Professional Documents
Culture Documents
AWS Solutions Architect Associate Flashcards - Quizlet
AWS Solutions Architect Associate Flashcards - Quizlet
At any given time, the system server does not know the status of the
What is a stateless system? clients communicating with it. Output of the system depends solely on
the inputs.
updates will propagate through system; eventually all data copies will
What is eventual consistency?
be consistent
A special type of firewall that looks more deeply into packets that carry
What is a web application firewall (WAF)?
HTTP traffic.
Add to a class or folder
Embed
A data table stored in a router that lists the routes to particular network
What is a routing table?
destinations
Report
What is an EC2 instance type? Defines size of instance based on different parameters.
General Purpose
Compute Optimized
What are the available EC2 Instance Type
Accelerated Computing
Families?
Memory optimized
Storage optimized
What is the general purpose EC2 instance instances with a balance of compute, memory and networking
family? resources, and can be used for a variety of diverse workloads.
What is the compute optimized EC2 instances ideal for compute bound applications that benefit from high
instance family? performance processors. batch, media transcoding, HPC
What is the memory optimized EC2 instances designed to deliver fast performance for workloads that
instance family? process large data sets in memory. Enterprise apps like SharePoint
What is the storage optimized EC2 instance instances designed for workloads that require high, sequential read
family? and write access to very large data sets on local storage
1. On-demand
2. Reserved
What are the EC2 instance purchase
3. Scheduled
options?
4. Spot
5. On-demand capacity reservations
EC2 instance purchased for set period time (1-3 year) for discount. Paid
What is an EC2 reserved instance? all upfront (largest discount), partial upfront, no upfront. Long term
predictable workloads.
EC2 instance bid for unused compute resources. Not guaranteed for
What is an EC2 spot Instance? fixed period of time. Good for batch jobs, background processing.
Instances can be terminated.
What are on-demand capacity Reserve capacity based on instance type, platform, tenancy, and AZ.
AWS Solutions Architect Associate Can be combined with reserved instance discount.
reservations?
https://quizlet.com/471719460/aws-solutions-architect-associate-flash-cards/ 2/53
9/29/23, 12:33 AM AWS Solutions Architect Associate Flashcards | Quizlet
What is EC2 shared tenancy? Where underlying host is shared by multiple customers.
What is EC2 user data? Performs functions or runs scripts upon first boot of EC2 instance.
What are EC2 key pairs? Public and private key pair allowing connection to an EC2 instance(s)
If failed, likely underlying host issue. Loss of power, network, etc. AWS
What is the EC2 system status check? components. Stop/restart instance to go to new physical host. Do NOT
reboot.
Fargate Launch
What are the available ECS launch options?
EC2 Launch
Clusters only scale in single region but multiple AZs. Clusters are
How is ECS scaled?
dynamically scalable.
What is Amazon Elastic Container Registry Provides secure location to store and deploy docker images, ties
(ECR)? closely to ECS.
Registry
Repository Policies
What are ECR components? Authorization Token
Repository
Image
What are ECR authorization tokens? Translates docker AWS token into a docker login command
What are ECR repositories? store docker image objects and can have multiple per registry
What is the Elastic Container Service for Managed service for the Kubernetes control plane or management
Kubernetes (EKS)? infrastructure. Customer provisions and maintains the worker nodes
Easiest way to launch and manage a virtual private server with AWS.
What is Amazon Lightsail? Include: virtual machine, SSD based storage, data transfer, DNS
management, and static IP address.
Defines:
What are ECR repository policies? * User access to the ECR repository
* User actions within the ECR repository
What is the benefit to Lambda functions To rapidly launch and scale as many as needed
being stateless?
What are AWS Lambda downstream AWS tools and/or entities required for a function to execute its code
resources?
What is the relationship between ECR An ECR registry contains multiple repositories, which contain multiple
components? Docker images.
What is an EC2 cluster placement group? Designed for law latency, high network throughput within single AZ.
No additional cost!
How can an EBS volume be attached to a unmount in OS, detach, attach to new instance
different instance?
1. Dedicated instances
What are the 3 tenancy options for EC2
2. Shared tenancy
instances?
