Aws Certified Solutions Architect Professional Flashcards ionicons-v5-c

Data that is durable and sticks around after reboots/restarts/power cycles (Glacier/RDS)

Persistent Data Store

Data that is temporarily stored and passed to another process or persistent data store (SQS/SNS)

Transient Data Store

Data that is lost when stopped (EC2 instance store/Memcached)

Ephemeral Data Store

Measure of how fast we can read and write to a device (i.e. fast sports car)

IOPS

Measure of how much data can be moved at a time (i.e. Dump truck).

Throughput

What does the Consistency Model ACID stand for?

Atomic, Consistent, Isolated, Durable

What does the Consistency Model BASE stand for?

Basically available, soft state, eventually consistent

Once you initiate a Glacier Vault lock, you have ____ hrs to _________ the vault lock or ______ the lock.

24, complete, abort

What are some use cases for Instance Stores?

caches, buffers, work areas

Why might you use an instance store volume over an EBS volume?

Instance store may provide better performance because it is directly attached vs EBS volume access resides over the network.

Each subsequent EBS Snapshot is ____________. Meaning it only records the changes you've made since the previous snapshot which saves storage space.

incremental.

An EFS can be mounted from on-premise ONLY if using ________ __________.

Direct Connect

What is the alternative to using a direct connect to mount on premise to EFS?

EFS File Sync Agent

What are the 4 types of Storage Gateway and describe each?

File Gateway - store objects in S3 via NFS/SMBVolume Gateway Stored Mode - Async replication to S3Volume Gateway Cached mode - Primary data stored in S3, frequently accessed data cached on-premTape Gateway - use with existing backup software

A secure, fully managed file collaboration service that can integrate with AD for SSO. It contains web, mobile, and native clients and is HIPAA, PCI, DSS, and ISO compliant.

Amazon WorkDocs

Read Replicas support ___________ synchronization, which means data may be lagging behind slightly on some of your read nodes.

Asynchronous

Multi-AZ supports __________ synchronization, which means data will be up-to-date with your master node.

Synchronous

True/False: In the catastrophic event of a region failure, you can promote a Read Replica to a standalone DB and then enable Multi-AZ from there.

True

DynamoDB feature which allows you to maintain ACID compliance to make coordinate all-or-nothing changes to multiple items both within and across tables.

DynamoDB Transactions

(DynamoDB) When you want a fast query of attributes outside the primary key (without having to do table scan), what index type would you use?

GSI (Global Secondary Index)

(DynamoDB) When you already know the partition key and want to quickly query on some other attribute, what index type would you use?

LSI (Local Secondary Index)

Name features of Global Secondary Indexes (GSI's)

-Created any time-Different partition key-Different sort key-Only request attributes projected in index

Name features of Local Secondary Indexes (LSI's)

-Must be created with table-Same partition key-Different sort key-Can request attributes not projected in index (auto-fetch)

Refers to stores which allow queries of raw data without pre-processing. This lessens the time from data collection to data value and helps identify correlations between disparate data sets.

Data Lake

Fully managed graph database which supports open graph API's for both Gremlin and SPARQL.

Neptune

Which data store would you use if you wanted ultimate control over your DB and your preferred DB is not supported by RDS?

EC2

Which data store would you use if you wanted a traditional relational database for OLTP, one in which data is well-formed and structured as well as ACID compliant.

RDS

Which data store would you use if your data is comprised of name/value pairs or is unpredictable and you desire in-memory performance with data persistence as well as dynamic scaling?

DynamoDB

What data store would you use if you have massive amounts of data which are primarily centered around OLAP workloads?

Redshift

What data store would you use if your relationships between your data objects is a major portion of your data's value?

Neptune

What data store would you use if you require fast temporary stores for data which may be highly volatile?

Elasticache

Name same features of Memcached

-Simplicity-Object caching-Scale out as demand changes (horizontal scaling)-Run multiple CPU cores and threads

Name some features of Redis

-Advanced data types (lists, hashes, sets)-HIPAA Compliance-Clustering-HA

True/False: You must initialize the storage blocks on volumes that were restored from SNAPSHOTS before you can access the block.

