Cloud Development Kit do?
Open source framework to define app resources using familiar programming languages
96
What does Beanstalk do?
Management service for Web Apps
| Deploys environment that can include Auto scaling, elastic load balancing and databases
97
What does X-Ray do?
Analyze and debug production
98
What does OpsWorks do?
It is a Config Management service in Chef or Puppet
99
RDS stands for
Relational Database Service
100
What does RDS use for encryption
KMS
101
What does RDS support
```
SQL
Oracle
MySQL
Postgre
Aurora
MariaDB
```
102
What is Aurora
A relational database that is compatible with MySQL and Postgre
103
What is DynamoDB
Fully managed NoSQL Key/Value Store
| It is a non-relational, Key-Value System
104
DynamoDB Features
```
Serverless
NoSQL
Push button horizontal
DAX
Back ups
Global Table
```
105
What is Redshift
A relational database and SQL Data Warehouse
| Used for Online analytics processing (OLAP)
106
EMR stands for what?
Elastic Map Reduce
107
What does EMR do?
```
Manages Cluster Platforms frameworked in Hadoop and Spark
Performs ETL (extract, transform, and load) functions
Processes data for analytics and business intelligence
```
108
What does Elasticache do?
It is a key-value store
fully manages implementations of redis and memcached
you put it in front of databases like RDS and Dynamo to lower latency of extracting data
109
What does Athena do?
Runs queries on S3 data
110
What does Glue do?
It is a ETL service for the metadata stored by Athena
111
How do Kinesis Data Streams work
Producers send data to shards
| consumers process data to save to another source
112
How does Kinesis firehose work
automated data sent without shards
| Saves data directly to another source
113
How does Kinesis Data Analytics work
Real time SQL processing for streaming
114
What does SQL stand for
Structured query langauge
115
What does Pipeline do
processes and moves data between different services
116
What is Quicksight
Business Intelligence Service
| Creates and publish interactive BI dashboards for machine learning
117
What is Neptune
Fully managed graph database service
118
What is DocumentDB
A fully managed Document database that queries and indexes JSON data
119
What is QLDB
A fully managed ledger database that provides verifiable transaction logging
120
What is Managed Blockchain
Joining public and private networks using ethereum
121
What is Organizations
a consolidation of multiple accounts
| most important feature for test is consolidated billing
122
What is control tower
Simplifies the creation of multiple accounts by setting up governance, compliance, and security guardrails
123
What is Systems Manager
Manages multiple AWS Resources
124
System Manager components
```
Automation
Run Command
Inventory
Patch Manager
Session Manager
Parameter Store
```
125
What is Service Catalog
Creates and manage catalogs of IT services
| Allows you to manage commonly deployed services
126
What is Config
It is a fully managed compliance management service
| Helps with Autiting, Security Analysis, and Resource Change Tracking
127
What is Trusted advisor
Helps Optimize your environment
128
What does Trusted Advisor Advise on
Cost Optimization
Performance
Security
Fault Tolerance
129
What is Personal Health Dashboard
A Dashboard that provides alerts when events will affect you
130
What is Service Health Dashboard
Provides the Current status of AWS Services
131
What is Directory Service
Fully managed hosts active directory
132
What is AD Connector
Allows on premises user to log into AWS with SSO
133
What is Simple AD
Low scale/cost Active Directory
134
What does System Manager Parameter Store do
Provides Secure, hierarchical storage
135
What can systems manager parameter store
passwords
data strings
license codes
136
What are the values in systems manager parameter store
do it all as parameter values
plaintext (unencrypted)
ciphertext (encrypted)
137
What is Secret Manager
it is similar to parameter store BUT
| allows native and automatic key rotation, fine grained permissions, and central auditing
138
What does KMS stand for
Key Management Service
139
What does KMS do
Creates and manages Keys
140
CloudHSM stands for
Cloud based hardware security Module
141
What does CloudHSM do
Generates your own encryption keys
| more control and more secure than KMS but more expensive
142
What is CloudTrail
Logs API activity for auditing
| Can trigger cloudwatch events
143
What are VPC Flow Logs
Capture the information about IP traffic going to and from the VPC interfaces
144
Where are Flow Logs created
VPC
Subnet
Network Interfaces
145
What does S3 Access Logs do
Provides records for the requests made to a bucket
146
S3 Access Logs details include
```
Requester
Bucket Name
Time
Action
Response Status
Possible Error Codes
```
147
What does Detective do?
