Training Flashcards
(109 cards)
1
Q
How often are CloudWatch metrics created for an EBS volume?
A
Every 5 minutes
2
Q
What parameter needs to be disabled to maintain a root volume after instance termination?
A
Delete on Termination
3
Q
How many EC2 instances can be attached to an EBS volume?
A
1
4
Q
What is the time interval at which EFS metric data gets sent to CloudWatch?
A
1 minute
5
Q
If an EBS volume is encrypted at the time of a snapshot, what will be the status of the snapshot?
A
Encrypted
6
Q
How long do you have to validate your Vault Lock Policy?
A
24 hours
7
Q
In terms of EBS and instance-store root volumes, what is the default action upon instance termination?
A
Delete on Termination
8
Q
How many GiB is needed to attain 120 IOPS?
A
40 GiB
9
Q
How many times can an object be replicated with S3 CRR?
A
1
10
Q
What is a file gateway used for?
A
Store and retrieve files.
11
Q
What storage classes are integrated with Amazon EFS?
A
- Standard-IA
- Standard
12
Q
How long is EFS metric data retained within CloudWatch?
A
15 months
13
Q
What must be enabled on a database to create Read Replicas?
A
Enable database backups
14
Q
What are the three main functions of Route 53?
A
- Health Checks
- DNS (Domain Name System) service
- Domain Registration
15
Q
What is Guard Duty ?
A
A threat detection service that monitors for threats to AWS accounts and workloads.
16
Q
What is TCO Calculator ?
A
Estimation of the cost savings to be had by migrating to the AWS Cloud from an on-premises datacenter.
17
Q
What is AWS Cost explorer ?
A
Visualize, understand, and manage your AWS costs and usage over time.
18
Q
What is AWS SImple Calculator ?
A
Calculate anticipated billing.
19
Q
Why used stored volumes ?
A
Store all data locally, but periodically that data is backed up to AWS using snapshots.
20
Q
Why used Cached Volume ?
A
Store all data in the AWS cloud and cache data locally.
21
Q
What does a route table do?
A
Directs traffic within a network
22
Q
In the event history of CloudTrail, how many days of events are retained?
A
90 days
23
Q
What component of a CloudWatch Alarm configuration is defined as the amount of time before notification?
A
The Period
24
Q
How do CloudWatch Events differ from CloudWatch Alarms?
A
Events react to patterns, and alarms react to thresholds.
25
What are the 3 state of cloudwatch alarm ?
- OK
- Alarm
- Insufficient_Data
26
What three AWS services can receive CloudWatch Alarm notifications?
- AutoScaling
- EC2
- SNS
27
What databases are compatible with Amazon Aurora?
PostgreSQL
| MySQL
28
What is a Hash Function ?
A function to map data of arbitrary size to fixed-size values.
29
What is the maximum number of data copies that Amazon Aurora can lose without affecting writes?
2
30
What CloudWatch metric is used to determine needs for storage type changes?
ReadIOPS/WriteIOPS
31
What is swap usage ?
A metric that displays the amount of hard disk space swapped for lack of RAM.
32
Which important Cloud concepts will an ELB improve?
Fault tolerance
| High Availibility
33
What are the four primary benefits of using cloud services ?
High availability, fault tolerant, scalability and elasticity.
34
What is Amazon RDS?
A managed relational database service, where the underlying infrastructure is supported by AWS
35
What is the purpose of CloudTrail?
Log, monitor, and retain account activity related to actions across your AWS infrastructure
36
What is the default maximum number of SNS topics per account?
100 000
37
What is the defaulted limit to the number of SNS subscriptions per topic?
12 500 000
38
What happens to instances in an Auto Scaling Group if it is marked unhealthy?
The instance will terminate and be replaced with a new instance.
39
What are the two main components of Auto Scaling?
Launch configuration and Auto Scaling group
40
What is the purpose of the launch configuration?
It determines the configuration that will be used on EC2 instances that will be launched.
41
What are the two primary ways you are charged for using Lambda?
Execution requests and execution duration
42
Which can be used to execute or invoke Lambda code?
The AWS Console + SNS, S3, and CloudTrail
43
If you are using an ELB to serve HTTP web traffic to EC2 instances, what port(s) must be open on the ELB's security group?
Port 80
44
What listeners can you configure your Application Load Balancer to accept?
HTTP
| HTTPS
45
What mechanism is used to ensure that Port 80 traffic is allowed into a subnet?
Network Access Control Lists (NACLs) can be used to allow and deny communication via a specific port into the subnet.
46
What happens if you launch an EC2 instance without specifying a subnet?
It gets launched into a default subnet in the default VPC.
47
If data is traveling from a customer, over the open internet, to a website you are hosting on an EC2 instance in an AWS VPC, what is the order of components that data will travel through?
IGW -> Route Table -> NACL -> Security Group -> EC2 Instance
48
What is service-link-roles ?
A unique type of IAM role that is linked directly to an AWS service.
49
What is an Instance Profile?
A container for an IAM role that you can use to pass role information to an EC2 instance when the instance starts.
50
What is Confused deputy problem ?
One process tricks another process to do an action it doesn't have permissions to do
51
What differentiates a role from a user?
- A role can be assumed by multiple identities.
| - A role does not have standard long-term credentials.
52
What is a principal ?
An entity that can take an action on an AWS resource. Your administrative IAM user is your first principal. Users, roles, federated users, and applications are all AWS principals.
53
What are Access Levels ?
A way to categorize actions => List, Read, Write, Permissions Management, and Tagging are valid access levels.