3. Dedicated hosts
What are the offering classes for reserved * Standard: Can only be modified (best savings)
instances? * Convertible: Can be exchanged for different instance
AWS Solutions Architect Associate
https://quizlet.com/471719460/aws-solutions-architect-associate-flash-cards/ 6/53
9/29/23, 12:33 AM AWS Solutions Architect Associate Flashcards | Quizlet
By the second (1 minute billing unit) or hourly for however long the
instance is run. price set per instance type.
How do spot instances work with Create launch configuration with bid price
Autoscaling? If market price goes above bid, instances terminated
EC2 Instances
Containers
What are some common ELB targets?
Lambda functions
Can be across different AZs
Application
What are the ELB types? Network
Classic
What is the Classic Load Balancer? For legacy EC2, operates at both request and connection level
Listener
Target Group
What are the ELB components?
Rules
Health Checks
- At least 1 required
What is the ELB Listener? - Listens on a port
What are ELB health checks? Sets target as healthy or not based on checks.
Required to define AZs that ELB will operate in and one will be placed
What are ELB nodes?
in each AZ.
Gives the ability to truly have the ELB evenly distribute requests evenly
across the targets when one AZ may have fewer resources than
What is Cross-zone load balancing?
another so that load is not disproportionate on resources in smaller
AZ.
What is the OSI layer where the ALB Layer 7 (HTTP, FTP, NFS)
operates?
How long are TCP connections kept with Duration of the request
the NLB?
What are the protocols the classic load This load balancer supports TCP, SSL/TLS, HTTP(S)
balancer supports?
What are the use-cases for the classic load When you have instances running in the EC2-classic network
balancer?
What are the components of auto scaling. 1. Launch Configuration or Launch Template
2. Group
3. Scaling Options
AMI
Instance type
Spot instances or not
What are the options provided by an auto
Public IPs
scaling launch template/configuration?
User Data
Storage Volume configuration
Security Groups
What is the difference between a template Templates is newer and more advanced
and a launch configuration? Config can be shared
What is the relationship between ELBs and * ASGs are associated to ELB's target group
Auto Scaling groups? * ELB detects the instances and starts to distribute traffic.
What is durability? That the data exists and not lost though maybe not accessible
How does S3 make data available and When adding data to S3 in a region it is replicated to multiple AZs
durable?
99.99% (standard)
What is the availability of the different S3
99.9% (stanard-IA)
tiers?
99.5% (one zone-IA)
Where do S3 features operate? At the bucket level, not folder level (object storage)
* Standard
* IA (infrequent access)
* Intelligent Tiering
What are the 6 S3 storage classes/tiers?
* One Zone - IA (formerly reduced redundancy)
* Glacier
* Glacier Deep Archive (12 hr retrieval)Does sqa
What is the S3 storage class designed for S3 standard for this type of access
frequent access?
Standard-IA
Which S3 storage classes are for infrequent
One zone-IA
access?
Glacier
Is there an added cost for versioning? Yes, charged for each version of the object
* Data backup
Common S3 use-cases * Static content and websites (via url or CloudFront)
* Large data sets (scientific, computational) b/c horizontal scaling
- very low cost, longer term, durable storage (cold) for long term
What is Glacier? backup and archival
- does not provide instant access to data (several hours)
* Free
Benefits of EC2 instance storage? * Very high I/O speed
* cache or buffer
What EC2 instances can an EBS volume be Only those in the same AZ
attached to?
* temporary storage
What are EBS anti-patterns? * multi-instance storage
* very high durability and availability
What performance configurations are * General purpose - lowest latency, most cases, 7000 ops per second
available for EFS? * Max I/O - concurrent access of 1000s of instances
How can data from on-prem or EC2 be EFS FileSync feature using an agent
moved into EFS?