Analyze, Investigate, and Identify security issues root causes
148
Data sources for Detective
VPC Flow Logs
CloudTrail
GuardDuty
149
What is GuardDuty and what does it detect
```
Intelligent Threat Detection Service
Detects:
Account Compromise
Instance Compromise
Malicious Reconnaissance
Bucket Compromise
```
150
What is Macie
Fully managed Data security
| Uses machine learning and pattern matching to find and protect sensitive data in S3
151
What does WAF stand for
Web Application Firewall
152
What does WAF do
Creates rules that block common exploits like SQL injection and Cross site scripting
153
What is Sheild
Managed DDoS protection service
154
What is Artifact
Provides on demand security and compliance reports
155
What is Security Hub
Provides a view of security alerts across AWS Accounts
156
What is Security Bulletins
Security and privacy events affecting AWS Services
157
Why should you contact the Trust and Safety team
```
Spam
Port Scanning
DDoS
Intrusion Attempts
Hosting of objectional or copyrighted material
Distributing Malware
```
158
Penetration Testing
Testing Security by simulating an attack
| is allowed for 8 services without permission
159
What are the pillars of Well-Architected
```
Operational Excellence
Security
Reliability
Performance Efficiency
Cost Optimization
```
160
What does Well Architected Consist of:
Guidance
Tool
Lenses
Architecture Center
161
Operational Excellence Pillar
Support Development of Workloads
162
Security Pillar
Protect data, systems, and assets
163
Reliability Pillar
Ensuring workload can perform
164
Performance Efficiency Pillar
Ability to use computing resources meet system requirements
165
Cost Optimization Pillar
Ability to run systems at the lowest price
166
What do you pay for in AWS
Compute
Storage
Outbound Data
167
What are the basics for On-Demand pricing
Standard rate
| No Commitments
168
What are the basics for Reserved pricing
1-3 year commitment
| 75% discount
169
What are the basics for Spot Instant pricing
Bid for unused space
Up to 90% discount
can be terminated at anytime
170
What are the basics for Dedicated instances pricing
Physical isolation at host hardware
| Pay per instance
171
What are the basics for Dedicated Hosts pricing
Physical server dedicated for your use
socket core visibility
Host affinity
Pay per host
172
What are the basics for Saving Plans pricing
Commitment to consistent amount of usage
Pay per hour
1-3 year commitment
173
What do you pay for in S3
Storage class
Storage quantity
Number of requests
data transfer out
174
What do you pay for in Glacier
Expedited
Standard
Bulk
175
What do you pay for in EBS
Volumes - GB per month
| Snapshots - Space consumed by Snapshots
176
What do you pay for in RDS
Clock hours of server up time
Database characteristics
Database purchase type
177
What do you pay for in DynamoDB
Reading, Writing, and Storing Data
| Either on-demand or provisioned
178
What do you pay for in Lambda
Number of requests
Duration of request (to the nearest millisecond)
Price is dependent
179
Benefits of Consolidated billing
One bill
Easy tracking
combined usage
180
What do you do in Budgets
Set custom budgets
| configure alerts
181
What does budgets integrate with
Cost explorer
Chatbot
Service catalog
182
What is Cost explorer
View charts of your costs to discover patterns of spending
183
What does Cost and Usage report break down
```
Hour
Day
Month
Product
Product resource
Tags
```
184
What does Price list API do?
Queries prices of services
185
What does DMS stand for
Database migration service
186
What does DMS do
Migrates Databases
| Source database remains operational during transfer
187
What does SMS stand for
Server migration service
188
What does SMS do
Migrates servers and virtual machines
189
What does DataSync do
Online data transfer service
| Transfers data between on premises and storage services
190
What is the Snowball Family used for
Used for migrating large volumes of data to AWS
191
What does Rekognition do
Image and video analysis
192
What does Transcribe do
Add speech to text capabilities to apps
193
What does Translate do
Neural machine translation service
194
What does Sagemaker do
helps data scientists prepare, build, train, and deploy high quality machine learning models
195
What does Comprehend do
natural language processing service
| Uses machine learning to understand unstructured (like a written letter) information
196
What does Lex do
It is a conversational AI for chatbots
197
What does Polly do
Turns text into life like speech
198
What does Workspaces do
Managed DaaS solution
| Works with windows or linux
199
What does Appstream 2.0 do
Fully managed non persistent app streaming service
200
What does Worklink do
Provides secure, one click access to your internal websites from mobile phones
201
What does Workdocs do
Google suite by amazon
202
What does IoT core do
Lets you to connect to IoT devices to the cloud without the need to manage servers
203
What does IoT stand for
Internet of Things
