White Paper Flashcards

Question

Sending traffic to intent from private subnet target is

Answer 1

Nat gateway

Answer 2

Amazon machine image: Info of an instance of a virtual server That has software config for the type (o/s, server)

Answer 3

Amazon Athena is an interactive Serverless service used to analyze data directly in amazon Simple storage service (s3)

Answer 4

1 VPC spans all Az in region 2 Launch services such as EC2 3 Must specify block of range of IPc4 addresses in classless inter-domain routing 4 Add one or more subnets in each Availability zone in the VPC 5 has internet gateway to access resources inside the VPC from outside

Answer 5

1 Is a range of ip addresses in VPC 2 specify ipv4 classless inter-domain routing that is a subset of the VPC cidr block 3 each subnet is entirely in one availably zone

Answer 6

Peering, Diff VPCs can communicate if they are in the same network. Can create VPC peering connection between VPCs, VPCs in another account,or VPCs in a different aws region

Answer 7

Standard m Memory optimized Burstable (cheapest)

Answer 8

Db subnet group with private instances

Answer 9

Allow traffic on the port (tcp) (fourth layer) of the database engine

Answer 10

Key value and document data structures

Answer 11

DynamoDB Accelerator for read performance is a caching fully managed in memory cache Data replicated in at least 3 Availability zones

Answer 12

Data for Functionality to allow ways to trigger events

Answer 13

On premises infrastructure but exposes apis that allow self service that can use the aws inhouse that is not public Public is allowing apis to anyone.

Answer 14

Closer to customers Single digit latency *Wavelength for mobile phones, for 5g network

Answer 15

Host content closer to users in a caching approach. Data centers that have a lot of storage equipment Reduces latency Build a CDN with aws cloudfront service

Answer 16

Brings aws infrastructure on premise Hardware Racks and servers Helps to build hybrid in house Many companies are just starting or need Local service like person Identification

Answer 17

Are external to aws account access to internal services in aws account

Answer 18

Identity and Access Management Allows access to services and resources Manage users or groups Use permissions to Allow or deny

Answer 19

Identity Authentication Authorization

Answer 20

Create multiple Iam users for the account Can do all services Must give permissions (Policies) to other iam users, Groups, and Roles Can make 5000 iam users

Answer 21

to use credentials to for example use database and read and write to it

Answer 22

Username, password Access key I'd, secret access keys for cli programmatic access or sdks

Answer 23

Different permissions for the different group via permissions Policies Not an indentiey so can't login as group Group is a best practice

Answer 24

Iam identity that gives set of permissions for service requests People, users, applications, or services like ec2 can assume the role Iam role will have trust policy When a user uses the role it Will have Security token service give temp credentials to the user allowing the user any permissions in the trust policy

Answer 25

Is a backend fully managed service

Answer 26

The permissions policy grants the user of the role the needed permissions to carry out the intended tasks on the resource. The trust policy specifies which trusted account members are allowed to assume the role.

Answer 27

Managed Custom managed Inline policies -> 1 person needs this policy etc

Answer 28

2 factor authentication with 2 types + either physical device (phone) or virtual device token Token lasts 30 seconds

Answer 29

Add mfa to root user In real world add mfa tokens for iam users

Answer 30

Global but can be restricted for regions

Answer 31

All of users and enforce users to have specific rules such as forcing them to change their password after x amount of time

Answer 32

Private connection to aws supported services

Answer 33

Global services S3 global however bucket is regional (think china and banning things in s3 bucket)

Answer 34

Username, password

Answer 35

Enable multi factor authentication

Answer 36

Managed Active Directory give everything allows microsoft SQL authentication

Answer 37

AWS management console can download credentials report to see a list of users and status of various credentials like password, access keys, and mfa devices Also from cli and aws sdks

Answer 38

Intelligent tiering (latency access tiers)

Answer 39

30 date standard 90 days glacier 180 days deep glacier

Answer 40

Fully managed file storage built on windows server

Answer 41

Versioning

Answer 42

Is a hybrid cloud storage service that gives on-premises access to virtually unlimited cloud storage

Answer 43

Elastic File system can be accessed by different instances at same time Elastic block store can only he used by one instance at a time

Answer 44

Amazon elastic map reduce | Service big data platform to process vast amounts of data

Answer 45

Real timr streaming data to gain insights and react to information

Answer 46

``` Decoupled architecture Pull based Message order not guaranteed Don't use is order is mandatory SQS qing system holy holds 14 days ```

Answer 47

``` Elastic block storage Attached to server, can be detached Ssd volume low latency Hdd high throuput SSD relational db, nosql ``` With multi-attached up to 16 ec2 instances The ebs and ec2 must be in the same AZ

Answer 48

Provides recommendations to follow best practices. Evaluates your account with checks. Finds ways to optimize infrastructure, improve security, performance, reduce costs, monitor service quotas. ``` 5 checks Cost optimization Performance Security Fault tolerance Service limits ```

