Buscar
Estás en modo de exploración. debe iniciar sesión para usar MEMORY

   Inicia sesión para empezar

level: Level 1

Questions and Answers List

level questions: Level 1

QuestionAnswer
types of cloud computing1. infrastructure as a service (IaaS) 2. platform as a service (PaaS) 3. software as a service (SaaS)
Type of cloud computing where you manage the server (Ex. EC2)Infrastructure as a Service
Type of cloud computing where you focus on applications instead of hardware. (Ex. GoDaddy)Platform as a service
Type of cloud computing where the software is provided to you, so you only worry about using that software (ex. Gmail)Software as a Service
Types of Deployments1. Public (AWS, Azure) 2. Hybrid 3. Private - You manage the data center yourself. (Openstack)
Advantages of the Cloud1. Trade capital expense for variable expense 2. Benefit from massive economies of scale 3. Stop guessing about capacity 4. Increase speed and agility 5. Stop spending money running and maintaining data centers 6. Go global in minutes
What is a region?A geographical area containing at least 2 availability zones.
What is an availability zone?A data center or cluster of data centers within a region.
What is an edge location?Endpoint for AWS used for caching content. Makes it possible to only have to download data from one location to another once to cache it.
List regions, edge locations, and availability zones from greatest quantity to least quantity?Edge locations, availability zones, regions
What should you consider when choosing the right AWS region?1. Data sovereignty laws 2. Latency to end users (where are the majority of your users?) 3. What AWS services do you need?
Name the AWS support plansBasic, developer, business, enterprise
Cost and details of BASIC support planfree customer service without tech support access to community forums
cost and details of DEVELOPER support plan$29/mo (scales based on usage) For when you’re experimenting with AWS One primary contact gets access to tech support with a response within 12-24 hours.
cost and details of BUSINESS support plan$100/mo (scales based on usage) Production use of AWS 24/7 phone and chat support 1-hour urgent case response Help with common 3rd party software Full access to AWS trusted advisor for optimizing infrastructure Access to AWS support API
cost and details of ENTERPRISE support plan$15,000/mo (scales based on usage) Mission-critical use of AWS All features of business PLUS: An assigned Technical Account Manager A Support Concierge Access to event management to support product launches 15-minute response to critical support cases
IAM user access types1. programmatic access (access key and secret access key) 2. AWS management console access (enables a password for users) 3. SDKs
What is a root account?The email address used to set up the account.
Should you use the root account to set up resources in AWS?No, you should make users and groups, then assign policies to them.
IAM Best Practices:Only use root account to create the account. Then create users to login. One user = one human. Apply policies to groups of users, not individual users. Have a strong password rotation policy. Always enable MFA wherever possible. Using roles is better than access keys.
What should you use to audit the permissions of your users? What kind of info does that service give you?IAM Credential Report. It gives you: Password usage and change dates. Activity/rotation status of access keys. Whether MFA is enabled.
What service should you use if you need flat file storage?S3
What is an S3 bucket?A folder to store flat files. Object-based storage (key:value pair)
True or false: Different S3 buckets can have the same name?False. Bucket names must be unique globally.
What is the format of S3 bucket URLsS3 + region + amazon.aws.com + /bucketName ex. https://s3-eu-west-1.amazonaws.com/acloudgurubucket
What is Read after Write consistency?For PUTS of a new object. You can view a new file immediately after putting it into S3.
What is Eventual Consistency?For update PUTS and DELETES of an object. May take time to see these updates take place in an S3 bucket. Give it some time to propogate in the bucket before trying to view the change.
Features of S31. Tiered Storage 2. Lifecycle management 3. Versioning 4. Encryption 5. Secure data using access control lists and bucket policies
What is the difference between access control lists and bucket policies?ACLs are for adding policies to individual files. BPs are for adding policies to a whole bucket.
Name the S3 storage classes1. S3 Standard 2. S3 - IA (Infrequently Accessed) 3. S3 One Zone - IA 4. S3 Intelligent Tiering 5. S3 Glacier 6. S3 Glacier Deep Archive 7. S3 Outposts
Details of S3 Standard11 "9"s durability 99.99% availability Stored across multiple devices and facilities Designed to sustain the loss of two facilities concurrently
Details of S3 - IAFor data used less frequently, but may need rapid access at some point Lower fee than S3, but are charged a retrieval fee for data
Details of S3 One Zone - IALower-cost option Infrequently accessed data, but does not require multiple availability zone data resilience.
