Aws Certified Cloud Practitioner Flashcards
EBS, RDS
Which services are integrated with KMS encryption? (choose 2)
(AWS) CodeCommit
Which AWS service is primarily used for software version control?
Configuration of security groups, encryption of customer data
Under the AWS shared responsibility model what is the customer responsible for? (choose 2)
(AWS) Storage Gateway Volume Gateway
Which AWS service allows you to use block-based volumes on-premise that are then asynchronously backed up to Amazon S3?
Network Load Balancer
Which type of Elastic Load Balancer operates at the connection layer (layer 4) and supports IP addresses as targets?
Snapshot to capture state of the instance
What method can you use to take a backup of an Amazon EC2 instance using AWS tools?
(AWS) DMS
Which service can be used to help you to migrate databases to AWS quickly and securely?
(AWS) EMR
Which AWS service can be used to process a large amount of data using the Hadoop framework?
Configuration management, patch management
Under the shared responsibility model, what are examples of shared controls? (choose 2)
EBS
(You can) attach multiple ___ volumes to an instance, ____ volumes must be in the same AZ as the instance (they are attached to)
(AWS) IAM
Which AWS service is used to enable multi-factor authentication?
(AWS) OpsWorks
Which AWS service can an organization use to automate operational tasks on EC2 instances using existing Chef cookbooks?
Application Load Balancer
Which type of Amazon Elastic Load Balancer operates at layer 7 of the OSI model only?
(Amazon) RDS
Which AWS database service supports complex queries and joins and is suitable for a transactional database deployment?
Elastic web-scale computing, Inexpensive
What benefits does Amazon EC2 provide over using non-cloud servers? (choose 2)
(Amazon) VPC, CloudFormation
For which services does Amazon not charge customers? (choose 2)
Independent paying accounts, One bill per organization
Which of the following statements is correct in relation to consolidated billing? (choose 2)
(Amazon) Athena, EMR
Which AWS services are used for analytics? (choose 2)
AWS managed VPN
What can you use to quickly connect your office securely to your Amazon VPC?
(Amazon) CloudTrail
Which service records API activity on your account and delivers log files to an Amazon S3 bucket?
Enterprise
Which AWS support plan should you use if you need a response time of < 15 minutes for a business-critical system failure?
(Amazon) EC2
Which AWS service can you use to install a third-party database?
(Amazon) SNS
Which service can be used for building and integrating loosely-coupled, distributed applications?
Subnets, Security Groups, IP CIDR
Which items can be configured from within the VPC management console? (choose 3)
(Spans) all Availability Zones within the region
What is the scope of a VPC within a region?
(AWS) CloudHSM, KMS
Which services are involved with security? (choose 2)
Read Replicas, Multi-AZ
What features does Amazon RDS provide to deliver scalability, availability and durability? (choose 2)
File (Gateway), Volume (Gateway), Tape (Gateway)
What are the names of three types of AWS Storage Gateway? (choose 3)
Golden Image
(Amazon) EC2 instances and RDS instances can be launched from what?
(AWS) Service Catalog
Which tool can be used to create and manage a selection of AWS services that are approved for use on AWS?
(an) Auto Scaling Group, (a) launch configuration
An architect is creating a scalable application using AWS Auto Scaling. What needs to be created to enable a working configuration? (choose 2)
General Purpose (gp2)
A Solutions Architect is launching a new EC2 instance that will be a web-server. Which EBS volume type provides a good balancer of price and performance and can be used as a system boot volume?
Compute Hardware, Data Center Security
Which items should be included in a TCO analysis comparing on-premise to AWS Cloud? (choose 2)
Resource Group
What is a collection of resources that share one or more tags?
Using AWS artifact
How can a security compliance officer retrieve AWS compliance documentation such as a SOC 2 report?
Scheduled (RI), Convertible (RI)
Which of the following are valid types of Reserved Instance? (choose 2)
(Amazon) RDS, EC2
To optimize pricing or ensure capacity is available reservations can be applied to which of the following services? (choose 2)
(AWS) CloudFormation
An architect wants to find a tool for consistently deploying the same resources through a templated configuration. Which AWS service can be used?
(Amazon) S3, (AWS) Lambda
A Solutions Architect is designing an application stack that will be highly elastic. What AWS services can be used that don't require you to make any capacity decisions upfront? (choose 2)
(Amazon) Workspaces
An organization would like to run managed desktops on the AWS cloud using the Windows 10 operating system. Which service can deliver these requirements?