Answer 49

Basic: free No tech support Developer: greater than 29$/mo or 3% of monthly usage Support over email Business: general guidance < 24 hrs System impaired: < 12 hrs Production system impaired <4 hrs Production system down <1 hr Price >100$ mo Enterprise on-ramp: > $5500 mo Enterprise: $15000 mo

Answer 50

A collection of accounts that are centrally managed together using consolidated billing, Organized hierarchically with OUs

Answer 51

Visualize, understand, manage your aws costs

Answer 52

Free Evaluate apps Gives recommends IDs high risk issues

Answer 53

Key management service Create, manage cryptographic keys And control use in a side range of services

Answer 54

``` Operational excellence Security Reliability Performance effeminacy Cost optimization Sustainably (not on test) ```

Answer 55

Kept in 3 az

Answer 56

Have cheaper storage cost but more expensive retrieval cost

Answer 57

Minutes to hours

Answer 58

Simple, serverless, set-and-forget, elastic file system Can be shared to 1000s of ec2 instances File storage system

Answer 59

Relational database Service Fully managed database service Save time,

Answer 60

Under amazon RDS engines 3 x faster postgres 5x faster mysql 6 copies under the hood Can also get replication copies Scalable

Answer 61

Can't handle computation of join etc

Answer 62

Handles up to tillions of requests a day Consistent performance Single digit millisecond response time

Answer 63

Databases migration service Can migrate db type x to database y type Or x to x

Answer 64

Multiple AZ

Answer 65

You take care what goes IN the cloud

Answer 66

Take care of your responsibilities

Answer 67

Allow a user to do tasks based on permissions

Answer 68

OU | Individual account

Answer 69

Think Compliance Allows you to check compliance of the cloud See compliance reports Accept agreements

Answer 70

Sees up address not permitted will block Web application firewall Works with Use for application load balancer Stops sql injection AWS WAF is a web application firewall that helps protect your web applications or APIs against common web exploits and bots that may affect availability, compromise security, or consume excessive resources. AWS WAF gives you control over how traffic reaches your applications by enabling you to create security rules that control bot traffic and block common attack patterns, such as SQL injection or cross-site

Answer 71

Basic free protection Paid deeper protection Dos ddos attacks

Answer 72

Automated inspection to make sure | Vulnerability management continually scans aws workloads for vunerabilities

Answer 73

Intelligent threat detection protection of threats Won't protect can review Inspects logs to see if s threat exists

Answer 74

Metrics in real time Can config automatic alerts See if you need to auto scale Gives Dashboard

Answer 75

Can backtrack user activities based on api calls Filter through logs generated See who stopped what What did x occur Why did y change When did z do that

Answer 76

Automatically records information Then can receive real time guidance for best practices Makes suggestions Recommendation in 5 areas ``` Cost opt. Perform. Securi fault tol. Service limits ``` Save u $. I in 1 az Add az

Answer 77

DynamoDB | Lambda

Answer 78

S3 standard storage | EC2

Answer 79

X time free trial Ec2 750 free hours

Answer 80

CloudTrail records api calls sending log files to your s3 bucket Data for api caller, time of api call, source of ip address, request params

Answer 81

Bootstrapping

Answer 82

Is a virtual private server Easy fast build host server Compute, storage, networking capacity nd capabilities to deploy Everything you need to launch quickly

Answer 83

If Detailed monitoring is enabled publishes metrics every minute. Metrics can be hypervisor-driven metrics or Simple instance performance measurements.

Answer 84

information about CPU utilization, disk I/0, network I/O activity, instance status such as start stop information

Answer 85

AWS Pricing Calculator

Answer 86

Compare running workloads on-premises to cloud

Answer 87

Let's you explore AWS services and create an estimate for your use cases on AWS before you ever use Estimate the cost for your architecture solution Use cases create estimate model solutions before building them

Answer 88

Subnet level

Answer 89

AWA managed Chef and puppet If you see chief and puppet on exam rhink chief and puppet Chef and puppet help you perform server configuration automatically Chief and puppet help you with repetitive tasks

Answer 90

EBS snapshots

Answer 91

Is a CDN that allows you to cache your content at edge locations around the world Lower latency Protects against DDos attacks Built in distributed Denial of service DDos

Answer 92

Thinks automates code deployment Automates deployment of app into production Coordinates service deployments and updates across a fleet of EF2 instances. Fully automates No additional fees just pay for resources needed to run and start application Including on-premises deployment Works with any platform Deploy 1 or 1000s of instances

Answer 93

Cost allocation tags Oncw enabled can tack resources and have AWS generated tags and user defined tags

Answer 94

Reserved instances are the most economical option for long term workloads with predicable patterns

Answer 95

On-Demand: with on demand instances you pay for compute capacity of instance by hour or second (based on type) For low cost flexibly of EC2 (no upfront payment) For short term spike or unpredictable workloads that cannot be interrupted For apps being developed or tested on amazon first time

Answer 96

EC2 spot request spare ec2 with 90% discount For apps that have flexible start/stop time For apps feasible at low prices For users with urgent computing needs with large amounts of capacity

Answer 97

for EF2 or Fargate 1 or 3 year term of $x/yr

Answer 98

Dedicated server for you and only you Can use existing software-bound licenses Can be purchased on demand (hourly) Can be purchased as a reservation for up to 70% off the on demand price

Answer 99

Resources for compliance related information Service organization control reports Payment card industry reports Certifications

Answer 100

Get personal information on you're services that are down/ issues Get notifications If planned maintenance within your account will tell you

Answer 101

* global issues within AWS

Answer 102

Automated Only works on "EC2" "instances" Not on account (trick question)

Answer 103

As a system grows it can be broken into looser, smaller, loosely coupled components

Answer 104

12-48 hours

Answer 105

Only w few, like large cities Physically bring services closer to customers

Answer 106

Message processing Pull the q to discover events A single consumer

Answer 107

Publisher Subscriber System Publishing. Deliver. Many Subscribers (fan out) Different types SQS, lambda, email

Answer 108

SNS bc because tell other systems need info. SQS because you need the data

Answer 109

Standard get Dos, DDos protection | Advanced $3000 get WAF too

Answer 110

Makes routing decisions at the application layer (http/https) Can route requests to one or more ports

Answer 111

Http/https

Answer 112

Makes routing decisions at the transport layer (tcp/ssl) Can handle millions of requests per second Attempts to Opens tcp connection forwards request without modifying headers

Answer 113

Makes routing decisions at transport layer (TCP/SSL) or the application layer (http/https)

Answer 114

Allows you to deploy, scale, manage virtual appliances such as firewalls Operates at 3rd layer (OSI) open system interconnection

Answer 115

Guard duty looks in logs to see if there was an attack Inspector sees what happens when you get an attack

Answer 116

Are good for high performance for locally stored data

Answer 117

If you have a balanced need for different workloads Good for small/medium databases Gaming servers Backend enterprise servers

Answer 118

Workloads that need Large amounts of data before running A high performance database or real time processed of unstructured data

Answer 119

Graphics apps, game streaming, application streaming

Answer 120

When testing

Answer 121

Consists $/hr for one or 3 year term Savings up to 72% Fargate and lambda included

Answer 122

Up to 75% discount Steady state or predicable usage 1-3 year term

Answer 123

Spot Batch workloads are containerized, Batch is a perfect fit for Spot Instances. If a workload is interrupted, Batch will automatically spin-up another Spot Instance you've specified.

Answer 124

Specially for you | Usually for meeting compliance requirements

Answer 125

Security management service | Centrally configure firewall rules

Answer 126

1 on 1 sessions with ec2 Session Manager is a fully managed aws aws systems manager Let's you manage ec2 instances, on-premises instances, and virtual machines through a one click browser based shell or through the AWS CLI

Answer 127