True

True/False: You must initialize the storage blocks on newly created EBS volumes.

False (newly created EBS volumes receive their max performance upon creation)

For EBS volumes, you are charged for ____________ storage. For EBS snapshots, you are charged only for ___________ storage.

Provisioned, consumed

Because of the way that EC2 virtualizes disks, the ____ write operation to any location on an instance store volume performs more _______ than subsequent writes.

first, slowly

True/False: Snowball might not be the ideal solution if your data can be transferred over the internet in less than one week.

True

SaaS model in which the storage of tenant data is fully isolated from any other tenant data.

Silo Model

SaaS model in which all of the tenant's data is moved into a single database, while allowing some degree of variation and separation for each tenant.

Bridge Model

SaaS model in which tenants share all of the systems storage constructs.

Pool Model

Which caching engine currently supports encryption at rest (3.2.6 and 4.0.10 and later)

Redis

Glacier ________ ________ is an immutable way to set policies on Glacier vaults.

Vault Lock

Which caching engine is multi-threaded, meaning it makes good use of larger Amazon EC2 instance sizes with multiple cores?

Memcached

Describes the interval of time that might pass during a disruption before the quantity of data lost during that period exceeds the Business Continuity Plan's maximum allowable threshold or "tolerance."

Recovery Point Objective (RPO)

The duration of time and a service level within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.

Recovery Time Objective (RTO)

Auto Discovery of new ElastiCache nodes as they are added to the cache cluster only works for _____________.

Memcached

Consistent Hashing

You should apply the ______ caching strategy anywhere in your app where you have data that is going to be read often, but written infrequently.

lazy

This caching strategy only loads data into the cache when necessary

lazy loading

This caching strategy adds or updates data to the cache whenever data is written to the database.

write through

True/False: Memcached will automatically evict the less frequently used cache keys to free up memory.

True

True/False: Redis cannot be easily scaled horizontally because it must keep its data structures in a single memory image to function properly.

True

True/False: AWS Allows multicast which allows broadcast to all network devices via Layer 2 communication.

False

Layer 4 protocol which is connection-based, stateful, and acknowledges receipt.

TCP

Layer 4 protocol which is conectionless, stateless, simple, and has no re-transmission delays.

UDP

Layer 4 protocol which is used by network devices to exchange information.

ICMP

Short-lived, transport protocol ports used in IP-communications. These ports live above the well-known IP ports and have NACL and Security Group limitations. These ports are required to allow the server to communicate back to the client.

Ephemeral Ports

IPsec VPN connection over your existing internet. Quick and usually simple way to establish a secure tunneled connection to a VPC.

AWS Managed VPN

AWS Direct Connect

IPsec VPN connection over private lines. Useful for customers who want added security of having an encrypted tunnel over direct connect.

AWS Direct Connect + VPN

Connect locations in a hub and spoke manner using AWS's virtual Private Gateway Useful for linking remote offices for backup or primary WAN access to AWS resources and each other.

AWS VPN Cloud Hub

VPN connection in which you provide your own VPN endpoint and software. You must manage both ends of the VPN connection for compliance reasons or your VPN software is not supported by AWS.

Software VPN

Common strategy for connecting geographically disperse VPC's and locations in order to create a global network transit center.

Transit VPC.

AWS-provided network connectivity between VPCs and/or AWS services using interface endpoints. Allows you to keep your private subnets truly private utilizing the AWS backbone to reach other services rather than through the internet.

AWS Private Link

Elastic network interface (ENI) with a private IP which uses DNS entries to redirect traffic.

Interface Endpoint

Gateway that is a target for a specific route which uses prefix lists in a route table to redirect traffic.

Gateway Endpoint

What are the only two AWS services you can connect to with a Gateway Endpoint?

S3DynamoDB

Border Gateway Protocol (BGP)

Horizontally scaled, redundant and highly available component that allows communication between a VPC and the internet.