(Amazon) EMR, EC2
Which of the following services allow root level access to the operating system? (choose 2)
IAM, (Amazon) VPC
Which AWS services can be utilized at no cost? (choose 2)
(Amazon) SWF
Which AWS service can assist with coordinating tasks across distributed application components?
(Amazon) S3
Which AWS service can be used to host a static website?
Virtual Private Gateway, Customer Gateway
To connect an on-premises network to an Amazon VPC using an Amazon Managed VPN connection, which components are required? (choose 2)
Elastic IP
Which AWS network element allows you to assign a static IPv4 address to an EC2 instance?
MFA Delete
Adds an additional layer of security as users must include the x-amz-mfarequest header in requests to permanently delete an object version or change the versioning state of the bucket. This header must include the authentication code from a multi-factor authentication device
Versioning
helps to mitigate the impact of deleting objects as older versions are retained however it does not prevent deletion
Encryption
protects against unauthorized agents reading your data, it does not protect it from deletion
Multi-AZ (RDS)
creates a replica in another AZ and synchronously replicates to it (DR only)
Read replicas
used for read-heavy DBs and replication is asynchronous
RedShift
a fully managed data warehouse service designed to handle petabytes of data for analysis. Data can be analyzed with standard SQL tools and business intelligence tools; allows you to run complex analytic queries against petabytes of structured data
RDS
Amazon's transactional relational database
DynamoDB
Amazon's non-relational database service
ElastiCache
a data caching service that is used to help improve the speed/performance of web applications running on AWS
Implement a strong identity foundation, Enable traceability, Apply security at all layers, Automate security best practices, Protect data in transit and at rest, Prepare for security events
There are six design principles for Security in the cloud:
(Amazon) Neptune
a fast, reliable, fully-managed graph database service that makes it easy to build and run applications that work with highly connected datasets. With Amazon Neptune, you can create sophisticated, interactive graph applications that can query billions of relationships in milliseconds
Redshift
a fast, scalable data warehouse that makes it simple and cost-effective to analyze all your data across your data warehouse and data lake
AWS X-Ray
helps developers analyze and debug production, distributed applications, such as those built using a microservices architecture
(Amazon) Athena
an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL
Data consistency models
Read after write consistency for PUTS of new objects, and Eventual consistency for overwrite PUTS and DELETES (takes time to propagate), are examples of what?
(AWS) WAF
a web application firewall that helps protect web applications from common web exploits that could affect application availability, compromise security, or consume excessive resources
CloudFront
distributes traffic across multiple edge locations and filters requests to ensure that only valid HTTP(S) requests will be forwarded to backend hosts-- also supports geoblocking, which you can use to prevent requests from particular geographic locations from being served
PCI DSS (The Payment Card Industry Data Security Standard)
a proprietary information security standard administered by the PCI Security Standards Council
(AWS) Direct Connect
a network service that provides an alternative to using the Internet to connect a customer's on premise sites to AWS. Data is transmitted through a private network connection between AWS and a customer's data center or corporate network
peering connection
enables you to route traffic via private IP addresses between two peered VPCs
VPC endpoints
enable private connectivity to services hosted in AWS, from within your VPC without using an Internet Gateway, VPN, Network Address Translation (NAT) devices, or firewall proxies
VPG
the Amazon side of a VPN connection
NAT (Network Address Translation)
used to translate IP addresses when routing between subnets that do not have a fully routable address space
Root EBS volumes
deleted on termination by default
Extra non-boot volumes
are not deleted on termination by default
Test recovery procedures, Automatically recover from failure, Scale horizontally to increase aggregate system availability, Stop guessing capacity, Manage change in automation
There are five design principles for Reliability in the cloud:
Managing Access Keys
Best practices for _______ include:Don't generate an access key for the root account user, Use Temporary Security Credentials (IAM Roles) Instead of Long-Term Access Keys, Manage IAM User Access Keys Properly
AMI (Amazon Machine Image)
provides the information required to launch an instance, which is a virtual server in the cloud. You must specify a source ____ when you launch an instance. You can launch multiple instances from a single ___ when you need multiple instances with the same configuration. You can use different ____s to launch instances when you need instances with different configurations
public subnet