AWS Solutions Architect Associate
https://quizlet.com/471719460/aws-solutions-architect-associate-flash-cards/ 13/53
9/29/23, 12:33 AM AWS Solutions Architect Associate Flashcards | Quizlet
* Data archive
What are EFS anti-patterns? * Relational databases
* Temporary storage
What are the file gateway features? - flat files, stored directly in S3
Spin up instances from AMI and create volumes from the EBS
Stored volume or cached volume use case
snapshots from on-prem
1. Storage
Storage gateway pricing 2. Requests ($0.01 per GB written, max $125/month)
3. Data transfer
When to use snowball? When data retrieval will take more than a week or for compliance
* shipping costs
Snowball pricing
* each data transfer job
What is a "Key" for an Amazon S3 object? A unique identifier for an object in a bucket
In Amazon CloudFront, when using a Sent to your origin servers running within or outside of AWS.
network of edge locations around the
world, requests for your dynamic content
are ___________.
Which network connections are used by both RJ45 and SFP+ with either a fiber or copper interface
AWS Snowball to minimize data transfer
times?
AWS Solutions Architect Associate
https://quizlet.com/471719460/aws-solutions-architect-associate-flash-cards/ 15/53
9/29/23, 12:33 AM AWS Solutions Architect Associate Flashcards | Quizlet
A user has launched a dedicated EBS- The volume will be created in the same AZ, exists outside of the tenant
backed instance. You are curious where the hardware
EBS volume for this instance will be created.
Which statement is correct about the EBS
volume's creation?
A user has moved an object to Glacier using * The user can change the duration of the restore
the S3 object lifecycle rules. The user * You are billed for both the Glacier and S3 objects
requests to restore the archive after 6 * The restored object's storage class remain Glacier
months. When the restore request is
completed, the user accesses the restored
object. What is true about the restored
object?
What are some differences between S3 - Bucket policies can only control access to S3 buckets (objects inherit)
bucket policies and IAM policies? - Bucket policies have principal element (implicit on IAM)
What does the Server-side encryption Server-side encryption protects data at rest using Amazon S3-
provide in Amazon S3? managed encryption keys (SSE-S3).
By default, who owns the right to create an The bucket owner (account)
object in a bucket?
What are the main factors making S3 * unlimited number of files in a bucket
extremely scalable? * asynchronous replication to all AZs in a region
- create a CMK in one account and grant other accounts user role
How can encrypted snapshots and AMIs be
- customer encryption key sallow the sharing of AMIs with encrypted
shared across AWS accounts?
volumes
If a user in Account A is trying to access AWS will check policies in Account A (parent account) ensuring the
resources in Account B, what is the first step user has permission.
in validating this is allowed?
What tool can be used to select the Storage Class Analysis Tool
appropriate S3 storage tier?
What is transfer acceleration? Uses edge locations to give closer upload location. Uses unique URL.
- SQL
- MySQL
- PostreSQL
What is AWS RDS?
- Oracle
- Aurora
- MariaDB
What are the differences between Redis * Redis has more features (multi-AZ, backup/restore)
and memcache.d * Memcache.d is simple (large nodes, quick scaling)
How is PIT recovery done with Microsoft Via transaction log backups
SQL
What are the licensing models for RDS for * BYO - bring your own
Oracle? * Standard Editions and Enterprise Editions
Amazon RDS makes it possible to scale Your can increase or decrease specific database configurations
components of the service. What does this independently.
mean?
1. synchronous replication
What are the main benefits of a multi-AZ
2.failover
RDS deployment?
3. high availability
What is the best way to ensure RDS write Select a DB instance class optimized for Provisioned IOPS
performance?
How may copies of DynamoDb data are Data is replicated between 3 AZs
kept?
strings
binary
boolean
What are the data types in DynamoDB
number
What is a composite key in DynamoDb? The combination of the partition key and the sort key.
What happens if you exceed capacity units limited burst capacity and then throughput throttled
in DynamoDb?
* Creates an index table (taking up space) with the partition key and
indexed attribute
What are secondary indexes in * Requires read and write capacity units
DynamoDB? * Additional attributes / sort keys can be specified
* Basically like creating additional tables, but AWS auto updates them
based on main table
What is the most common use-case for Read caching to increase database and web application performance
ElastiCache?
every time you create, update or delete records from the table,
What are DynamoDB streams? DynamoDB will write a new stream record containing the
corresponding record data
Managed service of scalable EC2 cluster to process and run big data
What is Elastic Map Reduce (EMR)?
frameworks.
