Topical Cards from Practice Exam 1 Flashcards Preview

AWS Associate Developer Exam > Topical Cards from Practice Exam 1 > Flashcards

Flashcards in Topical Cards from Practice Exam 1 Deck (42)
Loading flashcards...
1
Q

Amazon Aurora

A
  • MySQL or PostgreSQL compatible editions
  • Serverless
  • Low Latency
  • Fault-Tolerant
2
Q

ElastiCache

A
  • Not Serverless
  • Used for Caching
  • Low Latency
3
Q

DynamoDB

A
  • key-value database (no sql)
  • Serverless
  • low latency
4
Q

Origin Access Identity

A
  • used for sharing private content via CloudFront
  • is a virtual user identity that will be used to give your CF distribution permission to fetch a private object from your origin server (e.g. S3 bucket).
5
Q

CloudFront

A
  • content delivery network
  • for dynamic and static content
  • caching with cloud front can reduce network cost and load on ec2s/lambdas for serving popular content
  • has Point of Presence(edge locations) for low latency
  • has regional location to help reduce latency/network traffic for less popular content that isn’t fit for PoP
6
Q

CloudFront Signed URLs

A
  • Used to enable users to securely access content
  • access to individual files, for example, an installation download for your application
  • used when your users are using a client (for example, a custom HTTP client) that doesn’t support cookies.
7
Q

CloudFront Signed Cookies

A
  • Used to enable users access to multiple restricted files, for example, all of the files for a video in HLS format or all of the files in the subscribers’ area of website.
  • don’t want to change your current URLs
8
Q

SSE-C Encryption

A
  • Customer-Provides Keys and manages key creation process
  • AWS handels the encryption process
  • AWS manages key storage and roation process
9
Q

Client-side encryption

A
  • encrypting data before sending it to Amazon (you handle encryption process)
  • Method 1) use a master key you store within your application
  • Method 2) Use a customer master key (CMK) stored in AWS Key Management Service
10
Q

Source/Destination Check

A
  • Controls whether source/destination checking is enabled on an ec2 instances
  • Disabling this attribute enables an instance to handle network traffic that isn’t specifically destined for the instance.
  • Must be diabled for instances running network address translation, routing, or a firewall service
  • enabled by default
11
Q

SQS

A
  • fully managed message queuing service that enables you to decouple and scale microservices
  • CANNOT be used as a trigger source for Lambda
  • Standard queues offer maximum throughput, best-effort ordering, and at-least-once delivery
  • FIFO queues are designed to guarantee that messages are processed exactly once, in the exact order that they are sent
  • FIFO queues support up to 3000 messages per second
12
Q

SNS

A
  • highly available, durable, secure, fully managed pub/sub messaging service that enables you to decouple microservices
  • SNS won’t keep our data if it cannot be delivered
  • SNS cannot be used for data streaming
  • offeres email and text notification capability
  • can be used as an event source to trigger Lambdas
13
Q

Amazon Neptune

A
  • Not Serverless
  • Graph Database (highly connected dataset.. ie social network data)
  • highly available
  • secure with support for HTTPS encrypted client connections and encryption at rest
14
Q

Amazon Relational Database Service (Amazon RDS)

A
  • Not Serverless

- relational database

15
Q

Snowball Edge Storage Optimized

A
  • optimal choice if you need to securely and quickly transfer dozens of terabytes to petabytes of data to AWS
  • 80 TB of usable HDD storage, 40 vCPUs, 1 TB of SATA SSD storage, and up to 40 Gb network connectivity to address large scale data transfer and pre-processing use cases
  • original Snowball device had 80TB of storage space
16
Q

Multi-AZ Amazon RDS

A
  • Multi-AZ deployments for MariaDB, MySQL, Oracle, and PostgreSQL DB instances use Amazon’s failover technology
  • SQL Server DB instances use SQL Server Database Mirroring
  • automatically provisions and maintains a synchronous standby replica in a different Availability Zone
  • Failover is automatically handled by Amazon RDS by fliping the canonical name record (CNAME) for your DB instance to point at the standby
17
Q

Storage Gateway File

A
  • AWS Storage Gateway is a hybrid cloud storage service that gives you on-premises access to virtually unlimited cloud storage
  • Tape Gateway for connecting tape backups to the cloud
  • File Gateway for connecting to the cloud in order to store application data files and backup images as durable objects on Amazon S3
  • Volume Gateway to present cloud-based iSCSI block storage volumes to your on-premises applications
18
Q

Network Load Balancer

A
  • best suited for use-cases involving low latency and high throughput workloads that involve scaling to millions of requests per second
  • Network Load Balancers expose a fixed IP to the public web
  • Network Load Balancers don’t support security groups, based on the target group configurations, the IP addresses of the clients or the private IP addresses associated with the Network Load Balancers must be allowed on the web server’s security group
  • Layer 4 operator
19
Q

Application Load Balancer

A
  • Ideal for advanced load balancing of HTTP and HTTPS traffic
  • Layer 7 operator
  • provides advanced request routing targeted at delivery of modern application architectures, including microservices and container-based applications
  • expose a fixed DNS (=URL) rather than the IP address
20
Q

Classic Load Balancer

A
  • intended for applications that were built within the EC2-Classic network
  • expose a fixed DNS (=URL) rather than the IP address
21
Q