Internet Gateway

Provides outbound internet access for IPV6 addressed instances and prevents inbound access to those IPV6 instances.

Egress Only IGW

EC2 instance from a special AWS Linux AMI that translates traffic from many private IP instances to a single public IP and back.

NAT Instance

Fully managed NAT service that replaces the need for NAT instance on EC2.

NAT Gateway

What is a Pro of Clustered Placement Groups?

Get most out of enhanced networking instances

What is a Con of Clustered Placement Groups?

Finite capacity, must launch all you might need up front

What is a pro of Spread Placement groups?

Can span multiple AZ's to reduce risk of simultaneous hardware failure.

What is the limit of Spread Placement groups per AZ?

7

For geolocation routing policies, it is important to have a _________ route. This ensures a "catch all" for all traffic.

default

_____ on Geoproximity routing increases or decreases routing preference on the particular region and influences where traffic is routed. The bias ranges from _____ to _____.

bias, -99, +99

This routing policy allows you to assign multiple IP's to the same name and contains health checks on each entry so only healthy endpoints are served.

multivalue answer

Computer networking protocol in which a client indicates which hostname it is attempting to connect to at the start of the handshaking process. This allows a server to present multiple certs on the same IP and allows multiple secure websites to be served by the same IP without using the same certificate.

Server Name Indication (SNI)

Layer 7 load balancer which features path-based routing and works at a higher level to distribute traffic.

Application Load Balancer (ALB)

Layer 4 load balancer which is useful for high performance workloads and allows for static IP assignment.

Network Load Balancer (NLB)

Layer 4/Layer 7 load balancer used for a mix of traffic and allows for sticky sessions.

Classic Load balancer

Type of network protocols in which no information about a transaction is maintained after a transaction is processed.

Stateless Protocol

Type of network protocols in which state information is kept even after a transaction has been processed.

Stateful Protocol

Type of network protocol in which it does not require a session connection between sender and receiver. The sender simply starts sending packets (called datagrams) to the destination

Connectionless Protocol

Type of network protocol in which a session connection is required to be established before any data can be sent.

Connection-based Protocol

What type of DNS record does Route 53 NOT support?

DNSSEC

Allows you to connect your AWS Direct Connect connection to one or more VPCs in your account that are located in the same or different regions.

Direct Connect Gateway

In an AWS VPC VPN connection, what is the name of the "anchor" on your side (customer) side of the connection?

Customer Gateway

In an AWS VPC VPN connection, what is the name of the "anchor" on the AWS side of the VPN connection?

Virtual Private Gateway

Encapsulation protocol used in many service provider and large-scale enterprise networks. Instead of relying on IP lookups to discover a viable "next-hop" at every single router within a path (as in traditional IP networking),MPLS predetermines the pathand usesa label swapping push, pop, and swap method to direct the traffic to its destination.

MPLS

What is the largest CIDR supported by Amazon VPC?

/16

True/False: Unauthorized port scans by Amazon EC2 customers are a violation of the AWS Acceptable Use Policy.

True

Term which indicates that you should only give users (or services) nothing more than those privileges required to perform their intended function (and ONLY when they need it).

Principle of Least Privilege

AD service of AWS which allows you to use a pre-existing AD with existing AD users to allow access to AWS assets via IAM roles. This service also supports MFA via existing RADIUS-based MFA infrastructure.

AD Connector

AD service of AWS which is a standalone AD based on samba. It supports user accounts, groups, group policies, and domains and is based off the Kerberos SSO. MFA is not supported and there are no trust relationships.

Simple AD

(TVM) Used as a way to provide access to AWS services only, does NOT store user identity.

Anonymous TVM

(TVM) Used for registration and login, and authorizations

Identity TVM

Used to store passwords, encryption keys, API keys, SSH keys.... An alternative to storing passwords or keys in a "vault" and can be accessed through an API with fine-grained access controls policies through IAM.

AWS Secrets Manager

Multi-tenant security module which shares hardware with other AWS customers. Allows you to generate/store/manage your encryption keys.

