Topical Cards from Digital Cloud AWS Cert Exam

Question 1

Kinesis Data Analytics

Answer 1

• used for processing and analyzing real-time streaming data from either Firehose or Data streams
• can only output data to S3, RedShift, Elasticsearch and Kinesis Data Streams
• Autoscaling and Managed (no servers)
• Real Time

Question 2

Kinesis Data Firehose

Answer 2

• the easiest way to deliver data directly to AWS services or servicers like Splunk
• data is NOT stored
• serverless data transforms with lambda functions
• Kinesis Data Streams can be used as the source(s) to Kinesis Data Firehose
• near real-time (1 minute latency)

Question 3

Kinesis Data Streams

Answer 3

• enables real-time processing of streaming big data
• stores data for later processing by applications (key difference with Firehose which delivers data directly to AWS services)
• partition keys can guarentee ordering
• records accessible from 24 hours (default) to 7 days
• does not deliver it to destinations such as Splunk
• must manage to scaling
• will have to develop code (producer/consumer) to use

Question 4

Default IAM User Permissions

Answer 4

• By default IAM users are created with no permissions

- an IAM policy must be attached to the user before they can do anything (even view their own access keys)

Question 5

EBS Encryption

Answer 5

• Data in transit between an instance and an encrypted volume is encrypted
• There is no direct way to change the encryption state of a volume
• All EBS types support encryption

Question 6

Amazon Glacier Resilience

Answer 6

• 99.999999999% durability of archives
• Data is resilient in the event of one entire AZ destruction
• Data is NOT replicated globally

Question 7

EBS Instance Store Configuration

Answer 7

• Can only specify the instance store volumes for your instance when you launch the instance
• Cannot add EBS volumes after launch

Question 8

Default Security Group Settings for a VPC

Answer 8

• Inbound rule that allows all traffic from the security group itself
• Outbound rule that allows all traffic to all addresses
• Custom security groups do not have inbound rules by default (blocking all inbound traffic) and allow all outbound traffic by default

Question 9

RDS Database Restore

Answer 9

• Can restore up to the last 5 minutes

- default DB security group is applied to the new DB instance

Question 10

Monitoring ELB Traffic

Answer 10

• Use VPC Flow Logs

- To set up, create a VPC flow log for each network interface associated with an ELB

Question 11

Network ACL

Answer 11

• tied to subnets
• stateless rules (rules applied to incoming traffic will not be applied to outgoing traffic
• support allow and deny rules
• rules applied in order
• by default inbound rule denying all traffic and outbound rule denying all traffic

Question 12

Enhanced Networking

Answer 12

-provides higher bandwidth, pakcet-per-second, and lower inter-instance latencies

Question 13

DynamoDB Auto Scaling

Answer 13

• uses AWS Application Auto Scaling Service to adjust provisted throughput capacity to traffic patterns
• most efficient and cost-effective solution to optimizing cost

Question 14

CodeDeploy

Answer 14

-automates application deployment to EC2 instances, on-premises instances, serverless lambda.

Question 15

OpsWorks

Answer 15

-mangaged instances of Chef and Puppet

Question 16

Beanstalk

Answer 16

• used to quickly deploy and mange applications in the cloud

- beanstalk handles deployment details for applications in Go, Java, Python, Ruby, Node.js, and PHP

Question 17

Run Command

Answer 17

• designed to support a wide ranbe of enterprise configuration needs on windws machines
• can install software, run scripts, or powershell commnads
• accessible in the AWS Managment Console

Question 18

AWS Config

Answer 18

-services that lets you assess, audit, and evaluate the configuration of your AWS Resources

Question 19

POSIX Permissions

Answer 19

-allow you to restrict access from host by user group for EFS

Question 20

EFS Security Groups

Answer 20

-can act as a fire wall to restrict network traffic for EFS

Question 21

Direct Connect Gateway

Answer 21

• transitive peering connections for VPC, VPN, and Direct Connect
• can be assoicated with transit gateway when you have mutiple vpcs in the same region
• can be associated with a virtural private gateway

Question 22

Direct Connect

Answer 22

• establish private connectivity between AWS and your datacenter
• set up a virtual private gateway on vpn and configured hardware connection to datacenter

Question 23

VPN CloudHub

Answer 23

-hub-and-spoke VPN model to connect your sites

Question 24

Transit Gateway

Answer 24

-transitive peering connections for VPC, VPN, and Direct Connect

Question 25

Private Link

Answer 25

- connect services privately form your service VPC to customers VPC - eliminates the exposure of data to the public Internet - dosen't need vpc peering, public internet, NAT gateway, ect - Must be used with NLB and Elastic Network Interface