What is the AWS Service Health Dashboard Provides a complete health check of all sercies in all regions
Notifies you of any service interruptions that may affect the resources
What is the personal health dashboard?
and services that you are using within your AWS account
What tool would you use with AWS Config AWS CloudTrail
to tell who made a change?
S3 bucket
Where are CloudTrail logs stored?
Optionally CloudWatch logs
1. Cost optimization
What categories does Trusted Advisor 2. Performance
cover? 3. Security
4. Fault Tolerance
What are the limitations of Trusted Advisor? Requires Business and Enterprise support plans for ALL checks (50+)
- Free feature
What are Trusted Advisor Notifications? - Tracks resource check changes and cost savings estimates
- Can exclude some resources
What are CloudWatch alarms? Trigger on events within environment via notifications
OK
What are CloudWatch alarm states? Alarm
Insufficient Data
What is CloudWatch logging? Can capture all the logs across application and web servers
What best describes a forecast in AWS A prediction of your AWS usage for up to the next three or twelve
billing account using Cost Explorer? months
What are VPC Subnets? Public or private networks created out of the VPC CIDR block range
What is the default route on all subnet route Local: allows all subnets to communicate to each other
tables?
x.x.x.0: Network
What are the reserved IP addresses for AWS
x.x.x.1: AWS Routing
subnets?
x.x.x.2: AWS DNS
x.x.x.3: AWS Future
x.x.x.last: Broadcast
* associated to subnets
* rule # allows ordering
What are network access control lists * inbound: protocol/port range/source/allow or deny
(NACLs)? * outbound: protocol/port range/dest/allow or deny
* default rule "*" can be deny at bottom
* stateless: need specific rules for return
Where should private keys for private EC2 On local workstation and use ssh agent forwarding
instances be stored when using bastion
hosts to access private instances?
1 VPC requester
How is a VPC peering relationship set up? 2 VPC acceptor
3 Routing tables updated with dest to pcx
How do remote locations connect to Transit Either via VPN or Direct Connect
Gateways?
What type of resources can AWS Direct Only resources within a VPC
Connect communicate with through a
private virtual interface?
How is a private subnet indicated? No route to an internet gateway or virtual private gateway
To enable access to or from the Internet for ensure that your subnet's route table points to the Internet Gateway.
instances in a VPC subnet, you must:
When a VPC is created an implicit router with the main route table is
What is the implicit router? created and neither can be deleted. You can just create new route
tables and associate subnets with those instead.
What is (RPO) Recovery point objective? Acceptable amount of data loss as measured in time.
1. Retention time
Backup / Restore considerations 2. Security measures
3. Test recovery
1. EC2 instances
2. Software packages
How is a Pilot light set up? 3. Create and maintain AMIs for key services
4. Regularly run/test/apply software updates or configs
5. Automate as much as possible
1. Backup/restore
2. Pilot light
What are the 4 AWS DR strategies?
3. Warm standby
4. Multi-site (preferred, more $$)
1. Availability Zones
What are the 4 components of the AWS 2. Regions
Global Infrastructure? 3. Edge locations
4. Regional Edge Caches
What are the paths of communication Between regions is over the public Internet
between regions, availability zones? Between AZs is on AWS backbone
What are global services? Services that are not tied to a region (e.g. IAM)
How are network access control lists read? In order, lowest number to highest.
What is a good use for the classic load * flexible cipher support
balancer? * ssl offload
1. Amazon published
What are the types of Amazon Machine 2. Partner published
Images (AMIs)? 3. Community published
4. Private (from own snapshots)
What are network choices for EC2? Low, Medium, High, 10Gb, 25Gb
Where are the OS parts for an instance S3, so takes longer to boot than EBS backed
store EC2 instance stored?
What is the minimum billing unit for EC2? With per second, 1 minute is smallest unit
4 days
What is the default retention time of SQS?
can be 1 minute to 14 days
What is an Auto Scale Group? The groups specifies the min/max numbers
What is the Scaling Plan? Sets how scale-out and scale-in should happen. By how many?