54
What is Power User Access ?
Provides full access to AWS services and resources, but does not allow management of Users and groups
55
What is Policy Summary Tables ?
A table that describe the access level, resources, and conditions that are allowed or denied for each service in a policy.
56
What is the rule for nesting IAM Groups?
IAM Groups cannot be nested.
57
What is the relationship between groups and policies?
Many (groups) to many (policies)
58
Besides CloudFront, what are two ways API Gateway can block DDOS attacks from reaching your backend?
- Request Throttling
| - Caching API Responses
59
How big can a SQS text message be in size?
256 kb
60
Which messaging service uses standard APIs and protocols such as JMS, NMS, AMQP, STOMP, MQTT, and WebSocket?
Amazon MQ
61
Which ECS mode allows AWS to fully manage the backend infrastructure?
Fargate
62
What is the maximum period that RDS keeps an automated backup?
35 days
63
How many read replicas can you have from one master instance?
5
64
An RDS database's endpoint is:
- an identifier that can be used to communicate the primary instance
- is represented as a domain name, hostname, or CNAME
65
What is the difference between CloudTrail and CloudWatch Events?
CloudWatch can see events in almost real-time, while CloudTrail can take up to 15 minutes.
CloudWatch Events can take action or use automation based on Rules and State Changes, while CloudTrail is an auditing tool.
66
Which types of data are ideal for Athena to query?
- structured data
- unstructured data
- semi-structured data
67
What is an API endpoint?
It is a location that allows for API interaction
68
What is the longest runtime allowable on a state machine?
Up to 1 year
69
How long, at maximum, will Lambda process a function before it is terminated?
15 minutes
70
What is the role of an API?
It's a set of functions designed to facilitate communication with other applications.
71
What language is used to configure state machines?
ASL (Amazon State Language)
72
How can you restrict a root user of an Organization Unit account?
By creating and attaching a service control policy
73
What OSI layer is used in VPC peering?
Layer 3
74
What type of IP address can attach to an operating system?
IPv6
75
What are the functions that a NAT gateway provides for IPv4 resources ?
- Shares a single public IP address for a private resource
- Provides private instances a route to the internet
- Translates private to public IPs and vice versa
76
What are the two types of VPC endpoints?
- Interface endpoints
| - Gateway endpoints
77
Which of the following are similarities between gateway endpoints and interface endpoints?
- Allow you to connect to a public AWS service without needing a public gateway or public IP
- Both are VPC endpoints
- Both can be used to achieve high availability
78
Which CIDR block is given when IPv6 is allocated to a VPC?
/56
79
Security groups can be shared across _.
- 2 VPCs in the same region
- multiple EC2s instances in a VPC
- AWS accounts in the same region
80
What is the maximum amount (without logging a support ticket) of GSIs per table within DynamoDB?
20
81
How many replicas does DynamoDB provide per table?
3 replicas each in their own AZ
82
In DynamoDB, what is the difference between a scan and a query operation?
A scan will search the whole table, which uses more computing power. A query operation searches for only the primary key attributes, that are more efficient.
83
What are the two types of indexing in DynamoDB?
GSI (global secondary index) and LSI (local secondary index)
84
How many days does Dynamdb maintain continuous point in time backups of your table ?
35 days
85
What is the max limit of access keys an IAM User may possess at a time?
2
86
What is the difference between the two types of policies in an IAM Role?
The trust policy allows identities to assume roles, while the permission policy defines the permissions provided.
87
What is the syntax for ARNs?
arn:partition:service:region:account-id:
88
A Route 53 health check can monitor the health of an HTTP or HTTPS page every
30 and 10 seconds
89
Which record is used to list the mail servers for a domain?
MX Records
90
What split-view DNS (or horizon DNS) in Route 53 allow to do ?
Allows for a private (internal) version of a website while using the same domain name as a public website
91
Which are default records of a zone?
NS and SOA
92
What information does a DNS server hold?
DNS holds and maintains a directory of domain names and IP addresses.
93
Which record is used to set the authoritative servers for a subdomain?
NS record
94
How frequently are you billed for Route 53 health checks?
Per month and are based on the number of checks within the month.
95
Which record maps domain names to their IPv4 address?
A record
96
Which OSI layer's primary task is to add encryption to a packet?
Presentation
97
What are the benefits of a proxy server?
- Can be installed on an EC2
- Caching of frequently visited sites
- Outbound filtering based on application values
98
Which OSI layer views the request and reply communication as a single session between the client and the server?
Session
99
What is the main function of a firewall?
Monitors and inspects traffic to determine if it should allow/deny access to/from its network.
100
Which layer assigns MAC addresses on devices in a local network?
Datalink
101
Which layers are used in a device to device communication within the same local network?
Datalink and Physical layer
102
Which OSI layer would you place a firewall if you wanted to deny traffic by port number?
Transport Layer
103
Name the OSI layers starting at layer seven and ending at layer one.
Application, Presentation, Session, Transport, Network, Data Link, Physical
104
Which layer is used for device to device communication over intermediate routers?
Network
105
What best describes an IAM role?
A role is something that a user, application or service can "assume" to receive temporary security credentials that provide access to a resource.
106
How many records of the same name does failover routing allow?
2
107
When incrementing Lambda function memory sizing, what is the increment size you are restricted to?
64 MB
108
You receive 429 Error (Throttle Limit) codes when what type of invocation fails?
Synchronous (Not Stream-based)
109
Can we create a nat gateways without elastic IP
No