Details of S3 Intelligent TieringOptimize costs by auto-moving data to the most cost-effective access tier, w/o performance impact or operational overhead.
Details of S3 GlacierSecure, durable, and low-cost for archiving data. Retrievable from minutes to hours.
Details of S3 Glacier Deep ArchiveLowest-cost storage class where a retrieval time of 12 hours is acceptable.
Details of S3 OutpostsDeliver object storage to on-premises AWS Outpost environments
What is transfer acceleration?Enables quick and safe transfer over long distances between user and s3 bucket. Takes advantage of edge locations. As data arrives at an edge location, data is routed to S3 over an optimized network path.
What is S3 cross-region replication?Allows to have two buckets. Every time a file is uploaded to the primary bucket, it is also backed up in a second one for file recovery purposes.
Are files added to an S3 bucket automatically public?No, but they can be made public.
3 Ways to restrict bucket access1. bucket policies 2. Object policies 3. IAM user/group policies
What types of sites can be hosted with S3?Static sites only. If it needs a database, it will not work with S3.
What is CloudFront?AWS's content delivery network (CDN) that delivers web content to users based on their location, the site’s origin, and a content delivery server. Can be used to deliver an entire website.
What is the process of CloudFront?Users query an edge location for a file. If the EL does not already have that file cached, it will connect to the origin to get it. That file is then streamed to the user. Once that happens once, that file is cached at the edge location for the TTL (time to live (default is 24 hours)) so that more users can get it without connecting to the origin. Object cache can be cleared, but user will be charged.
What is EC2?Elastic Compute Cloud. Basically a virtual server in the cloud. Reduces the time to obtain and boot server instances to minutes.
Name the 4 different kinds of options for EC21. On-Demand 2. Reserved 3. Spot 4. Dedicated Hosts
Which type of EC2 option allows a fixed rate by the hour or second and is a low cost option for flexibility without commitment or up-front payment? Best for apps with short-term or unpredictable workloads that cannot be interrupted.On-Demand.
Which type of EC2 option involves a contracted term of 1 to 3 years, but offers discounts on hourly use after an up-front payment? Best for steady usage apps that require reserved capacity.Reserved
Name and describe the 3 different pricing types of reserved EC21. Standard Reserve - More upfront and longer the contract, bigger the discount. Up to 75% off. Can't change between the instance families. 2. Convertible Reserve - 54% off on capability to change the attributes of the RI as long as the exchange results in the creation of reserved instances of equal or greater value. 3. Scheduled Reserve - Available to launch within scheduled time windows that you reserve.
Which EC2 option is best for users with urgent computing needs for large amounts of additional capacity that do not need to stay uninterrupted? Allows a user to bid a price, then provisions the instance when the actual price aligns with bid. If actual price goes lower than bid, the instance is terminated. Good for apps that have flexible times and that are only feasible at very low compute prices.Spot
What type of EC2 option uses physical EC2 servers that reduce costs by allowing you to use existing server-bound software licenses? Useful for regulatory requirements that may not support multi-tenant virtualization and licensing which does not support multi-tenancy or cloud deployments. Can be purchased as on-demand or reserved.Dedicated Hosts
EC2 Instance Type Family Letters (think mneumonic device)FIGHTDRMCPXZAU
What is EBS?A virtual disk in the cloud that the servers run off of. Allows to create storage volumes attached to EC2 instances. Once attached, can create a file system, run a database, or use them in any other way you would use a block device. Volumes are placed in a specific Availability Zone, where they are automatically replicated to protect you from the failure of a single component.
Name and describe the 2 types of SSD1. General Purpose SSD (GP2) - balances price and performance for a wide variety of workloads. 2. Provisioned IOPS SSD (IO1) - Highest-performance SSD volume for mission-critical low-latency or high-throughput workloads
Name and describe the types of magnetic EBS volumes1. Throughput Optimized HDD (ST1) - Low cost volume designed for frequently accessed, throughput-intensive workloads 2. Cold HDD (SC1) - lowest cost hdd volume designed for less frequently accessed workloads (file servers)
What are the common ports?1. Linux = SSH (Port 22) 2. Microsoft = Remote Desktop Protocol (Port 3389) 3. HTTP (Port 80) 4. HTTPS (Port 443)
What does a firewall do?Keeps your computer from being overwhelmed by too many ports communicating with it.