``` Reduces latency Improved security traffic encryption AWS shield standard (DDos) Cut cost with consolidated requests CDN ```

Answer 128

Video on demand streaming

Answer 129

Regional | Work with EC2, S3, DynamoDB, lamdba, etc

Answer 130

Logical group to manage resources in the same region. Can be nested Create a resource group with tags that are on your resources To edit resource group Change value of the tags, will no longer be associated with them. Deleted resource groups will not delete the resources

Answer 131

Ask for technical advice

Answer 132

Automated Converts source servers to run natively on AWS Fastest route to the cloud Is region specific

Answer 133

Fully managed streaming service the provides uses with instant access to their desktop application from anywhere

Answer 134

Extension of an AWS region

Answer 135

Route53 Global Accelerator CloudFront

Answer 136

Send Store Receive Components The message is stored until it's processed

Answer 137

Messages Placed Processed

Answer 138

Sends | Services

Answer 139

Amazon elastic container service is highly scalable high performance container management service that supports Docker containers and allows you to easily run applications

Answer 140

Is a static Ip4 address designed for dynamic cloud computing

Answer 141

Multi-AZ RDS creates a replica in another AZ ands synchronously replicates to it. Read replicas are used for read heavy DB and replication is asynchronous

Answer 142

Amazon elasticsearch Let's you search visualize up to petabytes of unstructured data Can visualize data and build interactive dashboards

Answer 143

Search visualize and analyze petabytes of data

Answer 144

Aws Control Tower is intended for organizations with multiple accounts and teams to create new accounts and set up environment at scale

Answer 145

Infrastructure Event Management Gives architecture and scaling guidance and operational support during prep and execution of planned events Holiday shopping season Prod launch Migrations

Answer 146

Professional consulting firms that help customers design, architect, build, migrate, manage aws

Answer 147

CDCI automates building, testing, deployment

Answer 148

Centralizes operational data from multiple AWS services and automates tasks across AWS resources

Answer 149

Broad collection of service consoles for managing AWS resources

Answer 150

An elastic network interface is a logical networking component in a VPC that represents a virtual network card. It can include the following attributes: A primary private IPv4 address from the IPv4 address range of your VPC One or more secondary private IPv4 addresses from the IPv4 address range of your VPC One Elastic IP address (IPv4) per private IPv4 address One public IPv4 address One or more IPv6 addresses One or more security groups A MAC address A source/destination check flag

Answer 151

AWS Batch enables developers, scientists, and engineers to easily and efficiently run hundreds of thousands of batch computing jobs on AWS. AWS Batch dynamically provisions the optimal quantity and type of compute resources (e.g., CPU or memory optimized instances) based on the volume and specific resource requirements of the batch jobs submitted. With AWS Batch, there is no need to install and manage batch computing software or server clusters that you use to run your jobs, allowing you to focus on analyzing results and solving problems. AWS Batch plans, schedules, and executes your batch computing workloads across the full range of AWS compute services and features, such as AWS Fargate, Amazon EC2 and Spot Instances.