AWS KMS

Dedicated hardware security module instance. The hardware is not shared and can be used to generate/store/manage your encryption keys.

Cloud HSM

Managed service that allows you to provision, manage, and deploy public or private SSL/TLS certs. It is integrated with many AWS services and allow you to generate free public certs to use with AWS services.

AWS Certificate Manager (ACM)

Cloudwatch keeps alarm(s) history for ___ days.

14

Framework allowing admins to create pre-defined products and landscapes for their users. Allows for granular control over which users have access to which offerings and makes used of adopted IAM roles so users don't need underlying service access.

Service Catalog

(Service Catalog Constraints) IAM Role that service actalog assumes when an end user launches a product. Without this, the end user must have all permissions needed within their own IAM creds.

Launch Constraint

(Service Catalog Constraints) Specifies the Amazon SNS topic to receive notifications about stack events.

Notification Constraint

(Service Catalog Constraints) One or more rules that narrow allowable values an end-user can select.

Template Constraint

True/False: Users and roles are inherited across shared portfolios across multi-accounts with AWS Service Catalog.

False

Name 2 features of OAuth 2.0?

-Issues tokens to clients-Handles authorization

These systems monitor networks and/or systems for malicious activity or policy violation, and report them to systems administrators or to a security information and event management (SIEM) system.

Intrusion Detection Systems (IDS)

These systems are positioned behind firewalls and provide an additional layer of security by scanning and analyzing suspicious content for potential threats.

Intrusion Prevention Systems (IPS)

______ ______ provide stateful firewalls for Amazon EC2 instances at the hypervisor level.

Security Groups

What are the main sections of an IAM JSON policy? (PARC Model)

ParametersActionsResourcesConditions

Which layer of the OSI model refers to Application?

Layer 7

Which layer of the OSI model refers to network?

Layer 3

Which layer of the OSI model refers to transport?

Layer 4

Automatic migration of on-premise VMWare VSphere or MS Hyper V/SCVMM Virtual machines to AWS.

Server Migration Service (SMS)

Works in conjunction with the schema conversion tool to help customers migrate DB's to AWS RDS or EC2 based data bases.

Database Migration Service (DMS)

DMS (database migration service) is used for _____ and simpler DB conversions.

smaller

SCT (Schema conversion tool) is used for _____ and more complex datasets.

larger

Gathers information about on-premise data centers to help in cloud migration planning.

Application Discovery Service

VPCs support IPV4 netmask ranges from /___ to /___.

16, 28

AWS reserves __ IPs in every VPC subnet.

5

True/False: The Schema Conversion Tool (SCT) support NoSQL Databases.

False, only DMS supports NoSQL.

The IP address of the DNS in a VPC is always the base of the subnet range plus ____.

two

Scaling in which more instances are added as the demand increases. It does not require downtime to scale up or down and can be automated using auto-scaling groups.

Horizontal Scaling

Scaling in which more CPU and/or RAM is added to existing instances as demand increases. This requires a restart to scale up or down and would require some scripting in order to automate.

Vertical Scaling

(scaling policy) Scale based on predefined or custom metric in relation to a target value

Target Tracking

(scaling policy) Waits until health check and cool down period expires before evaluating new need

Simple Scaling

(scaling policy) Responds to scaling needs with more sophistication and logic

Step Scaling

Configurable duration that gives your scaling a chance to "come up to speed" and absorb load. Defaults to _____ seconds.

Scaling Cooldown, 300

By default, how many days will SQS retain your data? What is the maximum number of days your data will be retained?

4, 14

What is the maximum message size for SQS (assuming no use of JAVA SDK)?

256KB

Managed implementation of Apache ActiveMQ. Fully managed and highly available within a region. Designed to be a drop-in replacement for on-premise message brokers.

AmazonMQ

A managed workflow and orchestration platform. Defines applications as a state machine and created using Amazon State Language (declarative JSON).

Step Functions

Management tool for creating, managing, and executing batch oriented tasks using EC2 instances.