What IP address should you use to make a port public?0.0.0.0/0
What are the 3 types of load balancers?Application, network, and classic
What is the difference between relational and non-relational databases?Relational databases consist of tables that can relate to other tables. Non-relational are more flexible - columns can vary without affecting the rows. NR databases store their info in key:value pairs. Like relational, but in JSON (and that JSON can be nested).
What is the non-relational database used on AWS?DynamoDB
What are the two different ways of processing queries and how do they differ?OLTP (Online Transaction Processing) - Handles standard queries OLAP (Online Analytics Processing) - Handles a huge number of records in queries. Used in data warehousing (running complex queries without performance hits.)
What is AWS's data warehouse called?Redshift
What is Elasticache?Service making it easy to deploy, operate, and scale in-memory caches in the cloud. A way of improving performance of web apps by caching the most common queries.
What are two open-source in-memory caching engines in ElastiCache?1. Memcached 2. Redis
What is DNS?A Domain Name System that computers use to find the correct IP address. Used to direct traffic globally and register a domain name.
What is AWS's DNS?Route53
What is Cloud Formation?A service that helps model and set up your AWS resources so that you can spend your time focusing on your apps instead. Creates a template describing which resources you'll need then provisions and configures them for you. Free to use, but the resources it provisions may not be.
What is the main difference between Cloud Formation and Elastic Beanstalk?They are meant for similar functionality, but Elastic Beanstalk is limited in what it can provision while CF is not.
What are all of the services listed in AWS's "Compute" section?EC2 Lightsail Lambda Batch Elastic Beanstalk Serverless Application Repository AWS Outposts EC2 Image Builder
What is the difference between 'scaling up' and 'scaling out'?scale up - increasing the amount of RAM or CPU scale out - more common. add multiple virtual machines behind the elastic load balancer.
What is the main relational database service in AWS?Aurora
What kind of database do you want if your queries require complex joins or transactions?Relational (Aurora)
What is AWS's service for graph databases?Neptune
Which AWS services are global?IAM Route53 CloudFront SNS SES
Which AWS services can be used on-premise?Snowball Snowball Edge Storage Gateway CodeDeploy Opsworks IoT Greengrass
What is CloudWatch?Service used to monitor performance of AWS resources or apps running in AWS. When used with EC2, will monitor every 5 mins by default, or every 1 min if default monitoring is turned on. Can create alarms to trigger notifications.
What kinds of things does CloudWatch monitor for?Compute (EC2, autoscaling, load balancers, Route53 health checks) Storage and Content Delivery (EBS volumes, storage gateways, cloudfront)
What is AWS Systems Manager?Allows you to manage EC2s at scale by running commands across a fleet of EC2's at once. Can be on AWS and on-premise. Integrates with CloudWatch to give a dashboard of entire estate.
What is the Service Health Dashboard?Easy way of seeing health and history of services in ALL regions (not just your used services). Helps see outages.
What is the Personal Health DashboardA way of seeing the health and history of the services you are using. Provides proactive notifications for any scheduled activities.
What are the differences between S3, EBS, and EFS?S3 - file storage use without a database EBS - can store files, but without retrievability ad redundancy. perfect for installing databases and op systems. EFS (Elastic File System) - File storage without a set database size. Keeps growing and resizing to fit database. Multiple EC2 instances can access the same EFS.
What is Global Accelerator?Uses Amazon's dedicated network to direct traffic to optimal endpoints. Improves performance by up to 60%. Helps increase reliability when the internet is congested.
Capex vs OpexCapex - capital expenditure (fixed cost paid up-front) Opex - operational expenditure (pay as you use)
What are the 3 fundamental drivers of cost with AWS?1. compute 2. storage 3. outbound data
what are the 4 best practices for AWS billing?1. understand the fundamentals of pricing 2. start early with cost optimization (plan ahead to make it easier to manage costs) 3. maximize the power of flexibility (Only pay for what you're actually using) 4. Use the right pricing model for the job (on-demand, dedicated instances, spot, reserved)
What AWS services are free?Amazon VPC Elastic Beanstalk CloudFormation IAM Auto Scaling Opsworks Consolidated Billing
Which services are free but may use resources that are not?Elastic Beanstalk CloudFormation Auto Scaling Opsworks
What determines EC2 pricing?Clock hours of server time Instance type Pricing model Number of instances Load balancing Detailed monitoring Auto scaling Elastic IP addresses Operating systems and software packages
What determines Lambda pricing?requests - 1 million free per month, then 20 cents per every 1 million thereafter duration - 400,000 GB-seconds free per month, then less than 1 cent for every GB-second thereafter additional charges if lambda uses other services (like S3)
What determines pricing for EBS?volumes (per GB) snapshots (per GB) data transfer
What determines pricing for S3?storage class storage requests (GET, PUT, COPY) data transfer
What determines pricing for Glacier?storage data retrieval times (cost goes down as retrieval time goes up)
What is Snowball?A physical gigantic disk to move your data in and out of the cloud.