How can you restrict access to data in Restrict S3 bucket access when configuring CloudFront
CloudFront when using signed URLs or
signed cookies?
What are dynamic asset best practices for 1. Cache everything, use popular objects report
CloudFront? 2. Use multiple cache behaviors
What are streaming asset best practices for 1. Set right TTLs (low for manifest, high media files)
CloudFront? 2. Use HTTP streaming protocols
- Offsite backup
- No scalability constraints
What are some benefits of Cloud Storage
- No CAPEX costs
for DR/Backup?
- High durability and availability
- Enhanced security features
What is the weakness of symmetric Third party could intercept the single key giving them access to the
cryptography? data.
Blowfish
What are common symmetric encryption
AES
algorithms?
DES
How can you ensure objects are always Add policy to deny putObject when server side encryption header not
encrypted before adding to bucket? present
With S3 SSE-C where is encryption Within S3 service, customer provided keys send with data
decryption handled?
SSE-KMS
Which encryption methods does Athena
SSE-S3
support?
CSE-KMS
Use S3
Does EMR encrypt data at rest by default?
EBS encryption using customer AMI
What does the customer master key (CMK) The data key, not the data itself
encrypt?
How is EMR encryption shared among Via a security configuration which specifies policies and methods (at
other clusters? rest, in transit, etc)
What is the primary use of a CMK? To generate, encrypt, and decrypt DEKs
What is the purpose of AWS managed - Used by other AWS services interacting with KMS
CMKs? - Created automatically when first called
What is the purpose of customer managed More flexibility and control, can be used for same purposes as AWS
CMKs? managed
1. Master key used to create plain DEK and encrypted version of DEK in
What is envelope encryption? memory
2. plain DEK is used to encrypt plaintext
3. Ciphertext and encrypted DEK stored on disk
4. DEK cleared from memory
Like other services in AWS, can KMS be No, to manage CMKs, you must use a key policy associated to your
governed only by IAM policy? CMK
By default who is granted full access to root user of the AWS account
CMKs?
Users who can manage keys but not (by default) use them for
What are CMK key administrators?
encryption/decryption.
Those who can use the keys for encryption and delegate subset of
What are CMK users?
their own permissions to another principal, such as a service.
What is required to use key policies with root of account must have full KMS access to the CMK
IAM policies?
What is the automatic key rotation 365 days with no other opption
timeframe?
What is the durability difference between KMS has higher durability, in case of region-wide failure would need to
external key material and KMS generated re-upload customer generated key material
key material?
How are CMKs created within KMS FIPS 140-2 validated cryptographic modules
protected?
What is the main overall purpose of AWS Manage and control security permissions
IAM?
AWS Solutions Architect Associate
https://quizlet.com/471719460/aws-solutions-architect-associate-flash-cards/ 34/53
9/29/23, 12:33 AM AWS Solutions Architect Associate Flashcards | Quizlet
What are IAM Policy Permissions? JSON policies that define what resources can/can't be accessed
- Password
- MFA
What security credentials can be associated - Signing Certificates
to an IAM user? - Access Keys
- SSH Public Keys
- HTTPS Git Credentials
- IAM Users
What is an IAM group comprised of?
- Customer or AWS-managed policies
What is the best practice for allowing AWS Assign a role rather than storing credentials
resources access to other AWS resources?
What is the basic, required structured of an Version and at least one statement
IAM policy?
When will access be allowed by an IAM Only when and explicit "Allow" has been specified
policy?
What role does the STS service play in After login to the IdP, redirected to STS to get a temporary credential
federated login? and assumed role
Which IAM policy type can control which Resource policy rule
Amazon S3 buckets can trigger which AWS
Lambda functions?
What is authentication? The process of verifying the identity of a user who logs on to a system.
What is a more secure and efficient Assign the instance to an IAM Role
alternative to storing access keys on EC2
instances?
What entities are IAM policies applied to? Users, Groups and Roles and can govern access to any AWS resource
What additional attribute is required for an The principal attribute since these are applied to buckets and we need
S3 bucket policy? to know the principals
- Set at object level whereas Bucket polices are only at bucket level.