Answer 152

Standard: Standard RIs may be exchanged for other RIs within the same family. For example, if you have several T2 RIs, you can exchange them for other RIs in the T2 family. But, your selection must stay within the T2 family. Convertible: Convertible RIs allow you to exchange RIs with far more flexibility than standard RIs. For example, you can change an RI that is for a T2.large to an R5.xlarge, as long you pay the difference and it's of greater or equal value. Scheduled: Scheduled RIs are available to launch within the time windows you reserve. They align your capacity reservation with a predictable, recurring schedule that only requires a fraction of a day, week, or month.

Answer 153

The AWS Cost and Usage Reports (AWS CUR) contains the most comprehensive set of cost and usage data available. You can use Cost and Usage Reports to publish your AWS billing reports to an Amazon Simple Storage Service (Amazon S3) bucket that you own. You can receive reports that break down your costs by the hour, day, or month, by product or product resource, or by tags that you define yourself. AWS updates the report in your bucket once a day in comma-separated value (CSV) format. You can view the reports using spreadsheet software such as Microsoft Excel or Apache OpenOffice Calc, or access them from an application using the Amazon S3 API.

Answer 154

Improve the quality of your web and mobile applications by testing across desktop browsers and real mobile devices hosted in the AWS Cloud Device Farm is only available in the us-west-2 (Oregon) region.

Answer 155

Bucket policy and user policies are two ways to access policy options available for granting permission to your S3 bucket

Answer 156

Scale JSON workloads with ease using a fully managed document database service When you absolutely positively must have DynamoDB work mission critical document DB

Answer 157

AWS services API

Answer 158

A logical networking component in a vpc An elastic network interface is a logical networking component in a VPC that represents a virtual network card. It can include the following attributes: A primary private IPv4 address from the IPv4 address range of your VPC One or more secondary private IPv4 addresses from the IPv4 address range of your VPC One Elastic IP address (IPv4) per private IPv4 address One public IPv4 address One or more IPv6 addresses One or more security groups

Answer 159

Easily run scale big data workloads apache spark, hive, presto Interactive sql queries, machine learning apps and frameworks like apache spark, hive, presto

Answer 160

AWS Management Console Access and manage Amazon Web Services through the AWS Management Console, a simple and intuitive user interface. You can also use the AWS Console Mobile Application to quickly view resources on the go.

Answer 161

Amazon QuickSight Amazon QuickSight is a fast, cloud-powered business intelligence (BI) service that makes it easy for you to deliver insights to everyone in your organization. QuickSight lets you create and publish interactive dashboards that can be accessed from browsers or mobile devices. You can embed dashboards into your applications, providing your customers with powerful self-service analytics. QuickSight easily scales to tens of thousands of users without any software to install, servers to deploy, or infrastructure to manage.

Answer 162

Amazon AppFlow Amazon AppFlow is a fully managed integration service that enables you to securely transfer data between Software-as-a-Service (SaaS) applications like Salesforce, Zendesk, Slack, and ServiceNow, and AWS services like Amazon S3 and Amazon Redshift, in just a few clicks.

Answer 163

Amazon EventBridge Amazon EventBridge is a serverless event bus that makes it easier to build event-driven applications at scale using events generated from your applications, integrated Software-as-a-Service (SaaS) applications, and AWS services

Answer 164

Amazon MQ Amazon MQ is a managed message broker service for Apache ActiveMQ and RabbitMQ that makes it easy to set up and operate message brokers in the cloud.

Answer 165

Amazon Simple Workflow Service Amazon Simple Workflow Service (Amazon SWF) helps developers build, run, and scale background jobs that have parallel or sequential steps. You can think of Amazon SWF as a fully-managed state tracker and task coordinator in the cloud.

Answer 166

Simple Workflow Service: Background jobs in parallel

Answer 167

AWS Application Cost Profiler AWS Application Cost Profiler provides you the ability to track the consumption of shared AWS resources used by software applications and report granular cost breakdown across tenant base. You can achieve economies of scale with the shared infrastructure model, while still maintaining a clear line of sight to detailed resource consumption information across multiple dimensions. With the proportionate cost insights of shared AWS resources, organizations running applications can establish the data foundation for accurate cost allocation model, and ISV selling applications can better understand your profitability and customize pricing strategies for your end customers.

Answer 168

AWS Budgets gives you the ability to set custom budgets that alert you when your costs or usage exceed (or are forecasted to exceed) your budgeted amount.