Question 26

VPC Endpoints

Answer 26

-provide private access to aws services within a vpc

Question 27

Internet Gateway

Answer 27

-provide internet access at VPC level via ipv4 & ipv6

Question 28

Route Tables

Answer 28

-connect subnets to Interne Gateway, VPC Peering Connections, VPC Endpoints, ect

Question 29

Nat Instances

Answer 29

- provides internet access to private instances on private subnet - Managed by user and requires additional set up like disabling source/destination check on the ec2

Question 30

Network ACL

Answer 30

-Statless, subnet allow and deny rules

Question 31

Securty Groups

Answer 31

-Stateful, operate at ec2 level

Question 32

Site to Site VPN

Answer 32

-connect datacenter to vpc over public internet, set up a virtual private gateway on vpn, customer gateway on the DC

Question 33

AWS DataSync

Answer 33

- Used to move large amounts of data online between on-premises storage and Amazon S3 or Amazon Elastic File System (Amazon EFS - source datastore can be Server Message Block (SMB) file servers

Question 34

S3 Standard-IA

Answer 34

- objects are available for millisecond access - charges a retrieval fee for these objects - stores the object data redundantly across multiple geographically separated Availability Zone - resilient to the loss of an Availability Zone

Question 35

S3 One Zone-IA

Answer 35

- objects are available for millisecond access - charges a retrieval fee for these objects - object data in only one Availability Zone - data is not resilient to the physical loss of the Availability Zone resulting from disasters

Question 36

Service Control Policy (SCP)

Answer 36

- used to apply restrictions across multiple member accounts in an OU - use deny rule to block a resource type (ec2 instance type for example) in member accounts

Question 37

Global Accelerator

Answer 37

- improves the availability and performance of your applications with local or global users - uses the congestion-free AWS global network to route TCP and UDP traffic to a healthy application endpoint in the closest AWS Region to the user. - provides static IP addresses that act as a fixed entry point to your application endpoints in a single or multiple AWS Regions to your ALB or NLB

Question 38

FSx for Windows File Server

Answer 38

- provides fully managed, highly reliable file storage accessible over SMB protocol - provides a rich set of administrative features that include end-user file restore, user quotas, and Access Control Lists - supports Distributed File System Replication (DFSR) in both Single-AZ and Multi-AZ deployments

Question 39

EFS

Answer 39

- file storage for EC2 instances | - only available for Linux instances

Question 40

Target Tracking AutoScaling

Answer 40

-allows you to specify a target value for a metric to scale off of (CPU for instances)

Question 41

RedShift

Answer 41

- columnar data warehouse DB that is ideal for running long complex queries. - RedShift can also improve performance for repeat queries by caching the result and returning the cached result when queries are re-run.

Question 42

AWS Batch Multi-node parallel jobs

Answer 42

- enable you to run single jobs that span multiple Amazon EC2 instances (model training) - does not require you to launch, configure, and manage Amazon EC2 resources directly - supports IP-based, internode communication, such as Apache MXNet, TensorFlow, Caffe2, or Message Passing Interface (MPI)

Question 43

Scaling Process

Answer 43

- There are two primary process types: Launch and Terminate - other process are Scheduled Actions, Replace Unhealthy, AZ Rebalance, ect. - Autoscaling groups can have multiple scaling processes - Process can be suspened and resumed

Question 44

EC2 Standby State AutoScaling

Answer 44

- used for performing updates/changes/troubleshooting etc. without health checks being performed or replacement instances being launched - instance still managed by Auto Scaling - do not count towards available EC2 instance for workload/application - health checks are not performe

Question 45

Aazon DynamoDB Streams

Answer 45

- captures a time-ordered sequence of item-level modifications in DynamoDB table - stores this information in a log for up to 24 hours - logs can be accessed in near-real time

Question 46

Troubleshooting ECS Containers

Answer 46

- Verify that the Docker daemon is running on the container instance. - Verify that the Docker Container daemon is running on the container instance. - Verify that the container agent is running on the container instance. - Verify that the IAM instance profile has the necessary permissions.

Question 47

Cognito Identity Pools

Answer 47

- provide temporary AWS credentials for users who are guests (unauthenticated) and for users who have been authenticated and received a token. - used to obtain temporary AWS credentials to access AWS services, such as Amazon S3 and DynamoDB.

Question 48

Cognito User Pools

Answer 48

- A user pool is a user directory in Amazon Cognito | - Used to provide access to an application (think web app log in via facebook)