a subnet that is configured to assign public IP addresses to instances and which has a route to an Internet Gateway (which is created at the VPC level) configured in the route table
VPN connection
used to establish a secure connection between the AWS cloud and an on-premise data center or other cloud location. They are not used to access the Internet
REST API, AWS CLI
Which of the below are valid options for interacting with Amazon Glacier archives? (choose 2)
Direct Connect
the technology that is used to connect your on-premises network to AWS to form a hybrid cloud
KMS (Amazon Key Management Service)
used for managing encryption keys and is not used for authentication
Server certificates
SSL/TLS certificates that you can use to authenticate with some AWS services
Access keys
a combination of an access key ID and a secret access key and can be used to make programmatic calls to AWS
(Amazon) Elastic Transcoder
a highly scalable, easy to use and cost-effective way for developers and businesses to convert video and audio files from their source format into versions that will playback on devices like smartphones, tablets and PCs
(AWS) Glue
a fully managed extract, transform, and load (ETL) service that makes it easy for customers to prepare and load their data for analytics
(Amazon) Rekognition
makes it easy to add image and video analysis to your applications
(Amazon) Comprehend
a natural language processing (NLP) service that uses machine learning to find insights and relationships in text
NAT gateways
managed FOR you by AWS. They are highly available in each AZ into which they are deployed. They are not associated with any security groups and can scale automatically up to 45Gbps
NAT instances
managed BY AWS ,They must be scaled manually and do not provide HA. They can be used as bastion hosts and can be assigned to security groups
Read replicas
used for read-heavy DBs and replication is asynchronous. They are for workload sharing and offloading. They provide read-only access to the DB
Physical security of the data center, Replacement and disposal of disk drives
Under the AWS shared responsibility model what is AWS responsible for? (choose 2)
Adopt a consumption model, Measure overall efficiency, Stop spending money on data center operations, Analyze and attribute expenditure, Use managed services to reduce cost of ownership
There are five design principles for cost optimization in the cloud:
Democratize advanced technologies, Go global in minutes, Use serverless architectures, Experiment more often, Mechanical sympathy
There are five design principles for performance efficiency in the cloud:
VPC
Internet Gateways are attached at the ____ level and then referenced in route tables that are associated with subnets
One account
For billing purposes, the consolidated billing feature of AWS Organizations treats all the accounts in the organization as
Dynamo DB
a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. Push button scaling means that you can scale the DB at any time without incurring downtime
User Data
When you launch an instance in Amazon EC2, you have the option of passing ____ to the instance that can be used to perform common automated configuration tasks and even run scripts after the instance starts
Dedicated Host
a physical server that's dedicated for your use. With a _____, you have visibility and control over how instances are placed on the server
EC2, EBS
___ instances and ____ volumes both incur costs, Route tables and Auto Scaling Groups do not incur costs (choose 2)
(Amazon) DLM (Data Lifecycle Manager)
Used to automate the creation, retention, and deletion of snapshots taken to back up your Amazon EBS volumes
(Amazon) Elasticsearch
a fully managed service that makes it easy for you to deploy, secure, operate, and scale it to search, analyze, and visualize data in real-time. It is based on open source software
CloudSearch
a managed service in the AWS Cloud that makes it simple and cost-effective to set up, manage, and scale a search solution for your website or application
OpsWorks
a configuration management service that provides managed instances of Chef and Puppet
Elastic Beanstalk
the fastest and simplest way to get web applications up and running on AWS. Developers simply upload their application code and the service automatically handles all the details such as resource provisioning, load balancing, auto-scaling, and monitoring
Trusted Advisor
an online resource to help you reduce cost, increase performance, and improve security by optimizing your AWS environment. ________ provides real time guidance to help you provision your resources following AWS best practices. Offers a Service Limits check (in the Performance category) that displays your usage and limits for some aspects of some services
Systems Manager
gives you visibility and control of your infrastructure on AWS
Stateful
Databases such as RDS are considered
EBS
is not a shared storage service so is not ideal for stateless architectures (use S3 or EFS instead)
(Amazon) Glacier
With you pay for storage on a per GB / month basis, retrieval requests and quantity (based on expedited, standard, or bulk), and data transfer out
(AWS) Direct Connect
Benefits of ______:- Reduce cost when using large volumes of traffic- Increase reliability (predictable performance)- Increase bandwidth (predictable bandwidth)- Decrease latency