Answer 169

AWS App Runner — Build and run containerized applications on a fully managed service

Answer 170

AWS App Runner — Build and run containerized applications on a fully managed service

Answer 171

VMware Cloud on AWS is an integrated cloud offering jointly developed by AWS and VMware delivering a highly scalable, secure and innovative service that allows organizations to seamlessly migrate and extend their on-premises VMware vSphere-based environments to the AWS Cloud running on next-generation Amazon Elastic Compute Cloud (Amazon EC2) bare metal infrastructure

Answer 172

VMware Cloud on AWS is an integrated cloud offering jointly developed by AWS and VMware delivering a highly scalable, secure and innovative service that allows organizations to seamlessly migrate and extend their on-premises VMware vSphere-based environments to the AWS Cloud running on next-generation Amazon Elastic Compute Cloud (Amazon EC2) bare metal infrastructure

Answer 173

``` AWS App2Container (A2C) is a command-line tool for modernizing .NET and Java applications into containerized applications. ```

Answer 174

One stop shop for accessing most granular data about AWS cost and usage

Answer 175

Path-based and host based routing

Answer 176

AWS CloudFormation Think Template IAAS to automate cloud setup is a service that helps you model and set up your AWS resources so that you can spend less time managing those resources and more time focusing on your applications that run in AWS. You create a template that describes all the AWS resources that you want (like Amazon EC2 instances or Amazon RDS DB instances), and CloudFormation takes care of provisioning and configuring those resources for you. You don't need to individually create and configure AWS resources and figure out what's dependent on what; CloudFormation handles that.

Answer 177

Storing numerous classes of information that are relatively static and not rapidly changing

Answer 178

You don't need to memorize the scope of all of the AWS services as long as you know the pattern. There are actually only a handful of services that are considered as global services such as IAM, STS, Route 53, CloudFront and WAF. For Zonal services, the examples are EC2 Instance and EBS Volumes where they are tied to the Availability Zone where they were launched. Take note that although EBS Volumes are considered as a zonal service, the EBS snapshots are considered as a regional since it is not tied to a specific Availability Zone. The rest of the services are regional in scope.

Answer 179

About CloudEndure, an AWS company CloudEndure accelerates the journey to the AWS cloud with solutions that provide business continuity during the migration process and additional protection once there. CloudEndure Migration simplifies, expedites, and automates large-scale migrations from physical, virtual, and cloud-based infrastructure to AWS. CloudEndure Disaster Recovery protects against downtime and data loss from any threat, including ransomware and server corruption. With CloudEndure it's business as usual, always.

Answer 180

Monitor the state of your migrations

Answer 181

Migrate databases fast safe to cloud (only not physical)

Answer 182

Control satellites

Answer 183

In addition, customers with a Business or Enterprise support plan have access to these features: - Use-case guidance: what AWS products, features, and services to use to best support your specific needs. - AWS Trusted Advisor, which inspects customer environments. Then, Trusted Advisor identifies opportunities to save money, close security gaps, and improve system reliability and performance. - An API for interacting with Support Center and Trusted Advisor. This API allows for automated support case management and Trusted Advisor operations. - Third-party software support: help with Amazon Elastic Compute Cloud (EC2) instance operating systems and configuration. Also, help with the performance of the most popular third-party software components on AWS. The AWS Support API provides access to some of the features of the AWS Support Center. This API allows programmatic access to AWS Support Center features to create, manage, and close your support cases, and operationally manage your Trusted Advisor check requests and status. AWS provides this access for AWS Support customers who have a Business or Enterprise support plan. Since the Business support plan is more affordable than the Enterprise, therefore, the most cost-effective support plan to use is Business.

Answer 184

Basic and Developer support plans are incorrect since these types do not have access to the AWS Support API.

Answer 185

SSH keys is incorrect because this is only useful if you want to connect and control your EC2 instances by establishing an SSH connection.

Answer 186

AWS Professional Services organization is a global team of experts that can help you realize your desired business outcomes when using the AWS Cloud. We work together with your team and your chosen member of the AWS Partner Network (APN) to execute your enterprise cloud computing initiatives.

Answer 187

Help you on your infrastructure migration project and help you with costs

Answer 188

Amazon ElastiCache offers fully managed Redis and Memcached. Seamlessly deploy, run, and scale popular open source compatible in-memory data stores. With this service, you can build data-intensive apps or improve the performance of your existing apps by retrieving data from high throughput and low latency in-memory data stores. The in-memory caching provided by Amazon ElastiCache can be used to significantly improve latency and throughput for many read-heavy application workloads (such as social networking, gaming, media sharing and Q&A portals) or compute-intensive workloads (such as a recommendation engine). In-memory caching improves application performance by storing critical pieces of data in memory for low-latency access. Cached information may include the results of I/O-intensive database queries or the results of computationally-intensive calculations. Hence, the correct answer in this scenario is: Amazon ElastiCache.

Answer 189

AWS OpsWorks is a configuration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef and Puppet.

Answer 190