What determines pricing for Snowball?service fee per job ($200 for 50 TB, $250 for 80 TB) daily charge (first 10 days free, then $15/day) data transfer (into S3 is free. from S3 is not) - outbound data.
What determines price for RDS?Clock hours of server time Database characteristics Database purchase types Number of DB instances Provisioned storage Additional storage requests Deployment types Data transfers
What determines DynamoDB pricing?Provisioned throughput (you choose how much activity the table can handle)
What determines CloudFront pricing?Traffic distribution Requests Data transfer out
What service should you use to alert you when your budgeted cost or usage has been exceeded?AWS budgets (or CloudWatch)
What is Cost Explorer?an interface that can be enabled to analyze your costs AFTER they have been incurred.
What are the response times of the BASIC support plan?None
What are the response times of the DEVELOPER support plan?General: < 24 business hours System impaired: <12 business hours
What are the response times for the BUSINESS support plan?General: <24 hours System impaired: <12 hours Production system impaired: <4 hours Prod system down: <1 hour
What are the response times for the ENTERPRISE support plan?General: <24 hours System impaired: <12 hours Production system impaired: <4 hours Prod system down: <1 hour Business-critical system down: <15 minutes
What are resource groups?A way to group resources within the same region and that match criteria specified in the group's query by their tags. Can use these groups to apply automation or manage a fleet of EC2 instances at once.
What is AWS Organizations?Account management service that enables you to consolidate multiple AWS accounts into an org that you create and centrally manage.
What are the two ways you can use AWS Organizations?1. Just consolidated billing 2. Full access
What can you do with Full Access to AWS Organizations?Keep different accounts within organizational units, which you can apply policies to. Cheaper rates the more accounts you have.
Can the paying account in Consolidated Billing access the resources of the linked accounts?No. It only handles the bill.
What is the limit on how many linked accounts there can be per paying account in consolidated billing?20
What are the advantages of consolidated billing?one bill per account very easy to track charges and allocate costs volume pricing discount
Is AWS Organizations regional or global?Global
What is AWS Quick Start?a way of deploying environments quickly, using CloudFormation templates built by AWS Solutions Architects who are experts in that particular tech.
What is AWS Landing Zone?helps customers quickly set up a secure, multi-account AWS environment based on AWS best practices.
What are the two types of partners in the AWS Partner Program?consulting and technology
What are the 3 tiers of Consulting partners in the AWS Partner Program, and how many cartifications are required by each tier?Select - 2 practitioner certs, 2 associate certs 2 professional/specialty certs Advanced - 4, 4, 6 Premier - 10, 10, 10
Which AWS calculator should you use if you need to see how much you environment would cost per month?AWS Simple Monthly Calculator
If your boss needs to see a report proving that moving the environment to the cloud will be cheaper, what service should you use to generate that report? What are the costs that will be evaluated?AWS Total Cost of Ownership Calculator. Will show costs for servers, storage, network, and IT labor
What is AWS Compliance?A way of getting compliance reports for auditors
What is AWS Artifact?Gives compliance documents.
What is the Shared Responsibility Model?A way of understanding what AWS is responsible for and what customers are responsible for.
What are customers responsible for according to the Shared Responsibility Model?Customers are responsible for security IN the cloud. Basically, anything you can control yourself on AWS is your responsibility.
What is AWS responsible for according to the Shared Responsibility Model?AWS is responsible for the security OF the cloud. They are responsible for updates, making sure the systems and software in place are working correctly so that you can handle your security in the cloud.
What is the shared responsibility?Encryption. You are responsible for turning it on, AWS is responsible for making sure it works.
What is AWS WAF?Web Application Firewall. Looks for malicious traffic and is designed to stop hackers.