AWS Batch

Managed hadoop framework for processing huge amounts of data. Most commonly used for log analysis or extract, translate and loading (ETL) activities.

EMR (Elastic Map Reduce)

Kinesis Client Library (KCL)

Designing in the ability to absorb problems without impacting service levels.

Fault Tolerance

Designing in redundancies to reduce the chance of impacting service levels.

High Availability

This DR plan provides the slowest system restoration after a DR event. You take frequent snapshots of your data and you store them in durable storage. To recover, you simply restore the backed up files/applications.

Backup Restore

This DR method gives you a quicker recovery time than backup-and-restore by keeping core pieces of the system up and running and continuously up to date. When recovery time comes, you can rapidly provision a full-scale production environment around the critical core.

Pilot Light

This DR plan is faster in system restoration than Pilot Light. It describes a scenario in which a scaled-down version of a fully functional environment is always running in the cloud. When DR occurs, you can simply switch over from the active to the passive environment (i.e. point your ALB to a different endpoint).

Warm Standby

This DR plan is the fastest in system restoration during a DR event. It is a one-to-one copy of your infrastructure that is located and running in another region or AZ (also known as an active-active configuration).

Multi-site

When fault tolerance is more important than I/O performance, this RAID configuration is ideal.

RAID 1

When I/O performance is more important than fault tolerance, this RAID configuration is ideal.

RAID 0

AWS Service based on blockchain concepts which provides an immutable and transparent journal as a service without having to setup & maintain an entire blockchain framework.

Amazon Quantum Ledger Database

True/False: Amazon Redshift currently only supports single-AZ deployments but you can run multiple clusters in different AZ's.

True

True/False: You must create a NEW launch configuration when using Autoscaling groups and you want to modify the instances launched.

True

Software development strategy in which a new version of an API is deployed as a development release for testing purposes. The base version remains deployed as a production release for normal operations on the same stage.

Canary Release

Merge code changes back to main branch as frequently as possible with automated testing as you go.

Continuous Integration (CI)

A development practice where merged changes are automatically built, tested and prepared for release into staging and production after a manual evaluation.

Continuous Delivery

A development practice that fully automates the entire release process, code is deployed into production as soon as it has successfully passed through the release pipeline (no human intervention required).

Continuous Deployment

(EB Deployment Option) All old version instances are terminated and new version instances are spun up in their place.

All At Once

(EB Deployment Option) One by one, terminates old version instances and replaces with new instances.

Rolling

(EB Deployment Option) Launch new version instances prior to taking any old version instances out of service.

Rolling with Additional Batch

(EB Deployment Option) Launch a full set of new version instances in separate auto-scaling group and only cuts over when health check is passed.

Immutable

(EB Deployment Option) CNAME DNS entry changed when new version is fully up, leaving old version in place until new version is fully "green"

Blue/Green

AWS CloudFormation _______ _______ extends the functionality of stacks by enabling you to create, update, or delete stacks across multiple accounts and regions with a single operation.

Stack Sets

A summary of proposed changes to your CF stack that will allow you to see how those changes might impact your existing resources before implementing them.

Change Sets

With the ________________ attribute in CloudFormation, you can specify that the creation of a specific resource follows another.

DependsOn

The __________________ attribute for a CloudFormation stack resource dictates whether you can preserve/backup resources created as part of a CF stack.

DeletionPolicy

True/False: In order to add a stack policy to an existing CF stack, you must use the console.

False, you must use the CLI

True/False: Once applied, a stack policy cannot be removed from a CF stack but can be modified via the CLI.

True

True/False: To improve responsiveness, API Gateway supports caching of requests.

True

Fully managed service that provides you with an AWS resource inventory, configuration, history, and configuration change notifications to enable security and governance.

AWS Config

A managed instance of chef and puppet, provides configuration management to deploy code, automate tasks, configure instances, and perform upgrades.

AWS Ops Works

OpsWorks is a global service but when you create a stack, you must specify a _____ and that stack can only control resources within that _____.

Region