What are S3 Access Control Lists? - ACLs are less granular
- Different format than Bucket or IAM policies
- Least-privileged
How does AWS handle conflicting
- By default access denied
permissions between Bucket policies, IAM,
- Must be an allow within a policy
and ACLs?
- A deny will overrule any allow
Time Range
How can CloudTrail activity be located
Event Name
quickly?
Username
Resource name
Resource type
Request all must have the AWS Access Key Id, HMAC-SHA1 signature,
and time stamps.
When accessing AWS resources using the 1. Client creates HMAC-SHA1 signature using <request contents> +
REST API, how are requests authenticated? <secret access key>
2. AWS retrieves your secret access key from access key id
2. AWS creates HMAC-SHA1 signature
3. Compares signatures
How can master account be used to control Create IAM users in master account, create cross-account roles.
resources in child accounts?
What are some options for encrypting data - LUKS (linux unified key setup)
at rest for EMR when using EBS? - Open-Source HDFS encryption
- Using TLS between the app and RDS, varies by database backend
How is data in transit protected for RDS? - Oracle also supports Native Network Encryption (NNE) exclusive of
TLS
- Open-Source HDFS
How is data in transit protected in EMR? - Hadoop encrypted shuffle using TLS
- S3 or DynamoDB are sent over TLS
What is a way to restrict network access to Apply allowed IPs in the IAM policy's conditions block.
an AWS abstract service?
Regions
Availability Zones
VPCs
Elastic Load Balancers
Simple queue service
What are the high availability top 10?
Elastic cloud compute
Elastic IP address
Route53
CloudWatch
Autoscaling
What components differentiate cloud from Autoscaling combined with CloudWatch alarms to trigger scale-in and
traditional data center architecture? scale-out
What is the AWS auto-scaling response to Will first launch new instances in the healthy AZ before terminating
an unhealthy AZ? unhealthy instances.
1. AMI
2. Instance Type
3. Instance Details
What are the screens for launching an EC2
4. Storage
instance?
5. Tags
6. Security Group
7. Review and Launch
Required elements:
What are the required elements of an Auto Minimum Size
Scaling group? Launch Configuration
(Health checks and desired capacity optional)
Required elements:
What are the required elements of an Auto
AMI
Scaling launch configuration?
Instance Type
LAUNCH
TERMINATE
HEALTHCHECK
What are the auto scaling methods? REPLACEUNHEALTHY
AZREBALANCE
ALARMNOTIFICATION (from CloudWatch)
ADDTOLOADBALANCER
What is the reason an Auto Scaling group TERMINATE has been suspended
may exceed the maximum size?
What is the location Auto Scaling will The AZ with the fewest instances
launch an instance by default?
What is the location where EBS-backed Replicated within a single AZ. 5-9's durability
volumes are stored?
Professional
What is the level of AWS support for
$100/month starting
production workloads?
1 hour response
1. Users
2. Groups
What are the 4 key components of IAM?
3. Roles
4. Policies
What is the method for creating alerts when CloudWatch > Billing > Create Alarm > SNS Topic
a bill goes over a certain amount?
What is the consistency model for data in * Read after write for PUTS of new objects
S3? * Eventual for overwrite PUTS and DELETES
What are two ways to secure S3 data? Bucket policies and ACLs
* Storage
* Requests
* Storage Management (tiering)
What are the various S3 charges?
* Data transfer
* Cross region replication
* Transfer acceleration
What are the valid object sizes for S3? 0 byes to 5TB
AWS Solutions Architect Associate
https://quizlet.com/471719460/aws-solutions-architect-associate-flash-cards/ 41/53
9/29/23, 12:33 AM AWS Solutions Architect Associate Flashcards | Quizlet
Publisher
What are the elements of SNS? Subscriber
Topic
- HTTP(s)
- SMS
- Email ( json)
What are the SNS notifcation methods?