What is AWS Shield?A mitigation service designed to stop DDoS attacks (protect against overwhelming amounts of traffic)
What is AWS Inspector?Looks for common vulnerabilities in environments Produces report about what’s wrong with your EC2 instances
What is Trusted Advisor?Core Checks and Recommendations (Free) Full Trusted Advisor (Business and Enterprise Only) Looks at your entire AWS account (rather than just EC2s, like Inspector) Also does Cost Optimization, Performance, and Fault Tolerance on top of security checks
What is CloudTrail?Like a security camera. Looks into user and resource activity through management console and API calls. Can tell which users and accounts did what, the source IP address, and when the AWS call occurred. All saved into S3 as a recording
What is the difference between CloudWatch and CloudTrail?CloudWatch monitors the performance of your resources. CloudTrail monitors activity and API calls.
What is AWS Config?Shows how the relationships and configurations of your AWS resources change over time.
What are the key services of Trusted Advisor?Cost optimization Performance Security Fault tolerance Service limits
What is Penetration Testing?Test system by simulating attack to see where your vulnerabilities are.
What are the 8 services that you can do a penetration test on without prior approval?EC2 instances, NAT gateways, elastic load balancers RDS CloudFront Aurora API Gateway Lambda & Lambda edge functions Lightsail resources Elastic beanstalk environments For more simulated events, contact AWS directly.
What is Key Management Service (KMS)?A regional encryption service that manages user master keys. Ideal for use with S3, but integrated with most AWS services. On shared hardware.
What is CloudHSM (Hardware Security Module)?Dedicated, more expensive hardware for encryption that complies with FIPS 140-2 Level 3
What is Parameter Store?Secure serverless storage for passwords and db connection strings. Encrypted KMS or plaintext Set TTL to expire values (password expiration) Free, but limited to 10,000 parameters (passwords) per account
What is Secrets Manager?Charged per secret stored and per 10,000 API calls Automatically rotate secrets Apply new key/password in RDS for you Generate random secrets (A secret is something you need stored, like a key)
What is Guard Duty?Service for anomaly detection that alerts you if something is off with your resources. Have to enable for a 30-day trial.
What kind of input data does Guard Duty look through?1. CloudTrail logs 2. VPC logs 3. DNS logs
What is AWS Control Tower?The easiest way to set up a multi-account, secure environment Allows to provision multiple accounts in a few minutes These accounts will conform to company policies Used for large enterprises with multiple AWS accounts
What is AWS Security Hub?Gives you a comprehensive view of security alerts across multiple AWS accounts
What steps should you take if you have compromised IAM credentials?Determine what resources those credentials have access to Invalidate those credentials Consider invalidating any temp security credentials that may have been issued using those credentials Restore appropriate access to the user Review access to the AWS account
What level does WAF work up to?Level 7
What is Athena?Creates SQL queries to work with S3 data. Generates business reports, cost, and usage reports.
What is Macie?Service that checks S3 data for personal identifiable information that needs to be addressed.
Name the 4 AI services1. Lex 2. Polly 3. Transcribe 4. Rekognition
What is Lex?AI service that powers Alexa. Allows to build conversational chatbots that are powered through text or voice.
What is Polly?AI service that converts text to lifelike voice. (Also powers Alexa)
What is Transcribe?AI service that Converts speech into text Good for transcripts and subtitles.
What is Rekognition?AI service that Converts images into tags or texts. Allows software to see an image. For example, can upload a picture of a plant and it can tell you what kind of plant it is.
What licences do dedicated hosts allow you to use for EC2s?Allows you to use your existing per-socket, per-core, per-VM software licenses including Windows server Microsoft SQL server SUSE linux enterprise server
What is a VPC?Virtual Private Cloud. Lets you provision a logically isolated section of the cloud where you can launch AWS resources in a virtual network you define. You have control over your virtual networking environment. IP address range Subnets Think of it as a virtual data center - your own. You make the rules and control what goes in and out.
What are the 3 ways to connect on-premise to a VPC?1. via VPN (Virtual Private Network) Gives you the same IP range as you would have in your office 2. via AWS Direct Connect Makes it easy to establish a dedicated network connection from your premises to AWS. 3. via Direct Connect For if you need encryption
What languages are supported by Lambda?Node.js Java Python C# Go Powershell
Can you use version control with Lambdas?Yes
What are the benefits of Lambdas?No servers! Continuous scaling Super cheap!