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources. IAM has various identities such as IAM Users, IAM Groups, and IAM Roles. An IAM group is a collection of IAM users. Groups let you specify permissions for multiple users, which can make it easier to manage the permissions for those users. For example, you could have a group called Admins and give that group the types of permissions that administrators typically need. Any user in that group automatically has the permissions that are assigned to the group. If a new user joins your organization and needs administrator privileges, you can assign the appropriate permissions by adding the user to that group. Similarly, if a person changes jobs in your organization, instead of editing that user's permissions, you can remove him or her from the old groups and add him or her to the appropriate new groups.

Answer 191

Security group, EBS Root volume, and VPC and subnet specification are all required when launching an EC2 instance.

Answer 192

Debugger, pry Analyze and debug production, distributed applications

Answer 193

Well-Architected Reviews, Operations Reviews.

Answer 194

- Amazon EC2 instances, NAT Gateways, and Elastic Load Balancers - Amazon RDS - Amazon CloudFront - Amazon Aurora - Amazon API Gateways - AWS Lambda and Lambda Edge functions - Amazon Lightsail resources - Amazon Elastic Beanstalk environments

Answer 195

By setting up MFA, you add an extra layer of protection for your AWS accounts. This is very useful for preventing unwanted access to your AWS resources. In S3, once versioning is enabled for your objects, you can also set up MFA delete so that deleting objects require an additional MFA authentication. MFA delete can help prevent accidental bucket deletions by requiring the user who initiates the delete action to prove physical possession of an MFA device with an MFA code and adding an extra layer of friction and security to the delete action. Remember that only the bucket owner (root account) can enable MFA delete. Hence, the correct answer is: Configure MFA delete on the S3 bucket.

Answer 196

Some key design principles of the AWS Cloud include ``` scalability, disposable resources, automation, loose coupling managed services instead of servers, flexible data storage options. ```

Answer 197

Instance metadata is data about your instance that you can use to configure or manage the running instance. Instance metadata is divided into categories, for example, host name, events, and security groups. You can also use instance metadata to access user data that you specified when launching your instance. For example, you can specify parameters for configuring your instance, or include a simple script. You can build generic AMIs and use user data to modify the configuration files supplied at launch time. For example, if you run web servers for various small businesses, they can all use the same generic AMI and retrieve their content from the Amazon S3 bucket that you specify in the user data at launch. To add a new customer at any time, create a bucket for the customer, add their content, and launch your AMI with the unique bucket name provided to your code in the user data. If you launch more than one instance at the same time, the user data is available to all instances in that reservation. Each instance that is part of the same reservation has a unique ami-launch-index number, allowing you to write code that controls what to do. For example, the first host might elect itself as the original node in a cluster. For a detailed AMI launch example, see Example: AMI launch index value.

Answer 198

APN Technology Partners provide software solutions that are either hosted on, or integrated with, the AWS platform. Technology Partners include Independent Software Vendors (ISVs), SaaS, PaaS, developer tools, management and security vendors.

Answer 199

The cloud allows you to innovate faster because you can focus your valuable IT resources on developing applications that differentiate your business and transform customer experiences rather than managing infrastructure and data centers. With cloud, you can quickly spin up resources as you need them, deploying hundreds or even thousands of servers in minutes. The cloud also makes it easy and fast to access a broad range of technology such as compute, storage, databases, analytics, machine learning, and many other services on an as-needed basis. As a result, you can very quickly develop and roll out new applications, and your teams can experiment and innovate more quickly and frequently. If an experiment fails, you can always de-provision resources without risk.

Answer 200

Lambda@Edge is a feature of Amazon CloudFront that lets you run code closer to users of your application, which improves performance and reduces latency. With Lambda@Edge, you don't have to provision or manage infrastructure in multiple locations around the world. You pay only for the compute time you consume - there is no charge when your code is not running.

Answer 201

Good for ``` Policies and permissions in IAM PDF Kindle RSS You manage access in AWS by creating policies and attaching them to IAM identities (users, groups of users, or roles) or AWS resources. A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when an IAM principal (user or role) makes a request. Permissions in the policies determine whether the request is allowed or denied. Most policies are stored in AWS as JSON documents. AWS supports six types of policies: identity-based policies, resource-based policies, permissions boundaries, Organizations SCPs, ACLs, and session policies. ``` IAM policies define permissions for an action regardless of the method that you use to perform the operation. For example, if a policy allows the GetUser action, then a user with that policy can get user information from the AWS Management Console

Answer 202

Amazon Cognito lets you add user sign-up, sign-in, and access control to your web and mobile apps quickly and easily. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise identity providers via SAML 2.0 and OpenID Connect.

Answer 203

AWS Config continuously evaluates your resources as they are created, changed, or deleted. AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

Answer 204

You can back up the data on your Amazon EBS volumes to Amazon S3 by taking point-in-time snapshots. Snapshots are incremental backups, which means that only the blocks on the device that have changed after your most recent snapshot are saved. This minimizes the time required to create the snapshot and saves on storage costs by not duplicating data. Each snapshot contains all of the information that is needed to restore your data (from the moment when the snapshot was taken) to a new EBS volume.

Answer 205