- SQS
- Lambda
- Mobile push
What are the security tests allowed under * Port scans not allowed
the AWS usage policy? * PEN testing allowed with permission
AWS
What isSolutions Architect
SNS (Simple Notification Associate A push service to send time sensitive messages
Service)?
https://quizlet.com/471719460/aws-solutions-architect-associate-flash-cards/ 42/53
9/29/23, 12:33 AM AWS Solutions Architect Associate Flashcards | Quizlet
What is a way that S3 versioning can be S3 versioning stores all versions of an object (including all writes and
used as a backup tool? deletes)
What is the result of turning on S3 cross Existing objects are not replicated, only new versions are.
region replication for a bucket with existing
objects?
What is the behavior of delete markers and Deleted objects and delete markers are not replicated
deleted objects with S3 cross region
replication?
Can be:
- S3
What is a CloudFront origin? - EC2 instance
- ELB
- Route53
What are Edge locations, read only or Can be written to (see S3 acceleration)
read/write?
Can cached objects in Edge Locations be Yes, but there is a charge to invalidate a cached object before its TTL
cleared? expires
What is the PUTS per second limit on S3? 3500 - raised to eliminate the key hashing design
Full access to all AWS services except the management of groups and
What is the limit to the Power User role?
users in IAM.
Which login method is enabled by default neither, you have to select one or both
on a new IAM user?
What are the methods to give users access - CloudFront signed cookies
to private files in S3 when using - CloudFront signed URLs
CloudFront? - CloudFront Origin Access Identity
What is the charge of AWS terminating a You will not be charged for the partial hour unless you terminate the
spot instance? instance
What is the default action for the root delete on instance termination
volume on an EBS-backed volume for
instance termination?
What is the default action for non-root EC2 preserved on instance termination
EBS volumes upon instance termination?
How can you add deny rules to a Security You cannot, they deny be default and only allow rules
Group?
What is best practice for taking snapshots Stop the instance so that the snapshot is consistent
of EBS volumes that serve as root devices?
What are the operations permitted to EBS Resize, change storage type (tier)
volumes on the fly?
- Take a snapshot
What is the method for moving an EC2
- Create AMI from the snapshot
volume from one AZ to another?
- Use the AMI to launch the EC2 instance in new AZ
- Take a snapshot
What is the method for moving an EC2 - Create AMI from the snapshot
volume from one Region to another? - Copy the AMI to another region
- Launch EC2 instance using AMI in new region
What is the process for encrypting a root - Make a snapshot of the root device volume
device volume that already exists - Create a copy of the Snapshot and specify encryption
unencrypted? - Create an AMI from the encrypted snapshot
What is the reason for assigning a role to an - much more secure, no stored key
EC2 instance vs storing AWS credentials? - easier to manage
1. Clustered
What are the 3 types of EC2 placement
2. Spread
groups?
3. Partitioned
- Enabled by default
What are the backup options for RDS? - Automated backup
- Database snapshots (manual)
What happens when you promote an RDS Read replica is no longer a replica but a stand alone database
read replica to master?
How can a failover of RDS multi-az be Can be forced by rebooting the RDS instance and selecting failover
done?
automated backups
What else is encrypted once encryption is
read replicas
enabled for RDS?
snapshots
Only available in 1 AZ
What is the availability limit of RedShift?
Can asynchronously replicate snapshots to S3 in another region
At least 3:
- MySQL
What are the two types of Aurora replicas?
- Aurora (supports automated failover)
Either
What is the process for migrating from - Create an Aurora read replica from MySQL
MySQL to Aura - Promote Aurora writer
- JSON
What are the data formats supported by
- Apache Parquet
Athena?
- Apache ORC
What the the way ELBs are resolving using ELSs do not have pre-defined IP addresses; you resolve them using a
IPs? DNS name
What is the type of DNS record you have to A (alias) record; CNAMEs do not support naked domain names
use for a naked domain (e.g.
microsoft.com)?
When given a choice, what is the type of An A record and not a CNAME
DNS record you should use?
-Simple
-Weighted
-Latency
What are the available Route53 routing
-Failover
policies?
-Geo Location
-Geo proximity (traffic flow only)
- Multivalue answer routing
What is the Route53 Simple Routing Policy? One record with multiple IPs returned randomly
What is the Route53 weighted routing Adds up the weights of each record set and then apportions
policy?
What is the Route53 latency-based routing route traffic based on the lowest network latency for your end user
policy?