Launch Configuration

A
  • Launch Configurations are used to launch EC2 instances in an Auto Scaling Group
  • Launch Configurations are Immutable (can’t change)
  • To modify an EC2 instance’s config in an ASG, you need to create a new Launch Congifuration
22
Q

EBS GP2

A
  • offer cost-effective storage that is ideal for a broad range of workloads
  • single-digit millisecond latencies
  • up to 16,000 IOPS
  • range in size from 1 GiB to 16 TiB
  • deliver their provisioned performance 99%
  • Volume size is 1 GB to 16 TB.
23
Q

EBS io1

A
  • designed to meet the needs of I/O-intensive workloads, particularly database workloads, that are sensitive to storage performance and consistency
  • you to specify a consistent IOPS rate when you create the volume
  • delivers the provisioned performance 99.9 percent of the time
  • up to 64,000 IOPS per volume
  • Volume size is 4 GB to 16TB.
24
Q

AWS Systems Manager Parameter Store (aka SSM Parameter Store)

A
  • provides secure, hierarchical storage for configuration data management and secrets management
  • an store data such as passwords, database strings, EC2 instance IDs, Amazon Machine Image (AMI) IDs, and license codes as parameter values
  • can store values as plain text or encrypted data
  • can reference parameters via the unique name specified at parameter creation
25
Q

NAT Gateways

A
  • enable EC2 instances in a private subnet to connect to the internet or other AWS services
  • prevent the internet from initiating a connection with those instances
  • cannot associate a security group with a NAT gateway.
  • can associate exactly one Elastic IP address with a NAT gateway
26
Q

VPC Peering

A
  • networking connection between two VPCs, non transative
  • enables you to route traffic between them using private IPv4 addresses or IPv6 addresses
  • EC2 instances in either VPC can communicate with each other as if they are within the same network
  • can connect between your own VPCs, or with a VPC in another AWS account
27
Q

Dynamic Port Mapping

A
  • available with an Application Load Balancer
  • makes it easier to run multiple tasks on the same Amazon ECS service on an Amazon ECS cluster
  • you can run multiple tasks from a single service on the same container instance
28
Q

RDS Encryption

A
  • must encrypt prior to launch (cannot change encryption after launch)
  • cannot create encrypted read replica from unencrypted master DB
  • cannot create an encrypted Read Replica from an unencrypted master DB instance
  • Read replicas in same region as master are encrypted with same key
  • Read replicas in a different region as master can be encrypted with a different key
29
Q

IAM Access Key

A

-used for signing programmatic requests you make to AWS

30
Q

AWS KMS API

A

-can be used for envelope protection of keys before they are written to disk.

31
Q

DynamoDB global tables

A
  • fully managed solution for deploying a multi-region, multi-master database
  • provides an active-active configuration where reads and writes can take place in multiple regions with full bi-directional synchronization
32
Q

Amazon Aurora Global Database

A
  • provides read access to a database in multiple regions
  • does not provide active-active configuration with bi-directional synchronization
  • you can failover to your read-only DBs and promote them to writable
33
Q

CloudFront geo restriction

A
  • can allow your users to access your content only if they’re in one of the countries on a whitelist of approved countries
  • can prevent your users from accessing your content if they’re in one of the countries on a blacklist of banned countries
34
Q

Elastic Fabric Adapter

A

-type of AWS Elastic Network Adapter (enhanced netwworking) with added capabilities for High Performance Computing use cases
-enables customers to
run applications requiring high levels of inter-node communications at scale on AWS

35
Q

AWS Batch

A
  • used for running large numbers of batch computing jobs

- dynamically provisions the EC2 instances

36
Q

Static S3 Website Configuration Options

A
  • Using a REST API endpoint as the origin with access restricted by an origin access identity (OAI)
  • Using a website endpoint as the origin with anonymous (public) access allowed
  • Using a website endpoint as the origin with access restricted by a Referer header
  • If you just use S3 without cloudfront, it cannot be an HTTPS site, only HTTP
37
Q

Egress-Only Internet Gateway

A
  • a horizontally scaled, redundant, and highly available VPC component that allows outbound communication
  • prevents the Internet from initiating an IPv6 connection with your instances.
38
Q

Amazon Elastic File System (EFS) Permissions

A
  • After creating a file system, by default, only the root user (UID 0) has read-write-execute permissions
  • root user must explicitly grant them access.
  • common use case is to create a “writable” subdirectory under this file system root for each user you create on the EC2 instance and mount it on the user’s home directory
39
Q

S3 Glacier Retrievals

A
  • stardard retrievals are 3-5 hours
  • expidiated retrievals in 1-5 minutes
  • bulk retrievals are lowest cost, think petabytes of data, 5-12 hours
40
Q

EBS Throughput Optimized HDD (ST1)

A
  • provides up to 500 IOPS per volume
  • no SLA for IOPS
  • cheaper than GP2 and ST1
41
Q

EBS Cold HDD (SC1)

A
  • provides up to 250 IOPS per volume
  • no SLA for IOPS
  • cheapest option
42
Q

Resolving apex/domain names (example.com)

A
  • You can create an A record that is an Alias that uses the customer’s website zone apex domain name and map it to the ELB DNS name
  • A CAME record can’t be used for resolving apex or naked domain names