The Well-Architected Framework has been developed to help cloud architects build secure, high-performing, resilient, and efficient infrastructure for their applications. This is based on five pillars namely: 1. Operational Excellence 2. Security 3. Reliability 4. Performance Efficiency 5. Cost Optimization 1) Operational Excellence pillar focuses on running and monitoring systems to deliver business value and continually improving processes and procedures. 3) Reliability pillar focuses on the ability to prevent and quickly recover from failures to meet business and customer demand. 4) The performance efficiency pillar focuses on using IT and computing resources efficiently. It focuses on the ability to use computing resources efficiently to meet system requirements and to maintain that efficiency as demand changes and technologies evolve. 5) Cost optimization pillar focuses on avoiding un-needed costs by choosing the right services for the job and by right-sizing them.

Answer 206

The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while building systems on AWS. By using this Framework, you will learn architectural best practices for designing and operating reliable, secure, efficient, and cost-effective systems in the cloud. It provides a way for you to consistently measure your architectures against best practices and identify areas for improvement. The process for reviewing an architecture is a constructive conversation about architectural decisions and is not an audit mechanism. Having well-architected systems greatly increases the likelihood of business success. The operational excellence pillar focuses on running and monitoring systems to deliver business value, and continually improving processes and procedures. Key topics include managing and automating changes, responding to events, and defining standards to successfully manage daily operations. Using tools such as AWS CodeDeploy to deploy small, incremental changes to your application ensures that you do not introduce drastic updates that may affect your application entirely. Performing monthly game days allows you to test your environment for different failure scenarios so you can quickly plan out ways to remediate them.

Answer 207

AWS Systems Manager is incorrect because although you can remotely operate and deploy packages/scripts to your on-premises servers with this one, this service is still not suitable to be used for deploying your web application. It also doesn't have a feature to easily rollback your deployments unlike OpsWorks. This service is primarily used to automate maintenance and deployment tasks on Amazon EC2 and on-premises instances, or automatically apply patches, updates, and configuration changes across any resource group.

Answer 208

AWS offers services that integrate application deployment and management across on-premises and cloud environments for a robust hybrid architecture. Below are the following services that you can use to manage or deploy applications to your servers running on-premises: OpsWorks – AWS OpsWorks is a configuration management service that helps customers configure and operate applications, both on-premises and in the AWS Cloud, using Chef and Puppet. CodeDeploy – AWS CodeDeploy automates code deployments to any instance, including Amazon EC2 instances and instances running on-premises. AWS CodeDeploy makes it easier to rapidly release new features, avoids downtime during application deployment, and handles the complexity of updating applications.

Answer 209

Amazon S3 Transfer Acceleration is a bucket-level feature that enables fast, easy, and secure transfers of files over long distances between your client and an S3 bucket. Transfer Acceleration takes advantage of the globally distributed edge locations in Amazon CloudFront.

Answer 210

AWS Global Accelerator is a networking service that improves the performance of your users’ traffic by up to 60% using Amazon Web Services’ global network infrastructure. When the internet is congested, AWS Global Accelerator optimizes the path to your application to keep packet loss, jitter, and latency consistently low. With Global Accelerator, you are provided two global static public IPs that act as a fixed entry point to your application, improving availability. On the back end, add or remove your AWS application endpoints, such as Application Load Balancers, Network Load Balancers, EC2 Instances, and Elastic IPs without making user-facing changes. Global Accelerator automatically re-routes your traffic to your nearest healthy available endpoint to mitigate endpoint failure. Think reduces latency

Answer 211

AWS CodeBuild is a fully managed build service in the cloud. AWS CodeBuild compiles the source code, runs unit tests, and produces artifacts that are ready to deploy. CodeBuild eliminates the need to provision, manage, and scale own build servers. It provides prepackaged build environments for popular programming languages and build tools such as Apache Maven, Gradle, and more. You can also customize build environments in CodeBuild to use your own build tools. CodeBuild scales automatically to meet peak build requests

Answer 212

What are the differences? The main difference between the two is; AWS CodeBuild can be classified as a tool in the Continuous Integration category, while AWS CodePipeline is grouped under Continuous Deployment.

Answer 213

Amazon CognitoSimple and Secure User Sign-Up, Sign-In, and Access Control

Answer 214

One-year to three-year term Enables you to modify Availability Zone, scope, networking type, and instance size (within the same instance type) of your Reserved Instance. For more information, see Modifying Reserved Instances. Can be sold in the Reserved Instance Marketplace.

Answer 215

Convertible Reserved Instance One-year to three-year term Enables you to exchange one or more Convertible Reserved Instances for another Convertible Reserved Instance with a different configuration, including instance family, operating system, and tenancy. There are no limits to how many times you perform an exchange, as long as the target Convertible Reserved Instance is of an equal or higher value than the Convertible Reserved Instances that you are exchanging. For more information, see Exchanging Convertible Reserved Instances. Cannot be sold in the Reserved Instance Marketplace.

Answer 216

Amazon Aurora faster mysql postgresql self-healing 2 copies of data in differen AZ (in 3 AZ) you have 6 copies data offer 15 low latency replics

Answer 217

functions at application layer (7th layer) http/https need listeners checks connection of requests config listener rules will route requests to different targets registering lambda functions

Answer 218