What are Route53 geolocation routing Choose where traffic will be sent based on the geographic location of
policies? your users.
What are Route53 multivalue answer Similar to simple routing but allows you to check the health of each
policies? resource so that only healthy are returned.
What is a way to create HA with a NAT Use autoscaling groups, multiple subnets in different AZ and a script to
instance? automate failover
Inside the availability zone only; for full HA create additional NAT
Where are NAT gateways redundant?
gateways in each AZ and configure route tables appropriately
What type of NAT product is associated NAT instances only; NAT gateways are not associated with security
with a security group? groups
What are the rules for the default network allows all inbound and outbound traffic
ACL?
What is the state of a newly created denies all inbound and outbound traffic
network ACL?
What happens if you do not associate a it will be associated with the default NACL
subnet with a network ACL?
Which security entity can block IPs? network ACLs but not security groups
- cannot enable for peered VPCs unless they are in the same account
What are some limitations of VPC flow
- flow logs cannot be tagged
logs?
- once created, cannot be changed including IAM role
What is the difference between sticky In classic pins traffic to EC2 instance
sessions on Application Load Balancers vs In ALB pins traffic to target group
Classic Load Balancers?
Allows you to direct traffic to different EC2 instances based on the URL
What are ELB path patterns?
contained in the request
What is the API difference between SWF SWF is task oriented whereas SQS is message oriented
and SQS?
What is elastic transcoder? Converts media formats into different formats for various devices
Same origin policy is a web standard that doesn't allow apps from
What is the same-origin policy? different domains to interact and exchange data. Purpose is to protect
the end user data.
What is the likely problem if you see the enable CORS on API Gateway
error "Origin policy cannot be read at the
remote resource"
- Kinesis streams
What are the 3 types of kinesis? - Kinesis firehose
- Kinesis analytics
- Uses shards
What is the use case for Kinesis streams? - Data has persistence (1 to 7 days)
- Custom apps
What is the use case for Kinesis analytics? Analize data within firehose or streams
Contains user data from AWS, Facebook, Google, etc like passwords.
What are Cognito user pools?
Handle user registration.
What is the difference between SQS FIFO maintains order and only delivers messages once
standard queue and FIFO?
1 event = 1 function
What are the features of lambda functions? lambda functions can trigger other functions so 1 event can equal x
functions
API Gateway
ALB
AWS IoT
Alexa
CloudWatch Events and Logs
CodeCommit
What are the AWS lambda triggers?
Cognito
DynamoDB
Kinesis
S3
SNS
SQS
https://myBucket.s3.amazonaws.com
What is the URL pattern of an S3 bucket in
https://s3.amazonaws.com/myBucket (old)
us west 1 name "myBucket" be?
https://s3-us-west-1.amazonaws.com/myBucket (old)
What are two ways to have tiered cloud - Use file gateway presented with NFS using S3 IA
storage presenting to on-prem Mac / Linux - Use EFS and IA
machines?
- Cold (sc1)
What are the lowest cost EBS options?
- Throughput optimized (st1)
What is the record type to use in Route 53 CNAME because ELB is an A record
when routing a website subdomain to
Elastic Load Balancer?
- Subnet
What are the levels at which VPC flow logs
- Network Interface
may be created?
- VPC
What is the easiest way to assign a public IP create and EIP and assign it to the instance
to an instance in a public subnet in a
customer VPC if you forget at launch?
EC2
Which AWS compute services support
ECS
multi-threaded processing?
Lambda
What is the only S3 tier that does not offer 11 Reduced redundancy (legacy)
9s?
What is an IAM "Owner" in AWS? The identity and email address used to create the accont
When consumer polls a queue, allows it to wait the period of time for
What is the SQS WaitTime parameter?
one or more messages to be available.
What is the usage threshold for when When it will be used 30-40% of the year
reserved instance is recommended?
AWS Solutions Architect Associate
https://quizlet.com/471719460/aws-solutions-architect-associate-flash-cards/ 52/53
9/29/23, 12:33 AM AWS Solutions Architect Associate Flashcards | Quizlet
https://quizlet.com/471719460/aws-solutions-architect-associate-flash-cards/ 53/53