``` Network Load balacer at fourth layer opens TPC ability to handle volitle worklods TPC, UDP, TLS traffic suporst static IP addresses also assign Elastic IP addresses ```

Answer 219

Amazon ElastiCache Unlock microsecond latency and scale with in-memory caching Amazon ElastiCache is a fully managed, in-memory caching service supporting flexible, real-time use cases. You can use ElastiCache for caching, which accelerates application and database performance, or as a primary data store for use cases that don't require durability like session stores, gaming leaderboards, streaming, and analytics. ElastiCache is compatible with Redis and Memcached.

Answer 220

You use can AWS SDKs to programmatically interact with your AWS resources. Using access keys, which are unique identifiers for your IAM user, you can connect to your resources in a secure manner. The AWS Access Key ID and AWS Secret Access Key are your AWS credentials. They are associated with an AWS Identity and Access Management (IAM) user or role that determines what permissions you have. Access keys are long-term credentials for an IAM user or the AWS account root user. You can use access keys to sign programmatic requests to the AWS CLI or AWS API (directly or using the AWS SDK). If you don't have access keys, you can create them from the AWS Management Console. As a best practice, do not use the AWS account root user access keys for any task where it's not required. Instead, create a new administrator IAM user with access keys for yourself.

Answer 221

A golden AMI is an AMI that contains the latest security patches, software, configuration, and software agents that you need to install for logging, security maintenance, and performance monitoring. An AMI includes the following: - One or more EBS snapshots, or, for instance-store-backed AMIs, a template for the root volume of the instance (for example, an operating system, an application server, and applications). - Launch permissions that control which AWS accounts can use the AMI to launch instances. - A block device mapping that specifies the volumes to attach to the instance when it's launched. Hence, the correct answer is: Create a golden AMI of the instance and copy it to the other Region.

Answer 222

AWS KMS or Key Management Service is incorrect because this is a central repository for encryption keys in your account. It is not used to protect your network from potential security threats. KMS is useful if you have data that you need to encrypt, and you want a central location where you can manage your keys.

Answer 223

``` O/S Middleware Runtime Data Applications ```

Answer 224

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. It is the most cost-effective choice for storing objects since this is its primary purpose. Another advantage you receive from Amazon S3 is volume discounts.

Answer 225

standard design principle 1. Design for failure 2. Decouple your components 3. Implement elasticity 4. Think parallel

Answer 226

Amazon Lightsail is a PaaS solution for users who need a simple virtual private server (VPS) solution. Lightsail provides developers compute, storage, and networking capacity and capabilities to deploy and manage websites and web applications in the cloud. Lightsail includes everything you need to launch your project quickly – a virtual machine, SSD-based storage, data transfer, DNS management, and a static IP – for a low, predictable monthly price.

Answer 227

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.

Answer 228

AWS CodeStar enables you to quickly develop, build, and deploy applications on AWS. AWS CodeStar provides a unified user interface, enabling you to easily manage your software development activities in one place. With AWS CodeStar, you can set up your entire continuous delivery toolchain in minutes, allowing you to start releasing code faster. AWS CodeStar makes it easy for your whole team to work together securely, allowing you to easily manage access and add owners, contributors, and viewers to your projects. Each AWS CodeStar project comes with a project management dashboard, including an integrated issue tracking capability powered by Atlassian JIRA Software. With the AWS CodeStar project dashboard, you can easily track progress across your entire software development process, from your backlog of work items to teams’ recent code deployments. Visit here to learn more.

Answer 229

Graph database. Build and run graph applications with highly connected datasets

Answer 230

AWS Architecture Center The AWS Architecture Center provides reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more. This expert guidance was contributed by cloud architecture experts from AWS, including AWS Solutions Architects, Professional Services Consultants, and Partners.

Answer 231

The AWS Architecture Center provides reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more.

Answer 232

The AWS Architecture Center provides reference architecture diagrams, vetted architecture solutions, Well-Architected best practices, patterns, icons, and more.

Answer 233

Querying external data using Amazon Redshift Spectrum

Answer 234

AWS Quick Starts are production architecture accelerators that help customers deploy AWS-native services and products from AWS Partners. These accelerators reduce hundreds of manual procedures into just a few steps, so AWS customers can build production environments quickly and start using them immediately.

Answer 235

Restricting access to Amazon S3 content by using an origin access identity (OAI) PDF Kindle RSS To restrict access to content that you serve from Amazon S3 buckets, follow these steps: Create a special CloudFront user called an origin access identity (OAI) and associate it with your distribution. Configure your S3 bucket permissions so that CloudFront can use the OAI to access the files in your bucket and serve them to your users. Make sure that users can’t use a direct URL to the S3 bucket to access a file there. After you take these steps, users can only access your files through CloudFront, not directly from the S3 bucket.

Answer 236

Hardware security model generate and use own crypto keys

White Paper Flashcards

Learn aws (268 cards)